last executing test programs: 4m40.650788652s ago: executing program 1 (id=1186): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm1c/sub7/xrun_injection\x00', 0x68101, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) write$auto_msr_fops_msr(r0, 0x0, 0x4d) close_range$auto(0x2, 0x8, 0x0) 4m40.307844703s ago: executing program 1 (id=1188): r0 = socket(0x11, 0x2, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x4000002, 0x4, 0x7234}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f00000003c0), 0x48}, 0x6, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_NAPI_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYRESOCT, @ANYRESHEX=r1, @ANYRES16=r1, @ANYBLOB="c12647bdf4c0e8fd2672f01ce1598c7a3c0d1dd29d20424a0a3b66dd8739f9242eeafe900e510b4ba26233bb03880f147ea11515277dda4639a654a9917d2a1e63dca195fa8a3ff4190884495d7a2550e4a2cd095d18e285729e56bdec4be4d2301ba221288c954e269df8c10513eaa54095f1387c1c06c49e53a561f44e6bb2af3677f9c7fa7539eff7d5237efcf17164a40a28ee0df1fa"], 0x1c}, 0x1, 0x0, 0x0, 0x20008040}, 0x20000004) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) semtimedop$auto(0x7, &(0x7f0000000180)={0xffff, 0x7}, 0x1, &(0x7f00000001c0)={0x7, 0x80000000}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x38, r2, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x1c, 0x1, 0x0, 0x1, [@nested={0x18, 0x10, 0x0, 0x1, [@typed={0x14, 0xb, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0xff}}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) mmap$auto(0x200000, 0x7fe000000000, 0x2, 0x209b72, 0xffffffffffffffff, 0x4000000000) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r3) sendmsg$auto_NL80211_CMD_GET_KEY(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000c203d3d32be400", @ANYRES16=r4, @ANYBLOB="040026bd7000fbdbdf250900000005005300de0000000800a5000c00000005003e0005000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x40) 4m40.041049837s ago: executing program 1 (id=1190): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) init_module$auto(0x0, 0x10001, 0xfffffffffffffffe) ioctl$auto(0x3, 0x541b, 0x10000000000402) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0xfffffffffffffffc}, 0xffffffffb5a408e3) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1, &(0x7f0000000040), 0x1) stat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)={0x5, 0xcf, 0x3, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x3, 0xfffffffffffffff8, 0x5, 0xc, 0x3ff, 0xbe1, 0x7, 0x0, 0x6ad5}) shmctl$auto(0x9, 0x92c00000, &(0x7f0000000240)={{0x2, 0x0, 0xee01, 0x9e5, 0x4, 0xfff, 0x7}, 0xb, 0x3, 0x10000000, 0x35, @inferred, @inferred, 0x2, 0x0, &(0x7f00000001c0), &(0x7f0000000200)}) r2 = getgid() shmctl$auto(0x0, 0x1, &(0x7f0000000380)={{0x5, r1, r2, 0xa9, 0x0, 0x52, 0x3}, 0x6e98e4ec, 0x2, 0x7fffffffffffffff, 0x1, @inferred, @inferred, 0x1d1b, 0x0, &(0x7f0000000300), &(0x7f0000000340)}) chown$auto(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x0, r2) setfsgid$auto(r2) shmctl$auto(0x6, 0x4, &(0x7f00000001c0)={{0x7, 0xee00, 0x0, 0x7d, 0xe5a61ce, 0xb97, 0x1}, 0x5, 0x9, 0x8, 0x8, @inferred, @inferred, 0x362, 0x0, &(0x7f00000004c0)="bb188662ce07e4", &(0x7f0000000080)}) r4 = getegid() setresgid$auto(r2, r3, r4) shmctl$auto(0x5d, 0x4, &(0x7f00000003c0)={{0x4, r0, r4, 0x49c, 0x6, 0x3}, 0x4, 0x3, 0x2, 0x4, @raw=0x8, @raw=0xff, 0x2, 0x0, &(0x7f00000001c0)="f70f4e7f8a48a02c9ef946b8ba1ffa2f12f790b3fb9f0177b30a0cdf55fbe547f1023f5812c1b2a0fe6743d8c9b1ea9c0bd7b2f89c30d9be4d3a574cbf19b0ec421ba2166de462787b939065e604539454ff09b8974cd7245294b1df82cb921d6f057f67ba408d0ccbd38a724c6396b232b2382a2ca1218447576d1a2715c750b19930438b30ecf70549884d4edc5282e23cd4616e42492e46566861d67e82557ed36a4cfd54e5ba4b2865c83c6e25fb461b6678e01a2f610f996d80a868e9ad0c86db2620ce87b98ee18a46a0720cdf6493b336351f8b26989dc2b4aaac27", &(0x7f00000002c0)="6d2fabe770f9b9e08199a2206716f382cd18285418ea9cc47c722498e77a8fa18b0cdda3962ba512fed1e6680764b1704bc0a99c8fbbac8fd0b56f20731f20a2f60eb69e628851c4104b73509623b85885f12bf30fee28ae3d7a3eeba62456ce60dc439d7f42d8e6a7cf74d866ef503e7571a759c85404783c5390628a54a59ab4fd1d7499c2c08c3b3c204927345de49a664c3e174f403641ce63e6f7320c933634209d0f5b90281f9d0f6160bd2e12d310e0f67205e1a2ab65dcaa823cb66b252b9c5851da09da46fd0a64"}) 4m39.834324577s ago: executing program 1 (id=1192): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vbi7\x00', 0x80400, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) ioctl$auto(0x3, 0x40085618, 0x38) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00', @ANYRES16=r0, @ANYBLOB="80680068c3ec01b378d94775"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) 4m39.432583051s ago: executing program 1 (id=1194): statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x40, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, [0x0, 0x0, 0x0, 0x100, 0x0, 0x2000, 0xfffffffffffffffd, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x1, 0x4, 0x7, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x200000000000, 0x0, 0xffffffffefffffff, 0x3, 0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x400000000005b8, 0xc, 0x4000000000, 0x8, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x800000000000a, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x6, 0x0, 0x100000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="3ae90f7c", @ANYRES16=0x0, @ANYBLOB="01002bbd7000ffdbdf2502"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) unshare$auto(0x42d7) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 4m38.545120433s ago: executing program 1 (id=1198): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x666402, 0x0) 4m38.185766653s ago: executing program 32 (id=1198): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x666402, 0x0) 15.387110765s ago: executing program 0 (id=2357): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x880) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x0, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x180, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000000)=""/194, 0xc2) madvise$auto(0x0, 0x200007, 0x19) bpf$auto(0x5, 0x0, 0xa) 14.057063644s ago: executing program 0 (id=2364): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x25, 0xa, 0xe) semctl$auto(0x80001ff, 0x804, 0x6, 0x4) setsockopt$auto(0x3, 0x0, 0x24, 0x0, 0x28) 8.587433907s ago: executing program 2 (id=2384): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x80) 8.440252447s ago: executing program 2 (id=2386): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r0, &(0x7f0000000000)='\x00', 0x800) 8.167774635s ago: executing program 2 (id=2387): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) fcntl$auto(0x3, 0x4, 0xa553) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x2000c041) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x85, 0x0) getsockopt$auto(0xffffffffffffffff, 0x0, 0x53, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) mmap$auto(0x9, 0x8, 0x7f, 0x14, 0x1ff, 0xeb41) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x6, 0x6, 0x0) socket(0x0, 