last executing test programs: 6.300082853s ago: executing program 0 (id=495): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0x4020ae76, 0x38) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x88) ioctl$auto(0x3, 0x800005411, 0x38) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000002400)={0x20, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) mkdir$auto(&(0x7f0000000000)='}[,&*}\x00', 0xc001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/orangefs/getattr_timeout_msecs\x00', 0x8a82b6a56f18970a, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x44020, 0x0) msync$auto(0x190036b1, 0x7, 0x80000001) ioperm$auto(0xc5, 0x5, 0x400002) futex_waitv$auto(&(0x7f00000004c0)={0x3, 0x1, 0xcb, 0x100}, 0x40, 0x0, &(0x7f0000000500)={0xe2, 0xff}, 0x0) sysfs$auto(0xb, 0xfffffffffffffffd, 0x2) 5.308596048s ago: executing program 0 (id=500): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x221c2, 0x0) mlockall$auto(0x0) open(&(0x7f0000000000)='./file0\x00', 0x10489d03fd83715f, 0x100) rseq$auto(&(0x7f0000001300)={0x3, 0x7c, 0x200, 0x6, 0x0, 0x2, "1bc56c678b8ab3679f4099057c71da4211f970824c48c1a3072b374f13e2bd73111570dce2b80178437b820f5e025dd0b95518f3a688698ae5a1f1579398b92454c57a46b0bbb11a15d531d2ae0cf571f94b7c107fc23b"}, 0xf, 0x6, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r0 = open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x3, 0x8000000000000001, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) socket(0x6, 0x1, 0x1000003) write$auto_msr_fops_msr(r0, 0x0, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/security/tomoyo/query\x00', 0x183e01, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001100)='/dev/swradio0\x00', 0x101000, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f00000001c0)=""/191, 0x1f8) read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000080)=""/4096, 0x1000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/netdevsim0/retrans_time_ms\x00', 0x121482, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmsg$auto(0x4, 0x0, 0x33c) read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000001080)=""/44, 0x2c) close_range$auto(0x2, 0x8, 0x0) 4.024741276s ago: executing program 0 (id=505): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)=ANY=[@ANYBLOB="147fffff", @ANYRES16=r1, @ANYBLOB="050725fd7000fbdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) 3.891430158s ago: executing program 2 (id=506): r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/error_log\x00', 0x101b42, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0xffffd, 0x7ffffffbefff, 0xfffffffffffffffe, 0x1, 0x6, 0x50b301a, 0x2c, 0x2c, 0x0, 0x2}) 3.669700909s ago: executing program 2 (id=507): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) socket(0x28, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0) mount$auto(0x0, 0x0, 0x0, 0x3379, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0x8, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video8\x00', 0x525480, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x212e00, 0x0) 3.531635804s ago: executing program 0 (id=508): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0x4020ae76, 0x38) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x88) ioctl$auto(0x3, 0x800005411, 0x38) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000002400)={0x20, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) mkdir$auto(&(0x7f0000000000)='}[,&*}\x00', 0xc001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/orangefs/getattr_timeout_msecs\x00', 0x8a82b6a56f18970a, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x44020, 0x0) msync$auto(0x190036b1, 0x7, 0x80000001) ioperm$auto(0xc5, 0x5, 0x400002) futex_waitv$auto(&(0x7f00000004c0)={0x3, 0x1, 0xcb, 0x100}, 0x40, 0x0, &(0x7f0000000500)={0xe2, 0xff}, 0x0) sysfs$auto(0xb, 0xfffffffffffffffd, 0x2) 3.507551842s ago: executing program 2 (id=509): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x100, 0x0) r2 = clone$auto(0x1, 0x100, 0x0, 0x0, 0x800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(r1, &(0x7f0000000000)=@phonet={0x23, 0x5, 0x4, 0x96}, 0x8) connect$auto(0x3, 0x0, 0x55) mmap$auto(0xfffffffffffffffd, 0x400008, 0xe0, 0xef1, r4, 0x8002) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x80000c}, 0x5, 0x20000000) shutdown$auto(0x200000003, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0xc01) sendmsg$auto_OVS_DP_CMD_GET(r3, 0x0, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x26, 0x80805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) get_robust_list$auto(r2, &(0x7f0000000240)=&(0x7f0000000200)={{&(0x7f00000000c0)={&(0x7f0000000080)}}, 0x2, &(0x7f00000001c0)={&(0x7f0000000180)={&(0x7f0000000100)}}}, &(0x7f0000000280)=0x3) socket(0x29, 0x1, 0x3a) r5 = fanotify_init$auto(0x5, 0x8) fanotify_mark$auto(r5, 0x201, 0x9, 0x4, 0x0) fanotify_mark$auto(r5, 0x1, 0x9, 0x4, 0x0) clone$auto(0x21, 0x4400000000009, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x8) r6 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x80, 0x0) mmap$auto(0x800000, 0x9, 0x100000000, 0x8000000008011, r6, 0x82000000) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x5) mount$auto(0x0, 0x0, 0x0, 0x8000, 0x0) close_range$auto(0x0, r0, 0xfffffffe) 3.168798082s ago: executing program 1 (id=511): r0 = socket(0x10, 0x2, 0xc) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0xd0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyee\x00', 0x80, 0x0) mmap$auto(0x112, 0x400007, 0xe3, 0x17, 0x2, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x180342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syslog$auto(0x2, 0x0, 0xcf) ioperm$auto(0x7, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) mmap$auto(0x100000000000, 0x4000d, 0xdf, 0x9b72, 0x9, 0x28000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/drm/card1/card1-Writeback-1/dpms\x00', 0x0, 0x0) setsockopt$auto(r2, 0x800005, 0x4084, 0x0, 0x10000090) msgget$auto(0x0, 0x5) msgsnd$auto(0x3, &(0x7f0000000040)={0x5}, 0x1000, 0x4) msgctl$auto(0x0, 0x0, 0x0) add_key$auto(&(0x7f00000002c0)=':\x86V_\x1d\xf1\xf3\x02\xa3\xcd\x1a-* \xa0\xfb\x19\xf9m \x1c\xae&\xfa_\xa7a\x14\xcb\xec\x11\x05f\x19\xe6\'\x9ep\xb4\xc5\xaah{`t\xadn7\xb9S\xf1\x8c\x00\x00\x00\x00\xd3u\x16\xb3\xbe\xc8o\xa4Gh[\n4|yV\xfdE\b\x05a;r\xa4\xb5\x06\xd1F`\xf7\aM\xb4\x7f\xecCT\x19\xefq,\xf5\xda\xf5\x94YG\xa8\x12\x89\x05\r\x10\xa38\x1e\xbfR\x14\xac\x10\xeb\xa5\xc4\xbcg(\x0f\xb5M\x7f\xe6\x1a\x92\xa7x)vt\xec\x8bH\xf5\xdba\x15\xc4Z\xda\x83\x8c\xd5\xd2r\t!\xff\xf8\xc4\xb2\xa8\x00A\xf5?\xb0e\xd8\xbcK\xa36\x00\x00\xa0\x94\x88\xb0\x87\xb1\xb1A.\xb6\xe2\xc0\xb4\xfc\xa0\v\xda\xc5\xaf\x9a\xba\xf4H\x93Wf\xf3U\xbf\x83\xeb\xd0a({\x99\xdd\xdb\xe7N=M', 0x0, 0x0, 0x2000000000000004, 0x8014) ioperm$auto(0x3, 0x5, 0x149) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) 3.059399959s ago: executing program 2 (id=513): ioctl$auto_XFS_IOC_FSBULKSTAT(0xffffffffffffffff, 0xc0205865, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x40, 0x12) openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/0:0:0:0\x00', 0x4800, 0x0) (async) r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/0:0:0:0\x00', 0x4800, 0x0) ioctl$auto_SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000080)="41f7ab1866fb8fae89be6d4dcac647f2c9a0736d3a92a540833e79e609167ca6806e0fb525a872df664d4237027ee523b1db2b6f97e4e1fae1b42428381561aebd168db156b09b0770c416652e686916db1e93418346e93d7083308080ac8d252fe27812d871bd1fa5c5ee2120a28b0f0610450061cdd84db53d8256aa4c1b0381ed248885") fcntl$auto_F_SETFD(r0, 0x2, 0xffffffffffffffff) (async) r2 = fcntl$auto_F_SETFD(r0, 0x2, 0xffffffffffffffff) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f00000001c0)=""/94, 0x5e) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f0000000000)='.#*\x00', 0x3) (async) write$auto(r0, &(0x7f0000000000)='.#*\x00', 0x3) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000fddbdf250100000008000900040000000800020004000000060003002a00000004000500080001"], 0x38}, 0x1, 0x0, 0x0, 0x40810}, 0x800) ioctl$auto_IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40096101, &(0x7f0000000180)={@padding, 0x2}) 2.607646785s ago: executing program 2 (id=516): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0xc2481, 0x0) write$auto(r1, 0x0, 0x81) acct$auto(&(0x7f0000000000)='/dev/fb0\x00') recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/current\x00', 0x151001, 0x0) r2 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), r0) sendmsg$auto_IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000096add9d966a03bd54b0b00", @ANYRES16=r2, @ANYBLOB="100025bd7000fddbdf2527000000"], 0x14}}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x1c040, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0xc2481, 0x0) (async) write$auto(r1, 0x0, 0x81) (async) acct$auto(&(0x7f0000000000)='/dev/fb0\x00') (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/current\x00', 0x151001, 0x0) (async) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), r0) (async) sendmsg$auto_IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000096add9d966a03bd54b0b00", @ANYRES16=r2, @ANYBLOB="100025bd7000fddbdf2527000000"], 0x14}}, 0x94) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) (async) signalfd$auto(0xffffffff, 0x0, 0x8) (async) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x1c040, 0x0) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) 2.436498802s ago: executing program 3 (id=517): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) socket(0x28, 0x1, 0x0) mount$auto(0x0, 0x0, 0x0, 0x3379, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0x8, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r0, &(0x7f0000001680)="a7", 0x80000) madvise$auto(0x0, 0x20200, 0x15) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video8\x00', 0x525480, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x212e00, 0x0) 2.287560091s ago: executing program 0 (id=518): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x802, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff36, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) (async) lstat$auto(0x0, &(0x7f0000000180)={0x800000004, 0x9, 0xfffffffffffffffd, 0x9, 0x0, 0x0, 0x0, 0x8, 0x200, 0x800000000100002, 0x41000406, 0x1, 0xc, 0x2, 0x11, 0x6, 0x7}) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:01/status\x00', 0x100, 0x0) (async) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) (async) poll$auto(&(0x7f0000000280)={r0, 0x7, 0x1}, 0xaa, 0x2) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x8) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b71, 0x7, 0x800008000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0x22240, 0x55) (async) socket(0x2b, 0x1, 