last executing test programs: 5m26.246382055s ago: executing program 2 (id=204): socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x24, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NETDEV_A_QUEUE_TYPE={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0xfc, 0x9}, 0x7}, 0x3, 0x0) 5m25.484582997s ago: executing program 2 (id=205): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) read$auto(r0, 0x0, 0x1ff) r1 = socket(0x2, 0x80802, 0x0) keyctl$auto(0x10000, 0x3, 0x9877, 0xc7, 0x8460) setsockopt$auto(r1, 0x11, 0x67, 0x0, 0x8) 5m25.28346802s ago: executing program 2 (id=206): sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB="00032abd7014ffdbdf25030000000500020000003c63bc0c9e23f5a100000c0002006d61637365623000070002002e2b000006000100050000000b0002006d61637365630000"], 0x44}, 0x1, 0x0, 0x0, 0x40050}, 0x804) r0 = socket(0xa, 0x3, 0x3a) r1 = socket(0x10, 0x3, 0xa) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r2, &(0x7f0000007500)={0x0, 0xffffffffffffffb2, &(0x7f00000074c0)={&(0x7f0000000180)=ANY=[@ANYRES8=r3, @ANYRES16=r3, @ANYRES32=r1, @ANYRES32=r4, @ANYRESOCT=r4], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, r3, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8c1}, 0x4000080) mmap$auto(0xfffffffffffffff9, 0x400008, 0x7, 0x9b72, 0x2, 0x6) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7) setsockopt$auto(r0, 0x29, 0x8, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x15, 0x5, 0x0) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x200000000401, 0x8000) mmap$auto(0x0, 0x2, 0x4000000000df, 0x40eb4, 0x2, 0x300000000000) timerfd_create$auto(0x9, 0x0) socket(0x1, 0x4, 0x0) connect$auto(0x4, &(0x7f0000000000), 0x7f) socketpair$auto(0x1e, 0x5, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 5m24.466198771s ago: executing program 2 (id=208): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x2, 0x3a) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x30, r3, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8880) r4 = fcntl$getown(0xffffffffffffffff, 0x9) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0010000", @ANYRES16=r1, @ANYBLOB="000829bd7000fcdbdf25820000000400dd001c001780050001000400000005000600050000000500010003000000b80125800c018d8008001400e000000190afd5e685d4c9c6ed6e013c33ee78b21a008c1af109ed349194d14ba75787eb4173d7734bb9d522fba88c60e567cdc8101b0fca21c33dbe53d8682f47fa8ea496c91a2ec5815027d9c5c0e9dd619101b112995047e99c743849b421ea35838309fbcae62e4c37e146cef2b364b4c399e0cbf2abb3d8687626f743a47f7f2fc393d0b2dd8bb06070b15bc8c13cdd32f9d259a2344ec3ce1fe75c2a000a2ca1214af1e77b69cf27b5f05b7effcc94731190f3beb042e3857b7a99dce83263911a4f68f2bd06d651e8e0cfa712501e81c495d21a1bff1a7c17043066eb47296a457e05ac9c26fdd72c04005b8004007b8008002800467b260008003200", @ANYRES32=r4, @ANYBLOB="a700b28049b7cf5acaae26aa0764d7eedab4f87294e0e3ce6132fecda0da7369eb7824959a2d731cbbfc8e5511c804bd459c24521d2ac9ec2570b0476e7adcc72b18043963f28b8924090d540ed40a30c9ec0723397279293bcc5f45e5bcc77f203d205cfba897f18fc2e65fc611fc49e5898046c3874adea58cde33a0e9f89d6cbaea906e0763e18b46551f479974a3c39858112d997ad3562e8e25044943766eff09b8c30e8cec31487be232466ffc000400080196178d9880ac493d6e7c775c825ab09522bfcae72c7579cd970743758a462a629c3aa09182d60dde195af0d97435f2a2dfe5c0f6a39b16348d85643139db86e1aee6be7184d56e58a10941de0a8999a908d990246f63ce581ab4ad944ea10009d4c9eb1b068fe12cba0eaa7a2eb823c3849a062272b4d6"], 0x1f0}, 0x1, 0x0, 0x0, 0x4010}, 0x10) unshare$auto(0x40000080) unshare$auto(0x3) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clone3$auto(0x0, 0x40) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_pwait$auto(0x3, 0x0, 0x1, 0xffff0102, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x5, 0xfffffffffffffffd, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x1) 5m21.474471747s ago: executing program 2 (id=214): setresgid$auto(0x800, 0xee01, 0xffffffffffffffff) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0xbfa8, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) madvise$auto(0xa, 0xb, 0xfffffffc) migrate_pages$auto(0x1, 0x9, 0x0, &(0x7f0000000840)=0x2) socket(0x2, 0x2, 0x0) fanotify_init$auto(0x5, 0x2000000000002) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x82099, 0xe9e, 0x7, 0x15, 0xffd, 0x108000001, 0x4, 0xf, 0x1, 0x0, 0xe, 0x3, 0x101, 0xff, 0x5, 0x80000001]}, 0x0, 0x0) setregid$auto(0xee01, 0x0) 5m17.637999576s ago: executing program 2 (id=218): mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x6, 0x200004, 0x5, 0x40eb2, 0x406, 0x2) mlockall$auto(0x7) mprotect$auto(0x0, 0x8000000000000001, 0x6) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf250200000800130001"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000100)=ANY=[@ANYBLOB="42dea9345f32536c66806ec9c09b9c7c74b624343ed22010389ca34a8c9da1e9c8a4441e7101000000f26c2ad4415ec5461ccb0f9a83e6850f1a4c98ce3322139fc35489", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) clone3$auto(0x0, 0x40) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x6, 0x100000004, 0x3, 0x0, 0x20000000000006, 0x2) setuid$auto(0xe) bpf$auto(0x5, &(0x7f0000003c80)=@bpf_attr_7={@map_id=0x8, 0x81, 0xf}, 0x5) 5m16.645031069s ago: executing program 32 (id=218): mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x6, 0x200004, 0x5, 0x40eb2, 0x406, 0x2) mlockall$auto(0x7) mprotect$auto(0x0, 0x8000000000000001, 0x6) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf250200000800130001"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000100)=ANY=[@ANYBLOB="42dea9345f32536c66806ec9c09b9c7c74b624343ed22010389ca34a8c9da1e9c8a4441e7101000000f26c2ad4415ec5461ccb0f9a83e6850f1a4c98ce3322139fc35489", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) clone3$auto(0x0, 0x40) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x6, 0x100000004, 0x3, 0x0, 0x20000000000006, 0x2) setuid$auto(0xe) bpf$auto(0x5, &(0x7f0000003c80)=@bpf_attr_7={@map_id=0x8, 0x81, 0xf}, 0x5) 1m34.643059551s ago: executing program 1 (id=588): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x20000, 0x2009, 0x2, 0x11, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x41, 0x4909b6f8, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x7, 0x10001, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x2000, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffbffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x2000000000000000, 0x0, 0x0, 0x400000000005b8, 0x3, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000108, 0xfffffffffffffffc, 0x7fffffff, 0xa38, 0x0, 0x3, 0xfffffffffffffffa, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = gettid() mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) process_vm_writev$auto(r1, &(0x7f0000000000)={0x0, 0x7ff}, 0x3, &(0x7f0000000080)={0x0, 0x800007}, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x81, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(&(0x7f0000000380)={0x0, 0x8, 0x45, 0x8}, &(0x7f00000003c0)={0x9, 0xffffffc0, 0xb8a5, 0x3, 0x6, 0x9, 0x6, 0x83c, 0x9, 0x8, 0x61b, 0x8001, 0x1000, 0x2, 0x3e, 0x9, 0x7, 0x0, 0x5, 0x8, 0x8193, 0xc, 0x5, 0x8, 0x8, 0x70e, [0x7d, 0x10000, 0x9, 0x2, 0x3ff, 0x1, 0x0, 0x9, 0x8000, 0x7, 0x9, 0xff, 0x1, 0x38f5a5fd, 0xfffffffffffffffc, 0x9, 0xfffffffffffffff8, 0xffff, 0xe, 0x8, 0xd86, 0x672, 0xfffffffffffffffa, 0x3ff, 0x4, 0x7a, 0x6, 0x9, 0x9, 0x5, 0x9, 0xffffffffffffc7a8, 0x7ff, 0x1, 0x0, 0x0, 0x1, 0x65ff, 0x4, 0x5, 0xd487, 0x0, 0x10001, 0x1000000000000000, 0x9, 0x3], "a78f391f60dc83ab56acee3c7bd13c8c007f48ce66b6"}, 0x600, 0x7) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) close_range$auto(0x2, 0xa, 0x0) open(0x0, 0xa240, 0x15e) open(0x0, 0xa00, 0x100) sysfs$auto(0x2, 0x1e, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="770e0000", @ANYRES16=0x0, @ANYBLOB="080028bd7000fddbdf250300000008000600020000000c0014"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x405b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m31.896977149s ago: executing program 1 (id=594): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x642, 0x0) read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdf3) close_range$auto(0x2, 0x8, 0xfffe) r1 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x2, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x80) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setresuid$auto(0x8000000000000001, 0x1, 0x200) mlockall$auto(0x7) quotactl$auto(0xb, 0x0, 0x7, 0x0) 1m27.703043382s ago: executing program 1 (id=598): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x24, r2, 0xb11, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x1000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB="7600279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1m26.839190123s ago: executing program 1 (id=600): sendto$auto(0x3, 0x0, 0x8, 0x4, 0x0, 0xffffff1f) prctl$auto(0x35, 0x0, 0x4, 0x0, 0x0) mmap$auto(0x0, 0x8, 0x4000000000db, 0x44eb1, 0x4000000000000006, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) socket(0x23, 0x1, 0x2) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/stat/rt_cache\x00', 0x60200, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000140)=""/232, 0xe8) read$auto(0x3, 0x0, 0x80) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/mcfilter\x00', 0x0, 0x0) ioctl$auto(0x3, 0x8906, 0xd) 1m25.033524238s ago: executing program 1 (id=604): mmap$auto(0x3, 0x20009, 0x4000000000df, 0xebe, 0x401, 0x8001) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) ioperm$auto(0x7, 0x6, 0x8) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x3) shmdt$auto(0x0) madvise$auto(0x0, 0x3, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) read$auto(r1, 0x0, 0x1ff) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xc8) acct$auto(&(0x7f0000000100)='..\x00') execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket(0xa, 0x1, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) ioctl$auto_NVRAM_SETCKS(r0, 0x7041, 0x0) r3 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r3, 0x11, 0x67, 0x0, 0x8) 1m21.030205767s ago: executing program 1 (id=613): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) read$auto(0x3, 0x0, 0x7) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000002040)='/proc/kmsg\x00', 0x800, 0x0) read$auto_dai_list_fops_(r1, 0x0, 0x0) msgctl$auto(0x400, 0xa, &(0x7f0000000440)={{0x9805, 0xee00, 0x0, 0x3, 0x5, 0x0, 0x2}, &(0x7f00000003c0)=0x8, &(0x7f0000000400)=0x1b8, 0xc, 0x1eb1, 0xffffffffffffffff, 0x9, 0xcea2, 0xfffc, 0xea, 0x5, 0x0, 0x18}) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f00000004c0), 0x2101, 0x0) r3 = gettid() kill$auto(r3, 0x11) gettid() r4 = getpgid(0x0) r5 = getuid() setresuid$auto(0x0, r5, 0xee00) r6 = getuid() sendmsg$auto_TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={&(0x7f0000000080), 0xc, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r6, @ANYRESDEC=r2, @ANYRESOCT=r4, @ANYBLOB="5fd31bfc1f689e6e8e480f453f3562ad7c2ea6875024592ede14978a3c7413d8b211661261afdcca7d32507199d3d1bc084f96d20c5e1e4d31b60316231096c5c0efc50050fe51f859bbe1391a62388b9c2944c175d361e7058136f836b6caa7", @ANYRES8=r3, @ANYRESDEC=r0, @ANYBLOB="8f82a0b9d4e7ff1065dd2efb1e2a9efd8de71d9c43ca7e2ad949a1d83326594832206f4ec71ea0597c7562b9e102288abb171b9749e60819bafe7abec8df4f7e5ab9301bc722810a35b10c3bfbb2946eb43512f1d6f5e87144e8ba19cec93a1b021103b90aa995918f2149e1a208efec5a3092906b2e1683423d10122219dfeacfe509f5b10da6551fd31024883827838a524d1471d808141f540c68467e50846c93c8408d4de80d5b1a24341d409ace89beb64d401bbb8719cb09084f10f7dcaec138cd068d764556724ee405c6303ba28f5e7e4ba1b3db80b8260679d54357277424b443d92473433b1f4e6b37a7cb52e5f19af06410e8956d0d7d89"], 0x75cc}, 0x1, 0x0, 0x0, 0x4000010}, 0x4004881) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) prctl$auto(0x1000000003b, 0x7, 0x8, 0x5, 0x4000000007) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x2a, 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) arch_prctl$auto(0x5001, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x1e) clone$auto(0x100000000, 0x9, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x5, 0xfffffffffffffea9) timer_delete$auto(0x8) 1m20.068953049s ago: executing program 33 (id=613): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) read$auto(0x3, 0x0, 0x7) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000002040)='/proc/kmsg\x00', 0x800, 0x0) read$auto_dai_list_fops_(r1, 0x0, 0x0) msgctl$auto(0x400, 0xa, &(0x7f0000000440)={{0x9805, 0xee00, 0x0, 0x3, 0x5, 0x0, 0x2}, &(0x7f00000003c0)=0x8, &(0x7f0000000400)=0x1b8, 0xc, 0x1eb1, 0xffffffffffffffff, 0x9, 0xcea2, 0xfffc, 0xea, 0x5, 0x0, 0x18}) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f00000004c0), 0x2101, 0x0) r3 = gettid() kill$auto(r3, 0x11) gettid() r4 = getpgid(0x0) r5 = getuid() setresuid$auto(0x0, r5, 0xee00) r6 = getuid() sendmsg$auto_TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={&(0x7f0000000080), 0xc, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r6, @ANYRESDEC=r2, @ANYRESOCT=r4, @ANYBLOB="5fd31bfc1f689e6e8e480f453f3562ad7c2ea6875024592ede14978a3c7413d8b211661261afdcca7d32507199d3d1bc084f96d20c5e1e4d31b60316231096c5c0efc50050fe51f859bbe1391a62388b9c2944c175d361e7058136f836b6caa7", @ANYRES8=r3, @ANYRESDEC=r0, @ANYBLOB="8f82a0b9d4e7ff1065dd2efb1e2a9efd8de71d9c43ca7e2ad949a1d83326594832206f4ec71ea0597c7562b9e102288abb171b9749e60819bafe7abec8df4f7e5ab9301bc722810a35b10c3bfbb2946eb43512f1d6f5e87144e8ba19cec93a1b021103b90aa995918f2149e1a208efec5a3092906b2e1683423d10122219dfeacfe509f5b10da6551fd31024883827838a524d1471d808141f540c68467e50846c93c8408d4de80d5b1a24341d409ace89beb64d401bbb8719cb09084f10f7dcaec138cd068d764556724ee405c6303ba28f5e7e4ba1b3db80b8260679d54357277424b443d92473433b1f4e6b37a7cb52e5f19af06410e8956d0d7d89"], 0x75cc}, 0x1, 0x0, 0x0, 0x4000010}, 0x4004881) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) prctl$auto(0x1000000003b, 0x7, 0x8, 0x5, 0x4000000007) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x2a, 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) arch_prctl$auto(0x5001, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x1e) clone$auto(0x100000000, 0x9, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x5, 0xfffffffffffffea9) timer_delete$auto(0x8) 12.716535861s ago: executing program 4 (id=814): close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYRESHEX, @ANYRES16=0x0, @ANYRES16=r0, @ANYRES8=r0, @ANYBLOB="816b95927081aa45b4ad5c528b14f805f6", @ANYRES8=r0, @ANYRESDEC=r0, @ANYRES8=r0, @ANYRES16=r0, @ANYRES32=r0], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4c880) r1 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0xc0a82, 0x0) write$auto(r1, &(0x7f00000000c0)='\x00', 0xb55) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004900)='/dev/snd/controlC1\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f0000004940)={0x9, 0x6, 0x5, 0x8000004, "6f186b5361c9e1fc9d34572a91c492fab20eb1ac24e53e7326c3f1b241ae9dde07592cbddc6c51c095991239", 0x6}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x80) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sigaltstack$auto(0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, 0x0, 0x20000000) mmap$auto(0x0, 0x4, 0x4000000002df, 0x19, 0x9, 0x300000000000) r3 = gettid() process_vm_writev$auto(r3, 0x0, 0x3, 0x0, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) syz_clone(0x80081000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r4, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x183800, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) r5 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sysfs$auto(0x2, 0x100000000000038, 0x0) write$auto(r5, 0x0, 0x45c) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000e80), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_LINKSTATE_GET(r7, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={&(0x7f00000018c0)=ANY=[@ANYBLOB="140090e8", @ANYRES16=r6, @ANYBLOB="2b0725bd7000fcdbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0x18810}, 0x80800) 9.861689878s ago: executing program 3 (id=823): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="53010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x60000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x6, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4cb245184f86db27df250a0000"], 0xf8}}, 0x10004010) 8.193366499s ago: executing program 5 (id=826): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0xa, 0x2, 0x88) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) 8.158762272s ago: executing program 3 (id=827): r0 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000280), 0x1e9282, 0x0) ioprio_set$auto(0x2, 0x4, 0x5b99) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040)=[0x2], 0x10, &(0x7f00000000c0)={0x0, 0x1}, 0x7, &(0x7f0000000100), 0x2, 0xb}, 0xfff}, 0x5, 0x7fffffff) listen$auto(0x3, 0x83) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/extfrag/extfrag_index\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r2, &(0x7f00000010c0)=""/4096, 0x1000) write$auto_evm_xattr_ops_evm_secfs(r0, 0x0, 0x29) madvise$auto(0x9, 0x1, 0x1) 8.002276969s ago: executing program 4 (id=828): setreuid$auto(0x15, 0x5) (async) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x8081, 0x8, 0x8) (async) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0x5, 0x15) (async) r0 = socket(0xa, 0x1, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000880), r1) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) (async) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) setuid$auto(0x1f) (async) futimesat$auto(0x2, 0x0, 0x0) (async) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x7de1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)={0x1c, r2, 0x3abba0b2ae0bab93, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc811}, 0x10) (async) madvise$auto(0x0, 0x200007, 0x19) 7.170815029s ago: executing program 3 (id=830): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000002040)='/proc/kmsg\x00', 0x800, 0x0) read$auto_dai_list_fops_(r1, 0x0, 0x0) msgctl$auto(0x400, 0xa, &(0x7f0000000440)={{0x9805, 0xee00, 0x0, 0x3, 0x5, 0x0, 0x2}, &(0x7f00000003c0)=0x8, &(0x7f0000000400)=0x1b8, 0xc, 0x1eb1, 0xffffffffffffffff, 0x9, 0xcea2, 0xfffc, 0xea, 0x5, 0x0, 0x18}) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f00000004c0), 