0x80000, 0x9) statmount$auto(0x0, 0x0, 0x1fe, 0x81) bind$auto(0x3, &(0x7f0000000000), 0x68) connect$auto(0x3, &(0x7f0000000000), 0x55) shutdown$auto(0x200000003, 0x2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) 6.959505836s ago: executing program 0 (id=2366): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/vm/dirty_ratio\x00', 0x2100, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty22\x00', 0xe0802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x121c01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_NAPI_GET(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fba400000000f2ff0000021f4de56a4703000000d6f3110aa45aeb6b5e9bd8abc396aa49249256bdf3aa705dd10c661480cb20a3c8f0eca3d46ee322e8719e1239716cd1307d8553a60d7af3b758fd1e98676fd435929103f6"], 0x1c}}, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x2682, 0x0) read$auto_rfcomm_dlc_debugfs_fops_(r2, &(0x7f0000000080)=""/96, 0x60) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001380)={0x18, r4, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) 6.621364259s ago: executing program 3 (id=2389): socket(0x10, 0x800, 0xffffffff) r0 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000) statmount$auto(&(0x7f0000000000)={0x7e, @inferred, 0x80000029, 0x3f, 0x2}, 0x0, 0x7ffffffff000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x2, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) fanotify_init$auto(0x5, 0x2000000000002) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) socket(0x22, 0x2, 0x2) write$auto(0x3, 0x0, 0xffd8) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) bind$auto(0x3, 0xfffffffffffffffd, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x82099, 0xe9e, 0x7, 0x15, 0xffd, 0x100000001, 0x4, 0xf, 0x0, 0x0, 0xe, 0x3, 0x101, 0xff, 0x2, 0x80000001]}, 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffc, 0x0) 6.613868691s ago: executing program 4 (id=2397): socket(0x10, 0x800, 0xffffffff) r0 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000) statmount$auto(&(0x7f0000000000)={0x7e, @inferred, 0x80000029, 0x3f, 0x2}, 0x0, 0x7ffffffff000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x2, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) fanotify_init$auto(0x5, 0x2000000000002) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) socket(0x22, 0x2, 0x2) write$auto(0x3, 0x0, 0xffd8) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) bind$auto(0x3, 0xfffffffffffffffd, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffc, 0x0) 6.489073201s ago: executing program 2 (id=2390): r0 = socket(0x10, 0x2, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mountinfo\x00', 0xe0000, 0x0) syz_clone(0x80000000, &(0x7f0000000000)="085a1056b6aa2f10d8ddee0633aea682a5ff", 0x12, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x10, 0x2, 0xa) setsockopt$auto(r1, 0x104000000000010e, 0x1, 0x0, 0x16) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r2, &(0x7f0000000000)='-\x00', 0x2fb) r3 = socket(0x2a, 0x2, 0x1) connect$auto(r3, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1}, 0x57) sendmsg$auto_NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60044094}, 0x0) read$auto(0x3, 0x0, 0x400000) 6.15660867s ago: executing program 0 (id=2391): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x6, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd12\x00', 0x8001, 0x0) ioctl$auto_def_blk_fops_fs(r0, 0xab01, 0x0) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/syscall\x00', 0x80000, 0x0) read$auto(r1, &(0x7f0000000240)='^)\x00', 0x196d083b) r2 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x8800, 0x0) read$auto_ftrace_event_filter_fops_trace_events(r2, &(0x7f0000000080)=""/70, 0x46) read$auto_ftrace_event_filter_fops_trace_events(r2, 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) statx$auto(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x3ff, 0x8, &(0x7f0000000280)={0xfffffffd, 0xfffeffff, 0x6, 0xe, 0xee01, 0xee01, 0x5, 0x2, 0x8, 0x8000000000000001, 0x1, 0x2, {0x81, 0xea}, {0x8, 0x7}, {0x4}, {0x7fff, 0x7ff}, 0x1, 0x0, 0x10001, 0x0, 0x9, 0x400, 0x7fffffff, 0x3, 0x9, 0x100, 0x8000, 0x7, [0x1, 0xfffffffffffffffa, 0x5, 0xfffffffffffffffd, 0x2, 0x800, 0x4, 0x2, 0x6]}) sendmsg$auto_NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001980)=ANY=[@ANYBLOB="cc100000", @ANYRES16=r3, @ANYBLOB="000427bd7000fbdbdf251200000008000c010100000006003600010000008d105e808e11cbcdf476c498bcfb4043a2a1b3e02ebc3bb3b0b930fec9fa6f7547a5b8df16e68dcfe85ba660e83ece4006cf9f385ef089ef6ba8bc17fd4cdc2af36b5d671005decf24323337c12910298004004380000400fb80140022002001000000000000000000000000000206a0d39a30d24a1d134ea4861f7ce744f07051fd9a04450e3248d698296308a47300fea32ecc09b7e1fecf1a15d329d28cb9c87fd70c92085991651ba47589c2dc8fa3d0457516ccfc80192e2eaebe3cc3db5f95edd42295d8060634341cd6bec6ca79b5ff7149ceaa2c250a6f63aa43426f0d5bcb027e432f8eb6fb1ced62f0d33251111b40d4ae822275fb990ef1f0594ae449213756fc86385a6bb32b41b0ec238c22090eda3d61564f734e6e2147f262d72a1b9f613f282a7641adc65c72c0f518f5eeca763929397ce3625387ce8cfe0457b517c014a24ff525c5a53d85b47b82ff6270cfce741a4d049dbc42f39f65eb12c28d449ec9f90857b6dab3c198b23bab051a9e09aef0a2fc308b3274548869eaff1683d3eff90c0e2b17d6249290b7c7dc664a8f9e077ac8586fc95a1cb7ea3f3c28b86543e2be498b19481b5dc1f84392c1d9d76e4938d434be775f8397acd873b110c5f3e803f063f02198f40feef4cb41a8b788afa0bd72fac9cb20050d40712c5447a4943c783f045f374deb44a57edc35c4f109313f6b76bb9c4cb464e7e04d1adbbfd3fdad59eb4609395fa51a0b7e7a8d1d16ce2bb545c530ca8540a991d308ee1287394eecdee93781748dfa6d28d4c8873c1ac2cd419bab903673475e1fb2e7a3b6e864ddabe298995af27a1c4ed4bc55e5f296d9a6d4fac1682b3b2f603aca3ee962f3bc7cd328806f4e46b92275826d0a00d7f6ee39a44b871de3681d17ebe5d8e30d5a989c375323ac9c1e37d808566576ce86d18958f59ece22597e56e10f32f60745b2b0ca5b48c43e5e86e60da7fcfcdfb47e081ae26cca928757855728a908da90d7d07d005732dcaabdce2414986f236c4a351109450c88f8114fdbff5f48ca217a9f3ccb1fa83c0c7be4364674ae514b68d7ebf0156b1cb110e58e555724d5b5f439972cef84aa5cf71a175bd9012b5c17280ae499f593ef2e145394234b02478b038bfa443b3f1bdaa1b21a3791a9b296222ca78fcf58fcec6c04573d3836af30326fdee2478f8833cd350a19b28172ce9c3ce27da313b2724a5bf4af50a6c21a56c11d4d8a354a0a9e9c218d5db061dec4c58b579a69e61a629eade34cad9d5361fa99647d0cadde57402462bc4561e1662935577a62b4de4b7a574b8a3b74c3563dd4779e3092294ccafb5d3693c488a54f30465b86cba225b007af53b2b96840a0cd1d18d0ad25613448caa63966c24b2405694131f32e91be1d20a69b3b436ec8a1c00ce9ef42a0eee27a28a139ebd5bbf3b55ee565c4e1281804be3a6b938334ade859fedd8be853d78e2b59942c53bc2fd8c8f85c6dbd0dff5fc9651c7db01c19d28dc1d497e59d0335e1bdfd105723900884ac6c7022464757afd1ad12cd6f18ec344e3532b05d0d887ca3ad6acd7e2343c928dca20e8c0807c70b6db8d7d59b8898af922c006772c2da06eb874a21475df71b0853f8b1235adc498e4b15453a18510791bae3e9dbc7a61aef39fff2300cacdb2b60c5faf60cc699f14379008328d296b0889ba05f49e163e249bd18a500b3ce91cdf38ab45d51f21097b125bf7e8d14a9412592ba07874aa1f30c8c28eb0180edc411460d2bd800d103fa9f47b2066068cb36e72394ef2d6cc49b646770e266674523b020d9826