0x0) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="13002cbd7000dddbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="08006100010000000800620000000080"], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) (async) open_by_handle_at$auto(r0, &(0x7f00000005c0)={0x2fd, 0x4, "d9ca1c2ae017ab06a137fb18973f0dd243b9fe840ac2cb4668a038594d9a46cbdf223205570f23c7c00471d3cc678b44b110a7b88dd2be3f5d637169baa20df32e26d6225fcfc8738e04956ea2f4569671659f7aff020dcfd559358781da9646e8e81260a49196892fe7c8d84e4474d10f064feb09aed126ee81d92d51c7ab16fa26bbc50687a821d176c5039d8ad3833a88056da7925ec6ef0b68d46bebca738cfba8799f4f94b48ad6d46bdeff6898df06d82409b6d6b8b13911488497846aa6e931ff4b846310ce15246134f8eb134a18f9a10500000000d7a4a1aeb183098f38850200000027eb7f2db1e60f6366a4d9795f8ff2a4606c7e7924452c158202206207275ce7a6a1c29ee19304bdc1f01b735247de3896d224aa2ec775b86d99e6a14c5c976f8a12a2729ba7f1abe78706989ffe73eeda1f2683dd1c5ceeb945047d63a16833aabb5ae89daeb8be15c4da6e1a5d521cf5361e8f6d1853915b25e341a1b1d8690b0b6769d72d56da2c0db29cee8cfdcae65cb64ae2b90b87fc0f06f9669e548c0bb5561fdba0b95705eda37dfbb6ec2df3a50d5c676969b7ed3d72e133d80060448f6eab9f05404ce05f8824a325c232db5c87766ded4b7b8fc390cdc6a20c92d618edf2437428cc6300c01e3f96936ff862810ecb6af618dd1a0a9c221ebad08eb9005de213888044884955e19f8f6e7bf9d245735be25451d50e42cd0eb595f5dd6e1e9734445eb988651f1ae6f281fc7611ac7e757964048e0a96657d0b9fead7dc9c0a9332592f4c4e81cd8306b372f7079292e34db191a7ee9393872152af45df61ef2ff14ad1de079eac4728ba6d4ebd3f8ff41154274524a6c4077722e52c4ebf6076a39687ae78c0c485afd92b829b3f2ab3baf5acb42fb56ed8ae00bdff4993f5552b0fbf6cc4e5325168364d91caa11ee8a1a09c8396853de99c889c0984698b4959b67ccb3f2abe3cfaf4f866163a8fa66e17a032fa84175b6b4a33b127ae621e57168bc22ef8456d6362f41e004c126a9b2b6539b16d7f1fd1c167929209dc573ad52bfc3eff2b4fff0e38d31cee56ec"}, 0xa9) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000400)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000440)="661b0cbd4aeb2c", 0x1}, 0x1, &(0x7f0000000280), 0x5, 0xffffffff}, 0x5}, 0x2, 0x100) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109882, 0x0) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) socket(0x28, 0x3, 0x0) mmap$auto(0x0, 0x20008, 0x1, 0x8000000000000011, r1, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r2, &(0x7f0000000180)={{&(0x7f0000000040), 0xc8b, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) recvmmsg$auto(0x3, 0x0, 0x4, 0x2, 0x0) 2.122809386s ago: executing program 3 (id=519): socket(0x1d, 0x3, 0x1) socket(0x29, 0x5, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r0, @ANYRES32], 0x18}}, 0x4000080) 1.911662594s ago: executing program 3 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r0) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)={0x2e20, r1, 0x1, 0x51bd2e, 0x25dfcbfb, {0x1, 0x0, 0x600}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2e07}]}, 0x2e20}, 0x1, 0xfc, 0x0, 0x2000c040}, 0x4) 1.769777799s ago: executing program 3 (id=521): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) (async) madvise$auto(0x0, 0xffffffffffff0008, 0x19) (async) setfsgid$auto(0xee01) (async, rerun: 32) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) getrandom$auto(0x0, 0x6000000, 0x3) (async) madvise$auto(0x0, 0xa2c8, 0x14) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/rpc/nfsd.export/content\x00', 0x0, 0x0) pread64$auto(r1, &(0x7f0000000040)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\x8d\xa8\xcfM9\\\xd6\xcfUq\x05#\xed\x1c\xd1G\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xbasG\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1', 0x3ff, 0x9) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) r2 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000140)='/dev/media11\x00', 0x40, 0x0) read$auto_media_devnode_fops_mc_devnode(r2, 0x0, 0x0) (async) mmap$auto(0xfffffffffffffffa, 0x8, 0x2, 0xeb3, r0, 0x9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r4, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 1.695434923s ago: executing program 1 (id=522): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/dummy_udc.4/udc/dummy_udc.4/function\x00', 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) flock$auto(r1, 0x6) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) flock$auto(r2, 0x1) r3 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r3, 0x2) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/nfsd.fh/content\x00', 0x2800, 0x0) read$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f0000001080)=""/244, 0xf4) openat$auto_regulator_summary_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) socket(0x2, 0x3, 0x2) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f00000006c0)={{0x7, 0xee00, 0x0, 0x0, 0x6, 0xfffffffc, 0x6}, 0x800, 0x4, 0x100000001, 0x7, @raw=0x6754, @inferred=0xffffffffffffffff, 0x5, 0x0, &(0x7f00000001c0)="7dfff436a2ffe52c83b7758fd51ba2d8d3d9413d7423e395da8682e411566e9c1b11a77306a96fe685f273773b4d89a9b382a74dd68152643cd018f872cdc2493cd4eb639a1709ba89d7b345f4f7cce615862764d4efa5f0da3d10adfcdde2f8f7bca87919de79eacd65d3e0ac61e99ba672a625fd05feeb89bc0b0cb9225df7d1fcde8134a5eb26a56f9f9b8597ecee8f1cc69b10411d3fe6083e24484cf187a0da454ca669d32c637211634ab3042e46f842ecb72298b503e19791d39bf46cba247f66aee2ed1ca7f797062a61", &(0x7f00000005c0)="b2fd370313546c86203c745ba224bacc4f0a996223b7f1ebe7aa8de1956d71a7ef9c27618829ff369daa699c9f4359bf3276d6fa3735d384b8f211060af571f9aa560d1507fe2d79e83e854a196b3875071f7bfb6d53198fd508d0f981cf2298a40d39ac5dcd85341df1172dbcfebade79d3e1df4d3856b1678f2351cb9eaa86edc95993f9db7fcdc04793d5f9c019b77f361863057e30513fbf5223a083829e455e0eeae386ce4378bad4ad54382b3abee0c7b7a88f3a02237a1bd1e2fd987e3752f12a6dc2eff0960f57f3127c461df9fcf31b4acfc06e89657a5028c4a8122fc28c0a5a953cfe35"}) r10 = semctl$auto_IPC_RMID(0x2, 0x3, 0x0, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ttyu5/power/autosuspend_delay_ms\x00', 0x28201, 0x0) shmctl$auto_IPC_INFO(0xc77, 0x3, &(0x7f0000000440)={{0x7fff, r7, r8, 0x7, 0x6, 0x5, 0xfff9}, 0x5fd8, 0x0, 0x8, 0x5, @raw=0x3ff, @inferred=r9, 0xffff, 0x0, &(0x7f0000000340)="2678b3e0314fa6be37b2efe20c8f22dcf1bbec74f230d63b710861e89f070bfe6db1f0430da6a30ae96006d4f6869639fa47fd3360e92babc94459c37c2497d26addf9428affd56ef823529afde4", &(0x7f00000003c0)="70e119cb3f97f7982011ddd2e833c4e5f58c2c7b6f61b54262e4da2808147778742f6cab08e5b08ec97fcd0b6033822385cf0ddf3f6a888c289283aaafbae279b88fa6c3e6146fda9771311bdb8b26471341f84c3e97f4b8cfd894abdb3c86c05507c6acc94c66"}) gettid() sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={0x200, r5, 0x13, 0x70bd2d, 0x25dfdbdd, {}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, "e02f"}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0xa9, 0x129, "b6b2b942116711a4ea810033ba016b42a1828287b378cef13c7cfc31ef5b2bf5830417d3731a6b5aa2afab96489ef386bd3eeb3765bc254da81c4352a546bc9fda9185468dd7296c520f96ffa77a1bafdfba86657170c797dd839a9f181585a2668cb3a51f7b152b51f565dd6994d61d9a11c582366f6ffd16bcabb8b1c41eb061519c5d55261c8733bff24ba1c23aad369681720b98b9b201e19dd21c6eeed9cf281053b4"}, @NL80211_ATTR_MBSSID_ELEMS={0x135, 0x133, 0x0, 0x1, [@generic="7e7111047c5c21a721b1c50defd32a093d4de7e9eeb34343643dde18585e99683278650e923cdecafe0c8bc434d96adba9f005395130a87bfde39ed02acd222f63c505d24d8894d046", @nested={0xe7, 0x55, 0x0, 0x1, [@generic="c02b4f020833d488770dd67b56d91992868b87eb47ba00c00fb3a83fb391ce7648583cec3bb874aa76e3304176a6dd1fd1acf1d2ffa4da1d8a6887594e6da07a37449e477fec396128cd4a4376757a209448b5625c0428f6f38897653fc634269c190144294a8a12ea3aeaadb68121c44cb26d07b63bc1d39975269c132daf4f3ca75bffae0e9a7cea2da2749c1e6382102072bd7feda78585a0c02158e30151f15be1627e632d3426003afac6a4e1fc3e4e1ddb18527729e13d64384fdc7b2ce02fb4878c9c60ebb269ea961f084f6772d25c", @nested={0x4, 0x90}, @nested={0x4, 0x16}, @typed={0x8, 0x9d, 0x0, 0x0, @pid=r10}]}]}]}, 0x200}, 0x1, 0x0, 0x0, 0x24000001}, 0x20040891) sendto$auto(0x3, 0x0, 0xffeb, 0xe, &(0x7f0000000100)=@can={0x1d, r6}, 0x4) r11 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r11, 0x4b40, 0x1) read$auto(r0, 0x0, 0x20) 1.387729126s ago: executing program 1 (id=523): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000000c0), r0) sendmsg$auto_SMC_NETLINK_DUMP_UEID(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r1, 0x315, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0xffa6, 0x20008805}, 0x4004000) 1.381519721s ago: executing program 0 (id=524): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0) write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r2, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x883, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x5, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x410000}, 0x5, 0xe8, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628d, 0xa747, 0xddef, 0xffff}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) connect$auto(0x3, 0x0, 0x54) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/numa_balancing\x00', 0x2002, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/team_slave_0/rpl_seg_enabled\x00', 0x20202, 0x0) sendfile$auto(r4, r5, 0x0, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x80, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4038ae7a, r0) 1.288160564s ago: executing program 1 (id=525): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) io_uring_setup$auto(0x6, 0x0) rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) r0 = socketcall$auto_SYS_SEND(0x9, &(0x7f0000000000)=0x2) writev$auto(r0, &(0x7f0000000100)={&(0x7f00000000c0)="df42d493fd958f2979bd49bfa5baf6490564f18a858a3451f31c3ae927f0d7d548ad8ce2", 0x8}, 0x2) setresuid$auto(0x8, 0x0, 0x4) setpriority$auto(0x2, 0x8, 0x8) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) 863.632264ms ago: executing program 1 (id=526): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4020ae76, 0x38) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x88) ioctl$auto(0x3, 0x800005411, 0x38) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000002400)={0x20, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) mkdir$auto(&(0x7f0000000000)='}[,&*}\x00', 0xc001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/orangefs/getattr_timeout_msecs\x00', 0x8a82b6a56f18970a, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x44020, 0x0) msync$auto(0x190036b1, 0x7, 0x80000001) ioperm$auto(0xc5, 0x5, 0x400002) futex_waitv$auto(&(0x7f00000004c0)={0x3, 0x1, 0xcb, 0x100}, 0x40, 0x0, &(0x7f0000000500)={0xe2, 0xff}, 0x0) sysfs$auto(0xb, 0xfffffffffffffffd, 0x2) 676.321582ms ago: executing program 3 (id=527): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000000080000001, 0x3) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001780)='/dev/input/event2\x00', 0x0, 0x0) ioctl$auto_EVIOCSREP(r0, 0x40084503, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x848000000015, 0x805, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/erspan0/queues/tx-0/byte_queue_limits/inflight\x00', 