0x2101, 0x0) r2 = gettid() kill$auto(r2, 0x11) gettid() getpgid(0x0) getuid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setrlimit$auto(0x1000000007, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 6.946573318s ago: executing program 5 (id=831): openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2000, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000000)={0xffffffff, 0x4, [{0xffffffffffffffff, 0x0, 0x6, 0x8000}]}) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_TTLM_DLINK={0xa, 0x148, "aa1bda763950"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x80}, @NL80211_ATTR_TIMED_OUT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040040) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/trace\x00', 0x80800, 0x0) read$auto(0x3, 0x0, 0x400000) 6.190388446s ago: executing program 4 (id=833): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/set_event\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) read$auto(0x3, 0x0, 0x400000) 6.069744448s ago: executing program 0 (id=834): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="53010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00', @ANYRES16=r1, @ANYBLOB="4cb245184f86db27df250a00000a"], 0xf8}}, 0x10004010) 5.941106436s ago: executing program 5 (id=835): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="53010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x60000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x6, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4cb245184f86db27df250a0000"], 0xf8}}, 0x10004010) 5.912086976s ago: executing program 4 (id=836): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffc) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7ffc) r0 = socket(0xa, 0x1, 0x84) socket(0x2, 0x6, 0x0) (async) socket(0x2, 0x6, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2498dcc90cf8b784f376f185dcbed35c000000", @ANYRES16=0x0, @ANYBLOB="000227bd7000ffdbdf250a0000000600010008000000070002007d250000060002005e0000000600010008000000110002002b2d2f272c2d29262c2e5a7d0000000006000100090000000a00020026215e3a23000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4c8d1}, 0x0) fstatfs$auto(0x3, 0x0) socketpair$auto(0x0, 0x5, 0x7, 0x0) (async) socketpair$auto(0x0, 0x5, 0x7, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) fanotify_mark$auto(0x0, 0x1, 0x7, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfdef) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0x37, 0x0, 0x0) (async) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0x37, 0x0, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x0, 0x32, 0x0, 0x4) (async) setsockopt$auto(0x3, 0x0, 0x32, 0x0, 0x4) bpf$auto(0x5, 0x0, 0x504) mbind$auto(0x8, 0xe, 0x9, &(0x7f0000000000)=0x5, 0x3, 0x1000) 5.632409362s ago: executing program 3 (id=837): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/set_event\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) read$auto(0x3, 0x0, 0x400000) (fail_nth: 1) 4.954158294s ago: executing program 0 (id=838): read$auto(0x3, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 4.145198071s ago: executing program 3 (id=839): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x0, 0x28000) sysfs$auto(0x2, 0x1e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x1, 0x1, 0x14, &(0x7f0000000000)='\x00', 0xbb) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x3b72, 0x0) socket(0x23, 0x80805, 0x0) inotify_init1$auto(0x3000000000000) ppoll$auto(&(0x7f0000002340)={0x8000, 0x0, 0xfffb}, 0x1, &(0x7f0000002380)={0x22e, 0x4}, &(0x7f00000023c0)={0x3}, 0x8) fcntl$auto(0x4, 0x4, 0xa553) r2 = openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) recvmmsg$auto(r2, &(0x7f0000000240)={{&(0x7f00000000c0)=[0x8, 0x7, 0x21], 0x5, &(0x7f00000001c0)={&(0x7f0000000180)=[0xaefa, 0x100, 0x0, 0x7fff], 0xf}, 0x2, &(0x7f0000000200)=[0x2], 0x91, 0x5}, 0x3ff}, 0x7, 0x8000, &(0x7f0000000280)={0x8ab, 0x1d5}) close_range$auto(0x2, 0x8000, 0x0) prctl$auto(0x23, 0x4, 0x7fffffffefff, 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000900)={0xfffffffffffffffb, r3, 0x31, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_FEC_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_FEC_MODES={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x4008084) 4.144668744s ago: executing program 5 (id=840): read$auto(0x3, 0x0, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (fail_nth: 1) 3.968474804s ago: executing program 0 (id=841): close_range$auto(0x2, 0x8000, 0x0) socket(0x1e, 0x805, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x6, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0) close_range$auto(0x2, 0x8000, 0x0) r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/fail_page_alloc/space\x00', 0x240, 0x0) mremap$auto(0x1ff000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0xfffffffffffffffe, 0xc2, 0x1, 0xfff, 0x8, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r1, 0x8004552d, 0x81) write$auto_configfs_file_operations_configfs_internal(r0, 0x0, 0x0) 3.178309954s ago: executing program 3 (id=842): read$auto(0x3, 0x0, 0x7) mmap$auto(0x1, 0xfffffffffffff9a8, 0xf8, 0x10, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x800000000801e, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x5, &(0x7f0000000240), 0x8000, 0x40}, 0x8}, 0x1, 0x9) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="2e00f5"], 0x1ac}}, 0x40000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c004}, 0x40080c0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/nr13/ifalias\x00', 0xc0002, 0x0) socket(0x1e, 0x4, 0x0) r1 = socket(0x9, 0x4, 0x800) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10b, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) read$auto(0x4, 0x0, 0x80) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) writev$auto(0x1, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x10002) 2.508888484s ago: executing program 0 (id=843): openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000ac0), 0x2000, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000000)={0xffffffff, 0x4, [{0xffffffffffffffff, 0x0, 0x6, 0x8000}]}) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_TTLM_DLINK={0xa, 0x148, "aa1bda763950"}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x80}, @NL80211_ATTR_TIMED_OUT={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040040) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/trace\x00', 0x80800, 0x0) read$auto(0x3, 0x0, 0x400000) 2.209417155s ago: executing program 5 (id=844): mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000140)={0xfffffffffffffe01, 0x0, r0}) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) fcntl$auto(0xffffffffffffffff, 0x401, 0x9) r2 = open(0x0, 0x4242, 0xe1d2b27bdc14aabc) utimensat$auto(r2, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x3, 0x2}, 0x5) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008810}, 0x20008000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x2, 0x20009, 0xdf, 0xeb1, 0x401, 0x1000008000) sysfs$auto(0x3ff, 0x8, 0xfffffffffffffff7) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) rename$auto(0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) pidfd_open$auto(0x1, 0x0) getresuid$auto(0x0, 0x0, 0x0) setreuid$auto(0x3, 0x7) io_setup$auto(0x1, 0x0) openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_clock\x00', 0x200, 0x0) 2.006300429s ago: executing program 4 (id=845): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000002040)='/proc/kmsg\x00', 0x800, 0x0) read$auto_dai_list_fops_(r1, 0x0, 0x0) msgctl$auto(0x400, 0xa, &(0x7f0000000440)={{0x9805, 0xee00, 0x0, 0x3, 0x5, 0x0, 0x2}, &(0x7f00000003c0)=0x8, &(0x7f0000000400)=0x1b8, 0xc, 0x1eb1, 0xffffffffffffffff, 0x9, 0xcea2, 0xfffc, 0xea, 0x5, 0x0, 0x18}) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f00000004c0), 0x2101, 0x0) r2 = gettid() kill$auto(r2, 0x11) gettid() getpgid(0x0) getuid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setrlimit$auto(0x1000000007, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 1.234506605s ago: executing program 0 (id=846): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="53010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00', @ANYRES16=r1, @ANYBLOB="4cb245184f86db27df250a00000a"], 0xf8}}, 0x10004010) 422.284072ms ago: executing program 5 (id=847): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r1 = syz_open_procfs$namespace(0x0, 0x0) ioctl$NS_GET_PARENT(r1, 0x8008b705, 0x0) socketpair$auto(0x8001, 0x5, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x9) mprotect$auto(0x3, 0x8000000000000001, 0xf) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) io_getevents$auto(0x4, 0xffffffffffffffff, 0x8000000000000001, 0xfffffffffffffffc, 0x0) read$auto_mISDN_fops_timerdev(r0, &(0x7f0000000180)=""/211, 0xd3) ioctl$auto_IMADDTIMER(r0, 0x80044940, 0x0) 173.804965ms ago: executing program 4 (id=848): r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x103000, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8002, 0x0) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040)=[0x8000000000000002], 0x10, &(0x7f00000000c0)={0x0, 0x1}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x7fffffff) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) readv$auto(0x3, &(0x7f0000000080)={0x0, 0x8}, 0x4) read$auto_percpu_stats_fops_(r0, &(0x7f0000000000)=""/21, 0x15) 0s ago: executing program 0 (id=849): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="53010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x60000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x6, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4cb245184f86db27df250a0000"], 0xf8}}, 0x10004010) kernel console output (not intermixed with test programs): ng state [ 154.543921][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.551444][ T5839] bridge_slave_1: entered allmulticast mode [ 154.558732][ T5839] bridge_slave_1: entered promiscuous mode [ 154.576202][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.583392][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.590712][ T5845] bridge_slave_0: entered allmulticast mode [ 154.597662][ T5845] bridge_slave_0: entered promiscuous mode [ 154.606521][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.614103][ T5144] Bluetooth: hci0: command tx timeout [ 154.617079][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.626910][ T5845] bridge_slave_1: entered allmulticast mode [ 154.633634][ T5845] bridge_slave_1: entered promiscuous mode [ 154.657278][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 154.685642][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.699340][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.758822][ T5144] Bluetooth: hci1: command tx timeout [ 154.765949][ T5848] Bluetooth: hci2: command tx timeout [ 155.336411][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.348155][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.360810][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.401587][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.413463][ T5842] team0: Port device team_slave_0 added [ 155.422903][ T5842] team0: Port device team_slave_1 added [ 155.437633][ T5839] team0: Port device team_slave_0 added [ 155.469184][ T5839] team0: Port device team_slave_1 added [ 155.475089][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.482257][ T5848] Bluetooth: hci3: command tx timeout [ 155.488350][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.495509][ T5849] bridge_slave_0: entered allmulticast mode [ 155.502347][ T5849] bridge_slave_0: entered promiscuous mode [ 155.533309][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.541272][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.548683][ T5849] bridge_slave_1: entered allmulticast mode [ 155.555247][ T5849] bridge_slave_1: entered promiscuous mode [ 155.574135][ T5845] team0: Port device team_slave_0 added [ 155.580989][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.590872][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.617107][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.647470][ T5845] team0: Port device team_slave_1 added [ 155.653709][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.660929][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.937632][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.282580][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.289973][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.316593][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.329670][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.341428][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.371455][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.378569][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.404872][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.434594][ T5849] team0: Port device team_slave_0 added [ 156.461805][ T5849] team0: Port device team_slave_1 added [ 156.468336][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.475268][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.506506][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.519829][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.526928][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.552975][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.607521][ T5842] hsr_slave_0: entered promiscuous mode [ 156.613750][ T5842] hsr_slave_1: entered promiscuous mode [ 156.647272][ T5839] hsr_slave_0: entered promiscuous mode [ 156.709771][ T5848] Bluetooth: hci0: command tx timeout [ 156.716252][ T5839] hsr_slave_1: entered promiscuous mode [ 156.919529][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.119631][ T5848] Bluetooth: hci1: command tx timeout [ 157.254079][ T5848] Bluetooth: hci2: command tx timeout [ 157.266914][ T5839] Cannot create hsr debugfs directory [ 157.277590][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.284997][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.311161][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.339956][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.347032][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.373260][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.398138][ T5845] hsr_slave_0: entered promiscuous mode [ 157.404280][ T5845] hsr_slave_1: entered promiscuous mode [ 157.410737][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.418391][ T5845] Cannot create hsr debugfs directory [ 157.540085][ T5849] hsr_slave_0: entered promiscuous mode [ 157.546187][ T5849] hsr_slave_1: entered promiscuous mode [ 157.552553][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.560435][ T5848] Bluetooth: hci3: command tx timeout [ 157.564877][ T5849] Cannot create hsr debugfs directory [ 158.293178][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 158.315380][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 158.333023][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 158.356022][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 158.415525][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 158.434844][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 158.479053][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 158.497855][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 158.528424][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 158.550722][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 158.575787][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 158.654967][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 158.857559][ T5848] Bluetooth: hci0: command tx timeout [ 159.209043][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.218061][ T5848] Bluetooth: hci1: command tx timeout [ 159.227569][ T5849] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 159.236342][ T5849] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.269713][ T5849] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.292136][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.300942][ T5849] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 159.317263][ T5848] Bluetooth: hci2: command tx timeout [ 159.339185][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.346405][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.356397][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.363521][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.490851][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.511570][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.554726][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.636629][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.831997][ T5848] Bluetooth: hci3: command tx timeout [ 160.178511][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.185651][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.196117][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.203424][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.226411][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.249210][ T2968] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.256394][ T2968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.305855][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.312982][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.379732][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.405062][ T2968] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.412249][ T2968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.451684][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.472173][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.479331][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.154674][ T5848] Bluetooth: hci0: command tx timeout [ 161.240598][ T5848] Bluetooth: hci1: command tx timeout [ 161.244187][ T5839] veth0_vlan: entered promiscuous mode [ 161.290233][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.319180][ T5839] veth1_vlan: entered promiscuous mode [ 161.404746][ T5848] Bluetooth: hci2: command tx timeout [ 161.423497][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.432838][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.471189][ T5842] veth0_vlan: entered promiscuous mode [ 161.478781][ T5839] veth0_macvtap: entered promiscuous mode [ 161.491666][ T5839] veth1_macvtap: entered promiscuous mode [ 161.575911][ T5842] veth1_vlan: entered promiscuous mode [ 161.986469][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.131194][ T5848] Bluetooth: hci3: command tx timeout [ 162.140820][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.166563][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.175852][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.184806][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.193609][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.220598][ T5845] veth0_vlan: entered promiscuous mode [ 162.228257][ T5849] veth0_vlan: entered promiscuous mode [ 162.244457][ T5849] veth1_vlan: entered promiscuous mode [ 162.272184][ T5845] veth1_vlan: entered promiscuous mode [ 162.302892][ T5842] veth0_macvtap: entered promiscuous mode [ 162.328143][ T5842] veth1_macvtap: entered promiscuous mode [ 162.369206][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.380363][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.392338][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.401229][ T5849] veth0_macvtap: entered promiscuous mode [ 162.428047][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.445196][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.457826][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.470544][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.479558][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.545495][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.554302][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.955392][ T5849] veth1_macvtap: entered promiscuous mode [ 163.108088][ T5845] veth0_macvtap: entered promiscuous mode [ 163.123976][ T5845] veth1_macvtap: entered promiscuous mode [ 163.141155][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.149709][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.193462][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.208209][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.219988][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.230818][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.241766][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.253559][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.265173][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.275336][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.285956][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.296063][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.306960][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.320741][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.332612][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.343452][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.354236][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.370984][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.381792][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.397468][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.405316][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.419570][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.430885][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.440967][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.453088][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.525834][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.731632][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.937612][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.081267][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.090466][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.099275][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.108389][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.131528][ T5849] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.141257][ T5849] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.150269][ T5849] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.159073][ T5849] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.185098][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.198161][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.224327][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 164.312236][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.320941][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.420143][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.907183][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.058805][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.072668][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.092872][ T5898] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 165.170531][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.181031][ T5902] process 'syz.2.3' launched ':,' with NULL argv: empty string added [ 165.181371][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.204861][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.212990][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.044916][ T5902] bridge0: port 3(team0) entered blocking state [ 166.051477][ T5902] bridge0: port 3(team0) entered disabled state [ 166.063144][ T5902] team0: entered allmulticast mode [ 166.091722][ T5902] team_slave_0: entered allmulticast mode [ 166.099189][ T5902] team_slave_1: entered allmulticast mode [ 166.133656][ T5902] team0: entered promiscuous mode [ 166.156834][ T5902] team_slave_0: entered promiscuous mode [ 166.165862][ T5902] team_slave_1: entered promiscuous mode [ 166.234092][ T5902] bridge0: port 3(team0) entered blocking state [ 166.240713][ T5902] bridge0: port 3(team0) entered forwarding state [ 167.007435][ T5917] netlink: 'syz.3.5': attribute type 7 has an invalid length. [ 169.572224][ T5941] netlink: 'syz.3.10': attribute type 2 has an invalid length. [ 169.912779][ T5941] netlink: 'syz.3.10': attribute type 2 has an invalid length. [ 171.999256][ T5954] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 172.010372][ T5954] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 172.095195][ T5954] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 172.201806][ T5954] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 172.217965][ T5954] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 172.873435][ T5954] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 172.887892][ T5954] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 172.917124][ T5954] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 172.962374][ T5954] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 173.006387][ T5954] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 173.016856][ T5954] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 173.037993][ T5954] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 173.805373][ T5965] netlink: 'syz.2.16': attribute type 1 has an invalid length. [ 173.821236][ T5965] nbd: error processing sock list [ 174.050051][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.639488][ T5144] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.919679][ T5144] Bluetooth: hci2: command 0x0c1a tx timeout [ 174.937617][ T5980] Zero length message leads to an empty skb [ 175.076785][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.125195][ T5980] netlink: 93 bytes leftover after parsing attributes in process `syz.1.18'. [ 176.591499][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 176.725535][ T5144] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.867674][ T5995] sd 0:0:1:0: PR command failed: 1026 [ 176.873319][ T5995] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 176.886754][ T5995] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 177.009421][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.158620][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.982973][ T6018] netlink: zone id is out of range [ 178.003021][ T6018] netlink: zone id is out of range [ 178.053205][ T6018] netlink: zone id is out of range [ 178.681464][ T6018] netlink: zone id is out of range [ 178.756930][ T6018] netlink: zone id is out of range [ 178.766882][ T6018] netlink: zone id is out of range [ 178.772132][ T6018] netlink: zone id is out of range [ 178.779854][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.787156][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 178.796597][ T6018] netlink: zone id is out of range [ 178.813862][ T6018] netlink: zone id is out of range [ 178.844060][ T6018] netlink: zone id is out of range [ 179.307448][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 179.507043][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 180.007479][ T6039] netlink: 330 bytes leftover after parsing attributes in process `syz.3.30'. [ 181.460489][ T6046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.33'. [ 183.746844][ T29] audit: type=1800 audit(1734054019.000:2): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.34" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 184.734683][ T6077] netlink: 20 bytes leftover after parsing attributes in process `syz.3.38'. [ 188.071477][ T6112] block nbd1: Unsupported socket: shutdown callout must be supported. [ 188.436938][ T29] audit: type=1800 audit(1734054023.690:3): pid=6108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.46" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 190.551637][ T6134] block nbd1: Unsupported socket: shutdown callout must be supported. [ 190.780438][ T6128] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 191.365314][ T6128] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 192.462095][ T6149] Invalid ELF header magic: != ELF [ 192.585236][ T6151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.55'. [ 192.604700][ T6151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.55'. [ 192.729386][ T6146] netlink: 28 bytes leftover after parsing attributes in process `syz.1.54'. [ 193.573041][ T6158] bridge0: port 3(macvlan0) entered blocking state [ 193.587001][ T6158] bridge0: port 3(macvlan0) entered disabled state [ 193.611742][ T6158] macvlan0: entered allmulticast mode [ 193.631502][ T6158] veth1_vlan: entered allmulticast mode [ 194.330092][ T6158] macvlan0: entered promiscuous mode [ 194.348316][ T6158] bridge0: port 3(macvlan0) entered blocking state [ 194.355835][ T6158] bridge0: port 3(macvlan0) entered forwarding state [ 196.283357][ T6188] netlink: 'syz.2.64': attribute type 1 has an invalid length. [ 204.131256][ T6266] kexec: Could not allocate control_code_buffer [ 205.990820][ T6277] netlink: 93 bytes leftover after parsing attributes in process `syz.0.77'. [ 207.953257][ T6292] kexec: Could not allocate control_code_buffer [ 208.857047][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 208.863390][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 210.951238][ T6332] netlink: 93 bytes leftover after parsing attributes in process `syz.0.87'. [ 214.075257][ T6379] netlink: 93 bytes leftover after parsing attributes in process `syz.2.95'. [ 216.084504][ T6400] netlink: 350 bytes leftover after parsing attributes in process `syz.0.101'. [ 217.695686][ T6384] kexec: Could not allocate control_code_buffer [ 218.748724][ T6408] netlink: 93 bytes leftover after parsing attributes in process `syz.0.103'. [ 220.702728][ T6435] netlink: 330 bytes leftover after parsing attributes in process `syz.1.110'. [ 220.774353][ T6441] nbd: must specify at least one socket [ 225.501452][ T29] audit: type=1800 audit(1734054060.750:4): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.122" name="lu_gp_id" dev="configfs" ino=8839 res=0 errno=0 [ 227.405144][ T6515] netlink: 330 bytes leftover after parsing attributes in process `syz.3.127'. [ 229.541630][ T6541] netlink: 93 bytes leftover after parsing attributes in process `syz.2.133'. [ 230.363737][ T6550] nbd: must specify at least one socket [ 233.211188][ T29] audit: type=1800 audit(1734054068.470:5): pid=6577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.139" name="lu_gp_id" dev="configfs" ino=9019 res=0 errno=0 [ 234.492087][ T6598] netlink: 93 bytes leftover after parsing attributes in process `syz.2.143'. [ 234.581048][ T6597] netlink: 93 bytes leftover after parsing attributes in process `syz.2.143'. [ 252.882281][ T6782] netlink: 93 bytes leftover after parsing attributes in process `syz.1.179'. [ 252.909484][ T6778] netlink: 93 bytes leftover after parsing attributes in process `syz.1.179'. [ 258.678553][ T6831] netlink: 93 bytes leftover after parsing attributes in process `syz.2.193'. [ 259.889294][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.094346][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.297922][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.437704][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.692753][ T6851] netlink: 93 bytes leftover after parsing attributes in process `syz.1.197'. [ 260.718044][ T6849] netlink: 93 bytes leftover after parsing attributes in process `syz.1.197'. [ 260.863597][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.067833][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.272473][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.411891][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.835931][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.040621][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.245990][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.385104][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.809631][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.014533][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.218372][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.357766][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.782500][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.987592][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.191914][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.330761][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.755679][ C0] vkms_vblank_simulate: vblank timer overrun [ 267.579801][ T6922] FAULT_INJECTION: forcing a failure. [ 267.579801][ T6922] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 267.884587][ T6922] CPU: 0 UID: 0 PID: 6922 Comm: syz.1.213 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 268.087749][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 268.225446][ T6922] Call Trace: [ 268.228811][ T6922] [ 268.231852][ T6922] dump_stack_lvl+0x16c/0x1f0 [ 268.236556][ T6922] should_fail_ex+0x497/0x5b0 [ 268.241255][ T6922] _copy_to_user+0x32/0xd0 [ 268.245688][ T6922] simple_read_from_buffer+0xd0/0x160 [ 268.251081][ T6922] proc_fail_nth_read+0x198/0x270 [ 268.256125][ T6922] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 268.261688][ T6922] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 268.267249][ T6922] vfs_read+0x1df/0xbe0 [ 268.271411][ T6922] ? __fget_files+0x1fc/0x3a0 [ 268.276096][ T6922] ? __pfx___mutex_lock+0x10/0x10 [ 268.281132][ T6922] ? __pfx_vfs_read+0x10/0x10 [ 268.285829][ T6922] ? __fget_files+0x206/0x3a0 [ 268.290524][ T6922] ksys_read+0x12b/0x250 [ 268.294778][ T6922] ? __pfx_ksys_read+0x10/0x10 [ 268.299554][ T6922] do_syscall_64+0xcd/0x250 [ 268.304067][ T6922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.309970][ T6922] RIP: 0033:0x7f0fe8b8472c [ 268.314396][ T6922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 268.334012][ T6922] RSP: 002b:00007f0fe9946030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 268.342432][ T6922] RAX: ffffffffffffffda RBX: 00007f0fe8d75fa0 RCX: 00007f0fe8b8472c [ 268.350406][ T6922] RDX: 000000000000000f RSI: 00007f0fe99460a0 RDI: 0000000000000003 [ 268.358378][ T6922] RBP: 00007f0fe9946090 R08: 0000000000000000 R09: 0000000000000000 [ 268.366352][ T6922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.374324][ T6922] R13: 0000000000000000 R14: 00007f0fe8d75fa0 R15: 00007ffce59b6928 [ 268.382316][ T6922] [ 270.037319][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 270.194327][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 273.309861][ T6955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 273.319095][ T6919] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 273.327329][ T6919] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 273.335951][ T6919] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 273.343685][ T6919] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 273.351160][ T6919] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 274.123988][ T6958] netlink: 93 bytes leftover after parsing attributes in process `syz.1.221'. [ 274.270172][ T6951] netlink: 93 bytes leftover after parsing attributes in process `syz.1.221'. [ 275.154265][ T6952] chnl_net:caif_netlink_parms(): no params data found [ 275.404544][ T6868] Bluetooth: hci1: command tx timeout [ 277.038364][ T6952] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.045523][ T6952] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.067020][ T6952] bridge_slave_0: entered allmulticast mode [ 277.097500][ T6952] bridge_slave_0: entered promiscuous mode [ 277.130456][ T6952] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.159826][ T6952] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.197008][ T6952] bridge_slave_1: entered allmulticast mode [ 277.204095][ T6952] bridge_slave_1: entered promiscuous mode [ 277.958104][ T6868] Bluetooth: hci1: command tx timeout [ 278.170769][ T6952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.191743][ T6952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.237449][ T6952] team0: Port device team_slave_0 added [ 278.246348][ T6952] team0: Port device team_slave_1 added [ 278.308712][ T6978] netlink: 93 bytes leftover after parsing attributes in process `syz.1.226'. [ 279.152496][ T6952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.185248][ T6952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.253396][ T6952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.288966][ T6952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.295945][ T6952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.905713][ T6952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.036695][ T6919] Bluetooth: hci1: command tx timeout [ 280.219859][ T6952] hsr_slave_0: entered promiscuous mode [ 280.245304][ T6952] hsr_slave_1: entered promiscuous mode [ 280.880468][ T6952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 280.890153][ T6952] Cannot create hsr debugfs directory [ 282.129230][ T6868] Bluetooth: hci1: command tx timeout [ 282.187310][ T7008] lo: entered allmulticast mode [ 282.194280][ T6952] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 282.208471][ T7008] netlink: 28 bytes leftover after parsing attributes in process `syz.3.234'. [ 283.103464][ T7009] svc: failed to register nfsdv3 RPC service (errno 111). [ 283.143359][ T7009] svc: failed to register nfsaclv3 RPC service (errno 111). [ 284.898024][ T6952] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 284.909859][ T6952] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 284.991804][ T6952] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 285.026709][ T7006] lo: left allmulticast mode [ 285.750007][ T7017] netlink: 93 bytes leftover after parsing attributes in process `syz.0.236'. [ 286.101865][ T6952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.375069][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.3.237'. [ 286.782182][ T6952] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.820624][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.827816][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.081427][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.145560][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.731212][ T6952] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 287.742002][ T6952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 288.803363][ T6952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.659446][ T6952] veth0_vlan: entered promiscuous mode [ 290.711000][ T6952] veth1_vlan: entered promiscuous mode [ 290.743265][ T6952] veth0_macvtap: entered promiscuous mode [ 290.752967][ T6952] veth1_macvtap: entered promiscuous mode [ 290.772298][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.782965][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.792911][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.803765][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.815132][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.826041][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.856761][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.877162][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.918515][ T6952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.947908][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 290.963579][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.240844][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.444960][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.455636][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.624888][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.637549][ T6952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.675120][ T6952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.698039][ T6952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.731230][ T6952] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.751311][ T6952] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.770981][ T6952] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.790308][ T6952] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.919769][ T7065] netlink: 93 bytes leftover after parsing attributes in process `syz.0.245'. [ 293.797532][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.806349][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.511635][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.520482][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.490373][ T7081] netlink: 93 bytes leftover after parsing attributes in process `syz.3.248'. [ 295.560267][ T7078] netlink: 93 bytes leftover after parsing attributes in process `syz.3.248'. [ 296.640916][ T7083] net_ratelimit: 47 callbacks suppressed [ 296.640939][ T7083] openvswitch: netlink: IP tunnel dst address not specified [ 297.726740][ T7105] netlink: 326 bytes leftover after parsing attributes in process `syz.1.253'. [ 300.769322][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.974231][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.177843][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.317673][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.742584][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.946783][ C1] vkms_vblank_simulate: vblank timer overrun [ 302.152374][ C1] vkms_vblank_simulate: vblank timer overrun [ 302.290903][ C1] vkms_vblank_simulate: vblank timer overrun [ 302.715805][ C1] vkms_vblank_simulate: vblank timer overrun [ 302.920039][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.124540][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.265017][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.689279][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.893444][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.097711][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.238760][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.535456][ T7177] netlink: 93 bytes leftover after parsing attributes in process `syz.1.272'. [ 304.556768][ T7175] netlink: 93 bytes leftover after parsing attributes in process `syz.1.272'. [ 304.557075][ T7182] sg_write: data in/out 288788827/6 bytes for SCSI command 0x62-- guessing data in; [ 304.557075][ T7182] program syz.4.273 not setting count and/or reply_len properly [ 304.662609][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.866641][ C1] vkms_vblank_simulate: vblank timer overrun [ 305.071593][ C1] vkms_vblank_simulate: vblank timer overrun [ 305.211147][ C1] vkms_vblank_simulate: vblank timer overrun [ 305.635837][ C1] vkms_vblank_simulate: vblank timer overrun [ 306.228853][ T7184] netlink: 'syz.0.274': attribute type 4 has an invalid length. [ 308.450324][ T7230] netlink: 93 bytes leftover after parsing attributes in process `syz.4.285'. [ 308.489173][ T7226] netlink: 93 bytes leftover after parsing attributes in process `syz.4.285'. [ 309.446086][ T7234] netlink: 93 bytes leftover after parsing attributes in process `syz.1.286'. [ 310.308880][ T7251] netlink: 28 bytes leftover after parsing attributes in process `syz.1.290'. [ 311.240817][ T7265] netlink: 28 bytes leftover after parsing attributes in process `syz.1.290'. [ 313.114317][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.294'. [ 314.282409][ T7292] netlink: 93 bytes leftover after parsing attributes in process `syz.3.297'. [ 315.192586][ T7302] netlink: 93 bytes leftover after parsing attributes in process `syz.4.299'. [ 316.030374][ T7312] netlink: 'syz.4.301': attribute type 2 has an invalid length. [ 316.131620][ T7316] bdi 31:0: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 317.168652][ T7329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.304'. [ 318.848022][ T7339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.306'. [ 320.168226][ T7352] Bluetooth: hci2: unexpected event 0x03 length: 72 > 11 [ 321.848828][ T7357] netlink: 93 bytes leftover after parsing attributes in process `syz.1.312'. [ 321.947950][ T7363] netlink: 93 bytes leftover after parsing attributes in process `syz.1.312'. [ 323.785517][ T7372] netlink: 93 bytes leftover after parsing attributes in process `syz.3.314'. [ 327.675231][ T7400] kexec: Could not allocate control_code_buffer [ 328.647688][ T7410] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 330.684322][ T7352] Bluetooth: hci2: command 0x0c1a tx timeout [ 330.745069][ T10] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 331.499742][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 331.506332][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 331.521631][ T7445] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'. [ 331.541122][ T7445] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'. [ 335.534150][ T7479] netlink: 28 bytes leftover after parsing attributes in process `syz.0.338'. [ 338.419731][ T7463] Bluetooth: hci1: ISO packet too small [ 339.508992][ T7498] netlink: 4352 bytes leftover after parsing attributes in process `syz.1.341'. [ 346.350505][ T7544] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 346.447537][ T7545] netlink: 28 bytes leftover after parsing attributes in process `syz.3.351'. [ 346.447651][ T7544] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 346.456537][ T7545] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.519851][ T7544] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 346.519912][ T7544] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 347.399263][ T7544] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 348.297260][ T7545] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.358008][ T6955] Bluetooth: hci0: command 0x0c1a tx timeout [ 348.670218][ T7551] netlink: 28 bytes leftover after parsing attributes in process `syz.4.352'. [ 349.024867][ T6955] Bluetooth: hci1: command 0x0c1a tx timeout [ 349.031131][ T6955] Bluetooth: hci3: command 0x0c1a tx timeout [ 351.106822][ T7539] Bluetooth: hci1: command 0x0c1a tx timeout [ 353.044132][ T7575] netlink: 4352 bytes leftover after parsing attributes in process `syz.4.356'. [ 353.167926][ T6955] Bluetooth: hci1: command 0x0c1a tx timeout [ 353.182883][ T7581] ======================================================= [ 353.182883][ T7581] WARNING: The mand mount option has been deprecated and [ 353.182883][ T7581] and is ignored by this kernel. Remove the mand [ 353.182883][ T7581] option from the mount to silence this warning. [ 353.182883][ T7581] ======================================================= [ 353.224760][ T7581] tmpfs: Unknown parameter '/sys/kernel/debug/block/loop9/rqos/wbt/unknown_cnt' [ 358.089725][ T7612] netlink: 'syz.4.363': attribute type 11 has an invalid length. [ 358.112240][ T7612] netlink: 'syz.4.363': attribute type 11 has an invalid length. [ 358.196502][ T7612] netlink: 'syz.4.363': attribute type 11 has an invalid length. [ 359.053569][ T7619] netlink: 28 bytes leftover after parsing attributes in process `syz.4.366'. [ 359.889367][ T7619] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 360.068598][ T7617] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 360.074719][ T7617] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 360.151304][ T7617] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 360.563018][ T7617] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 360.749143][ T7619] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.792289][ T7623] netlink: 28 bytes leftover after parsing attributes in process `syz.0.367'. [ 362.300600][ T6955] Bluetooth: hci2: command 0x0c1a tx timeout [ 362.646391][ T7539] Bluetooth: hci0: command 0x0c1a tx timeout [ 362.647139][ T6955] Bluetooth: hci3: command 0x0c1a tx timeout [ 362.757264][ T6955] Bluetooth: hci1: command 0x0c1a tx timeout [ 365.853618][ T7654] FAULT_INJECTION: forcing a failure. [ 365.853618][ T7654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 365.886956][ T7654] CPU: 0 UID: 0 PID: 7654 Comm: syz.0.373 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 365.897613][ T7654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 365.907708][ T7654] Call Trace: [ 365.911009][ T7654] [ 365.913967][ T7654] dump_stack_lvl+0x16c/0x1f0 [ 365.918690][ T7654] should_fail_ex+0x497/0x5b0 [ 365.923417][ T7654] _copy_from_user+0x2e/0xd0 [ 365.984917][ T7654] copy_msghdr_from_user+0x99/0x160 [ 365.990190][ T7654] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 366.188155][ T7654] ? __lock_acquire+0xcc5/0x3c40 [ 366.193168][ T7654] ___sys_sendmsg+0xff/0x1e0 [ 366.197809][ T7654] ? __pfx____sys_sendmsg+0x10/0x10 [ 366.395737][ T7654] ? trace_lock_acquire+0x14e/0x1f0 [ 366.401026][ T7654] __sys_sendmmsg+0x201/0x420 [ 366.534761][ T7654] ? __pfx___sys_sendmmsg+0x10/0x10 [ 366.540020][ T7654] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 366.546027][ T7654] ? fput+0x67/0x440 [ 366.549938][ T7654] ? ksys_write+0x1ba/0x250 [ 366.554450][ T7654] ? __pfx_ksys_write+0x10/0x10 [ 366.559308][ T7654] __x64_sys_sendmmsg+0x9c/0x100 [ 366.564279][ T7654] ? lockdep_hardirqs_on+0x7c/0x110 [ 366.569511][ T7654] do_syscall_64+0xcd/0x250 [ 366.574037][ T7654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.580029][ T7654] RIP: 0033:0x7f14f2785d19 [ 366.584454][ T7654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.604086][ T7654] RSP: 002b:00007f14f359c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 366.612506][ T7654] RAX: ffffffffffffffda RBX: 00007f14f2975fa0 RCX: 00007f14f2785d19 [ 366.620483][ T7654] RDX: 0000000000000003 RSI: 0000000020000080 RDI: 0000000000000003 [ 366.628460][ T7654] RBP: 00007f14f359c090 R08: 0000000000000000 R09: 0000000000000000 [ 366.636434][ T7654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.644415][ T7654] R13: 0000000000000000 R14: 00007f14f2975fa0 R15: 00007fffd21456a8 [ 366.652835][ T7654] [ 367.510011][ T7660] FAULT_INJECTION: forcing a failure. [ 367.510011][ T7660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.527397][ T7660] CPU: 0 UID: 0 PID: 7660 Comm: syz.0.374 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 367.538079][ T7660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 367.548339][ T7660] Call Trace: [ 367.551638][ T7660] [ 367.554595][ T7660] dump_stack_lvl+0x16c/0x1f0 [ 367.559315][ T7660] should_fail_ex+0x497/0x5b0 [ 367.564046][ T7660] _copy_from_user+0x2e/0xd0 [ 367.568678][ T7660] ucma_write+0x129/0x330 [ 367.573059][ T7660] ? __pfx_ucma_write+0x10/0x10 [ 367.577971][ T7660] ? bpf_lsm_file_permission+0x9/0x10 [ 367.583391][ T7660] ? security_file_permission+0x71/0x210 [ 367.589069][ T7660] ? __pfx_ucma_write+0x10/0x10 [ 367.593962][ T7660] vfs_write+0x24c/0x1150 [ 367.598340][ T7660] ? __fget_files+0x1fc/0x3a0 [ 367.603057][ T7660] ? __pfx_lock_release+0x10/0x10 [ 367.608223][ T7660] ? __pfx_vfs_write+0x10/0x10 [ 367.613032][ T7660] ? lock_acquire+0x2f/0xb0 [ 367.617572][ T7660] ? __fget_files+0x40/0x3a0 [ 367.622204][ T7660] ? __fget_files+0x206/0x3a0 [ 367.626926][ T7660] ksys_write+0x207/0x250 [ 367.631294][ T7660] ? __pfx_ksys_write+0x10/0x10 [ 367.636199][ T7660] do_syscall_64+0xcd/0x250 [ 367.640762][ T7660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.646699][ T7660] RIP: 0033:0x7f14f2785d19 [ 367.651158][ T7660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.670801][ T7660] RSP: 002b:00007f14f357b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 367.679253][ T7660] RAX: ffffffffffffffda RBX: 00007f14f2976080 RCX: 00007f14f2785d19 [ 367.687260][ T7660] RDX: 00000000000000c3 RSI: 0000000000000000 RDI: 0000000000000003 [ 367.695266][ T7660] RBP: 00007f14f357b090 R08: 0000000000000000 R09: 0000000000000000 [ 367.703269][ T7660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.711271][ T7660] R13: 0000000000000000 R14: 00007f14f2976080 R15: 00007fffd21456a8 [ 367.719293][ T7660] [ 372.475592][ T7699] netlink: 93 bytes leftover after parsing attributes in process `syz.4.384'. [ 373.662499][ T7688] kexec: Could not allocate control_code_buffer [ 376.548066][ T7708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.386'. [ 378.260231][ T7734] netlink: 93 bytes leftover after parsing attributes in process `syz.1.393'. [ 378.308946][ T7743] netlink: 93 bytes leftover after parsing attributes in process `syz.3.395'. [ 385.160839][ T7786] lo: entered allmulticast mode [ 385.188279][ T7786] netlink: 28 bytes leftover after parsing attributes in process `syz.0.403'. [ 385.246309][ T7788] netlink: 93 bytes leftover after parsing attributes in process `syz.4.404'. [ 386.079579][ T7790] svc: failed to register nfsdv3 RPC service (errno 111). [ 386.111842][ T7790] svc: failed to register nfsaclv3 RPC service (errno 111). [ 392.949569][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 392.955892][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 393.854459][ T7785] lo: left allmulticast mode [ 396.943700][ T7840] netlink: 93 bytes leftover after parsing attributes in process `syz.1.414'. [ 399.991429][ T7862] netlink: 93 bytes leftover after parsing attributes in process `syz.3.419'. [ 401.787233][ T7878] netlink: 338 bytes leftover after parsing attributes in process `syz.1.424'. [ 401.999159][ T7881] Process accounting resumed [ 402.004316][ T7881] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7881 comm: syz.1.424) [ 402.697959][ T7887] netlink: 93 bytes leftover after parsing attributes in process `syz.0.425'. [ 405.704320][ T7884] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7884 comm: syz.1.426) [ 406.491603][ T7921] netlink: 28 bytes leftover after parsing attributes in process `syz.3.431'. [ 406.560255][ T7917] lo: entered allmulticast mode [ 406.737711][ T7915] lo: left allmulticast mode [ 408.619128][ T7916] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7916 comm: syz.1.432) [ 409.677364][ T7932] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7932 comm: syz.1.432) [ 410.547280][ T7867] Process accounting resumed [ 410.551945][ T7867] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7867 comm: syz.4.418) [ 410.595856][ T7946] netlink: 338 bytes leftover after parsing attributes in process `syz.4.435'. [ 411.410371][ T7940] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7940 comm: syz.4.435) [ 412.914569][ T7937] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7937 comm: syz.1.434) [ 413.540311][ T7963] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7963 comm: syz.1.443) [ 413.565869][ T7950] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7950 comm: syz.4.439) [ 414.532628][ T7973] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7973 comm: syz.4.445) [ 415.540300][ T7968] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7968 comm: syz.1.444) [ 416.298317][ T7987] lo: entered allmulticast mode [ 416.304745][ T7987] netlink: 28 bytes leftover after parsing attributes in process `syz.1.450'. [ 417.175620][ T7986] lo: left allmulticast mode [ 417.295171][ T7987] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7987 comm: syz.1.450) [ 417.308134][ T7975] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7975 comm: syz.4.448) [ 417.325597][ T7977] GUP no longer grows the stack in syz.4.448 (7977): 1000-401000 (0) [ 417.365890][ T7977] CPU: 1 UID: 0 PID: 7977 Comm: syz.4.448 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 417.376549][ T7977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 417.386631][ T7977] Call Trace: [ 417.389927][ T7977] [ 417.392881][ T7977] dump_stack_lvl+0x16c/0x1f0 [ 417.397594][ T7977] gup_vma_lookup+0x1d2/0x220 [ 417.402311][ T7977] __get_user_pages+0x236/0x3b50 [ 417.407285][ T7977] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 417.412866][ T7977] ? get_dump_page+0xb6/0x230 [ 417.417579][ T7977] ? get_dump_page+0xb6/0x230 [ 417.422297][ T7977] ? __pfx___get_user_pages+0x10/0x10 [ 417.427706][ T7977] ? down_read_killable+0xcc/0x380 [ 417.432859][ T7977] ? __pfx_down_read_killable+0x10/0x10 [ 417.438447][ T7977] ? policy_nodemask+0xea/0x4e0 [ 417.443345][ T7977] get_dump_page+0xff/0x230 [ 417.447883][ T7977] ? __pfx_get_dump_page+0x10/0x10 [ 417.453034][ T7977] ? do_raw_spin_unlock+0x172/0x230 [ 417.458278][ T7977] ? free_unref_page+0x6f5/0x1080 [ 417.463348][ T7977] dump_user_range+0x135/0x8c0 [ 417.468165][ T7977] ? __pfx_dump_user_range+0x10/0x10 [ 417.473507][ T7977] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 417.479700][ T7977] ? __pfx_writenote+0x10/0x10 [ 417.484505][ T7977] elf_core_dump+0x2787/0x3880 [ 417.489310][ T7977] ? __pfx_elf_core_dump+0x10/0x10 [ 417.494451][ T7977] ? try_to_wake_up+0x14c/0x1490 [ 417.499426][ T7977] ? rwsem_wake.isra.0+0xbe/0x120 [ 417.504484][ T7977] ? rcu_is_watching+0x12/0xc0 [ 417.509267][ T7977] ? trace_lock_acquire+0x14e/0x1f0 [ 417.514487][ T7977] ? __pfx_sort+0x10/0x10 [ 417.575003][ T7977] ? get_signal+0x23f3/0x2610 [ 417.579705][ T7977] ? do_coredump+0x2dd5/0x43e0 [ 417.777282][ T7977] do_coredump+0x2dd5/0x43e0 [ 417.781922][ T7977] ? __pfx_do_coredump+0x10/0x10 [ 417.786882][ T7977] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 417.985361][ T7977] get_signal+0x23f3/0x2610 [ 417.989898][ T7977] ? force_sig_fault+0xad/0xf0 [ 418.122552][ T7977] ? __pfx_get_signal+0x10/0x10 [ 418.127473][ T7977] arch_do_signal_or_restart+0x90/0x7e0 [ 418.133040][ T7977] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 418.139206][ T7977] ? __bad_area_nosemaphore+0x334/0x6a0 [ 418.144776][ T7977] ? do_user_addr_fault+0x920/0x13f0 [ 418.150072][ T7977] irqentry_exit_to_user_mode+0x13f/0x280 [ 418.155808][ T7977] asm_exc_page_fault+0x26/0x30 [ 418.160666][ T7977] RIP: 0033:0x401000 [ 418.164565][ T7977] Code: Unable to access opcode bytes at 0x400fd6. [ 418.171056][ T7977] RSP: 002b:000000000000000a EFLAGS: 00010246 [ 418.177132][ T7977] RAX: 0000000000000000 RBX: 00007f1aed975fa0 RCX: 00007f1aed785d19 [ 418.185107][ T7977] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 418.193080][ T7977] RBP: 00007f1aed801a20 R08: 0000000000000002 R09: 0000000000000000 [ 418.201066][ T7977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.209044][ T7977] R13: 0000000000000000 R14: 00007f1aed975fa0 R15: 00007ffd0e97db18 [ 418.217032][ T7977] [ 418.352109][ T7996] lo: entered allmulticast mode [ 418.368959][ T7996] netlink: 28 bytes leftover after parsing attributes in process `syz.4.454'. [ 418.552264][ T29] audit: type=1800 audit(1734054253.740:6): pid=7999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.455" name="discovery_nqn" dev="configfs" ino=17563 res=0 errno=0 [ 419.134449][ T7993] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7993 comm: syz.1.453) [ 420.216392][ T7995] lo: left allmulticast mode [ 420.256878][ T8011] netlink: 93 bytes leftover after parsing attributes in process `syz.1.457'. [ 420.295698][ T7996] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7996 comm: syz.4.454) [ 420.428201][ T8011] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8011 comm: syz.1.457) [ 421.122218][ T8019] lo: entered allmulticast mode [ 421.185175][ T8023] netlink: 28 bytes leftover after parsing attributes in process `syz.0.459'. [ 421.254160][ T8017] lo: left allmulticast mode [ 422.056028][ T8020] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8020 comm: syz.1.461) [ 422.168160][ T8027] nvme_fabrics: unknown parameter or missing value '?' in ctrl creation request [ 422.993046][ T8022] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8022 comm: syz.4.460) [ 423.160593][ T8029] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8029 comm: syz.1.464) [ 423.327870][ T8047] netlink: 8 bytes leftover after parsing attributes in process `syz.1.467'. [ 424.943343][ T8039] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8039 comm: syz.4.465) [ 426.040535][ T8047] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8047 comm: syz.1.467) [ 426.258510][ T7977] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 7977 comm: syz.4.448) [ 428.058894][ T8055] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8055 comm: syz.4.469) [ 430.103515][ T8088] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8088 comm: syz.4.475) [ 430.234823][ T8059] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8059 comm: syz.1.470) [ 430.844738][ T8093] random: crng reseeded on system resumption [ 432.805327][ T8100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.480'. [ 433.063787][ T8093] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8093 comm: syz.4.479) [ 433.744630][ T8115] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8115 comm: syz.4.482) [ 433.773018][ T8098] Process accounting paused [ 433.815238][ T8118] netlink: 93 bytes leftover after parsing attributes in process `syz.3.483'. [ 435.015974][ T8123] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8123 comm: syz.4.484) [ 435.829105][ T8137] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8137 comm: syz.4.488) [ 436.937409][ T8148] netlink: 93 bytes leftover after parsing attributes in process `syz.3.490'. [ 437.825384][ T29] audit: type=1800 audit(1734054273.080:7): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.491" name="discovery_nqn" dev="configfs" ino=17915 res=0 errno=0 [ 438.676297][ T8157] netlink: 93 bytes leftover after parsing attributes in process `syz.3.492'. [ 439.736687][ T29] audit: type=1800 audit(1734054274.970:8): pid=8169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.495" name="discovery_nqn" dev="configfs" ino=17310 res=0 errno=0 [ 440.609647][ T8141] Process accounting paused [ 443.090374][ T8174] program syz.0.494 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 443.701327][ T8215] FAULT_INJECTION: forcing a failure. [ 443.701327][ T8215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 443.736754][ T8215] CPU: 1 UID: 0 PID: 8215 Comm: syz.3.506 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 443.747410][ T8215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 443.757499][ T8215] Call Trace: [ 443.760790][ T8215] [ 443.763721][ T8215] dump_stack_lvl+0x16c/0x1f0 [ 443.768411][ T8215] should_fail_ex+0x497/0x5b0 [ 443.773102][ T8215] _copy_from_iter+0x29b/0x1400 [ 443.777964][ T8215] ? trace_lock_acquire+0x14e/0x1f0 [ 443.783174][ T8215] ? __alloc_skb+0x200/0x380 [ 443.787868][ T8215] ? __pfx__copy_from_iter+0x10/0x10 [ 443.793163][ T8215] ? __virt_addr_valid+0x1a4/0x590 [ 443.854468][ T8215] ? __virt_addr_valid+0x5e/0x590 [ 443.859527][ T8215] ? __phys_addr_symbol+0x30/0x80 [ 443.864585][ T8215] ? __check_object_size+0x488/0x710 [ 444.062205][ T8215] netlink_sendmsg+0x813/0xd70 [ 444.067004][ T8215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.264587][ T8215] ____sys_sendmsg+0x9ae/0xb40 [ 444.269407][ T8215] ? copy_msghdr_from_user+0x10b/0x160 [ 444.402850][ T8215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.408195][ T8215] ___sys_sendmsg+0x135/0x1e0 [ 444.412923][ T8215] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.418148][ T8215] ? __pfx_lock_release+0x10/0x10 [ 444.423189][ T8215] ? trace_lock_acquire+0x14e/0x1f0 [ 444.428404][ T8215] ? __fget_files+0x206/0x3a0 [ 444.433095][ T8215] __sys_sendmsg+0x16e/0x220 [ 444.437705][ T8215] ? __pfx___sys_sendmsg+0x10/0x10 [ 444.442839][ T8215] do_syscall_64+0xcd/0x250 [ 444.447356][ T8215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.453254][ T8215] RIP: 0033:0x7f68fcd85d19 [ 444.457675][ T8215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.477316][ T8215] RSP: 002b:00007f68fdc45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.485736][ T8215] RAX: ffffffffffffffda RBX: 00007f68fcf75fa0 RCX: 00007f68fcd85d19 [ 444.493711][ T8215] RDX: 0000000000008880 RSI: 0000000020001e00 RDI: 0000000000000004 [ 444.501689][ T8215] RBP: 00007f68fdc45090 R08: 0000000000000000 R09: 0000000000000000 [ 444.509663][ T8215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.517639][ T8215] R13: 0000000000000000 R14: 00007f68fcf75fa0 R15: 00007ffe3594a1d8 [ 444.525632][ T8215] [ 445.523870][ T8221] netlink: 93 bytes leftover after parsing attributes in process `syz.0.505'. [ 449.364031][ T8264] tipc: Started in network mode [ 449.370908][ T8264] tipc: Node identity ee00, cluster identity 4711 [ 449.378271][ T8264] tipc: Node number set to 60928 [ 452.455330][ T8274] Bluetooth: hci3: unexpected event 0x03 length: 72 > 11 [ 453.357727][ T8302] netlink: 228 bytes leftover after parsing attributes in process `syz.3.521'. [ 453.409725][ T8297] netlink: 228 bytes leftover after parsing attributes in process `syz.3.521'. [ 454.282663][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 454.289066][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 459.073147][ T8330] netlink: 28 bytes leftover after parsing attributes in process `syz.1.530'. [ 459.297849][ T8330] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 461.179121][ T8356] cgroup: fork rejected by pids controller in /syz4 [ 464.846284][ T8292] Process accounting resumed [ 464.856670][ T8292] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8292 comm: syz.1.519) [ 466.109322][ T8468] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8468 comm: syz.1.536) [ 467.422015][ T8478] kernel read not supported for file /#)-\&[} (pid: 8478 comm: syz.1.540) [ 467.776653][ T29] audit: type=1804 audit(1734054302.680:9): pid=8478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.540" name="#)-\&[}" dev="mqueue" ino=19627 res=1 errno=0 [ 467.809856][ T29] audit: type=1800 audit(1734054303.030:10): pid=8478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.540" name="#)-\&[}" dev="mqueue" ino=19627 res=0 errno=0 [ 468.917493][ T8476] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8476 comm: syz.1.540) [ 468.990142][ T8490] netlink: 'syz.1.542': attribute type 21 has an invalid length. [ 469.010802][ T8490] netlink: 334 bytes leftover after parsing attributes in process `syz.1.542'. [ 469.076378][ T8490] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8490 comm: syz.1.542) [ 471.677812][ T8493] Process accounting resumed [ 471.696824][ T8493] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8493 comm: syz.4.543) [ 471.888549][ T8495] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8495 comm: syz.1.544) [ 472.884507][ T8516] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8516 comm: syz.1.547) [ 473.839707][ T8511] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8511 comm: syz.1.547) [ 474.630494][ T8528] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8528 comm: syz.1.550) [ 474.843561][ T8535] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8535 comm: syz.1.551) [ 474.886688][ T29] audit: type=1800 audit(1734054310.070:11): pid=8535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.551" name="discovery_nqn" dev="configfs" ino=18899 res=0 errno=0 [ 475.775998][ T8538] mtrr: base(0x64000000) is not aligned on a size(0x0000) boundary [ 475.795885][ T8538] syz.1.552 uses obsolete (PF_INET,SOCK_PACKET) [ 476.617290][ T8538] netlink: 130 bytes leftover after parsing attributes in process `syz.1.552'. [ 476.686697][ T8533] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8533 comm: syz.4.546) [ 476.747950][ T8537] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8537 comm: syz.1.552) [ 477.928716][ T8514] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8514 comm: syz.4.546) [ 478.471271][ T8546] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 478.513995][ T8546] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 478.541256][ T8546] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 478.547548][ T8546] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 478.667071][ T8546] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8546 comm: syz.1.554) [ 479.498846][ T8556] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8556 comm: syz.1.557) [ 479.545757][ T8555] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8555 comm: syz.4.556) [ 479.716958][ T8540] Bluetooth: hci0: command 0x0c1a tx timeout [ 480.488660][ T29] audit: type=1800 audit(1734054315.750:12): pid=8564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.560" name="discovery_nqn" dev="configfs" ino=18939 res=0 errno=0 [ 480.545169][ T8563] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8563 comm: syz.1.560) [ 480.604915][ T8540] Bluetooth: hci1: command 0x0c1a tx timeout [ 480.613179][ T8540] Bluetooth: hci3: command 0x0c1a tx timeout [ 480.613552][ T8241] Bluetooth: hci2: command 0x0c1a tx timeout [ 480.692498][ T8573] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 480.745224][ T8573] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8573 comm: syz.1.562) [ 480.752912][ T8569] ecryptfs_miscdev_write: Invalid packet size [174] [ 481.435569][ T8561] program syz.4.558 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 481.482104][ T8576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.564'. [ 481.494256][ T8576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.564'. [ 481.497915][ T8569] netlink: 'syz.4.558': attribute type 11 has an invalid length. [ 481.655952][ T8560] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8560 comm: syz.4.558) [ 482.540351][ T8575] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8575 comm: syz.1.564) [ 483.434048][ T8588] FAULT_INJECTION: forcing a failure. [ 483.434048][ T8588] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.456673][ T8588] CPU: 1 UID: 0 PID: 8588 Comm: syz.1.567 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 483.467331][ T8588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 483.477417][ T8588] Call Trace: [ 483.480722][ T8588] [ 483.483673][ T8588] dump_stack_lvl+0x16c/0x1f0 [ 483.488400][ T8588] should_fail_ex+0x497/0x5b0 [ 483.493122][ T8588] _copy_to_iter+0x4a5/0x1400 [ 483.497848][ T8588] ? __pfx__copy_to_iter+0x10/0x10 [ 483.502994][ T8588] ? __virt_addr_valid+0x1a4/0x590 [ 483.508147][ T8588] ? __virt_addr_valid+0x5e/0x590 [ 483.513209][ T8588] ? __phys_addr_symbol+0x30/0x80 [ 483.518272][ T8588] ? __check_object_size+0x488/0x710 [ 483.523602][ T8588] seq_read_iter+0xd00/0x12b0 [ 483.528327][ T8588] seq_read+0x39f/0x4e0 [ 483.532515][ T8588] ? __pfx_seq_read+0x10/0x10 [ 483.537249][ T8588] ? __pfx_seq_read+0x10/0x10 [ 483.541953][ T8588] proc_reg_read+0x23d/0x330 [ 483.546574][ T8588] ? __pfx_proc_reg_read+0x10/0x10 [ 483.551753][ T8588] vfs_read+0x1df/0xbe0 [ 483.555942][ T8588] ? __fget_files+0x1fc/0x3a0 [ 483.560654][ T8588] ? __pfx___mutex_lock+0x10/0x10 [ 483.565730][ T8588] ? __pfx_vfs_read+0x10/0x10 [ 483.570446][ T8588] ? __fget_files+0x206/0x3a0 [ 483.575162][ T8588] ksys_read+0x12b/0x250 [ 483.579440][ T8588] ? __pfx_ksys_read+0x10/0x10 [ 483.584219][ T8588] do_syscall_64+0xcd/0x250 [ 483.588747][ T8588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.594666][ T8588] RIP: 0033:0x7f0fe8b85d19 [ 483.599095][ T8588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.618712][ T8588] RSP: 002b:00007f0fe9946038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 483.627137][ T8588] RAX: ffffffffffffffda RBX: 00007f0fe8d75fa0 RCX: 00007f0fe8b85d19 [ 483.635110][ T8588] RDX: 0000000000000ff7 RSI: 00000000200000c0 RDI: 0000000000000003 [ 483.643081][ T8588] RBP: 00007f0fe9946090 R08: 0000000000000000 R09: 0000000000000000 [ 483.651055][ T8588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.659037][ T8588] R13: 0000000000000000 R14: 00007f0fe8d75fa0 R15: 00007ffce59b6928 [ 483.667030][ T8588] [ 484.352589][ T8588] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8588 comm: syz.1.567) [ 484.451755][ T8595] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8595 comm: syz.1.568) [ 484.576719][ T8593] Process accounting resumed [ 486.501193][ T8583] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8583 comm: syz.4.565) [ 487.519953][ T8604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 487.539800][ T8604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 487.545945][ T8604] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 487.559406][ T8604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 488.273654][ T8605] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8605 comm: syz.4.570) [ 488.304011][ T8613] FAULT_INJECTION: forcing a failure. [ 488.304011][ T8613] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 488.336652][ T8613] CPU: 1 UID: 0 PID: 8613 Comm: syz.3.573 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 488.347322][ T8613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 488.357404][ T8613] Call Trace: [ 488.360703][ T8613] [ 488.363647][ T8613] dump_stack_lvl+0x16c/0x1f0 [ 488.368355][ T8613] should_fail_ex+0x497/0x5b0 [ 488.373065][ T8613] core_sys_select+0x7fe/0xa10 [ 488.377860][ T8613] ? __pfx_core_sys_select+0x10/0x10 [ 488.383182][ T8613] ? __pfx_lock_release+0x10/0x10 [ 488.388271][ T8613] ? proc_fail_nth_write+0xa0/0x250 [ 488.393545][ T8613] ? do_sys_openat2+0xb1/0x1e0 [ 488.398342][ T8613] ? __pfx_do_sys_openat2+0x10/0x10 [ 488.403555][ T8613] ? fd_install+0x242/0x750 [ 488.408068][ T8613] kern_select+0x15e/0x1e0 [ 488.412489][ T8613] ? __pfx_kern_select+0x10/0x10 [ 488.417432][ T8613] ? __pfx_ksys_write+0x10/0x10 [ 488.422301][ T8613] __x64_sys_select+0xbd/0x160 [ 488.427067][ T8613] ? do_syscall_64+0x91/0x250 [ 488.431751][ T8613] ? lockdep_hardirqs_on+0x7c/0x110 [ 488.436953][ T8613] do_syscall_64+0xcd/0x250 [ 488.441467][ T8613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.447377][ T8613] RIP: 0033:0x7f68fcd85d19 [ 488.451795][ T8613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.471425][ T8613] RSP: 002b:00007f68fdc45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 488.479852][ T8613] RAX: ffffffffffffffda RBX: 00007f68fcf75fa0 RCX: 00007f68fcd85d19 [ 488.487839][ T8613] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: 0000000000000007 [ 488.495815][ T8613] RBP: 00007f68fdc45090 R08: 0000000000000000 R09: 0000000000000000 [ 488.503791][ T8613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.511762][ T8613] R13: 0000000000000000 R14: 00007f68fcf75fa0 R15: 00007ffe3594a1d8 [ 488.519755][ T8613] [ 489.242865][ T8616] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8616 comm: syz.4.575) [ 489.601549][ T8570] Bluetooth: hci2: command 0x0c1a tx timeout [ 489.607664][ T8570] Bluetooth: hci0: command 0x0c1a tx timeout [ 489.809514][ T8570] Bluetooth: hci3: command 0x0c1a tx timeout [ 489.815590][ T8570] Bluetooth: hci1: command 0x0c1a tx timeout [ 490.313779][ T8626] FAULT_INJECTION: forcing a failure. [ 490.313779][ T8626] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 490.327069][ T8626] CPU: 0 UID: 0 PID: 8626 Comm: syz.1.577 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 490.337694][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 490.347777][ T8626] Call Trace: [ 490.351074][ T8626] [ 490.354021][ T8626] dump_stack_lvl+0x16c/0x1f0 [ 490.358729][ T8626] should_fail_ex+0x497/0x5b0 [ 490.363441][ T8626] _copy_to_user+0x32/0xd0 [ 490.367901][ T8626] simple_read_from_buffer+0xd0/0x160 [ 490.373322][ T8626] proc_fail_nth_read+0x198/0x270 [ 490.378387][ T8626] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 490.383978][ T8626] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 490.389563][ T8626] vfs_read+0x1df/0xbe0 [ 490.393731][ T8626] ? __fget_files+0x1fc/0x3a0 [ 490.398421][ T8626] ? __pfx___mutex_lock+0x10/0x10 [ 490.403452][ T8626] ? __pfx_vfs_read+0x10/0x10 [ 490.408140][ T8626] ? __fget_files+0x206/0x3a0 [ 490.412839][ T8626] ksys_read+0x12b/0x250 [ 490.417085][ T8626] ? __pfx_ksys_read+0x10/0x10 [ 490.421870][ T8626] do_syscall_64+0xcd/0x250 [ 490.426382][ T8626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.432287][ T8626] RIP: 0033:0x7f0fe8b8472c [ 490.436703][ T8626] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 490.456314][ T8626] RSP: 002b:00007f0fe9925030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 490.464733][ T8626] RAX: ffffffffffffffda RBX: 00007f0fe8d76080 RCX: 00007f0fe8b8472c [ 490.472706][ T8626] RDX: 000000000000000f RSI: 00007f0fe99250a0 RDI: 0000000000000007 [ 490.480675][ T8626] RBP: 00007f0fe9925090 R08: 0000000000000000 R09: 0000000000000000 [ 490.488647][ T8626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 490.496625][ T8626] R13: 0000000000000000 R14: 00007f0fe8d76080 R15: 00007ffce59b6928 [ 490.504715][ T8626] [ 491.394419][ T8620] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8620 comm: syz.4.576) [ 492.420241][ T8639] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8639 comm: syz.4.582) [ 493.244441][ T8647] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8647 comm: syz.4.583) [ 494.156739][ T8649] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8649 comm: syz.4.584) [ 494.298439][ T8656] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8656 comm: syz.4.587) [ 494.346350][ T8656] netlink: 338 bytes leftover after parsing attributes in process `syz.4.587'. [ 494.368338][ T8659] netlink: 28 bytes leftover after parsing attributes in process `syz.1.588'. [ 495.027868][ T8656] Process accounting resumed [ 495.037287][ T8656] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8656 comm: syz.4.587) [ 495.112989][ T8663] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8663 comm: syz.4.590) [ 495.223947][ T8659] geneve0: entered allmulticast mode [ 495.312511][ T8668] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8668 comm: syz.4.591) [ 495.450484][ T8672] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8672 comm: syz.4.592) [ 497.029732][ T8675] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8675 comm: syz.4.593) [ 500.998896][ T8682] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8682 comm: syz.4.595) [ 501.194284][ T8693] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8693 comm: syz.4.596) [ 503.051122][ T8701] netlink: 93 bytes leftover after parsing attributes in process `syz.4.599'. [ 504.028492][ T8700] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8700 comm: syz.4.599) [ 506.750107][ T8728] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8728 comm: syz.4.606) [ 506.985422][ T29] audit: type=1800 audit(1734054342.230:13): pid=8743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.609" name="discovery_nqn" dev="configfs" ino=19219 res=0 errno=0 [ 507.053251][ T8741] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8741 comm: syz.4.609) [ 507.759458][ T8750] netlink: 322 bytes leftover after parsing attributes in process `syz.0.612'. [ 507.769676][ T8750] vcan0: entered promiscuous mode [ 508.828228][ T8754] netlink: 93 bytes leftover after parsing attributes in process `syz.0.614'. [ 508.921774][ T8752] nbd: couldn't find a device at index -4 [ 508.975183][ T8757] netlink: 326 bytes leftover after parsing attributes in process `syz.4.611'. [ 509.788128][ T8676] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8676 comm: syz.4.593) [ 509.885857][ T8752] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8752 comm: syz.4.611) [ 510.248792][ T8766] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 510.453425][ T8766] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 510.590554][ T8766] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 510.602520][ T8571] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 510.610347][ T8571] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 510.617784][ T8571] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 510.865546][ T8769] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8769 comm: syz.4.618) [ 511.666787][ T29] audit: type=1800 audit(1734054346.870:14): pid=8776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.620" name="discovery_nqn" dev="configfs" ino=20390 res=0 errno=0 [ 512.194482][ T8776] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8776 comm: syz.4.620) [ 512.562650][ T8764] chnl_net:caif_netlink_parms(): no params data found [ 512.676652][ T8571] Bluetooth: hci2: command tx timeout [ 513.168335][ T8764] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.175527][ T8764] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.556997][ T8764] bridge_slave_0: entered allmulticast mode [ 513.574406][ T8764] bridge_slave_0: entered promiscuous mode [ 513.592887][ T8764] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.610739][ T8764] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.626791][ T8764] bridge_slave_1: entered allmulticast mode [ 513.647815][ T8764] bridge_slave_1: entered promiscuous mode [ 513.819468][ T8797] netlink: 93 bytes leftover after parsing attributes in process `syz.3.624'. [ 513.832141][ T8764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.869481][ T8764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 514.764578][ T8571] Bluetooth: hci2: command tx timeout [ 514.785066][ T8764] team0: Port device team_slave_0 added [ 514.918781][ T8764] team0: Port device team_slave_1 added [ 515.606434][ T8789] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8789 comm: syz.4.623) [ 515.640456][ T8764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 515.656632][ T8764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 515.727049][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 515.733538][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 515.763961][ T8764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 515.797810][ T8764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 515.804792][ T8764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 516.446568][ T8764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 516.511227][ T29] audit: type=1800 audit(1734054351.770:15): pid=8820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.630" name="discovery_nqn" dev="configfs" ino=19392 res=0 errno=0 [ 516.645636][ T8764] hsr_slave_0: entered promiscuous mode [ 516.696391][ T8764] hsr_slave_1: entered promiscuous mode [ 516.713987][ T8764] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 516.746626][ T8764] Cannot create hsr debugfs directory [ 516.854943][ T8571] Bluetooth: hci2: command tx timeout [ 517.493703][ T8827] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8827 comm: syz.4.628) [ 518.487622][ T8838] netlink: 93 bytes leftover after parsing attributes in process `syz.3.634'. [ 518.528646][ T8831] netlink: 93 bytes leftover after parsing attributes in process `syz.3.634'. [ 518.729454][ T8764] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 519.370514][ T8764] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 519.377631][ T8766] Bluetooth: hci2: command tx timeout [ 519.559076][ T8764] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 519.578033][ T8836] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8836 comm: syz.4.635) [ 519.578797][ T8764] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 520.506030][ T8764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 520.554114][ T8764] 8021q: adding VLAN 0 to HW filter on device team0 [ 520.568396][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.575637][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 520.638269][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.645418][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 520.683661][ T8853] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8853 comm: syz.4.637) [ 521.371987][ T29] audit: type=1800 audit(1734054356.630:16): pid=8857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.639" name="discovery_nqn" dev="configfs" ino=20600 res=0 errno=0 [ 521.386709][ T8856] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8856 comm: syz.4.639) [ 521.439268][ T8764] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 521.476738][ T8764] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 521.723977][ T8861] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8861 comm: syz.4.640) [ 522.503099][ T8764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 522.602348][ T8875] netlink: 93 bytes leftover after parsing attributes in process `syz.0.643'. [ 523.296838][ T8871] netlink: 93 bytes leftover after parsing attributes in process `syz.0.643'. [ 523.441204][ T8872] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8872 comm: syz.4.642) [ 524.279742][ T8890] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8890 comm: syz.4.644) [ 524.349898][ T8764] veth0_vlan: entered promiscuous mode [ 524.361522][ T8764] veth1_vlan: entered promiscuous mode [ 524.405576][ T8764] veth0_macvtap: entered promiscuous mode [ 524.430788][ T8764] veth1_macvtap: entered promiscuous mode [ 524.459998][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.476554][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.487867][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.499007][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.509021][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 524.520157][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.531312][ T8764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 524.541599][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.552238][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.562210][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.573392][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 524.641435][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 524.653222][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.196872][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.236708][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.267148][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 525.294585][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 525.342539][ T8764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 525.409827][ T8764] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.446730][ T8764] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.455487][ T8764] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.470836][ T8764] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.266079][ T8901] Process accounting paused [ 526.295445][ T2968] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.305459][ T2968] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.386823][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 526.394690][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 526.458585][ T29] audit: type=1800 audit(1734054361.710:17): pid=8911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.648" name="discovery_nqn" dev="configfs" ino=22099 res=0 errno=0 [ 528.208426][ T8921] netlink: 'syz.4.652': attribute type 4 has an invalid length. [ 528.383878][ T8923] nvme_fabrics: missing parameter 'transport=%s' [ 528.406603][ T8923] nvme_fabrics: missing parameter 'nqn=%s' [ 529.297816][ T8938] netlink: 93 bytes leftover after parsing attributes in process `syz.3.653'. [ 529.310820][ T8941] netlink: 93 bytes leftover after parsing attributes in process `syz.4.655'. [ 529.363980][ T8934] netlink: 93 bytes leftover after parsing attributes in process `syz.4.655'. [ 529.404066][ T8928] netlink: 93 bytes leftover after parsing attributes in process `syz.3.653'. [ 530.135371][ T29] audit: type=1800 audit(1734054365.360:18): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.658" name="discovery_nqn" dev="configfs" ino=20859 res=0 errno=0 [ 531.376534][ T8973] FAULT_INJECTION: forcing a failure. [ 531.376534][ T8973] name failslab, interval 1, probability 0, space 0, times 0 [ 531.463450][ T8973] CPU: 0 UID: 0 PID: 8973 Comm: syz.0.664 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 531.666921][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 531.869463][ T8973] Call Trace: [ 531.872772][ T8973] [ 531.875728][ T8973] dump_stack_lvl+0x16c/0x1f0 [ 532.007786][ T8973] should_fail_ex+0x497/0x5b0 [ 532.012510][ T8973] ? fs_reclaim_acquire+0xae/0x150 [ 532.017653][ T8973] should_failslab+0xc2/0x120 [ 532.022356][ T8973] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 532.027759][ T8973] ? getname_flags.part.0+0x4c/0x550 [ 532.033082][ T8973] ? vfs_write+0x306/0x1150 [ 532.037601][ T8973] getname_flags.part.0+0x4c/0x550 [ 532.042727][ T8973] getname+0x8d/0xe0 [ 532.046638][ T8973] do_sys_openat2+0x104/0x1e0 [ 532.051350][ T8973] ? __pfx_do_sys_openat2+0x10/0x10 [ 532.056584][ T8973] ? __fget_files+0x206/0x3a0 [ 532.061281][ T8973] __x64_sys_openat+0x175/0x210 [ 532.066157][ T8973] ? __pfx___x64_sys_openat+0x10/0x10 [ 532.071542][ T8973] ? ksys_write+0x1ba/0x250 [ 532.076151][ T8973] do_syscall_64+0xcd/0x250 [ 532.080665][ T8973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.086584][ T8973] RIP: 0033:0x7f14f2785d19 [ 532.091072][ T8973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.110703][ T8973] RSP: 002b:00007f14f359c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 532.119123][ T8973] RAX: ffffffffffffffda RBX: 00007f14f2975fa0 RCX: 00007f14f2785d19 [ 532.127094][ T8973] RDX: 0000000000008082 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 532.135064][ T8973] RBP: 00007f14f359c090 R08: 0000000000000000 R09: 0000000000000000 [ 532.143043][ T8973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 532.151030][ T8973] R13: 0000000000000001 R14: 00007f14f2975fa0 R15: 00007fffd21456a8 [ 532.159020][ T8973] [ 532.428149][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.632470][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.836731][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.976514][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.401361][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.607161][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.810592][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.950870][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.000640][ T29] audit: type=1800 audit(1734054368.670:19): pid=8984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.667" name="discovery_nqn" dev="configfs" ino=21019 res=0 errno=0 [ 534.181688][ T8989] netlink: 93 bytes leftover after parsing attributes in process `syz.0.669'. [ 534.259769][ T8988] netlink: 93 bytes leftover after parsing attributes in process `syz.0.669'. [ 534.306763][ T8992] netlink: 93 bytes leftover after parsing attributes in process `syz.5.668'. [ 534.375220][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.579194][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.783373][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.923044][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.971377][ T8985] netlink: 93 bytes leftover after parsing attributes in process `syz.5.668'. [ 535.348507][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.552431][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.757365][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.896933][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.321351][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.526913][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.731146][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.869809][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.964851][ T29] audit: type=1800 audit(1734054372.160:20): pid=9028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.678" name="discovery_nqn" dev="configfs" ino=22311 res=0 errno=0 [ 537.067640][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.5.680'. [ 537.294727][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.498914][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.703288][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.842979][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.112944][ T9052] netlink: 93 bytes leftover after parsing attributes in process `syz.5.682'. [ 538.157112][ T9049] netlink: 93 bytes leftover after parsing attributes in process `syz.5.682'. [ 538.268067][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.473719][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.676796][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.816364][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.241624][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.445788][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.649819][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.789458][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.856909][ T29] audit: type=1800 audit(1734054375.110:21): pid=9075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.688" name="discovery_nqn" dev="configfs" ino=21346 res=0 errno=0 [ 540.008206][ T9083] netlink: 28 bytes leftover after parsing attributes in process `syz.0.691'. [ 540.039436][ T9083] lo: entered promiscuous mode [ 540.044271][ T9083] lo: entered allmulticast mode [ 540.214868][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.419965][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.925390][ T9094] netlink: 93 bytes leftover after parsing attributes in process `syz.4.695'. [ 540.960421][ T9092] netlink: 93 bytes leftover after parsing attributes in process `syz.4.695'. [ 540.962989][ T9089] netlink: 93 bytes leftover after parsing attributes in process `syz.3.694'. [ 541.111657][ T9104] netlink: 330 bytes leftover after parsing attributes in process `syz.0.696'. [ 541.817533][ T29] audit: type=1800 audit(1734054377.080:22): pid=9087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.693" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 542.921126][ T9129] netlink: zone id is out of range [ 542.945099][ T9129] netlink: set zone limit has 8 unknown bytes [ 543.871919][ T9138] FAULT_INJECTION: forcing a failure. [ 543.871919][ T9138] name failslab, interval 1, probability 0, space 0, times 0 [ 543.910249][ T9138] CPU: 0 UID: 0 PID: 9138 Comm: syz.4.706 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 543.920940][ T9138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 543.931033][ T9138] Call Trace: [ 543.934342][ T9138] [ 543.937302][ T9138] dump_stack_lvl+0x16c/0x1f0 [ 543.942021][ T9138] should_fail_ex+0x497/0x5b0 [ 543.946738][ T9138] ? fs_reclaim_acquire+0xae/0x150 [ 543.951902][ T9138] should_failslab+0xc2/0x120 [ 543.956624][ T9138] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 543.962475][ T9138] ? __alloc_skb+0x2b3/0x380 [ 543.967114][ T9138] __alloc_skb+0x2b3/0x380 [ 543.971570][ T9138] ? __pfx___alloc_skb+0x10/0x10 [ 543.976563][ T9138] netlink_alloc_large_skb+0x69/0x130 [ 543.981980][ T9138] netlink_sendmsg+0x689/0xd70 [ 543.986787][ T9138] ? __pfx_netlink_sendmsg+0x10/0x10 [ 543.992119][ T9138] ____sys_sendmsg+0x9ae/0xb40 [ 543.996925][ T9138] ? copy_msghdr_from_user+0x10b/0x160 [ 544.002431][ T9138] ? __pfx_____sys_sendmsg+0x10/0x10 [ 544.007767][ T9138] ___sys_sendmsg+0x135/0x1e0 [ 544.012484][ T9138] ? __pfx____sys_sendmsg+0x10/0x10 [ 544.017732][ T9138] ? __pfx_lock_release+0x10/0x10 [ 544.022795][ T9138] ? trace_lock_acquire+0x14e/0x1f0 [ 544.028029][ T9138] ? __fget_files+0x206/0x3a0 [ 544.032826][ T9138] __sys_sendmsg+0x16e/0x220 [ 544.037431][ T9138] ? __pfx___sys_sendmsg+0x10/0x10 [ 544.042569][ T9138] do_syscall_64+0xcd/0x250 [ 544.047094][ T9138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.109112][ T9138] RIP: 0033:0x7f1aed785d19 [ 544.113548][ T9138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.518475][ T9138] RSP: 002b:00007f1aee55a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 544.526987][ T9138] RAX: ffffffffffffffda RBX: 00007f1aed975fa0 RCX: 00007f1aed785d19 [ 544.663325][ T9138] RDX: 0000000000040004 RSI: 0000000020002bc0 RDI: 0000000000000003 [ 544.671310][ T9138] RBP: 00007f1aee55a090 R08: 0000000000000000 R09: 0000000000000000 [ 544.679290][ T9138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.687266][ T9138] R13: 0000000000000000 R14: 00007f1aed975fa0 R15: 00007ffd0e97db18 [ 544.695256][ T9138] [ 545.296065][ T9155] netlink: 93 bytes leftover after parsing attributes in process `syz.5.709'. [ 545.690217][ T9148] netlink: 93 bytes leftover after parsing attributes in process `syz.5.709'. [ 545.968321][ T9162] FAULT_INJECTION: forcing a failure. [ 545.968321][ T9162] name failslab, interval 1, probability 0, space 0, times 0 [ 546.055619][ T9162] CPU: 1 UID: 0 PID: 9162 Comm: syz.0.712 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 546.066310][ T9162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 546.268476][ T9162] Call Trace: [ 546.271758][ T9162] [ 546.467222][ T9162] dump_stack_lvl+0x16c/0x1f0 [ 546.471923][ T9162] should_fail_ex+0x497/0x5b0 [ 546.604153][ T9162] ? fs_reclaim_acquire+0xae/0x150 [ 546.609652][ T9162] should_failslab+0xc2/0x120 [ 546.614354][ T9162] __kmalloc_noprof+0xce/0x4f0 [ 546.619135][ T9162] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 546.624775][ T9162] ? tomoyo_realpath_from_path+0xbf/0x710 [ 546.630519][ T9162] tomoyo_realpath_from_path+0xbf/0x710 [ 546.636076][ T9162] ? tomoyo_path_number_perm+0x235/0x5b0 [ 546.641729][ T9162] tomoyo_path_number_perm+0x248/0x5b0 [ 546.647202][ T9162] ? tomoyo_path_number_perm+0x235/0x5b0 [ 546.652850][ T9162] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 546.658865][ T9162] ? __pfx_lock_release+0x10/0x10 [ 546.663904][ T9162] ? trace_lock_acquire+0x14e/0x1f0 [ 546.669114][ T9162] ? lock_acquire+0x2f/0xb0 [ 546.673618][ T9162] ? __fget_files+0x40/0x3a0 [ 546.678218][ T9162] ? __fget_files+0x206/0x3a0 [ 546.682993][ T9162] security_file_ioctl+0x9b/0x240 [ 546.688025][ T9162] __x64_sys_ioctl+0xb7/0x200 [ 546.692718][ T9162] do_syscall_64+0xcd/0x250 [ 546.697232][ T9162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.703153][ T9162] RIP: 0033:0x7f14f2785d19 [ 546.707616][ T9162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.727255][ T9162] RSP: 002b:00007f14f359c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 546.735674][ T9162] RAX: ffffffffffffffda RBX: 00007f14f2975fa0 RCX: 00007f14f2785d19 [ 546.743653][ T9162] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000014 [ 546.751626][ T9162] RBP: 00007f14f359c090 R08: 0000000000000000 R09: 0000000000000000 [ 546.759602][ T9162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.767681][ T9162] R13: 0000000000000000 R14: 00007f14f2975fa0 R15: 00007fffd21456a8 [ 546.775685][ T9162] [ 546.798516][ T9162] ERROR: Out of memory at tomoyo_realpath_from_path. [ 547.726605][ T8766] Bluetooth: hci0: unexpected event 0x03 length: 72 > 11 [ 548.658548][ T9174] netlink: 93 bytes leftover after parsing attributes in process `syz.0.716'. [ 549.586101][ T9198] netlink: 'syz.0.722': attribute type 1 has an invalid length. [ 549.606751][ T9198] netlink: 53 bytes leftover after parsing attributes in process `syz.0.722'. [ 549.682692][ T9198] netlink: 'syz.0.722': attribute type 1 has an invalid length. [ 549.743047][ T9198] netlink: 53 bytes leftover after parsing attributes in process `syz.0.722'. [ 550.615342][ T9209] netlink: 93 bytes leftover after parsing attributes in process `syz.5.723'. [ 550.668778][ T9204] netlink: 93 bytes leftover after parsing attributes in process `syz.5.723'. [ 550.924603][ T9210] misc userio: Invalid payload size [ 551.486615][ T29] audit: type=1800 audit(1734054386.740:23): pid=9227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.729" name="discovery_nqn" dev="configfs" ino=22790 res=0 errno=0 [ 552.471527][ T9210] svc: failed to register nfsdv3 RPC service (errno 512). [ 552.536839][ T9210] svc: failed to register nfsaclv3 RPC service (errno 512). [ 556.550591][ T29] audit: type=1800 audit(1734054391.810:24): pid=9270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.738" name="discovery_nqn" dev="configfs" ino=23860 res=0 errno=0 [ 556.570984][ T9262] netlink: 93 bytes leftover after parsing attributes in process `syz.4.739'. [ 556.594062][ T9258] netlink: 93 bytes leftover after parsing attributes in process `syz.4.739'. [ 557.345379][ T9262] Process accounting resumed [ 557.350113][ T9262] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9262 comm: syz.4.739) [ 557.635800][ T9280] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9280 comm: syz.4.743) [ 558.383020][ T9289] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9289 comm: syz.4.745) [ 558.456801][ T9296] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9296 comm: syz.4.746) [ 558.478899][ T9295] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9295 comm: syz.4.746) [ 558.586452][ T9283] netlink: 122 bytes leftover after parsing attributes in process `syz.3.742'. [ 559.475439][ T9298] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9298 comm: syz.4.747) [ 559.683955][ T29] audit: type=1800 audit(1734054394.880:25): pid=9307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.750" name="discovery_nqn" dev="configfs" ino=23918 res=0 errno=0 [ 560.279523][ T9311] netlink: 93 bytes leftover after parsing attributes in process `syz.3.752'. [ 560.374187][ T9321] binder: 9320:9321 ioctl c018620b 800000000000003 returned -14 [ 560.434873][ T9315] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9315 comm: syz.4.751) [ 561.355934][ T9326] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9326 comm: syz.4.755) [ 561.439339][ T9335] FAULT_INJECTION: forcing a failure. [ 561.439339][ T9335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 561.472320][ T9335] CPU: 1 UID: 0 PID: 9335 Comm: syz.4.758 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 561.482974][ T9335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 561.493041][ T9335] Call Trace: [ 561.496323][ T9335] [ 561.499259][ T9335] dump_stack_lvl+0x16c/0x1f0 [ 561.503947][ T9335] should_fail_ex+0x497/0x5b0 [ 561.508640][ T9335] strncpy_from_user+0x3b/0x2d0 [ 561.513503][ T9335] getname_flags.part.0+0x8f/0x550 [ 561.518632][ T9335] __x64_sys_mkdir+0xd8/0x140 [ 561.523321][ T9335] do_syscall_64+0xcd/0x250 [ 561.527835][ T9335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.533735][ T9335] RIP: 0033:0x7f1aed785d19 [ 561.538159][ T9335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.557780][ T9335] RSP: 002b:00007f1aee55a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 561.566205][ T9335] RAX: ffffffffffffffda RBX: 00007f1aed975fa0 RCX: 00007f1aed785d19 [ 561.574183][ T9335] RDX: 0000000000000000 RSI: 0000000000009001 RDI: 0000000020000100 [ 561.638589][ T9335] RBP: 00007f1aee55a090 R08: 0000000000000000 R09: 0000000000000000 [ 561.838921][ T9335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.846915][ T9335] R13: 0000000000000000 R14: 00007f1aed975fa0 R15: 00007ffd0e97db18 [ 562.047183][ T9335] [ 562.260327][ T9335] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9335 comm: syz.4.758) [ 562.345828][ T29] audit: type=1800 audit(1734054397.600:26): pid=9344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.762" name="discovery_nqn" dev="configfs" ino=23971 res=0 errno=0 [ 562.487632][ T9342] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9342 comm: syz.4.761) [ 563.180211][ T9347] netlink: 4 bytes leftover after parsing attributes in process `syz.5.764'. [ 563.198187][ T9347] netlink: 4 bytes leftover after parsing attributes in process `syz.5.764'. [ 563.342911][ T9350] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9350 comm: syz.4.766) [ 563.439817][ T9362] netlink: 93 bytes leftover after parsing attributes in process `syz.0.765'. [ 563.461177][ T9353] netlink: 93 bytes leftover after parsing attributes in process `syz.0.765'. [ 563.479266][ T9365] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9365 comm: syz.4.768) [ 564.185879][ T9373] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9373 comm: syz.4.770) [ 565.147690][ T9390] FAULT_INJECTION: forcing a failure. [ 565.147690][ T9390] name failslab, interval 1, probability 0, space 0, times 0 [ 565.162316][ T9390] CPU: 0 UID: 0 PID: 9390 Comm: syz.0.775 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 565.172959][ T9390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 565.173064][ T9381] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9381 comm: syz.4.772) [ 565.183012][ T9390] Call Trace: [ 565.183035][ T9390] [ 565.183045][ T9390] dump_stack_lvl+0x16c/0x1f0 [ 565.183078][ T9390] should_fail_ex+0x497/0x5b0 [ 565.210023][ T9390] ? fs_reclaim_acquire+0xae/0x150 [ 565.215179][ T9390] should_failslab+0xc2/0x120 [ 565.219893][ T9390] __kmalloc_noprof+0xce/0x4f0 [ 565.224672][ T9390] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 565.230307][ T9390] ? tomoyo_realpath_from_path+0xbf/0x710 [ 565.236036][ T9390] tomoyo_realpath_from_path+0xbf/0x710 [ 565.241609][ T9390] ? tomoyo_path_number_perm+0x235/0x5b0 [ 565.247258][ T9390] tomoyo_path_number_perm+0x248/0x5b0 [ 565.252732][ T9390] ? tomoyo_path_number_perm+0x235/0x5b0 [ 565.258381][ T9390] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 565.264400][ T9390] ? __pfx_lock_release+0x10/0x10 [ 565.269441][ T9390] ? trace_lock_acquire+0x14e/0x1f0 [ 565.274650][ T9390] ? lock_acquire+0x2f/0xb0 [ 565.279153][ T9390] ? __fget_files+0x40/0x3a0 [ 565.283751][ T9390] ? __fget_files+0x206/0x3a0 [ 565.288434][ T9390] security_file_ioctl+0x9b/0x240 [ 565.293460][ T9390] __x64_sys_ioctl+0xb7/0x200 [ 565.298155][ T9390] do_syscall_64+0xcd/0x250 [ 565.302668][ T9390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.308565][ T9390] RIP: 0033:0x7f14f2785d19 [ 565.312994][ T9390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.332608][ T9390] RSP: 002b:00007f14f359c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 565.341035][ T9390] RAX: ffffffffffffffda RBX: 00007f14f2975fa0 RCX: 00007f14f2785d19 [ 565.349280][ T9390] RDX: 000000000000000b RSI: 0000000000004b36 RDI: 0000000000000003 [ 565.357257][ T9390] RBP: 00007f14f359c090 R08: 0000000000000000 R09: 0000000000000000 [ 565.365321][ T9390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.373292][ T9390] R13: 0000000000000000 R14: 00007f14f2975fa0 R15: 00007fffd21456a8 [ 565.381277][ T9390] [ 565.385425][ T9390] ERROR: Out of memory at tomoyo_realpath_from_path. [ 565.432356][ T29] audit: type=1800 audit(1734054400.430:27): pid=9388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.774" name="discovery_nqn" dev="configfs" ino=24044 res=0 errno=0 [ 566.328124][ T9406] FAULT_INJECTION: forcing a failure. [ 566.328124][ T9406] name failslab, interval 1, probability 0, space 0, times 0 [ 566.340979][ T9406] CPU: 0 UID: 0 PID: 9406 Comm: syz.0.780 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 566.351603][ T9406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 566.361690][ T9406] Call Trace: [ 566.365002][ T9406] [ 566.367957][ T9406] dump_stack_lvl+0x16c/0x1f0 [ 566.369155][ T9402] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9402 comm: syz.4.778) [ 566.372648][ T9406] should_fail_ex+0x497/0x5b0 [ 566.388698][ T9406] ? fs_reclaim_acquire+0xae/0x150 [ 566.393853][ T9406] should_failslab+0xc2/0x120 [ 566.398566][ T9406] __kmalloc_node_noprof+0xd1/0x520 [ 566.403778][ T9406] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 566.409246][ T9406] ? __pfx_lock_release+0x10/0x10 [ 566.414291][ T9406] __kvmalloc_node_noprof+0xad/0x1a0 [ 566.419587][ T9406] seq_read_iter+0x82a/0x12b0 [ 566.424277][ T9406] seq_read+0x39f/0x4e0 [ 566.428437][ T9406] ? __pfx_seq_read+0x10/0x10 [ 566.433137][ T9406] full_proxy_read+0xfb/0x1b0 [ 566.437822][ T9406] ? __pfx_full_proxy_read+0x10/0x10 [ 566.499458][ T9406] vfs_read+0x1df/0xbe0 [ 566.503636][ T9406] ? __fget_files+0x1fc/0x3a0 [ 566.508339][ T9406] ? __pfx___mutex_lock+0x10/0x10 [ 566.705734][ T9406] ? __pfx_vfs_read+0x10/0x10 [ 566.710441][ T9406] ? __fget_files+0x206/0x3a0 [ 566.908118][ T9406] ksys_read+0x12b/0x250 [ 566.912385][ T9406] ? __pfx_ksys_read+0x10/0x10 [ 566.917199][ T9406] do_syscall_64+0xcd/0x250 [ 567.049924][ T9406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.055836][ T9406] RIP: 0033:0x7f14f2785d19 [ 567.060263][ T9406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.079891][ T9406] RSP: 002b:00007f14f359c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 567.088320][ T9406] RAX: ffffffffffffffda RBX: 00007f14f2975fa0 RCX: 00007f14f2785d19 [ 567.096296][ T9406] RDX: 00000000000000f9 RSI: 0000000020000040 RDI: 0000000000000003 [ 567.104270][ T9406] RBP: 00007f14f359c090 R08: 0000000000000000 R09: 0000000000000000 [ 567.112244][ T9406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.120216][ T9406] R13: 0000000000000000 R14: 00007f14f2975fa0 R15: 00007fffd21456a8 [ 567.128288][ T9406] [ 568.038244][ T9409] netlink: 93 bytes leftover after parsing attributes in process `syz.4.782'. [ 568.322797][ T29] audit: type=1800 audit(1734054403.560:28): pid=9429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.787" name="discovery_nqn" dev="configfs" ino=23197 res=0 errno=0 [ 568.860125][ T9409] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9409 comm: syz.4.782) [ 569.139655][ T9438] nbd: must specify a size in bytes for the device [ 571.029603][ T9252] Bluetooth: hci3: unexpected event 0x03 length: 72 > 11 [ 571.066207][ T9443] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9443 comm: syz.4.788) [ 571.187640][ T9455] netlink: 93 bytes leftover after parsing attributes in process `syz.3.795'. [ 572.021937][ T9461] netlink: 