e53e9b53104b8f4bd6c4cd2882414e472b973ae66a1787be05563e211fde069bb3064aa531461b573b52a91d2a66f8236af528eb962255a85d22472e5fd4bff02379c4c22423944902850a668bbf6a8fb3984febe858308e65f1bc006b4325e3297e602f96ea8ed2520f7b969650a33232395c2bb6e911b87dda77f948bbdc52192ee124465829d13f6aa0612e8b4038ee0b077bdd409714ef4febf3a2613fe554b21a9ddd4789b340ef896cf13a88d39688d7f5c7e273c8409fae49050b0efa37d380bdb653035fed830691418110eb2d1d45d3c7d59e8732f0bdfd27607b4249d02eda6f1a5f7af5e440535a9c97139e1382c2ff7c214ba3fb4458e32adcf64f1c30170db05a0758fb40f1e0d566d46f6f939e678603fc06091fcd93877c79ddbfa147b84ba482806b6972adca419d07e7c89b0bd5593a8a246e9aff34d0abd791e1a2f796f0e49c87212556026ed39ee0d5840d8a11eaa550978bf6d7930148ebdb9aca7de81e571486f9894df8bf25eeba332d137a04993de04b8c82e6f50a0d3b2dc8dfb52f01fc34482c96c7ac232e912a34de92f098318f14d6a9886b0a1ad1f8fa90958a681a55bccc3a3b6abc018a0cd209da078d61d859ed7dab4fbf13f621be417d6cfb0096256532ab7da2ac75a52385d4c3e52d1e28d6ff45a9cfee71a9754cf617a2e12f5ba9a1c21a45e9cf41db39d812210243ffb417063627d5b38b058c959c443da55a5d71410b2adafdba7708fd43242833ec37c5e497ddda81ff9640575e8028524b7e0bfc16890e7863d66853a35ed17fda556b4a4ebd3781bd062c3b6fc74d82e0c43e27a7782148281a05cd5768feb22332ee2944023a33e5cf8cd5e8bf628929cd451ece9883c245b2422bed74954596c79fe9bbb57093fb79487aa567424b0aa274b651fa22e8d1402e881241492a841cec96fb25f7e0c55dd917a585a2a81ac431393bf349f6ca512b1efb7c242ab0ffe22d54e92c2110e750ec3c16f8f86eba90bfed791b4fbd1ac009fb476309ded14184c49c93d0cbfd5d57042e858e3cb4172833b4d75a4efa1c51e5578ed4d1bce98726cc5077ac8954fd18f1ba6f452a4cfa9cbf0fdb7b7d7954e62bf276ba555c7b88eeab88a41d7a68eac63ac9757d58a111a523ae49c524d79a4f4e2589abe95e45f6a7e8e77e25d34987af24ca76fc8ee8623ffa81293777ef5b1ba6760ba13466b3a83855e8741d1652a9f0a30899b288b3a5d8ab6bc378dbf1cf302cb149befc7e49db8a8156c4bc58ee17f351092ce1937e0b9fc0d272f4c9d5dd4a3f73209de3ebd5e06831032499626e70868bb035dbfb7bfe5f6fc3cd062d2e9ee267427227dee4b1383949761ff31da40ef8915343936f5e3451657569f74484f1a195c9eab449088cdfef0be77bbb2675a8eda7e33dce159a905dff45adaa64e63c82324e96d054df9f96c9ffbd3ba11bf8444328565d49b6636c7a8aca044cc2d59cb9b0b53199cceae64ff6b227ebed00da2e356450bc29e24e4e07d4539074c30270f026dd2396cb4c7a8b7e99df2b7e03943fc5f9b4115638044bdb9ee8e17d22b6be15cb001dcec3cc1d0065f3f75cbc5f41a162bf6ee5b7314e86963878fd31906335956eebc3120904440aae28bd60480af6ada1e2d4fa138dc8b86d6eab57ea19253b11cc0c324a425cb6a178672a98bf3c13efe625987c135b95a16ebfcfc2601fe13b8b2558732f8f56fbe40135eaf5fa2496f36426be0b5599e533e8a456c3d78ee896af06dcc7a501f709a7f38ffcd385892714e2204511ffd8031c9413afd4031beeb245d391edb87ea61f78758c4551218ffe8b02ee1a6e3b83394d2d7f596744aa929f73738338beed82c315c4f0624c59c6d63db2f091092d61c566b216305e1980f66cd3861107b79cf6b7585a65d73ff8a0a3f9604056b8a2a4dff4b76283190e6f39bebb20c935ec19e1b69991488962a4ffce93bacb5062e59b0ada457039c7c08d7c080c03812a1ee6c4018f6a93b35d515729cdb697870356ffe3de2bd7b62e81b2b2933f59ed83ba2a13a6544943fb9d55e8c2c242bcddde30f781fc63f34beb1613feae3b2148836838bb4d0ef4014a325fac0835a2fda424d174a5edc8107f9c1348fafe60da47c4df675fbb19a3c0a2a4ef417a2a35d77bc2b3fdca3a498b92b3928653b342601f1bc2528ba27f5c00c08caad5e881a05460f6896ac964ab060bce6d24248c80c0deb7aba61017f97ac8182a60734cadda0e08ff2c48d2cda96e1716a21b19a8a4802bdaee77803c1a7deaf74439cf454e38af4566c6b2905135015c4efce5dd26520118e67588fa03b2f7e3aec295ca96f8235e237fa2aba1f68f97dc2a811b0f5b967f627815c851cfa870c6839b1f0da1351625d03de8cfe0f8f934ab2b331ce9a7ef720fca7a5d519b84ac8c9441dff523b4231d00089dcbecba1eff0c2f8fa3a6e0e21b348a61ac4c67ab7cc1abc8fda7a710110d059e4d0dd4c595eb08aad273578ad7dbae485480b796465ae37cffe1336bfd53e62d594667b894b2e5038fb2aa1362a66cd73854f1362375a27ff0574d77e425aeeb57bc60ac0bc3879a88f7f9fd81877ff0afe0f255d87b50685fb74e5aacfcdf9e8cbf11d2540339715f9730140e7917dfa9362a23463eb97ca79c1a8d345b1219d2ec8106bcbf4b8a9f5a2f33f1d9a0aabf6094959c2a55369d96bbbb75f8fc7d3c71e56661d85acb09348d2509ad559c430fad09919143313fa9b00058e4e95e72d7500dbd3af3696388650ec68427491047a19bd97b2ffa8f6cb0fde14979258e1ac160b66e5adb613dad26d80cdeac48974d2d049a16f9c513d0b8a298a0926dafcd81ba6395bd48583b5a6d72542f6c03956bc8fcdaec88fe4b1db9699e60eb83da951a00750723543a77579aa9def02b89249672f3dc858c169d5f4dcc70d5d690228ea6edeb2b4d6641793e680e976ff203a9bff8591f2ed5b20df11383499adf632020302fdfaf7257fe7daf748dde394c083b7efc354d617a5d9a1bdb622f99ed65a64dd54efa27cd0c805bd2a67dc279986d13ac8128b4f8989cefbc692c94b9122cfb33ee394cdbc36f73c49566e258a30fa268d3f850d607c756c3b359a1c8134a45d36d0a98278094ff67497a1b99dd02892c18a8ef3bc166d55c5a7c96ae81b6a171fb98433676eb4d3c2d61b993f68105430ecf511cc973aec52be06377be2f996290448658ce7afa703ade66512cc96136e25e8e1b9856424518554840970c09c48478705ad823c6fffc603067396bd06a2ae7874787602875bbaa4a8820b5f29783766e21c1e9af68bd3d721ce42a6fdb92c26d874e7ecca50c7c2587feb26acadc76b9bd9dbc397813f12125be13ad3001030b7fbbe4ab08caf586ce0efd3efebedf60c420ba6144206365bd6318264e3c8c720be2bb6ba39f1729de4d2ff79ca48b163670089d8f9d6b827d2462854afb2c93e9c8a30e0073a739365bec810200040c6f4f2fa6fff9dd7ce7f6dcc6fd6f7797cc72a2bec253ca80d849289d188647ece105720194ccef0222d8e6ed3f08b753c93f736889be02c81b6c515c1e878bf45aca2f1ff1c4d8e9f5190150c91c4054df3db7c97d479aec239c1032d4cf476d44afbf9f628cc9f121cbb6f69921456661945159450acdc0f6c5944741a7d80e5f44560c710d08d74f1237bfc7bb643f10ca727c1d188acf3c7089d7a833de2cdb0992ae28b8a1d7fe84c99ee3c9279463173c1d150bee964b36331ac0943b7a630a65c39b24541a2d30f2c9c47ac56cc011ed3b372ac085e4544103419b92ddfb3a4aba0303812ad38e358916cb8a4d2437939be72a7cdeb2ad649254ea7d84826778179beeacf34161cad8b65f718e69f95afb192f83cad29e44b205f79744a45cce855540164419356cd52e414b30758df52e7ac15198144fc42acb7845831728b337fdf0905b7b2b1eca2016e851fc2210e2c34b76a10d4f5ed4bdd3a467d5742d1f02e76334c936154c5b8dbe733ebb751be9df137882d86d28f231748bdd4ce18d86a6c451c777dad74600f8e4d7d2f32b38516070856eabaa401c31bd0d8bb4e2b6fb8edbfc05d1c0ca06b1e9b08002200ac1414bb0000000c00db00018000000000000008002600", @ANYRES32=r4, @ANYBLOB="00000008002600b2020000040046000c002e010700000000000000423bf183fb86847279de324ccd98d11e85f16fd96079e7e96d8cfe10b38ded268f7a63aad9536ab92bbf50865345cf280478c5f91c9ec0289956efe061e816064dd7229cb7595975d72c6c243b4f3e67bb94429f29f48b5067c211939f9838c9ea6c3d1b2a258987b48723052703bb28d410c06d230707b9b0cdc8c0c33db8a2fdda90d784f89118170eab6f17f0de3e01d7ddf37db3a60f58615948124873c9"], 0x10cc}, 0x1, 0x0, 0x0, 0x40844}, 0x4) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(0x0, r5) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) sendmsg$auto_WG_CMD_GET_DEVICE(r5, &(0x7f0000003740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x8000) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) sendto$auto(0x3, 0x0, 0xf, 0x101, &(0x7f0000000000), 0x1c) connect$auto(0x3, 0x0, 0x55) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x8) socket(0x25, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x1, 0x0) socket(0x2b, 0x1, 0x1) listen$auto(0x3, 0x81) 5.776889848s ago: executing program 4 (id=2392): openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x4080, 