0x88040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001100)=""/4106, 0x100a) bind$auto(0xffffffffffffffff, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, 0x0, 0x55) r5 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f00000000c0), r3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f00000006c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000140)={0x508, r5, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@NCSI_ATTR_DATA={0x4b1, 0x5, "66a3d94dac23a37c63c1344f9b2ef1f1ce0925d1bccbb0b19cc26c93daf135f82ed6af17a07eea58a20516e9bd2b942eaa3c22036798f7befb0965aedf1a48a4f3ce7d9e9ff48cb96cec56323c2ad6fb8a14382a5d0facb8ed5029194057ebac0df3e922d8ae57d43cd26d2c50967cdfa6c959bc1677343526118f48e11e0226a7292ffd4b07cc52e120fb8dcb4641ddf61c2c9beb6c47eb0890b05c6b0710c9f3333b3f679c361b616da73aeba0f22e4541e8c17de05110da19ad28830c2f09fabcb8b29f9988e343d7b550e9abe2d4bf0415d27eaab26fc3f2e241be5b7b89cd7fff68f3c5e2c7e419dacbfc3c775ae6a1a937e911238e247a28d942a5c203f3e676a3492b521621ebe8e96b1f60a0a17d0dfc0c2a78e8b7c9fd4a3a4c9b0a44583a3cc7c15b43ca046f80a8520aed69dd76de04cc7fae47394e870904594a3a88ea62c06841406df10885492b70821ae3cf7058c7a3566d4dcf717def70dc43e3976cf6c10eaec9d2cbbeff99dbf808e4b76155d791264a54939e18a52ab7c1971388a06d721414623ffa4ed1ffb8df567327920b3e6357ae68e14b798c527c1ae5e8183fab177e07cf78988068ebcd8a6f835e08933bc00503781954532b9b74b0c3c68c0e7b5dead42cb092164b00532e5a844577775fb710e6c4762d81e5533e2719e8f182441dce3eb058baef8781d421c4a26601abef759777cb7a4ed15200250167149b9c1b0356863203222d9ed1a0b502280ace8ed040794553715b421566f8b575f4e4b5a96fd8eb108e44de8672244c3587f5309ac19ecec66a8edfdfccfd5d779cf9a34e403ad62c1ac928b0ed5cdac3c30982ed3c5795fad725f3317c94fb440617a29c6aa06fe13fe669b55437a672ab703666a6b0349109ceb8fb57e03f2f342c613e50caadd3d4f3e49b7a20982c6d1d7a111e159675f3865cf4131b1fc5aa50aee1a40b22741767b44543f7c4f89868a82010d0832d75dfb6ad4731b5dcd00e2e32530e9633faf4f430c73afbc2348cec32b64ab3b8be752f507962519859975b45dc2d0553239d11ef299361d4fa13f57a3945c121ae23c3c03bbefabec86f532a613769f9bf8fb9147e055278eeb449438762b53bfedfe550713a3ee56ce284debaeb5c1a127671149410ab2538e7c6f767ca5475dd0e4346793706131aa1d0fb97fe1628ac0c3817c8dd21ec9c16217d91e5fcda20003fccfa19aff0e5aff16b585cb8369c5433ef3da60ce4fbd015edd7b63b79269721a67c1592ea3dafe0b70ef8ba21fae64596ff245fee776d7ae9475423f80e5cde465be362d9995f26ff5a4a851990d756cd4cdabf7533f81f1f5e947cffb8fafe213b040672c16b34661fa9ab7b36599618021fc3dc2725a1cc4af8384df592077dd134ad10d696cbe78087496b9714e857e385a1b5ef07ff3c9155b958d03e83f907693e785201e36d12baadacef3892461e4352367ece72cb43b58b949433407cdb0a14ced5d98975f41979013b510d40d5b6b2b54524f36ba23019ddff66b5982e7c022e6955b604a8bf8544fd5fe2650b1b9e08bf09176773627864f9fe0c5d1930f2bc89b71a7703c3e91f07bed2e081fc42babf737f31e59eb02992de6999e8f31c01c8b17985c5c3c7cabe041d94cbc94b1adf6d4aa155ddbe24b0dac612945d9bfbe81abcbb241e"}, @NCSI_ATTR_PACKAGE_MASK={0x8, 0x7, 0x2}, @NCSI_ATTR_CHANNEL_ID={0x8, 0x4, 0xe}, @NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x314}, @NCSI_ATTR_PACKAGE_MASK={0x8, 0x7, 0x6}, @NCSI_ATTR_CHANNEL_MASK={0x8, 0x8, 0x1}, @NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x8}, @NCSI_ATTR_IFINDEX={0x8, 0x1, r6}, @NCSI_ATTR_PACKAGE_ID={0x8}]}, 0x508}}, 0x20008810) sendmsg$auto_OVS_DP_CMD_GET(r1, 0x0, 0x10041) mmap$auto(0xfffffffffffffffd, 0x400008, 0xe0, 0xef1, r2, 0x8002) socket(0x2, 0x1, 0x0) sendmsg$auto_OVS_DP_CMD_GET(r1, 0x0, 0x0) clone$auto(0x21, 0x4400000000009, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x8) mkdir$auto(0x0, 0x3) mount$auto(0x0, 0x0, 0x0, 0x8000, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0xfffffffe) 378.600962ms ago: executing program 2 (id=528): socket(0x22, 0x1, 0x80000000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket(0xa, 0x4, 0x88) setsockopt$auto(r0, 0x29, 0x10, 0x0, 0x1) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x280000, 0x100) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r2, 0xc0285629, r2) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x60d00, 0x0) pread64$auto(r1, &(0x7f00000000c0)='/dev/sequencer2\x00', 0xfffffffffffffff8, 0x80000001) ioctl$auto(r3, 0x4, 0xffffffffffffffff) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f00000001c0), 0x40000, 0x0) io_uring_setup$auto(0x4, &(0x7f0000000200)={0xffffff01, 0xffffffff, 0x8, 0x1, 0x4, 0x7, r4, [0x7, 0x8, 0x1000], {0x101, 0x1, 0x7f, 0x26, 0x1492794c, 0x1, 0x7f, 0x6, 0xd82}, {0x10, 0xff, 0x80, 0x0, 0xe47, 0x3, 0x0, 0x8, 0xfea}}) 239.649394ms ago: executing program 3 (id=529): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x10000400005, 0xfffffffffffffffc, 0x9b72, 0xc76, 0x8001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/platform/dummy_hcd.3/usb4/power/wakeup_last_time_ms\x00', 0x80800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/196, 0xc4) r1 = userfaultfd$auto(0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2, 0xfffffffffffffff9, 0x15, 0x401, 0x8000) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x8, 0xf, 0x0, 0x204) mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getitimer$auto_ITIMER_VIRTUAL(0x1, 0x0) ioctl$auto_USBDEVFS_CLAIM_PORT(r1, 0x80045518, &(0x7f0000000000)=0x6) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1) r3 = socket(0x10, 0x2, 0x4) fremovexattr$auto(r1, &(0x7f0000000180)='/sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages\x00') sendmsg$auto_SEG6_CMD_SETHMAC(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0181"], 0x1c}, 0x1, 0x0, 0x0, 0x40012}, 0x24000090) mmap$auto(0x0, 0x20009, 0x20004000010000df, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYBLOB='Z'], 0x1ac}}, 0x40000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages\x00', 0x14000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'}) 0s ago: executing program 1 (id=530): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x6, 0x0) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000100)=ANY=[@ANYRES64=r1, @ANYRES16, @ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r2, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) write$auto(r0, &(0x7f0000000000)='*\x00', 0xfd) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyy2\x00', 0x20000, 0x0) ioctl$auto(0x3, 0x80045439, 0x10000000000402) r5 = openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/msft_opcode\x00', 0x0, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mtd/mtd0/mtdblock0/trace/pid\x00', 0x1a1842, 0x0) write$auto(r6, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) setrlimit$auto(0xb, 0x0) r7 = gettid() signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) tkill$auto(r7, 0x7) read$auto(r5, &(0x7f0000006740)='^%-[)>\'\xdf\x00', 0xffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) shutdown$auto(0x200000003, 0x2) write$auto(0x3, 0x0, 0x10001) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5875a6128ac106f1cd6e2902bda13a5cd871d201e8e7b80563ea52c58ac9e81334edf6a20ebac4c864d990e11f824084061cd31b4dbccb6a83451e0f930152150b9e1b0ef175f1f8d3e7bd1101d1a08c8e267df25fe3a2bebd57b00efd8adb840e8133e57353afc83942e839107162a0229d3530a69d9d6e32480a2a2aa754ca4dc8d1d4623d342489a404ac2f8448f82de6009361bbf73df7869752fe6f4c6f944a77dd8577fd859129a55fdff59ec835d205969625d5baca4bab5113e02e54f593866c6dc5a918c0ecd3b3c9681b", @ANYRES16=r9, @ANYBLOB="e3b72abd7000fcdbdf25190000001800018014000200766c616e3000"/38], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. [ 65.008580][ T5821] cgroup: Unknown subsys name 'net' [ 65.138349][ T5821] cgroup: Unknown subsys name 'cpuset' [ 65.147005][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.540963][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.371063][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.379576][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.387783][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.395819][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.403961][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.420430][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.425734][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.428913][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.442718][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.452209][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.452654][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.459497][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.474412][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.476908][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.483138][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.489728][ T5838] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.496719][ T5844] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.503380][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.518037][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.526150][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.534383][ T5838] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.542306][ T5842] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.542473][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.553266][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.889807][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 68.960543][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 69.073364][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 69.093120][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.101021][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.108544][ T5832] bridge_slave_0: entered allmulticast mode [ 69.115406][ T5832] bridge_slave_0: entered promiscuous mode [ 69.127125][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 69.143964][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.151628][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.159020][ T5832] bridge_slave_1: entered allmulticast mode [ 69.166040][ T5832] bridge_slave_1: entered promiscuous mode [ 69.208417][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.253241][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.260585][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.267860][ T5831] bridge_slave_0: entered allmulticast mode [ 69.274400][ T5831] bridge_slave_0: entered promiscuous mode [ 69.283025][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.309828][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.317154][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.324295][ T5831] bridge_slave_1: entered allmulticast mode [ 69.331135][ T5831] bridge_slave_1: entered promiscuous mode [ 69.378978][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.407092][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.420241][ T5832] team0: Port device team_slave_0 added [ 69.429265][ T5832] team0: Port device team_slave_1 added [ 