93 bytes leftover after parsing attributes in process `syz.5.796'. [ 572.031601][ T29] audit: type=1800 audit(1734054407.290:29): pid=9464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.798" name="discovery_nqn" dev="configfs" ino=24171 res=0 errno=0 [ 572.096918][ T9458] netlink: 93 bytes leftover after parsing attributes in process `syz.5.796'. [ 572.927050][ T9474] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd31 [ 572.996047][ T9465] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9465 comm: syz.4.797) [ 573.985095][ T9497] FAULT_INJECTION: forcing a failure. [ 573.985095][ T9497] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 574.017128][ T9497] CPU: 1 UID: 0 PID: 9497 Comm: syz.0.806 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 574.027815][ T9497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 574.037897][ T9497] Call Trace: [ 574.041180][ T9497] [ 574.044118][ T9497] dump_stack_lvl+0x16c/0x1f0 [ 574.048810][ T9497] should_fail_ex+0x497/0x5b0 [ 574.053502][ T9497] _copy_to_user+0x32/0xd0 [ 574.057934][ T9497] simple_read_from_buffer+0xd0/0x160 [ 574.063324][ T9497] proc_fail_nth_read+0x198/0x270 [ 574.068361][ T9497] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.073922][ T9497] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.079479][ T9497] vfs_read+0x1df/0xbe0 [ 574.083643][ T9497] ? __fget_files+0x1fc/0x3a0 [ 574.088326][ T9497] ? __pfx___mutex_lock+0x10/0x10 [ 574.093357][ T9497] ? __pfx_vfs_read+0x10/0x10 [ 574.098048][ T9497] ? __fget_files+0x206/0x3a0 [ 574.102736][ T9497] ksys_read+0x12b/0x250 [ 574.106988][ T9497] ? __pfx_ksys_read+0x10/0x10 [ 574.111768][ T9497] do_syscall_64+0xcd/0x250 [ 574.116278][ T9497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.122176][ T9497] RIP: 0033:0x7f14f278472c [ 574.126594][ T9497] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 574.146203][ T9497] RSP: 002b:00007f14f357b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 574.154622][ T9497] RAX: ffffffffffffffda RBX: 00007f14f2976080 RCX: 00007f14f278472c [ 574.162598][ T9497] RDX: 000000000000000f RSI: 00007f14f357b0a0 RDI: 0000000000000003 [ 574.170575][ T9497] RBP: 00007f14f357b090 R08: 0000000000000000 R09: 0000000000000000 [ 574.178547][ T9497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.186522][ T9497] R13: 0000000000000001 R14: 00007f14f2976080 R15: 00007fffd21456a8 [ 574.194515][ T9497] [ 574.492673][ T29] audit: type=1800 audit(1734054409.550:30): pid=9499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.808" name="discovery_nqn" dev="configfs" ino=23361 res=0 errno=0 [ 574.969677][ T9494] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9494 comm: syz.4.804) [ 575.952147][ T9507] netlink: 93 bytes leftover after parsing attributes in process `syz.5.810'. [ 576.115364][ T9509] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9509 comm: syz.4.811) [ 576.949032][ T9524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 576.969088][ T9524] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.416971][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 577.619819][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 577.989500][ T29] audit: type=1800 audit(1734054413.250:31): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.818" name="discovery_nqn" dev="configfs" ino=23416 res=0 errno=0 [ 578.075578][ T9435] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9435 comm: syz.4.788) [ 579.857838][ T9548] netlink: 93 bytes leftover after parsing attributes in process `syz.3.823'. [ 580.128004][ T9525] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9525 comm: syz.4.814) [ 581.653324][ T29] audit: type=1800 audit(1734054416.360:32): pid=9569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.829" name="discovery_nqn" dev="configfs" ino=23492 res=0 errno=0 [ 581.674183][ T29] audit: type=1806 audit(1734054416.910:33): res=-14 [ 581.994496][ T9570] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9570 comm: syz.4.828) [ 582.901959][ T9587] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9587 comm: syz.4.833) [ 583.659376][ T9598] FAULT_INJECTION: forcing a failure. [ 583.659376][ T9598] name failslab, interval 1, probability 0, space 0, times 0 [ 583.708317][ T9598] CPU: 0 UID: 0 PID: 9598 Comm: syz.3.837 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 583.718976][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 583.729071][ T9598] Call Trace: [ 583.732369][ T9598] [ 583.735323][ T9598] dump_stack_lvl+0x16c/0x1f0 [ 583.740127][ T9598] should_fail_ex+0x497/0x5b0 [ 583.744863][ T9598] ? fs_reclaim_acquire+0xae/0x150 [ 583.750027][ T9598] should_failslab+0xc2/0x120 [ 583.754855][ T9598] __kmalloc_node_noprof+0xd1/0x520 [ 583.760108][ T9598] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 583.765617][ T9598] __kvmalloc_node_noprof+0xad/0x1a0 [ 583.770951][ T9598] traverse.part.0.constprop.0+0x392/0x640 [ 583.776816][ T9598] seq_read_iter+0x934/0x12b0 [ 583.781544][ T9598] ? __pfx_aa_file_perm+0x10/0x10 [ 583.786606][ T9598] seq_read+0x39f/0x4e0 [ 583.790802][ T9598] ? __pfx_seq_read+0x10/0x10 [ 583.795534][ T9598] ? __pfx_seq_read+0x10/0x10 [ 583.800244][ T9598] vfs_read+0x1df/0xbe0 [ 583.804435][ T9598] ? __fget_files+0x1fc/0x3a0 [ 583.809145][ T9598] ? __pfx___mutex_lock+0x10/0x10 [ 583.814200][ T9598] ? __pfx_vfs_read+0x10/0x10 [ 583.818916][ T9598] ? __fget_files+0x206/0x3a0 [ 583.823631][ T9598] ksys_read+0x12b/0x250 [ 583.827911][ T9598] ? __pfx_ksys_read+0x10/0x10 [ 583.832716][ T9598] do_syscall_64+0xcd/0x250 [ 583.837255][ T9598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.843177][ T9598] RIP: 0033:0x7f68fcd85d19 [ 583.847614][ T9598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.867253][ T9598] RSP: 002b:00007f68fdc45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 583.875708][ T9598] RAX: ffffffffffffffda RBX: 00007f68fcf75fa0 RCX: 00007f68fcd85d19 [ 583.883715][ T9598] RDX: 0000000000400000 RSI: 0000000000000000 RDI: 0000000000000003 [ 583.891723][ T9598] RBP: 00007f68fdc45090 R08: 0000000000000000 R09: 0000000000000000 [ 583.899732][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.907742][ T9598] R13: 0000000000000000 R14: 00007f68fcf75fa0 R15: 00007ffe3594a1d8 [ 583.910819][ T9601] netlink: 93 bytes leftover after parsing attributes in process `syz.5.835'. [ 583.915742][ T9598] [ 583.954018][ T9593] netlink: 93 bytes leftover after parsing attributes in process `syz.5.835'. [ 584.838605][ T9611] FAULT_INJECTION: forcing a failure. [ 584.838605][ T9611] name failslab, interval 1, probability 0, space 0, times 0 [ 584.873356][ T9611] CPU: 1 UID: 0 PID: 9611 Comm: syz.5.840 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 584.884014][ T9611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 584.894192][ T9611] Call Trace: [ 584.897495][ T9611] [ 584.900447][ T9611] dump_stack_lvl+0x16c/0x1f0 [ 584.905181][ T9611] should_fail_ex+0x497/0x5b0 [ 584.909909][ T9611] should_failslab+0xc2/0x120 [ 584.914635][ T9611] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 584.920427][ T9611] ? xas_split_alloc+0x158/0x4f0 [ 584.925403][ T9611] xas_split_alloc+0x158/0x4f0 [ 584.930217][ T9611] split_huge_page_to_list_to_order+0xb94/0x4d00 [ 584.992499][ T9611] ? __pfx___mem_cgroup_try_charge_swap+0x10/0x10 [ 584.998978][ T9611] ? __pfx_split_huge_page_to_list_to_order+0x10/0x10 [ 585.197727][ T9611] ? try_to_unmap_one+0x1cd2/0x24e0 [ 585.203038][ T9611] shmem_writepage+0x4be/0x14b0 [ 585.401316][ T9611] ? lock_acquire+0x2f/0xb0 [ 585.405866][ T9611] ? __pfx_shmem_writepage+0x10/0x10 [ 585.538903][ T9611] ? try_to_unmap_one+0xfde/0x24e0 [ 585.544059][ T9611] ? inode_to_bdi+0x9e/0x160 [ 585.548691][ T9611] ? folio_clear_dirty_for_io+0x112/0x800 [ 585.554467][ T9611] pageout+0x3b2/0xaa0 [ 585.558590][ T9611] ? __pfx_pageout+0x10/0x10 [ 585.563273][ T9611] ? __pfx_try_to_unmap_one+0x10/0x10 [ 585.568695][ T9611] ? __pfx_folio_not_mapped+0x10/0x10 [ 585.574115][ T9611] ? __pfx_folio_lock_anon_vma_read+0x10/0x10 [ 585.580245][ T9611] shrink_folio_list+0x3025/0x42d0 [ 585.585410][ T9611] ? __pfx_shrink_folio_list+0x10/0x10 [ 585.590906][ T9611] ? __lock_acquire+0xcc5/0x3c40 [ 585.595896][ T9611] ? hlock_class+0x4e/0x130 [ 585.600457][ T9611] ? __lock_acquire+0xcc5/0x3c40 [ 585.605446][ T9611] ? hlock_class+0x4e/0x130 [ 585.609991][ T9611] ? mark_lock+0xb5/0xc60 [ 585.614391][ T9611] ? hlock_class+0x4e/0x130 [ 585.618934][ T9611] ? __lock_acquire+0x15a9/0x3c40 [ 585.624011][ T9611] reclaim_folio_list+0xd8/0x5e0 [ 585.628993][ T9611] ? __pfx_reclaim_folio_list+0x10/0x10 [ 585.634589][ T9611] ? hlock_class+0x4e/0x130 [ 585.639145][ T9611] ? mark_lock+0xb5/0xc60 [ 585.643533][ T9611] ? find_held_lock+0x2d/0x110 [ 585.648341][ T9611] ? folio_isolate_lru+0x577/0x8e0 [ 585.653482][ T9611] ? find_held_lock+0x2d/0x110 [ 585.658293][ T9611] reclaim_pages+0x481/0x650 [ 585.662928][ T9611] ? __pfx_reclaim_pages+0x10/0x10 [ 585.668079][ T9611] ? folio_isolate_lru+0xa2/0x8e0 [ 585.673140][ T9611] madvise_cold_or_pageout_pte_range+0x163b/0x20d0 [ 585.679697][ T9611] ? __pfx___lock_acquire+0x10/0x10 [ 585.684943][ T9611] ? mark_lock+0xb5/0xc60 [ 585.689315][ T9611] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 585.696218][ T9611] ? find_held_lock+0x2d/0x110 [ 585.701033][ T9611] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 585.707930][ T9611] walk_pgd_range+0xc7b/0x1a70 [ 585.712755][ T9611] ? mt_find+0x4c8/0xa20 [ 585.717043][ T9611] ? __pfx_walk_pgd_range+0x10/0x10 [ 585.722299][ T9611] __walk_page_range+0x161/0x820 [ 585.727283][ T9611] ? find_vma+0xc0/0x140 [ 585.731559][ T9611] ? __pfx_find_vma+0x10/0x10 [ 585.736275][ T9611] ? walk_page_test+0x9b/0x180 [ 585.741094][ T9611] walk_page_range_mm+0x55a/0x940 [ 585.742193][ T29] audit: type=1800 audit(1734054421.000:34): pid=9617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.841" name="discovery_nqn" dev="configfs" ino=24590 res=0 errno=0 [ 585.746140][ T9611] ? __pfx_walk_page_range_mm+0x10/0x10 [ 585.772334][ T9611] ? mlock_drain_local+0x22d/0x4f0 [ 585.777501][ T9611] ? lock_acquire+0x2f/0xb0 [ 585.782044][ T9611] ? mlock_drain_local+0x6f/0x4f0 [ 585.787117][ T9611] walk_page_range+0x63/0x90 [ 585.791758][ T9611] madvise_pageout+0x326/0x820 [ 585.796584][ T9611] ? __pfx_madvise_pageout+0x10/0x10 [ 585.801925][ T9611] ? mas_prev_setup.constprop.0+0xb4/0x830 [ 585.807776][ T9611] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 585.813719][ T9611] madvise_vma_behavior+0x44a/0x1da0 [ 585.819060][ T9611] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 585.824826][ T9611] ? find_vma_prev+0xdb/0x160 [ 585.829546][ T9611] ? __pfx_find_vma_prev+0x10/0x10 [ 585.834709][ T9611] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 585.840288][ T9611] ? do_madvise+0x25b/0x770 [ 585.844842][ T9611] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 585.850607][ T9611] madvise_walk_vmas+0x1cf/0x2c0 [ 585.855599][ T9611] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 585.861111][ T9611] do_madvise+0x30e/0x770 [ 585.865491][ T9611] ? __pfx_do_madvise+0x10/0x10 [ 585.870400][ T9611] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 585.876604][ T9611] ? syscall_user_dispatch+0x77/0x140 [ 585.882014][ T9611] __x64_sys_madvise+0xa9/0x110 [ 585.886912][ T9611] do_syscall_64+0xcd/0x250 [ 585.891458][ T9611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.897397][ T9611] RIP: 0033:0x7fdeb2f85d19 [ 585.901844][ T9611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.169899][ T9611] RSP: 002b:00007fdeb3cf3038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 586.178354][ T9611] RAX: ffffffffffffffda RBX: 00007fdeb3175fa0 RCX: 00007fdeb2f85d19 [ 586.378269][ T9611] RDX: 0000000000000015 RSI: ffffffffffff0001 RDI: 0000000000000000 [ 586.513691][ T9611] RBP: 00007fdeb3cf3090 R08: 0000000000000000 R09: 0000000000000000 [ 586.521694][ T9611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 586.529699][ T9611] R13: 0000000000000000 R14: 00007fdeb3175fa0 R15: 00007ffc682e5a28 [ 586.537721][ T9611] [ 586.821118][ T9595] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9595 comm: syz.4.836) [ 587.620471][ T9551] Process accounting paused [ 589.510815][ T9642] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN PTI [ 589.523464][ T9642] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [ 589.531907][ T9642] CPU: 0 UID: 0 PID: 9642 Comm: syz.4.848 Not tainted 6.13.0-rc2-syzkaller-00130-g150b567e0d57 #0 [ 589.542526][ T9642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 589.552602][ T9642] RIP: 0010:sctp_copy_local_addr_list+0x2bc/0x5a0 [ 589.559059][ T9642] Code: 20 00 0f 85 ac 02 00 00 48 8b 1b 4c 39 fb 0f 84 98 01 00 00 e8 95 f7 3c f7 48 8d 7b 3d 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <42> 0f b6 04 20 38 d0 7f 08 84 c0 0f 85 86 02 00 00 44 0f b6 6b 3d [ 589.578698][ T9642] RSP: 0018:ffffc900033475c0 EFLAGS: 00010206 [ 589.584788][ T9642] RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffffc90017fba000 [ 589.592779][ T9642] RDX: 0000000000000005 RSI: ffffffff8a5c465b RDI: 000000000000003d [ 589.600772][ T9642] RBP: ffffc900033476a0 R08: 0000000000000001 R09: 0000000000000000 [ 589.608745][ T9642] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 589.616723][ T9642] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888031430fc8 [ 589.624704][ T9642] FS: 00007f1aee5396c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 589.633636][ T9642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 589.640223][ T9642] CR2: 00007f1aee538f98 CR3: 000000006b3a6000 CR4: 00000000003526f0 [ 589.648194][ T9642] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 589.656164][ T9642] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 589.664135][ T9642] Call Trace: [ 589.667408][ T9642] [ 589.670336][ T9642] ? die_addr+0x3b/0xa0 [ 589.674585][ T9642] ? exc_general_protection+0x155/0x230 [ 589.680143][ T9642] ? asm_exc_general_protection+0x26/0x30 [ 589.685863][ T9642] ? sctp_copy_local_addr_list+0x2ab/0x5a0 [ 589.691670][ T9642] ? sctp_copy_local_addr_list+0x2bc/0x5a0 [ 589.697483][ T9642] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 589.703640][ T9642] ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360 [ 589.709552][ T9642] ? sctp_bind_addr_copy+0xe0/0x530 [ 589.714771][ T9642] sctp_bind_addr_copy+0xe0/0x530 [ 589.719825][ T9642] sctp_connect_new_asoc+0x1d8/0x790 [ 589.725126][ T9642] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 589.730955][ T9642] ? mark_held_locks+0x9f/0xe0 [ 589.735741][ T9642] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 589.741306][ T9642] sctp_sendmsg+0x162a/0x1f10 [ 589.745999][ T9642] ? __pfx_sctp_sendmsg+0x10/0x10 [ 589.751039][ T9642] ? __pfx___might_resched+0x10/0x10 [ 589.756346][ T9642] ? __pfx_aa_sk_perm+0x10/0x10 [ 589.761220][ T9642] ? __might_fault+0xe3/0x190 [ 589.765914][ T9642] ? __might_fault+0xe3/0x190 [ 589.770620][ T9642] ? __pfx_sctp_sendmsg+0x10/0x10 [ 589.775663][ T9642] inet_sendmsg+0x119/0x140 [ 589.780192][ T9642] ____sys_sendmsg+0x907/0xb40 [ 589.784965][ T9642] ? __pfx_____sys_sendmsg+0x10/0x10 [ 589.790251][ T9642] ? __lock_acquire+0xcc5/0x3c40 [ 589.795204][ T9642] ___sys_sendmsg+0x135/0x1e0 [ 589.855902][ T9642] ? __pfx_mark_lock+0x10/0x10 [ 589.860727][ T9642] ? __pfx____sys_sendmsg+0x10/0x10 [ 589.865947][ T9642] ? trace_lock_acquire+0x14e/0x1f0 [ 590.063598][ T9642] __sys_sendmmsg+0x201/0x420 [ 590.068387][ T9642] ? __pfx___sys_sendmmsg+0x10/0x10 [ 590.265681][ T9642] ? find_held_lock+0x59/0x110 [ 590.270568][ T9642] ? find_held_lock+0x2d/0x110 [ 590.275359][ T9642] ? lock_acquire+0x2f/0xb0 [ 590.407823][ T9642] __x64_sys_sendmmsg+0x9c/0x100 [ 590.412780][ T9642] ? lockdep_hardirqs_on+0x7c/0x110 [ 590.417986][ T9642] do_syscall_64+0xcd/0x250 [ 590.422493][ T9642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.428398][ T9642] RIP: 0033:0x7f1aed785d19 [ 590.432813][ T9642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.452426][ T9642] RSP: 002b:00007f1aee539038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 590.460844][ T9642] RAX: ffffffffffffffda RBX: 00007f1aed976080 RCX: 00007f1aed785d19 [ 590.468813][ T9642] RDX: 0000000000000005 RSI: 0000000020000140 RDI: 0000000000000004 [ 590.476781][ T9642] RBP: 00007f1aed801a20 R08: 0000000000000000 R09: 0000000000000000 [ 590.484756][ T9642] R10: 000000007fffffff R11: 0000000000000246 R12: 0000000000000000 [ 590.492724][ T9642] R13: 0000000000000001 R14: 00007f1aed976080 R15: 00007ffd0e97db18 [ 590.500700][ T9642] [ 590.503715][ T9642] Modules linked in: [ 590.508778][ T9642] ---[ end trace 0000000000000000 ]--- [ 590.565407][ T9642] RIP: 0010:sctp_copy_local_addr_list+0x2bc/0x5a0 [ 590.576621][ T9642] Code: 20 00 0f 85 ac 02 00 00 48 8b 1b 4c 39 fb 0f 84 98 01 00 00 e8 95 f7 3c f7 48 8d 7b 3d 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <42> 0f b6 04 20 38 d0 7f 08 84 c0 0f 85 86 02 00 00 44 0f b6 6b 3d [ 590.632943][ T9642] RSP: 0018:ffffc900033475c0 EFLAGS: 00010206 [ 590.640026][ T9642] RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffffc90017fba000 [ 590.657064][ T9642] RDX: 0000000000000005 RSI: ffffffff8a5c465b RDI: 000000000000003d [ 590.671690][ T9642] RBP: ffffc900033476a0 R08: 0000000000000001 R09: 0000000000000000 [ 590.673563][ T9643] netlink: 93 bytes leftover after parsing attributes in process `syz.0.849'. [ 590.685201][ T9642] R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000 [ 590.696759][ T9642] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888031430fc8 [ 590.704775][ T9642] FS: 00007f1aee5396c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 590.713859][ T9642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 590.720525][ T9642] CR2: 00007f14f357bd58 CR3: 000000006b3a6000 CR4: 00000000003526f0 [ 590.728633][ T9642] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 590.737512][ T9642] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 590.745541][ T9642] Kernel panic - not syncing: Fatal exception [ 590.751869][ T9642] Kernel Offset: disabled [ 590.756190][ T9642] Rebooting in 86400 seconds..