0x149, 0x3a}, 0x18) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) fcntl$auto(0x0, 0x407, 0x1) r0 = gettid() kill$auto(r0, 0x11) prctl$auto(0x13e, 0x1, r0, 0x200000000005, 0x7) shmctl$auto(0x9, 0xe, 0x0) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x180000, 0xdf, 0x9b72, 0x4, 0x8000) io_uring_setup$auto(0x1, 0x0) clone$auto(0x7, 0x7ffffffffffffffb, 0xffffffffffffffff, 0x0, 0x1) getsockopt$auto(0x4, 0x200000000, 0x1, 0xfffffffffffffffc, 0x0) prctl$auto(0xc8, 0x2, 0x9, 0xffffffffffff8001, 0xbef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) kexec_load$auto(0x0, 0x4, 0x0, 0x1) 5.484671067s ago: executing program 2 (id=2393): r0 = socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000000), 0x68) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x41000410}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20004880}, 0x20048001) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080), 0x69) connect$auto(0x3, &(0x7f00000000c0), 0x55) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) unshare$auto(0x40000080) io_setup$auto(0x8001, &(0x7f0000000040)=0x10) kcmp$auto(0x5, 0x6, 0xc, 0x1d, 0x40) socket(0x2, 0x3, 0x106) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) madvise$auto(0x400000, 0x6, 0xf) getsockopt$auto(0x3, 0xff, 0x20, 0x0, 0x0) madvise$auto(0x8, 0x2, 0x19) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb1, 0x6, 0x300000000000) mmap$auto(0xfffffffffffffffb, 0x8, 0x0, 0x11, 0x7f, 0x3) kexec_load$auto(0x2, 0x7, 0x0, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setresuid$auto(0x2, 0x0, 0x200) open_by_handle_at$auto(0x0, 0xfffffffffffffffc, 0x3) sysfs$auto(0x2, 0x100000000000034, 0x0) fsopen$auto(0x0, 0x1) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x420000000) connect$auto(0x3, &(0x7f0000000000), 0x55) connect$auto(0x3, 0x0, 0x55) 4.79033619s ago: executing program 3 (id=2394): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7fffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x80) 4.708544967s ago: executing program 0 (id=2395): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x8000001, 0xffffffff, 0x6}) r0 = eventfd2$auto(0x7f, 0xc0000000) r1 = socket(0x1, 0x2, 0x0) r2 = openat$auto_trace_time_stamp_mode_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/timestamp_mode\x00', 0x20900, 0x0) read$auto_trace_time_stamp_mode_fops_trace(r2, &(0x7f00000002c0)=""/87, 0x57) connect$auto(0x3, 0xfffffffffffffffe, 0x0) close$auto(r1) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x801, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x800019) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x05s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) io_uring_enter$auto(r0, 0x2, 0x9, 0x2, &(0x7f0000000080)="95b995324bfb8c9545bb5e45f2568a21c79a5caed53f41bdcc3ba7a168ca43e5240340dad27d61b3cc12825f631c91026d27336df9bc8f85de76d2888996ff54b112faf08480d50de0a8d2cc3a72f44b6c7c253e54b494d387a65c2d9c43a99fa94555de7b5c2f56ac1ae3d1b43a09d0a64b9755c360b77abccc2e1e0f84b03ee0c1787efa4cf9fbb4411b07ab6027aae58b45c42c9dc69ec9d02828b035a1d8abc2", 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x4200, 0x80) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rxrpc/calls\x00', 0x40500, 0x0) setpriority$auto(0x2, 0x0, 0x80) pread64$auto(r4, 0x0, 0x1ff, 0x3ff) 4.606285245s ago: executing program 4 (id=2396): open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='bfs\x00', 0x5, 0x0) r0 = openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1d, 0x2, 0x6) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) readlink$auto(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='\x00', 0xa0) bpf$auto(0x8, &(0x7f0000000000)=@bpf_attr_5={@target_fd=0x880, 0x9, 0x37, 0x37, 0x80, @relative_id=0x6, 0x3}, 0xc63) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) io_uring_setup$auto(0x5, &(0x7f0000000000)={0x6, 0x1, 0x400, 0x7, 0x5, 0x2, 0x7, [0x4, 0x2e9, 0x8], {0x0, 0x1, 0x7, 0x7, 0x5, 0x5, 0x1, 0xfffffffc, 0x7}, {0x3, 0xfffff654, 0xffff7fff, 0x2, 0x8, 0x200, 0x3, 0x0, 0x3}}) mmap$auto(0x3, 0xfffffffffffffffe, 0xdf, 0x9b72, r0, 0x8000) mmap$auto(0x0, 0xb0b, 0x800, 0x8b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) socket(0xa, 0x1, 0x84) capget$auto(0x0, 0xfffffffffffffffe) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) clone$auto(0x5, 0x0, &(0x7f0000000180)=0x6, &(0x7f00000001c0)=0xd0, 0xfff) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x3a) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x0, 0x0, 0x10) socket(0x2, 0x801, 0x100) sendmsg$auto_IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, 0x0, 0x4048014) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 4.225256211s ago: executing program 3 (id=2398): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x8000001, 0xffffffff, 0x6}) r0 = eventfd2$auto(0x7f, 0xc0000000) r1 = socket(0x1, 0x2, 0x0) r2 = openat$auto_trace_time_stamp_mode_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/timestamp_mode\x00', 0x20900, 0x0) read$auto_trace_time_stamp_mode_fops_trace(r2, &(0x7f00000002c0)=""/87, 0x57) connect$auto(0x3, 0xfffffffffffffffe, 0x0) close$auto(r1) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x801, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x800019) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x05s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) io_uring_enter$auto(r0, 0x2, 0x9, 0x2, &(0x7f0000000080)="95b995324bfb8c9545bb5e45f2568a21c79a5caed53f41bdcc3ba7a168ca43e5240340dad27d61b3cc12825f631c91026d27336df9bc8f85de76d2888996ff54b112faf08480d50de0a8d2cc3a72f44b6c7c253e54b494d387a65c2d9c43a99fa94555de7b5c2f56ac1ae3d1b43a09d0a64b9755c360b77abccc2e1e0f84b03ee0c1787efa4cf9fbb4411b07ab6027aae58b45c42c9dc69ec9d02828b035a1d8abc2", 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x4200, 0x80) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rxrpc/calls\x00', 0x40500, 0x0) setpriority$auto(0x2, 0x0, 0x80) pread64$auto(r4, 0x0, 0x1ff, 0x3ff) 3.29670489s ago: executing program 4 (id=2399): openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/trace\x00', 0x80800, 0x0) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80000, 0x0) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x8, 0x2, 0x4, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x14}, 0x1fe, 0x83) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="2c00df"], 0x1ac}}, 0x40000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) read$auto_evdev_fops_evdev(r0, &(0x7f0000000000)=""/191, 0xbf) ioctl$auto_evdev_fops_evdev(r0, 0x40044591, 0x0) read$auto(0x3, 0x0, 0x400000) 2.627106049s ago: executing program 4 (id=2400): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video4\x00', 0x88000, 0x0) ioctl$auto(r0, 0x9, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x880) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x40103d02, 0x0) getgid() r2 = mq_open$auto(&(0x7f0000000100)='/dev/video4\x00', 0x9, 0x800, &(0x7f0000000140)={0xfffffffffffffff7, 0x85cf, 