69.435928][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.443460][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.450811][ T5837] bridge_slave_0: entered allmulticast mode [ 69.458013][ T5837] bridge_slave_0: entered promiscuous mode [ 69.488535][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.495811][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.503004][ T5837] bridge_slave_1: entered allmulticast mode [ 69.509902][ T5837] bridge_slave_1: entered promiscuous mode [ 69.545679][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.552808][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.562240][ T5830] bridge_slave_0: entered allmulticast mode [ 69.569183][ T5830] bridge_slave_0: entered promiscuous mode [ 69.577361][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.584483][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.591808][ T5830] bridge_slave_1: entered allmulticast mode [ 69.599720][ T5830] bridge_slave_1: entered promiscuous mode [ 69.608184][ T5831] team0: Port device team_slave_0 added [ 69.614721][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.621747][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.648269][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.689317][ T5831] team0: Port device team_slave_1 added [ 69.695739][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.702697][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.729112][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.742395][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.754054][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.765805][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.811866][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.823269][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.830621][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.856666][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.868995][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.876238][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.902595][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.925193][ T5832] hsr_slave_0: entered promiscuous mode [ 69.931517][ T5832] hsr_slave_1: entered promiscuous mode [ 69.967512][ T5837] team0: Port device team_slave_0 added [ 69.982907][ T5830] team0: Port device team_slave_0 added [ 70.006209][ T5837] team0: Port device team_slave_1 added [ 70.013242][ T5830] team0: Port device team_slave_1 added [ 70.068342][ T5831] hsr_slave_0: entered promiscuous mode [ 70.074410][ T5831] hsr_slave_1: entered promiscuous mode [ 70.080651][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.088917][ T5831] Cannot create hsr debugfs directory [ 70.104190][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.111688][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.137999][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.151171][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.158227][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.184174][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.204315][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.211485][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.237592][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.269648][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.276891][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.302889][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.380327][ T5837] hsr_slave_0: entered promiscuous mode [ 70.387102][ T5837] hsr_slave_1: entered promiscuous mode [ 70.393003][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.400774][ T5837] Cannot create hsr debugfs directory [ 70.417083][ T5830] hsr_slave_0: entered promiscuous mode [ 70.423213][ T5830] hsr_slave_1: entered promiscuous mode [ 70.429498][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.437193][ T5830] Cannot create hsr debugfs directory [ 70.596076][ T54] Bluetooth: hci0: command tx timeout [ 70.601745][ T5835] Bluetooth: hci1: command tx timeout [ 70.601845][ T5838] Bluetooth: hci3: command tx timeout [ 70.613331][ T5148] Bluetooth: hci2: command tx timeout [ 70.665005][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.682449][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.694326][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.718003][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.764420][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.775948][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.790259][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.806390][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.863863][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.873925][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.883839][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.916811][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.970316][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.983758][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.010127][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.032070][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.079329][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.129900][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.141782][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.163474][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.170843][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.208183][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.215444][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.240849][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.289752][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.324568][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.334565][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.341768][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.353415][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.360600][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.422610][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.451409][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.461665][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.468851][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.479651][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.486781][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.522614][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.529801][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.552174][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.566185][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.573244][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.602849][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.664083][ T5837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.732660][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.741465][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.769315][ T5832] veth0_vlan: entered promiscuous mode [ 71.808296][ T5832] veth1_vlan: entered promiscuous mode [ 71.888927][ T5832] veth0_macvtap: entered promiscuous mode [ 71.936125][ T5832] veth1_macvtap: entered promiscuous mode [ 71.962401][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.986385][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.007541][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.026407][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.054324][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.063690][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.072539][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.082675][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.111750][ T5831] veth0_vlan: entered promiscuous mode [ 72.124131][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.168618][ T5831] veth1_vlan: entered promiscuous mode [ 72.182965][ T5837] veth0_vlan: entered promiscuous mode [ 72.226654][ T5837] veth1_vlan: entered promiscuous mode [ 72.274095][ T5831] veth0_macvtap: entered promiscuous mode [ 72.296343][ T5830] veth0_vlan: entered promiscuous mode [ 72.302424][ T5831] veth1_macvtap: entered promiscuous mode [ 72.309328][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.331399][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.362529][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.374207][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.386163][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.406387][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.409567][ T5837] veth0_macvtap: entered promiscuous mode [ 72.414215][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.424363][ T5837] veth1_macvtap: entered promiscuous mode [ 72.441861][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.453135][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.465295][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.492623][ T5830] veth1_vlan: entered promiscuous mode [ 72.513005][ T5831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.523571][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.533454][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.542599][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.569859][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.584321][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.587182][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 72.596489][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.622216][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.633458][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.644692][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.656455][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.667715][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.675241][ T5148] Bluetooth: hci3: command tx timeout [ 72.679333][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.683546][ T5838] Bluetooth: hci2: command tx timeout [ 72.693572][ T5835] Bluetooth: hci1: command tx timeout [ 72.698904][ T5148] Bluetooth: hci0: command tx timeout [ 72.706344][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.742322][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.752152][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.761737][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.772691][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.798461][ T5830] veth0_macvtap: entered promiscuous mode [ 72.847615][ T5830] veth1_macvtap: entered promiscuous mode [ 72.899640][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.918237][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.929169][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.929444][ T5893] [U] [ 72.940282][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.942480][ T5893] [U] [ 72.952829][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.954936][ T5893] [U] [ 72.954972][ T5893] [U] [ 72.961158][ T5893] [U] [ 72.966529][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.968113][ T5893] [U] [ 72.971964][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.973430][ T5893] [U] [ 72.993059][ T5893] [U] [ 73.017760][ T5893] [U] [ 73.020529][ T5893] [U] O 2D]Pd >) )*HEg˱;@6ҍʖ؞pjP" # v_g䥰qҘ}:(=6mr⫓bs 77)v /DwT9)E9#$5~n߽ [ 73.028515][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.046825][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.046848][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.063531][ T5893] [U] Z/r &Bԅܿh d0叀N$?