0x3, 0x49be}) r3 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_NET_SHAPER_CMD_GET2(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r3, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@NET_SHAPER_A_IFINDEX={0x8}, @NET_SHAPER_A_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x8000) r4 = socket(0x2, 0x1, 0x106) setsockopt$auto(r4, 0x6, 0x6, &(0x7f0000000180)='\b\x00\x00\x00\xe4\x15\rq\tW\x9d=\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe7\x9b\xdd\x1cp\x19\xa0\x9dHN\xb4\x7f\x7f\xa0\xeaI\xa1\x0f/\xfc\x8e\xf9\xa6x\xa0\xdeo\t\x826Xe(\x0e\xffr\r\x8d\xefh\xdbG\x8b\xde\xfd$\'\a ]\x91YP\x94\xd0\xd0\x02\x10\xb1_z\xa2Ql\x8c\x91\xca4\x118\xcd\xc3\x97\xdaJ:\x1e\xe5f\xcaq\xdf`\x01;\xf9{D2\xc9WV)\xa3JH\xf5\xf9\x16\xac\xa4\x155\x80\x01I\xd9\xa5\xd0\xf1\xbd\xa0\xa4\xa5q\xc6F\x940\x00\xf8\xef\xa4\xfd\xd2z\xf5\x91z<\x9f\xf0\x8f/\x81\x84\xed J&\x8f\xd9\xab-\xf8\xd0\xd3\xcea\x91pM0\xcd\x18\xb4\xe0u\x99\b', 0x7) getsockopt$auto(r4, 0x6, 0x6, &(0x7f0000000380)='\b\x00\x00\x00\xe4\x15\rq\tW\x9d=\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe7\x9b\xdd\x1cp\x19\xa0\x9dHN\xb4\x7f\x7f\xa0\xeaI\xa1\x0f/\xfc\x8e\xf9\xa6x\xa0\xdeo\t\x826Xe(\x0e\xffr\r\x8d\xefh\xdbG\x8b\xde\xfd$\'\a ]\x91YP\x94\xd0\xd0\x02\x10\xb1_z\xa2Ql\x8c\x91\xca4\x118\xcd\xc3\x97\xdaJ:\x1e\xe5f\xcaq\xdf`\x01;\xf9{D2\xc9WV)\xa3JH\xf5\xf9\x16\xac\xa4\x155\x80\x01I\xd9\xa5\xd0\xf1\xbd\xa0\xa4\xa5q\xc6F\x940\x00\xf8\xef\xa4\xfd\xd2z\xf5\x91z<\x9f\xf0\x8f/\x81\x84\xed J&\x8f\xd9\xab-\xf8\xd0\xd3\xcea\x91pM0\xcd\x18\xb4\xe0u\x99\b', &(0x7f00000000c0)=0x800) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x0, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/erspan0/threaded\x00', 0x20040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)=""/194, 0xc2) read$auto_v4l2_fops_v4l2_dev(r5, &(0x7f0000000000)=""/194, 0xc2) madvise$auto(0x0, 0x200007, 0x19) r7 = socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) getsockopt$auto(r7, 0x29, 0x3b, 0x0, 0x0) bpf$auto(0x5, &(0x7f0000001080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 2.371406768s ago: executing program 3 (id=2401): r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x74d) read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f00000000c0)=""/32, 0x20) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040), 0x69) ioctl$auto(r0, 0x400c620e, 0x9) 1.301423935s ago: executing program 3 (id=2402): close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x10, 0x2, 0xc) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf2535493a2c040002"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x4044) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) r2 = socket(0x2, 0x1, 0x106) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4040004) (fail_nth: 1) 479.053578ms ago: executing program 4 (id=2403): socket(0x10, 0x800, 0xffffffff) r0 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) mmap$auto(0x0, 0x20009, 0x386, 0xeb1, 0x401, 0x8000) statmount$auto(&(0x7f0000000000)={0x7e, @inferred, 0x80000029, 0x3f, 0x2}, 0x0, 0x7ffffffff000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x2, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) fanotify_init$auto(0x5, 0x2000000000002) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) socket(0x22, 0x2, 0x2) write$auto(0x3, 0x0, 0xffd8) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) bind$auto(0x3, 0xfffffffffffffffd, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffc, 0x0) 370.983718ms ago: executing program 3 (id=2404): close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x10, 0x2, 0xc) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/vmcoreinfo\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000008c0)=""/61, 0x3d) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000240), r0) r2 = fanotify_init$auto(0x200, 0x1) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) r3 = socket(0x2, 0x801, 0x106) r4 = getsockopt$auto(r3, 0x6, 0xd, 0x0, 0x0) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf2535493a2c040002"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x4044) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES8=r0, @ANYRES8=r5], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) r6 = socket(0x2, 0x1, 0x106) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) sethostname$auto(&(0x7f0000000200)='/++\x00', 0x607) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xc8, r7, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_RADAR_BACKGROUND={0x4}, @NL80211_ATTR_MAC_HINT={0x90, 0xc8, "e50864410a4adcaa0e70c5c610d2ed1eec4ee064194ea3ed10585a1b0b6c205cfe5c1b6e7518308ebea5492c086c81a86ee8641c0420b7627ba630083269f8b9a33b39846d0192dff36280c3187ed04af4931dccb267ca20aebacd14fd6e1f073da6be3d1af72ccfad40a6c44b6d1f7d19e99989e9fec34fccd50fc700208f45cb90c3357c2b40fc57524fae"}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x7}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x12}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xc0}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x401}]}, 0xc8}, 0x1, 0x0, 0x0, 0x48800}, 0x4084) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000300), r6) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'ip6tnl0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r3, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xc8, r8, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_PLCA_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x7}]}, @ETHTOOL_A_PLCA_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffffffff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}]}, @ETHTOOL_A_PLCA_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x3}]}, @ETHTOOL_A_PLCA_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0xc8}}, 0x880) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4040004) 297.510855ms ago: executing program 0 (id=2405): close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x801, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0xc4}, 0x6, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) clock_settime$auto(0xfffffffc, &(0x7f0000000040)={0x45ee, 0x9}) 0s ago: executing program 2 (id=2406): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7fffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x80) kernel console output (not intermixed with test programs): Y'CbCr) [ 141.402080][ T6680] tpg field: 1 [ 141.408308][ T6680] tpg crop: 640x360@0x0 [ 141.415358][ T6680] tpg compose: 640x360@0x0 [ 141.425295][ T6680] tpg colorspace: 8 [ 141.435421][ T6680] tpg transfer function: 0/0 [ 141.445375][ T6680] tpg Y'CbCr encoding: 0/0 [ 141.458234][ T6680] tpg quantization: 0/0 [ 141.464180][ T6680] tpg RGB range: 0/2 [ 141.479978][ T6680] vivid-006: ================== END STATUS ================== [ 142.685458][ T6814] netlink: 28 bytes leftover after parsing attributes in process `syz.1.199'. [ 143.138995][ T6822] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(15) [ 146.504542][ T6863] zram: Added device: zram1 [ 148.210666][ T6903] Invalid ELF header magic: != ELF [ 151.010054][ T6984] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 159.287732][ T7092] random: crng reseeded on system resumption [ 161.587442][ T7121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.277'. [ 161.670044][ T7121] netlink: 36 bytes leftover after parsing attributes in process `syz.0.277'. [ 162.014635][ T7119] netlink: 28 bytes leftover after parsing attributes in process `syz.2.275'. [ 164.704078][ T7173] syz.0.294 (7173) used obsolete PPPIOCDETACH ioctl [ 164.861036][ T29] audit: type=1800 audit(1734624531.472:3): pid=7179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.296" name="members" dev="configfs" ino=12678 res=0 errno=0 [ 165.620329][ T7186] netlink: 342 bytes leftover after parsing attributes in process `syz.1.299'. [ 166.925958][ T7214] random: crng reseeded on system resumption [ 169.770764][ T7355] netlink: 146 bytes leftover after parsing attributes in process `syz.2.317'. [ 170.250543][ T7245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.315'. [ 170.310057][ T7245] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 171.527087][ T7397] FAULT_INJECTION: forcing a failure. [ 171.527087][ T7397] name failslab, interval 1, probability 0, space 0, times 0 [ 171.542096][ T7386] syz.0.320 uses obsolete (PF_INET,SOCK_PACKET) [ 171.600854][ T7397] CPU: 0 UID: 0 PID: 7397 Comm: syz.1.327 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 171.611640][ T7397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 171.621855][ T7397] Call Trace: [ 171.625374][ T7397] [ 171.628360][ T7397] dump_stack_lvl+0x16c/0x1f0 [ 171.633116][ T7397] should_fail_ex+0x497/0x5b0 [ 171.637873][ T7397] ? fs_reclaim_acquire+0xae/0x150 [ 171.643241][ T7397] should_failslab+0xc2/0x120 [ 171.648127][ T7397] __kmalloc_noprof+0xce/0x4f0 [ 171.653007][ T7397] ? rcu_is_watching+0x12/0xc0 [ 171.657857][ T7397] ? kernfs_fop_write_iter+0x223/0x500 [ 171.663489][ T7397] kernfs_fop_write_iter+0x223/0x500 [ 171.668872][ T7397] vfs_write+0x5ae/0x1150 [ 171.673354][ T7397] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 171.679303][ T7397] ? __pfx___mutex_lock+0x10/0x10 [ 171.684377][ T7397] ? __pfx_vfs_write+0x10/0x10 [ 171.689202][ T7397] ksys_write+0x12b/0x250 [ 171.693602][ T7397] ? __pfx_ksys_write+0x10/0x10 [ 171.698526][ T7397] do_syscall_64+0xcd/0x250 [ 171.703084][ T7397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.709023][ T7397] RIP: 0033:0x7f4e23185d29 [ 171.713469][ T7397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.733114][ T7397] RSP: 002b:00007f4e2409f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.741568][ T7397] RAX: ffffffffffffffda RBX: 00007f4e23375fa0 RCX: 00007f4e23185d29 [ 171.749773][ T7397] RDX: 0000000000000004 RSI: 0000000020000100 RDI: 0000000000000003 [ 171.757864][ T7397] RBP: 00007f4e2409f090 R08: 0000000000000000 R09: 0000000000000000 [ 171.765877][ T7397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.773880][ T7397] R13: 0000000000000000 R14: 00007f4e23375fa0 R15: 00007ffe871306f8 [ 171.781934][ T7397] [ 175.645183][ T7439] netlink: 28 bytes leftover after parsing attributes in process `syz.3.337'. [ 175.709206][ T7439] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 175.965881][ T7409] netlink: 28 bytes leftover after parsing attributes in process `syz.2.330'. [ 176.268223][ T7409] mac80211_hwsim hwsim4 wlan1: entered allmulticast mode [ 177.031950][ T7466] FAULT_INJECTION: forcing a failure. [ 177.031950][ T7466] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.245269][ T7466] CPU: 0 UID: 0 PID: 7466 Comm: syz.2.341 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 177.256070][ T7466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 177.266275][ T7466] Call Trace: [ 177.269651][ T7466] [ 177.272646][ T7466] dump_stack_lvl+0x16c/0x1f0 [ 177.277406][ T7466] should_fail_ex+0x497/0x5b0 [ 177.282173][ T7466] _copy_from_iter+0x29b/0x1400 [ 177.287121][ T7466] ? trace_lock_acquire+0x14e/0x1f0 [ 177.292417][ T7466] ? __pfx__copy_from_iter+0x10/0x10 [ 177.298406][ T7466] ? __virt_addr_valid+0x1a4/0x590 [ 177.303969][ T7466] ? __virt_addr_valid+0x5e/0x590 [ 177.309201][ T7466] ? __phys_addr_symbol+0x30/0x80 [ 177.314487][ T7466] ? __check_object_size+0x488/0x710 [ 177.320023][ T7466] kernfs_fop_write_iter+0x19d/0x500 [ 177.325451][ T7466] vfs_write+0x5ae/0x1150 [ 177.329825][ T7466] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 177.335674][ T7466] ? __pfx___mutex_lock+0x10/0x10 [ 177.340737][ T7466] ? __pfx_vfs_write+0x10/0x10 [ 177.345570][ T7466] ksys_write+0x12b/0x250 [ 177.349936][ T7466] ? __pfx_ksys_write+0x10/0x10 [ 177.354844][ T7466] do_syscall_64+0xcd/0x250 [ 177.359402][ T7466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.365428][ T7466] RIP: 0033:0x7f74d1785d29 [ 177.369877][ T7466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.389517][ T7466] RSP: 002b:00007f74cf5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 177.398050][ T7466] RAX: ffffffffffffffda RBX: 00007f74d1975fa0 RCX: 00007f74d1785d29 [ 177.406055][ T7466] RDX: 0000000000000004 RSI: 0000000020000100 RDI: 0000000000000003 [ 177.414067][ T7466] RBP: 00007f74cf5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 177.422419][ T7466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.430602][ T7466] R13: 0000000000000000 R14: 00007f74d1975fa0 R15: 00007ffe8c0623f8 [ 177.438623][ T7466] [ 178.280453][ T7483] random: crng reseeded on system resumption [ 178.932943][ T7494] netlink: 146 bytes leftover after parsing attributes in process `syz.3.346'. [ 181.796386][ T7540] netlink: 146 bytes leftover after parsing attributes in process `syz.1.358'. [ 187.503299][ T7616] block nbd0: Unsupported socket: shutdown callout must be supported. [ 189.726735][ T7648] Process accounting resumed [ 192.036854][ T7704] netlink: 28 bytes leftover after parsing attributes in process `syz.1.389'. [ 192.157133][ T7704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.201851][ T7704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.251901][ T7704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.279033][ T7704] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.317183][ T7812] Process accounting resumed [ 196.039528][ T7926] delete_channel: no stack [ 196.056796][ T7926] zram: Added device: zram2 [ 197.246082][ T7947] netlink: 20 bytes leftover after parsing attributes in process `syz.0.407'. [ 198.752877][ T8180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.420'. [ 199.324534][ T8188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.424'. [ 199.859539][ T8203] netlink: 8 bytes leftover after parsing attributes in process `syz.2.427'. [ 199.887143][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.893565][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.698176][ T8457] netlink: 28 bytes leftover after parsing attributes in process `syz.3.444'. [ 202.708653][ T8458] netlink: 28 bytes leftover