ʛd[~FC [ 73.072924][ T5893] [U] }e\M頡}ȩ6B EՀ+^V [ 73.083872][ T5893] [U] AVb_u [ 73.088685][ T5893] [U] 8+Fb5F\ [ 73.093394][ T5893] [U] _VM5r&@βp%SCI_YGൊHArF4<D2w,ZFށKډ?=}ʿ0` [ 73.260977][ T5893] [U] ,g,ϏS.8nFpdoקvNBT`ӻaLt:H񬯩hzԚC%l!JdURWSYjqD<Ng*bcv [ 73.266913][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.282656][ T5893] [U] @#Ra*O`yɕAj.E#t"ى}4;Hc A#2qRGpd$7\H qPɻ' p=y[.${. /]<%Q|0˽,nغ%.O [ 73.444992][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.456619][ T5893] [U] H=CWGG]„V_.։ [ 73.456651][ T5893] [U] bvG6e/(זeg g *hq㚸uj:B;{ÌH?{x[̂LTu66Y΂ݪY@6oϖd{4>[%vSєuB`mԇvnFu|n·KAJZ%"- 7gVw)F۪~#\83V}qޑ}h{jZtG%C'q63-N(k#if+lʚٚ [ 73.488347][ T5893] [U] .NQ [ 73.544370][ T5893] [U] K?U>DZo|d>;SYPKf4qڽ+1L" [ 73.562421][ T5893] [U] N=zom+*٧\T( [ 73.570664][ T5893] [U] ]M'>N:+iHznaSko1UNG=E [ 73.590849][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.599829][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.613604][ T5893] [U] ;/2HN_ 5ݏ}TZ"1}ӯr]U禦\`'$lʶųD,L) [ 73.657182][ T5893] [U] ɷЦ]>K^vEui.F>)A  E;n:!j(ĴDأ9?8nPD0\]50 [ 73.742696][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.763356][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.799851][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.826131][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.850578][ T5838] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 73.850616][ T5838] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 73.866547][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 73.866637][ T5838] Bluetooth: hci1: Malformed LE Event: 0x0d [ 73.899032][ T5893] [U] 't% jD [ 74.755954][ T5838] Bluetooth: hci2: command tx timeout [ 74.756002][ T5838] Bluetooth: hci0: command tx timeout [ 74.756038][ T5838] Bluetooth: hci1: command tx timeout [ 74.756071][ T5838] Bluetooth: hci3: command tx timeout [ 75.492221][ T5924] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 75.827263][ T5940] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 76.120963][ T5946] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 76.644892][ T5949] lo: entered allmulticast mode [ 76.667070][ T5949] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12'. [ 76.776746][ T5949] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.835345][ T5148] Bluetooth: hci3: command tx timeout [ 76.841158][ T5838] Bluetooth: hci1: command tx timeout [ 76.841185][ T54] Bluetooth: hci0: command tx timeout [ 76.846613][ T5838] Bluetooth: hci2: command tx timeout [ 77.104746][ T5949] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.171913][ T5944] lo: left allmulticast mode [ 77.378330][ T5956] zswap: compressor not available [ 78.043640][ T5974] Invalid ELF header magic: != ELF [ 78.786536][ T5974] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19'. [ 78.820505][ T5974] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19'. [ 78.852193][ T5974] Zero length message leads to an empty skb [ 80.650790][ T6002] process 'syz.0.25' launched '/dev/fd/3' with NULL argv: empty string added [ 80.725514][ T6002] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.091899][ T5997] Invalid ELF header magic: != ELF [ 81.889079][ T6024] syz.0.30 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 82.818774][ T6042] Invalid ELF header magic: != ELF [ 85.800189][ T6081] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.831375][ T6080] netlink: 186 bytes leftover after parsing attributes in process `syz.0.44'. [ 85.890091][ T6082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.43'. [ 86.661884][ T6101] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 86.955888][ T6104] snd_aloop snd_aloop.0: control 5:-2147483645:7:IA>/[k [ 111.095258][ T6525] dump_stack_lvl+0x16c/0x1f0 [ 111.095298][ T6525] should_fail_ex+0x50a/0x650 [ 111.095322][ T6525] ? fs_reclaim_acquire+0xae/0x150 [ 111.095356][ T6525] ? ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 111.095389][ T6525] should_failslab+0xc2/0x120 [ 111.095413][ T6525] __kmalloc_cache_noprof+0x68/0x410 [ 111.095452][ T6525] ? ieee80211_txq_set_params+0x1c4/0x2f0 [ 111.095493][ T6525] ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 111.095530][ T6525] ieee80211_register_hw+0x20cd/0x4060 [ 111.095578][ T6525] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 111.095610][ T6525] ? net_generic+0xea/0x2a0 [ 111.095642][ T6525] ? lockdep_init_map_type+0x16d/0x7d0 [ 111.095680][ T6525] ? __asan_memset+0x23/0x50 [ 111.095710][ T6525] ? __hrtimer_init+0x106/0x2c0 [ 111.095748][ T6525] mac80211_hwsim_new_radio+0x304e/0x54e0 [ 111.095804][ T6525] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 111.095858][ T6525] hwsim_new_radio_nl+0xb42/0x12b0 [ 111.095898][ T6525] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 111.095944][ T6525] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 111.095982][ T6525] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 111.096030][ T6525] genl_family_rcv_msg_doit+0x202/0x2f0 [ 111.096070][ T6525] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 111.096103][ T6525] ? trace_cap_capable+0x1a2/0x210 [ 111.096134][ T6525] ? bpf_lsm_capable+0x9/0x10 [ 111.096155][ T6525] ? security_capable+0x7e/0x260 [ 111.096180][ T6525] ? ns_capable+0xd7/0x110 [ 111.096214][ T6525] genl_rcv_msg+0x565/0x800 [ 111.096240][ T6525] ? __pfx_genl_rcv_msg+0x10/0x10 [ 111.096262][ T6525] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 111.096308][ T6525] netlink_rcv_skb+0x16b/0x440 [ 111.096341][ T6525] ? __pfx_genl_rcv_msg+0x10/0x10 [ 111.096367][ T6525] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 111.096417][ T6525] ? down_read+0xc9/0x330 [ 111.096450][ T6525] ? __pfx_down_read+0x10/0x10 [ 111.096484][ T6525] ? netlink_deliver_tap+0x1ae/0xd30 [ 111.096522][ T6525] genl_rcv+0x28/0x40 [ 111.096554][ T6525] netlink_unicast+0x53c/0x7f0 [ 111.096592][ T6525] ? __pfx_netlink_unicast+0x10/0x10 [ 111.096626][ T6525] ? __phys_addr_symbol+0x30/0x80 [ 111.096651][ T6525] ? __check_object_size+0x488/0x710 [ 111.096681][ T6525] netlink_sendmsg+0x8b8/0xd70 [ 111.096720][ T6525] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.096768][ T6525] ____sys_sendmsg+0xaaf/0xc90 [ 111.096797][ T6525] ? copy_msghdr_from_user+0x10b/0x160 [ 111.096832][ T6525] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.096889][ T6525] ___sys_sendmsg+0x135/0x1e0 [ 111.096928][ T6525] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.096981][ T6525] ? __pfx_lock_release+0x10/0x10 [ 111.097013][ T6525] ? trace_lock_acquire+0x14e/0x1f0 [ 111.097054][ T6525] ? __fget_files+0x206/0x3a0 [ 111.097097][ T6525] __sys_sendmsg+0x16e/0x220 [ 111.097133][ T6525] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.097165][ T6525] ? __x64_sys_futex+0x1e1/0x4c0 [ 111.097212][ T6525] do_syscall_64+0xcd/0x250 [ 111.097248][ T6525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.097282][ T6525] RIP: 0033:0x7f0886f8d169 [ 111.097302][ T6525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.097333][ T6525] RSP: 002b:00007f0887e54038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.097357][ T6525] RAX: ffffffffffffffda RBX: 00007f08871a5fa0 RCX: 00007f0886f8d169 [ 111.097373][ T6525] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 111.097389][ T6525] RBP: 00007f088700e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 111.097403][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.097418][ T6525] R13: 0000000000000000 R14: 00007f08871a5fa0 R15: 00007fff9f1f3648 [ 111.097453][ T6525] [ 111.097526][ T6525] ieee80211 phy11: Failed to select rate control algorithm [ 112.334501][ T6559] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 112.436308][ T54] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 113.969144][ T6593] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 115.385429][ T6623] netlink: 16 bytes leftover after parsing attributes in process `syz.2.199'. [ 115.813811][ T6635] netlink: set zone limit has 8 unknown bytes [ 116.906308][ T6652] netlink: 330 bytes leftover after parsing attributes in process `syz.1.209'. [ 116.947071][ T6652] : renamed from hsr_slave_0 (while UP) [ 121.742543][ T6709] usb usb24: check_ctrlrecip: process 6709 (syz.0.223) requesting ep 01 but needs 81 [ 121.792753][ T6709] usb usb24: usbfs: process 6709 (syz.0.223) did not claim interface 0 before use [ 125.485309][ T6756] zswap: compressor not available [ 126.874126][ T6778] FAULT_INJECTION: forcing a failure. [ 126.874126][ T6778] name failslab, interval 1, probability 0, space 0, times 0 [ 126.933553][ T6778] CPU: 0 UID: 0 PID: 6778 Comm: syz.1.240 Not tainted 6.14.0-rc6-syzkaller #0 [ 126.933585][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 126.933598][ T6778] Call Trace: [ 126.933604][ T6778] [ 126.933614][ T6778] dump_stack_lvl+0x16c/0x1f0 [ 126.933661][ T6778] should_fail_ex+0x50a/0x650 [ 126.933684][ T6778] ? fs_reclaim_acquire+0xae/0x150 [ 126.933715][ T6778] ? tomoyo_realpath_from_path+0xb9/0x720 [ 126.933746][ T6778] should_failslab+0xc2/0x120 [ 126.933769][ T6778] __kmalloc_noprof+0xcb/0x510 [ 126.933801][ T6778] ? get_mm_exe_file+0x8a/0x1a0 [ 126.933836][ T6778] ? trace_lock_acquire+0x14e/0x1f0 [ 126.933866][ T6778] tomoyo_realpath_from_path+0xb9/0x720 [ 126.933896][ T6778] ? lock_acquire+0x2f/0xb0 [ 126.933933][ T6778] tomoyo_get_exe+0x63/0xa0 [ 126.933958][ T6778] tomoyo_write_control+0x67c/0x13e0 [ 126.933988][ T6778] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 126.934020][ T6778] ? rcu_is_watching+0x12/0xc0 [ 126.934046][ T6778] ? __pfx_tomoyo_write_control+0x10/0x10 [ 126.934088][ T6778] ? __pfx_tomoyo_write+0x10/0x10 [ 126.934118][ T6778] vfs_write+0x24c/0x1150 [ 126.934150][ T6778] ? __fget_files+0x1fc/0x3a0 [ 126.934183][ T6778] ? __pfx___mutex_lock+0x10/0x10 [ 126.934213][ T6778] ? __pfx_vfs_write+0x10/0x10 [ 126.934254][ T6778] ? __fget_files+0x206/0x3a0 [ 126.934296][ T6778] ksys_write+0x12b/0x250 [ 126.934326][ T6778] ? __pfx_ksys_write+0x10/0x10 [ 126.934367][ T6778] do_syscall_64+0xcd/0x250 [ 126.934400][ T6778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.934431][ T6778] RIP: 0033:0x7fedfc58d169 [ 126.934454][ T6778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.934474][ T6778] RSP: 002b:00007fedfd3f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 126.934495][ T6778] RAX: ffffffffffffffda RBX: 00007fedfc7a6080 RCX: 00007fedfc58d169 [ 126.934510][ T6778] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 126.934523][ T6778] RBP: 00007fedfd3f4090 R08: 0000000000000000 R09: 0000000000000000 [ 126.934536][ T6778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.934549][ T6778] R13: 0000000000000000 R14: 00007fedfc7a6080 R15: 00007fff5f2d1c28 [ 126.934585][ T6778] [ 127.308366][ T6778] ERROR: Out of memory at tomoyo_realpath_from_path. [ 128.077797][ T6780] Invalid ELF header magic: != ELF [ 131.083853][ T6812] mkiss: ax0: crc mode is auto. [ 131.669609][ T6822] netlink: 16 bytes leftover after parsing attributes in process `syz.0.251'. [ 132.881317][ T6845] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 133.041844][ T6845] FAULT_INJECTION: forcing a failure. [ 133.041844][ T6845] name failslab, interval 1, probability 0, space 0, times 0 [ 133.068552][ T6845] CPU: 0 UID: 0 PID: 6845 Comm: syz.0.255 Not tainted 6.14.0-rc6-syzkaller #0 [ 133.068585][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 133.068598][ T6845] Call Trace: [ 133.068605][ T6845] [ 133.068614][ T6845] dump_stack_lvl+0x16c/0x1f0 [ 133.068658][ T6845] should_fail_ex+0x50a/0x650 [ 133.068685][ T6845] ? vmci_handle_arr_create+0x67/0x140 [ 133.068708][ T6845] should_failslab+0xc2/0x120 [ 133.068730][ T6845] __kmalloc_noprof+0xcb/0x510 [ 133.068770][ T6845] vmci_handle_arr_create+0x67/0x140 [ 133.068793][ T6845] ctx_free_ctx+0xf4/0xdf0 [ 133.068822][ T6845] ? synchronize_rcu_expedited+0x424/0x450 [ 133.068856][ T6845] ? __pfx_ctx_free_ctx+0x10/0x10 [ 133.068890][ T6845] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 133.068930][ T6845] vmci_ctx_destroy+0x15b/0x1d0 [ 133.068959][ T6845] vmci_host_close+0x115/0x1a0 [ 133.068983][ T6845] ? __pfx_vmci_host_close+0x10/0x10 [ 133.069005][ T6845] __fput+0x3ff/0xb70 [ 133.069044][ T6845] task_work_run+0x14e/0x250 [ 133.069080][ T6845] ? __pfx_task_work_run+0x10/0x10 [ 133.069114][ T6845] ? __pfx___do_sys_close_range+0x10/0x10 [ 133.069155][ T6845] syscall_exit_to_user_mode+0x27b/0x2a0 [ 133.069188][ T6845] do_syscall_64+0xda/0x250 [ 133.069221][ T6845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.069256][ T6845] RIP: 0033:0x7f7281b8d169 [ 133.069275][ T6845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.069296][ T6845] RSP: 002b:00007f728294c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 133.069318][ T6845] RAX: 0000000000000000 RBX: 00007f7281da5fa0 RCX: 00007f7281b8d169 [ 133.069332][ T6845] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 133.069345][ T6845] RBP: 00007f728294c090 R08: 0000000000000000 R09: 0000000000000000 [ 133.069359][ T6845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.069372][ T6845] R13: 0000000000000000 R14: 00007f7281da5fa0 R15: 00007ffd270e87a8 [ 133.069401][ T6845] [ 133.515615][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.521967][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.809279][ T6866] netlink: 16 bytes leftover after parsing attributes in process `syz.0.260'. [ 135.021370][ T6872] Invalid ELF header magic: != ELF [ 135.115125][ T6876] usb usb24: check_ctrlrecip: process 6876 (syz.0.264) requesting ep 01 but needs 81 [ 135.135120][ T6876] usb usb24: usbfs: process 6876 (syz.0.264) did not claim interface 0 before use [ 135.789685][ T30] audit: type=1800 audit(6036587227.942:6): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.269" name="discovery_nqn" dev="configfs" ino=13839 res=0 errno=0 [ 137.199526][ T30] audit: type=1800 audit(6036587229.352:7): pid=6906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.274" name="features" dev="configfs" ino=13272 res=0 errno=0 [ 137.233312][ T6903] netlink: set zone limit has 8 unknown bytes [ 137.334802][ T6901] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'. [ 137.515882][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.277'. [ 140.735835][ T6963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.287'. [ 142.532508][ T6985] netlink: 'syz.2.294': attribute type 1 has an invalid length. [ 142.545050][ T6985] netlink: 33 bytes leftover after parsing attributes in process `syz.2.294'. [ 142.623476][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 142.633215][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 142.641578][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 142.652975][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 142.661003][ T5835] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 142.668738][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 143.054416][ T6986] chnl_net:caif_netlink_parms(): no params data found [ 143.626047][ T6986] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.633721][ T6986] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.657140][ T6986] bridge_slave_0: entered allmulticast mode [ 143.686182][ T6986] bridge_slave_0: entered promiscuous mode [ 143.699725][ T6986] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.732036][ T6986] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.758486][ T6986] bridge_slave_1: entered allmulticast mode [ 143.781049][ T6986] bridge_slave_1: entered promiscuous mode [ 143.928616][ T6986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.954767][ T6986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.019738][ T6986] team0: Port device team_slave_0 added [ 144.028157][ T6986] team0: Port device team_slave_1 added [ 144.161963][ T6998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.296'. [ 144.236723][ T6986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.243709][ T6986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.305113][ T6986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.317884][ T6986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.324859][ T6986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.374985][ T6986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 144.520014][ T6986] hsr_slave_0: entered promiscuous mode [ 144.536547][ T6986] hsr_slave_1: entered promiscuous mode [ 144.542705][ T6986] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 144.561266][ T6986] Cannot create hsr debugfs directory [ 144.774993][ T54] Bluetooth: hci4: command tx timeout [ 145.469720][ T6986] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.553474][ T7002] syz.1.297: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 145.571899][ T7002] CPU: 1 UID: 0 PID: 7002 Comm: syz.1.297 Not tainted 6.14.0-rc6-syzkaller #0 [ 145.571927][ T7002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 145.571940][ T7002] Call Trace: [ 145.571947][ T7002] [ 145.571955][ T7002] dump_stack_lvl+0x16c/0x1f0 [ 145.571992][ T7002] warn_alloc+0x24d/0x3a0 [ 145.572029][ T7002] ? __pfx_warn_alloc+0x10/0x10 [ 145.572075][ T7002] ? __get_vm_area_node+0x1b0/0x2f0 [ 145.572103][ T7002] ? __get_vm_area_node+0x1dc/0x2f0 [ 145.572140][ T7002] __vmalloc_node_range_noprof+0x1102/0x1530 [ 145.572178][ T7002] ? trace_lock_acquire+0x14e/0x1f0 [ 145.572206][ T7002] ? __lruvec_stat_mod_folio+0xa4/0x370 [ 145.572243][ T7002] ? packet_set_ring+0xb13/0x18f0 [ 145.572283][ T7002] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 145.572316][ T7002] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 145.572340][ T7002] ? rcu_is_watching+0x12/0xc0 [ 145.572364][ T7002] ? trace_kmalloc+0x2d/0xd0 [ 145.572389][ T7002] ? __kmalloc_noprof.cold+0x5c/0x61 [ 145.572413][ T7002] ? packet_set_ring+0xb13/0x18f0 [ 145.572445][ T7002] vzalloc_noprof+0x6b/0x90 [ 145.572475][ T7002] ? packet_set_ring+0xb13/0x18f0 [ 145.572505][ T7002] packet_set_ring+0xb13/0x18f0 [ 145.572549][ T7002] packet_setsockopt+0x1658/0x21f0 [ 145.572587][ T7002] ? __pfx_packet_setsockopt+0x10/0x10 [ 145.572620][ T7002] ? __pfx___might_resched+0x10/0x10 [ 145.572662][ T7002] ? aa_sk_perm+0x2f5/0xb20 [ 145.572694][ T7002] ? __pfx_aa_sk_perm+0x10/0x10 [ 145.572723][ T7002] ? find_held_lock+0x2d/0x110 [ 145.572754][ T7002] ? __pfx_packet_setsockopt+0x10/0x10 [ 145.572788][ T7002] do_sock_setsockopt+0x222/0x480 [ 145.572813][ T7002] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 145.572839][ T7002] ? lock_acquire+0x2f/0xb0 [ 145.572887][ T7002] __sys_setsockopt+0x1a0/0x230 [ 145.572926][ T7002] __x64_sys_setsockopt+0xbd/0x160 [ 145.572956][ T7002] ? do_syscall_64+0x91/0x250 [ 145.572986][ T7002] ? lockdep_hardirqs_on+0x7c/0x110 [ 145.573016][ T7002] do_syscall_64+0xcd/0x250 [ 145.573049][ T7002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.573079][ T7002] RIP: 0033:0x7fedfc58d169 [ 145.573099][ T7002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.573119][ T7002] RSP: 002b:00007fedfd415038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 145.573146][ T7002] RAX: ffffffffffffffda RBX: 00007fedfc7a5fa0 RCX: 00007fedfc58d169 [ 145.573161][ T7002] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000002 [ 145.573175][ T7002] RBP: 00007fedfc60e2a0 R08: 000000000000ce24 R09: 0000000000000000 [ 145.573189][ T7002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.573203][ T7002] R13: 0000000000000000 R14: 00007fedfc7a5fa0 R15: 00007fff5f2d1c28 [ 145.573235][ T7002] [ 145.573244][ T7002] Mem-Info: [ 145.873196][ T6986] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.884277][ T7002] active_anon:22338 inactive_anon:0 isolated_anon:0 [ 145.884277][ T7002] active_file:18658 inactive_file:38662 isolated_file:0 [ 145.884277][ T7002] unevictable:768 dirty:334 writeback:0 [ 145.884277][ T7002] slab_reclaimable:10476 slab_unreclaimable:95781 [ 145.884277][ T7002] mapped:24093 shmem:16907 pagetables:731 [ 145.884277][ T7002] sec_pagetables:0 bounce:0 [ 145.884277][ T7002] kernel_misc_reclaimable:0 [ 145.884277][ T7002] free:1307826 free_pcp:4555 free_cma:0 [ 146.004627][ T7002] Node 0 active_anon:74952kB inactive_anon:0kB active_file:74632kB inactive_file:154576kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96372kB dirty:1336kB writeback:0kB shmem:51492kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10760kB pagetables:2924kB sec_pagetables:0kB all_unreclaimable? no [ 146.047680][ T6986] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.070718][ T7002] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 146.102245][ T7002] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 146.147914][ T7013] snd_aloop snd_aloop.0: control 5:-2147483645:7:IA>/[k [ 147.284430][ T7028] dump_stack_lvl+0x16c/0x1f0 [ 147.284467][ T7028] should_fail_ex+0x50a/0x650 [ 147.284488][ T7028] ? fs_reclaim_acquire+0xae/0x150 [ 147.284518][ T7028] ? tomoyo_encode2+0x100/0x3e0 [ 147.284545][ T7028] should_failslab+0xc2/0x120 [ 147.284565][ T7028] __kmalloc_noprof+0xcb/0x510 [ 147.284594][ T7028] ? d_absolute_path+0x137/0x1b0 [ 147.284622][ T7028] tomoyo_encode2+0x100/0x3e0 [ 147.284655][ T7028] tomoyo_encode+0x29/0x50 [ 147.284681][ T7028] tomoyo_realpath_from_path+0x19d/0x720 [ 147.284719][ T7028] tomoyo_get_exe+0x63/0xa0 [ 147.284742][ T7028] tomoyo_write_control+0x67c/0x13e0 [ 147.284770][ T7028] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 147.284799][ T7028] ? rcu_is_watching+0x12/0xc0 [ 147.284824][ T7028] ? __pfx_tomoyo_write_control+0x10/0x10 [ 147.284854][ T7028] ? __pfx_tomoyo_write+0x10/0x10 [ 147.284882][ T7028] vfs_write+0x24c/0x1150 [ 147.284918][ T7028] ? __fget_files+0x1fc/0x3a0 [ 147.284948][ T7028] ? __pfx___mutex_lock+0x10/0x10 [ 147.284978][ T7028] ? __pfx_vfs_write+0x10/0x10 [ 147.285027][ T7028] ? __fget_files+0x206/0x3a0 [ 147.285068][ T7028] ksys_write+0x12b/0x250 [ 147.285097][ T7028] ? __pfx_ksys_write+0x10/0x10 [ 147.285136][ T7028] do_syscall_64+0xcd/0x250 [ 147.285170][ T7028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.285200][ T7028] RIP: 0033:0x7f50a538d169 [ 147.285218][ T7028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.285237][ T7028] RSP: 002b:00007f50a61b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 147.285258][ T7028] RAX: ffffffffffffffda RBX: 00007f50a55a5fa0 RCX: 00007f50a538d169 [ 147.285274][ T7028] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 147.285287][ T7028] RBP: 00007f50a61b0090 R08: 0000000000000000 R09: 0000000000000000 [ 147.285301][ T7028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.285315][ T7028] R13: 0000000000000000 R14: 00007f50a55a5fa0 R15: 00007ffef8ef7788 [ 147.285349][ T7028] [ 147.595073][ T7028] ERROR: Out of memory at tomoyo_realpath_from_path. [ 147.924231][ T7045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.306'. [ 147.988906][ T6986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.082425][ T6986] veth0_vlan: entered promiscuous mode [ 148.110730][ T6986] veth1_vlan: entered promiscuous mode [ 148.254684][ T6986] veth0_macvtap: entered promiscuous mode [ 148.284728][ T6986] veth1_macvtap: entered promiscuous mode [ 148.476438][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.519877][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.646206][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.755073][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.809843][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.857965][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.915842][ T54] Bluetooth: hci4: command tx timeout [ 148.922582][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.956949][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.974563][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.984649][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.006787][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.021129][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.033957][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.082714][ T6986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.109785][ T6986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.122410][ T6986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.143953][ T6986] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.175038][ T6986] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.183794][ T6986] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.225185][ T6986] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.296743][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.304611][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.369250][ T3503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.395669][ T3503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.789211][ T7084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.315'. [ 150.995665][ T54] Bluetooth: hci4: command tx timeout [ 151.190649][ T7090] netlink: set zone limit has 8 unknown bytes [ 152.273596][ T7110] zswap: compressor not available [ 152.626454][ T7122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.325'. [ 153.591333][ T7147] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 153.911394][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 153.917911][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 153.926532][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 153.932850][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 154.225143][ T7154] usb usb24: check_ctrlrecip: process 7154 (syz.0.334) requesting ep 01 but needs 81 [ 154.277107][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.336'. [ 154.295415][ T7154] usb usb24: usbfs: process 7154 (syz.0.334) did not claim interface 0 before use [ 154.687746][ T54] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 155.623255][ T7175] capability: warning: `syz.0.339' uses 32-bit capabilities (legacy support in use) [ 156.148094][ T7183] netlink: 4 bytes leftover after parsing attributes in process `syz.1.342'. [ 156.194510][ T7183] HfR: entered promiscuous mode [ 157.879488][ T7211] Invalid ELF header magic: != ELF [ 157.970618][ T7215] snd_aloop snd_aloop.0: control 5:-2147483645:7:IA>/[k/[k [ 169.515074][ T7452] dump_stack_lvl+0x16c/0x1f0 [ 169.515112][ T7452] should_fail_ex+0x50a/0x650 [ 169.515135][ T7452] ? fs_reclaim_acquire+0xae/0x150 [ 169.515176][ T7452] ? io_wq_create+0xcc/0x9e0 [ 169.515210][ T7452] should_failslab+0xc2/0x120 [ 169.515234][ T7452] __kmalloc_cache_noprof+0x68/0x410 [ 169.515266][ T7452] ? lockdep_init_map_type+0x16d/0x7d0 [ 169.515306][ T7452] io_wq_create+0xcc/0x9e0 [ 169.515343][ T7452] io_uring_alloc_task_context+0x212/0x690 [ 169.515378][ T7452] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 169.515411][ T7452] ? __pfx_io_wq_submit_work+0x10/0x10 [ 169.515435][ T7452] ? __pfx_io_wq_free_work+0x10/0x10 [ 169.515457][ T7452] ? alloc_file_pseudo+0x1b4/0x230 [ 169.515486][ T7452] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 169.515516][ T7452] __io_uring_add_tctx_node+0x2e0/0x500 [ 169.515549][ T7452] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 169.515582][ T7452] ? __anon_inode_getfile+0x18c/0x370 [ 169.515626][ T7452] io_uring_setup+0x15cf/0x2200 [ 169.515657][ T7452] ? __pfx_io_uring_setup+0x10/0x10 [ 169.515694][ T7452] ? __pfx___might_resched+0x10/0x10 [ 169.515745][ T7452] ? rcu_is_watching+0x12/0xc0 [ 169.515779][ T7452] __x64_sys_io_uring_setup+0x98/0x140 [ 169.515807][ T7452] do_syscall_64+0xcd/0x250 [ 169.515842][ T7452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.515873][ T7452] RIP: 0033:0x7f50a538d169 [ 169.515893][ T7452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.515914][ T7452] RSP: 002b:00007f50a61b0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 169.515936][ T7452] RAX: ffffffffffffffda RBX: 00007f50a55a5fa0 RCX: 00007f50a538d169 [ 169.515953][ T7452] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 169.515967][ T7452] RBP: 00007f50a540e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 169.515982][ T7452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.515997][ T7452] R13: 0000000000000000 R14: 00007f50a55a5fa0 R15: 00007ffef8ef7788 [ 169.516027][ T7452] [ 171.255244][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 171.263795][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 171.272369][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 171.507176][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 171.869656][ T7493] netlink: set zone limit has 8 unknown bytes [ 173.887172][ T7552] netlink: set zone limit has 8 unknown bytes [ 174.498007][ T7564] input: f as /devices/virtual/input/input8 [ 174.745042][ T7571] Line length is too long: Should be less than 4094 [ 174.817955][ T7575] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 174.933333][ T7577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.457'. [ 175.365669][ T7569] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 175.398773][ T7569] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 175.665071][ T7569] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 175.751676][ T7569] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 175.765093][ T7569] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 175.970728][ T7569] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 176.137886][ T7569] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 176.174568][ T7569] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 176.465965][ T7569] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 176.597321][ T7569] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 176.630895][ T7569] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 176.725484][ T7569] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 176.732465][ T7594] netlink: 'syz.0.462': attribute type 1 has an invalid length. [ 176.765244][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.785033][ T7594] netlink: 32 bytes leftover after parsing attributes in process `syz.0.462'. [ 176.913759][ T7596] netlink: 28 bytes leftover after parsing attributes in process `syz.0.462'. [ 177.805181][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 178.195216][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.675082][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout [ 178.835023][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 179.881136][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 180.284972][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 180.303550][ T7643] netlink: set zone limit has 8 unknown bytes [ 180.755167][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout [ 180.854613][ T7660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.481'. [ 180.915050][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 181.955465][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 182.355793][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 182.835056][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout [ 183.893557][ T5835] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 184.279766][ T7704] netlink: 'syz.0.490': attribute type 1 has an invalid length. [ 184.335260][ T7704] netlink: 33 bytes leftover after parsing attributes in process `syz.0.490'. [ 184.965438][ T7714] nbd: must specify a device to reconfigure [ 185.036385][ T7720] misc userio: No port type given on /dev/userio [ 185.363145][ T7732] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 185.495384][ T7724] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 185.515549][ T7736] random: crng reseeded on system resumption [ 186.197112][ T7753] openvswitch: netlink: Flow key attribute not present in set flow. [ 187.986489][ T7793] netlink: 'syz.3.510': attribute type 4 has an invalid length. [ 189.360463][ T7831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.519'. [ 189.546709][ T7835] netlink: set zone limit has 8 unknown bytes [ 190.549723][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 190.945455][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 191.668360][ T7883] ================================================================== [ 191.676472][ T7883] BUG: KASAN: slab-use-after-free in msft_opcode_get+0x6d/0x80 [ 191.684051][ T7883] Read of size 2 at addr ffff8880289b4a32 by task syz.1.530/7883 [ 191.691784][ T7883] [ 191.694122][ T7883] CPU: 0 UID: 0 PID: 7883 Comm: syz.1.530 Not tainted 6.14.0-rc6-syzkaller #0 [ 191.694146][ T7883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 191.694161][ T7883] Call Trace: [ 191.694169][ T7883] [ 191.694176][ T7883] dump_stack_lvl+0x116/0x1f0 [ 191.694208][ T7883] print_report+0xc3/0x670 [ 191.694227][ T7883] ? __virt_addr_valid+0x5e/0x590 [ 191.694246][ T7883] ? __phys_addr+0xc6/0x150 [ 191.694266][ T7883] kasan_report+0xd9/0x110 [ 191.694284][ T7883] ? msft_opcode_get+0x6d/0x80 [ 191.694309][ T7883] ? msft_opcode_get+0x6d/0x80 [ 191.694332][ T7883] msft_opcode_get+0x6d/0x80 [ 191.694353][ T7883] ? __pfx_msft_opcode_get+0x10/0x10 [ 191.694375][ T7883] simple_attr_read+0x169/0x370 [ 191.694397][ T7883] ? __debugfs_file_get+0x1ff/0x850 [ 191.694420][ T7883] ? __pfx_simple_attr_read+0x10/0x10 [ 191.694442][ T7883] ? __debugfs_file_get+0x1ff/0x850 [ 191.694465][ T7883] ? __pfx___debugfs_file_get+0x10/0x10 [ 191.694490][ T7883] debugfs_attr_read+0x76/0xa0 [ 191.694514][ T7883] full_proxy_read+0x13c/0x200 [ 191.694536][ T7883] ? __pfx_full_proxy_read+0x10/0x10 [ 191.694560][ T7883] vfs_read+0x1df/0xbf0 [ 191.694584][ T7883] ? __fget_files+0x1fc/0x3a0 [ 191.694609][ T7883] ? __pfx___mutex_lock+0x10/0x10 [ 191.694641][ T7883] ? __pfx_vfs_read+0x10/0x10 [ 191.694668][ T7883] ? __fget_files+0x206/0x3a0 [ 191.694699][ T7883] ksys_read+0x12b/0x250 [ 191.694724][ T7883] ? __pfx_ksys_read+0x10/0x10 [ 191.694754][ T7883] do_syscall_64+0xcd/0x250 [ 191.694779][ T7883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.694805][ T7883] RIP: 0033:0x7fedfc58d169 [ 191.694820][ T7883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.694837][ T7883] RSP: 002b:00007fedfd3f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 191.694855][ T7883] RAX: ffffffffffffffda RBX: 00007fedfc7a6080 RCX: 00007fedfc58d169 [ 191.694868][ T7883] RDX: 000000000000ffff RSI: 0000400000006740 RDI: 0000000000000006 [ 191.694881][ T7883] RBP: 00007fedfc60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 191.694893][ T7883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.694904][ T7883] R13: 0000000000000000 R14: 00007fedfc7a6080 R15: 00007fff5f2d1c28 [ 191.694922][ T7883] [ 191.694929][ T7883] [ 191.922885][ T7883] Allocated by task 68: [ 191.927033][ T7883] kasan_save_stack+0x33/0x60 [ 191.931720][ T7883] kasan_save_track+0x14/0x30 [ 191.936399][ T7883] __kasan_kmalloc+0xaa/0xb0 [ 191.940989][ T7883] __kmalloc_noprof+0x21c/0x510 [ 191.945844][ T7883] ieee802_11_parse_elems_full+0x1d0/0x3240 [ 191.951733][ T7883] ieee80211_inform_bss+0xfd/0x1100 [ 191.956927][ T7883] cfg80211_inform_single_bss_data+0x8f9/0x1df0 [ 191.963164][ T7883] cfg80211_inform_bss_data+0x205/0x3ba0 [ 191.968795][ T7883] cfg80211_inform_bss_frame_data+0x272/0x7a0 [ 191.974872][ T7883] ieee80211_bss_info_update+0x311/0xab0 [ 191.980510][ T7883] ieee80211_scan_rx+0x474/0xac0 [ 191.985447][ T7883] ieee80211_rx_list+0x1bd7/0x2970 [ 191.990564][ T7883] ieee80211_rx_napi+0xdd/0x400 [ 191.995419][ T7883] ieee80211_handle_queued_frames+0xd5/0x130 [ 192.001406][ T7883] tasklet_action_common+0x251/0x3f0 [ 192.006703][ T7883] handle_softirqs+0x213/0x8f0 [ 192.011469][ T7883] __irq_exit_rcu+0x109/0x170 [ 192.016146][ T7883] irq_exit_rcu+0x9/0x30 [ 192.020387][ T7883] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 192.026019][ T7883] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 192.031999][ T7883] [ 192.034313][ T7883] Freed by task 68: [ 192.038106][ T7883] kasan_save_stack+0x33/0x60 [ 192.042785][ T7883] kasan_save_track+0x14/0x30 [ 192.047459][ T7883] kasan_save_free_info+0x3b/0x60 [ 192.052477][ T7883] __kasan_slab_free+0x51/0x70 [ 192.057240][ T7883] kfree+0x2c4/0x4d0 [ 192.061130][ T7883] ieee80211_inform_bss+0x76e/0x1100 [ 192.066404][ T7883] cfg80211_inform_single_bss_data+0x8f9/0x1df0 [ 192.072642][ T7883] cfg80211_inform_bss_data+0x205/0x3ba0 [ 192.078279][ T7883] cfg80211_inform_bss_frame_data+0x272/0x7a0 [ 192.084347][ T7883] ieee80211_bss_info_update+0x311/0xab0 [ 192.089969][ T7883] ieee80211_scan_rx+0x474/0xac0 [ 192.094896][ T7883] ieee80211_rx_list+0x1bd7/0x2970 [ 192.100010][ T7883] ieee80211_rx_napi+0xdd/0x400 [ 192.104862][ T7883] ieee80211_handle_queued_frames+0xd5/0x130 [ 192.110858][ T7883] tasklet_action_common+0x251/0x3f0 [ 192.116149][ T7883] handle_softirqs+0x213/0x8f0 [ 192.120912][ T7883] __irq_exit_rcu+0x109/0x170 [ 192.125591][ T7883] irq_exit_rcu+0x9/0x30 [ 192.129835][ T7883] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 192.135468][ T7883] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 192.141448][ T7883] [ 192.143850][ T7883] The buggy address belongs to the object at ffff8880289b4800 [ 192.143850][ T7883] which belongs to the cache kmalloc-1k of size 1024 [ 192.157895][ T7883] The buggy address is located 562 bytes inside of [ 192.157895][ T7883] freed 1024-byte region [ffff8880289b4800, ffff8880289b4c00) [ 192.171770][ T7883] [ 192.174083][ T7883] The buggy address belongs to the physical page: [ 192.180491][ T7883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x289b0 [ 192.189240][ T7883] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 192.197729][ T7883] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 192.205272][ T7883] page_type: f5(slab) [ 192.209247][ T7883] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 192.217828][ T7883] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 192.226422][ T7883] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 192.235101][ T7883] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 192.243765][ T7883] head: 00fff00000000003 ffffea0000a26c01 ffffffffffffffff 0000000000000000 [ 192.252428][ T7883] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 192.261082][ T7883] page dumped because: kasan: bad access detected [ 192.267493][ T7883] page_owner tracks the page as allocated [ 192.273194][ T7883] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 52, tgid 52 (kworker/u8:3), ts 11635675091, free_ts 0 [ 192.291511][ T7883] post_alloc_hook+0x181/0x1b0 [ 192.296279][ T7883] get_page_from_freelist+0xfce/0x2f80 [ 192.301739][ T7883] __alloc_frozen_pages_noprof+0x221/0x2470 [ 192.307633][ T7883] new_slab+0x94/0x330 [ 192.311707][ T7883] ___slab_alloc+0xc5d/0x1720 [ 192.316382][ T7883] __slab_alloc.constprop.0+0x56/0xb0 [ 192.321757][ T7883] __kmalloc_cache_node_noprof+0x101/0x420 [ 192.327564][ T7883] blk_mq_alloc_and_init_hctx+0x639/0x11b0 [ 192.333374][ T7883] blk_mq_realloc_hw_ctxs+0x8e0/0xbe0 [ 192.338748][ T7883] blk_mq_init_allocated_queue+0x39e/0x11f0 [ 192.344638][ T7883] blk_mq_alloc_queue+0x1c3/0x290 [ 192.349680][ T7883] scsi_alloc_sdev+0x890/0xd80 [ 192.354436][ T7883] scsi_probe_and_add_lun+0x789/0xda0 [ 192.359804][ T7883] __scsi_scan_target+0x1ea/0x580 [ 192.364821][ T7883] scsi_scan_channel+0x149/0x1e0 [ 192.369752][ T7883] scsi_scan_host_selected+0x302/0x400 [ 192.375208][ T7883] page_owner free stack trace missing [ 192.380561][ T7883] [ 192.382873][ T7883] Memory state around the buggy address: [ 192.388491][ T7883] ffff8880289b4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 192.396544][ T7883] ffff8880289b4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 192.404596][ T7883] >ffff8880289b4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 192.412643][ T7883] ^ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 192.418271][ T7883] ffff8880289b4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 192.426326][ T7883] ffff8880289b4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 192.434408][ T7883] ================================================================== [ 192.442550][ C0] vkms_vblank_simulate: vblank timer overrun [ 192.568722][ T7883] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 192.575975][ T7883] CPU: 1 UID: 0 PID: 7883 Comm: syz.1.530 Not tainted 6.14.0-rc6-syzkaller #0 [ 192.584847][ T7883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 192.594918][ T7883] Call Trace: [ 192.598211][ T7883] [ 192.601157][ T7883] dump_stack_lvl+0x3d/0x1f0 [ 192.605790][ T7883] panic+0x71d/0x800 [ 192.609709][ T7883] ? __pfx_panic+0x10/0x10 [ 192.614147][ T7883] ? preempt_schedule_thunk+0x1a/0x30 [ 192.619553][ T7883] ? preempt_schedule_common+0x44/0xc0 [ 192.625042][ T7883] check_panic_on_warn+0xab/0xb0 [ 192.630005][ T7883] end_report+0x117/0x180 [ 192.634370][ T7883] kasan_report+0xe9/0x110 [ 192.638812][ T7883] ? msft_opcode_get+0x6d/0x80 [ 192.643601][ T7883] ? msft_opcode_get+0x6d/0x80 [ 192.648391][ T7883] msft_opcode_get+0x6d/0x80 [ 192.653009][ T7883] ? __pfx_msft_opcode_get+0x10/0x10 [ 192.658327][ T7883] simple_attr_read+0x169/0x370 [ 192.663199][ T7883] ? __debugfs_file_get+0x1ff/0x850 [ 192.668432][ T7883] ? __pfx_simple_attr_read+0x10/0x10 [ 192.673827][ T7883] ? __debugfs_file_get+0x1ff/0x850 [ 192.679054][ T7883] ? __pfx___debugfs_file_get+0x10/0x10 [ 192.684632][ T7883] debugfs_attr_read+0x76/0xa0 [ 192.689417][ T7883] full_proxy_read+0x13c/0x200 [ 192.694187][ T7883] ? __pfx_full_proxy_read+0x10/0x10 [ 192.699478][ T7883] vfs_read+0x1df/0xbf0 [ 192.703641][ T7883] ? __fget_files+0x1fc/0x3a0 [ 192.708323][ T7883] ? __pfx___mutex_lock+0x10/0x10 [ 192.713358][ T7883] ? __pfx_vfs_read+0x10/0x10 [ 192.718047][ T7883] ? __fget_files+0x206/0x3a0 [ 192.722734][ T7883] ksys_read+0x12b/0x250 [ 192.726990][ T7883] ? __pfx_ksys_read+0x10/0x10 [ 192.731772][ T7883] do_syscall_64+0xcd/0x250 [ 192.736285][ T7883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.742471][ T7883] RIP: 0033:0x7fedfc58d169 [ 192.746887][ T7883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.766499][ T7883] RSP: 002b:00007fedfd3f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 192.774913][ T7883] RAX: ffffffffffffffda RBX: 00007fedfc7a6080 RCX: 00007fedfc58d169 [ 192.782911][ T7883] RDX: 000000000000ffff RSI: 0000400000006740 RDI: 0000000000000006 [ 192.790880][ T7883] RBP: 00007fedfc60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 192.798856][ T7883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.806898][ T7883] R13: 0000000000000000 R14: 00007fedfc7a6080 R15: 00007fff5f2d1c28 [ 192.814892][ T7883] [ 192.818259][ T7883] Kernel Offset: disabled [ 192.822591][ T7883] Rebooting in 86400 seconds..