after parsing attributes in process `syz.3.444'. [ 203.334253][ T8482] netlink: 8 bytes leftover after parsing attributes in process `syz.3.449'. [ 203.772564][ T8493] netlink: 20 bytes leftover after parsing attributes in process `syz.0.453'. [ 204.254673][ T8488] delete_channel: no stack [ 205.450997][ T8520] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 206.720319][ T8538] netlink: 330 bytes leftover after parsing attributes in process `syz.2.465'. [ 207.427319][ T8543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.466'. [ 207.428702][ T8539] delete_channel: no stack [ 207.634424][ T8552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.470'. [ 207.929095][ T8555] netlink: 334 bytes leftover after parsing attributes in process `syz.2.470'. [ 208.445619][ T8575] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 208.578212][ T8571] Process accounting resumed [ 208.597688][ T8571] kernel write not supported for file /syz1 (pid: 8571 comm: syz.3.472) [ 209.015910][ T8593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.475'. [ 209.650456][ T8584] kernel write not supported for file /syz1 (pid: 8584 comm: syz.3.476) [ 209.931488][ T8601] kernel write not supported for file /syz1 (pid: 8601 comm: syz.3.479) [ 210.135720][ T8606] kernel write not supported for file /syz1 (pid: 8606 comm: syz.3.480) [ 210.591315][ T8609] kernel write not supported for file /syz1 (pid: 8609 comm: syz.3.483) [ 210.706873][ T8619] netlink: 12 bytes leftover after parsing attributes in process `syz.3.484'. [ 210.716137][ T8619] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 211.117809][ T8629] kernel write not supported for file /syz1 (pid: 8629 comm: syz.3.484) [ 211.154474][ T8620] Process accounting resumed [ 212.188057][ T5849] Bluetooth: hci1: command 0x0406 tx timeout [ 212.194195][ T5145] Bluetooth: hci0: command 0x0406 tx timeout [ 212.198464][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 212.200422][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 212.725309][ T8648] netlink: 334 bytes leftover after parsing attributes in process `syz.2.488'. [ 215.507207][ T8696] FAULT_INJECTION: forcing a failure. [ 215.507207][ T8696] name failslab, interval 1, probability 0, space 0, times 0 [ 215.608366][ T8696] CPU: 0 UID: 0 PID: 8696 Comm: syz.2.499 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 215.619080][ T8696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 215.629194][ T8696] Call Trace: [ 215.632511][ T8696] [ 215.635520][ T8696] dump_stack_lvl+0x16c/0x1f0 [ 215.640267][ T8696] should_fail_ex+0x497/0x5b0 [ 215.645030][ T8696] ? fs_reclaim_acquire+0xae/0x150 [ 215.650204][ T8696] should_failslab+0xc2/0x120 [ 215.654949][ T8696] __kmalloc_node_noprof+0xd1/0x520 [ 215.660231][ T8696] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 215.665772][ T8696] __kvmalloc_node_noprof+0xad/0x1a0 [ 215.671124][ T8696] seq_read_iter+0x82a/0x12b0 [ 215.675961][ T8696] ? __mutex_trylock_common+0xea/0x250 [ 215.681499][ T8696] proc_reg_read_iter+0x21d/0x310 [ 215.686610][ T8696] vfs_read+0x87f/0xbe0 [ 215.690845][ T8696] ? __pfx_vfs_read+0x10/0x10 [ 215.695610][ T8696] ksys_read+0x12b/0x250 [ 215.699922][ T8696] ? __pfx_ksys_read+0x10/0x10 [ 215.704839][ T8696] do_syscall_64+0xcd/0x250 [ 215.709497][ T8696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.715461][ T8696] RIP: 0033:0x7f74d1785d29 [ 215.720019][ T8696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.739695][ T8696] RSP: 002b:00007f74cf5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 215.748149][ T8696] RAX: ffffffffffffffda RBX: 00007f74d1976080 RCX: 00007f74d1785d29 [ 215.756151][ T8696] RDX: 00000000000000fa RSI: 0000000020000180 RDI: 0000000000000003 [ 215.764193][ T8696] RBP: 00007f74cf5d5090 R08: 0000000000000000 R09: 0000000000000000 [ 215.772192][ T8696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.780191][ T8696] R13: 0000000000000000 R14: 00007f74d1976080 R15: 00007ffe8c0623f8 [ 215.788214][ T8696] [ 218.903853][ T8737] FAULT_INJECTION: forcing a failure. [ 218.903853][ T8737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.974184][ T8737] CPU: 0 UID: 0 PID: 8737 Comm: syz.2.511 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 218.984887][ T8737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 218.995003][ T8737] Call Trace: [ 218.998328][ T8737] [ 219.001302][ T8737] dump_stack_lvl+0x16c/0x1f0 [ 219.006051][ T8737] should_fail_ex+0x497/0x5b0 [ 219.010808][ T8737] _copy_to_iter+0x29b/0x1400 [ 219.015566][ T8737] ? trace_lock_acquire+0x14e/0x1f0 [ 219.020840][ T8737] ? __pfx__copy_to_iter+0x10/0x10 [ 219.026035][ T8737] ? __virt_addr_valid+0x1a4/0x590 [ 219.031412][ T8737] ? __virt_addr_valid+0x5e/0x590 [ 219.036513][ T8737] ? __phys_addr_symbol+0x30/0x80 [ 219.041613][ T8737] ? __check_object_size+0x488/0x710 [ 219.046993][ T8737] seq_read_iter+0xd00/0x12b0 [ 219.051742][ T8737] proc_reg_read_iter+0x21d/0x310 [ 219.056878][ T8737] vfs_read+0x87f/0xbe0 [ 219.061123][ T8737] ? __pfx_vfs_read+0x10/0x10 [ 219.065903][ T8737] ksys_read+0x12b/0x250 [ 219.070236][ T8737] ? __pfx_ksys_read+0x10/0x10 [ 219.075080][ T8737] do_syscall_64+0xcd/0x250 [ 219.079662][ T8737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.085676][ T8737] RIP: 0033:0x7f74d1785d29 [ 219.090147][ T8737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.109822][ T8737] RSP: 002b:00007f74cf5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 219.118311][ T8737] RAX: ffffffffffffffda RBX: 00007f74d1976080 RCX: 00007f74d1785d29 [ 219.126435][ T8737] RDX: 00000000000000fa RSI: 0000000020000180 RDI: 0000000000000003 [ 219.134465][ T8737] RBP: 00007f74cf5d5090 R08: 0000000000000000 R09: 0000000000000000 [ 219.142499][ T8737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.150540][ T8737] R13: 0000000000000000 R14: 00007f74d1976080 R15: 00007ffe8c0623f8 [ 219.158694][ T8737] [ 220.921597][ T8780] FAULT_INJECTION: forcing a failure. [ 220.921597][ T8780] name failslab, interval 1, probability 0, space 0, times 0 [ 220.953227][ T8780] CPU: 1 UID: 0 PID: 8780 Comm: syz.1.524 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 220.964028][ T8780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 220.974144][ T8780] Call Trace: [ 220.977521][ T8780] [ 220.980507][ T8780] dump_stack_lvl+0x16c/0x1f0 [ 220.985457][ T8780] should_fail_ex+0x497/0x5b0 [ 220.990180][ T8780] ? fs_reclaim_acquire+0xae/0x150 [ 220.995353][ T8780] should_failslab+0xc2/0x120 [ 221.000080][ T8780] __kmalloc_noprof+0xce/0x4f0 [ 221.004883][ T8780] ? tomoyo_encode2+0x100/0x3e0 [ 221.009785][ T8780] tomoyo_encode2+0x100/0x3e0 [ 221.014504][ T8780] tomoyo_realpath_from_path+0x1a7/0x710 [ 221.020267][ T8780] ? tomoyo_path_number_perm+0x235/0x5b0 [ 221.025954][ T8780] tomoyo_path_number_perm+0x248/0x5b0 [ 221.031548][ T8780] ? tomoyo_path_number_perm+0x235/0x5b0 [ 221.037236][ T8780] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 221.043310][ T8780] ? __pfx_lock_release+0x10/0x10 [ 221.048361][ T8780] ? trace_lock_acquire+0x14e/0x1f0 [ 221.053606][ T8780] ? lock_acquire+0x2f/0xb0 [ 221.058159][ T8780] ? __fget_files+0x40/0x3a0 [ 221.062788][ T8780] ? __fget_files+0x206/0x3a0 [ 221.067506][ T8780] security_file_ioctl+0x9b/0x240 [ 221.072600][ T8780] __x64_sys_ioctl+0xb7/0x200 [ 221.077327][ T8780] do_syscall_64+0xcd/0x250 [ 221.081884][ T8780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.087816][ T8780] RIP: 0033:0x7f4e23185d29 [ 221.092257][ T8780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.111898][ T8780] RSP: 002b:00007f4e2409f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 221.120347][ T8780] RAX: ffffffffffffffda RBX: 00007f4e23375fa0 RCX: 00007f4e23185d29 [ 221.128344][ T8780] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000003 [ 221.136352][ T8780] RBP: 00007f4e2409f090 R08: 0000000000000000 R09: 0000000000000000 [ 221.144365][ T8780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.152453][ T8780] R13: 0000000000000000 R14: 00007f4e23375fa0 R15: 00007ffe871306f8 [ 221.160472][ T8780] [ 221.221995][ T8775] block mtdblock0: the capability attribute has been deprecated. [ 221.248534][ T8780] ERROR: Out of memory at tomoyo_realpath_from_path. [ 221.411455][ T8785] FAULT_INJECTION: forcing a failure. [ 221.411455][ T8785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.455559][ T8785] CPU: 1 UID: 0 PID: 8785 Comm: syz.3.525 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 221.466259][ T8785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 221.476379][ T8785] Call Trace: [ 221.479708][ T8785] [ 221.482688][ T8785] dump_stack_lvl+0x16c/0x1f0 [ 221.487442][ T8785] should_fail_ex+0x497/0x5b0 [ 221.492201][ T8785] _copy_to_user+0x32/0xd0 [ 221.496710][ T8785] simple_read_from_buffer+0xd0/0x160 [ 221.502193][ T8785] proc_fail_nth_read+0x198/0x270 [ 221.507318][ T8785] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 221.512959][ T8785] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 221.518595][ T8785] vfs_read+0x1df/0xbe0 [ 221.522819][ T8785] ? __fget_files+0x1fc/0x3a0 [ 221.527539][ T8785] ? __pfx___mutex_lock+0x10/0x10 [ 221.532604][ T8785] ? __pfx_vfs_read+0x10/0x10 [ 221.537324][ T8785] ? __fget_files+0x206/0x3a0 [ 221.542043][ T8785] ksys_read+0x12b/0x250 [ 221.546315][ T8785] ? __pfx_ksys_read+0x10/0x10 [ 221.551126][ T8785] do_syscall_64+0xcd/0x250 [ 221.555670][ T8785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.561601][ T8785] RIP: 0033:0x7f7977f8473c [ 221.566039][ T8785] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 221.585676][ T8785] RSP: 002b:00007f7978e1b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 221.594123][ T8785] RAX: ffffffffffffffda RBX: 00007f7978176080 RCX: 00007f7977f8473c [ 221.602224][ T8785] RDX: 000000000000000f RSI: 00007f7978e1b0a0 RDI: 0000000000000004 [ 221.610313][ T8785] RBP: 00007f7978e1b090 R08: 0000000000000000 R09: 0000000000000000 [ 221.618312][ T8785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.626401][ T8785] R13: 0000000000000000 R14: 00007f7978176080 R15: 00007ffd0bc833a8 [ 221.634501][ T8785] [ 223.278469][ T8813] Process accounting resumed [ 224.133741][ T8823] bridge0: port 3(team0) entered blocking state [ 224.187701][ T8823] bridge0: port 3(team0) entered disabled state [ 224.194236][ T8823] team0: entered allmulticast mode [ 224.249675][ T8823] team_slave_0: entered allmulticast mode [ 224.285309][ T8823] team_slave_1: entered allmulticast mode [ 224.323782][ T8823] team0: entered promiscuous mode [ 224.374212][ T8823] team_slave_0: entered promiscuous mode [ 224.380413][ T8823] team_slave_1: entered promiscuous mode [ 224.396880][ T8823] bridge0: port 3(team0) entered blocking state [ 224.403955][ T8823] bridge0: port 3(team0) entered forwarding state [ 228.406087][ T9193] netlink: 'syz.0.554': attribute type 5 has an invalid length. [ 228.414019][ T9193] netlink: 314 bytes leftover after parsing attributes in process `syz.0.554'. [ 230.718064][ T9234] netlink: 342 bytes leftover after parsing attributes in process `syz.2.565'. [ 230.815727][ T9240] netlink: 342 bytes leftover after parsing attributes in process `syz.2.565'. [ 231.697027][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. [ 231.757175][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. [ 231.807096][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. [ 231.843112][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. [ 231.867096][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. [ 231.896382][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. [ 231.926219][ T9256] netlink: 146 bytes leftover after parsing attributes in process `syz.3.574'. getty: ttyS0: read error: Resource temporarily unavailable [ 234.576995][ T9444] kAFS: Invalid Command on /proc/fs/afs/cells file [ 234.681779][ T9447] __nla_validate_parse: 26 callbacks suppressed [ 234.681807][ T9447] netlink: 330 bytes leftover after parsing attributes in process `syz.1.600'. [ 234.712912][ T9447] net veth1_virt_wifi ›: renamed from virt_wifi0 [ 234.732960][ T9447] netlink: 330 bytes leftover after parsing attributes in process `syz.1.600'. [ 235.145979][ T9454] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[9454] [ 235.506374][ T9565] netlink: zone id is out of range [ 235.525703][ T9565] netlink: zone id is out of range [ 235.716719][ T9566] [U] [ 235.719790][ T9566] [U] [ 235.722565][ T9566] [U] [ 235.725349][ T9566] [U] [ 235.754175][ T9566] [U] [ 235.756988][ T9566] [U] [ 235.759771][ T9566] [U] [ 235.762550][ T9566] [U] [ 235.783408][ T9566] [U] [ 235.786247][ T9566] [U] [ 235.789020][ T9566] [U] [ 235.791800][ T9566] [U] [ 235.816937][ T9566] [U] [ 235.819755][ T9566] [U] [ 235.822530][ T9566] [U] [ 235.825312][ T9566] [U] [ 235.845255][ T9566] [U] [ 235.848099][ T9566] [U] [ 235.850842][ T9566] [U] [ 235.853576][ T9566] [U] [ 235.899242][ T9566] [U] [ 235.902115][ T9566] [U] [ 235.904888][ T9566] [U] [ 235.907659][ T9566] [U] [ 235.979477][ T9566] [U] [ 235.982316][ T9566] [U] [ 235.985089][ T9566] [U] [ 235.987849][ T9566] [U] [ 236.043011][ T9566] [U] [ 236.045819][ T9566] [U] [ 236.048583][ T9566] [U] [ 236.051351][ T9566] [U] [ 236.095406][ T9566] [U] [ 236.098226][ T9566] [U] [ 236.100995][ T9566] [U] [ 236.103763][ T9566] [U] [ 236.145621][ T9566] [U] [ 236.148421][ T9566] [U] [ 236.151174][ T9566] [U] [ 236.153916][ T9566] [U] [ 236.192390][ T9566] [U] [ 236.195207][ T9566] [U] [ 236.197956][ T9566] [U] [ 236.200781][ T9566] [U] [ 236.265734][ T9566] [U] [ 236.268553][ T9566] [U] [ 236.271306][ T9566] [U] [ 236.274048][ T9566] [U] [ 236.349441][ T9566] [U] [ 238.309330][ T9638] netlink: 330 bytes leftover after parsing attributes in process `syz.3.623'. [ 239.413472][ T9666] pty pty122: ldisc open failed (-12), clearing slot 122 [ 241.260626][ T9710] netlink: 28 bytes leftover after parsing attributes in process `syz.3.644'. [ 241.749169][ T9716] netlink: 330 bytes leftover after parsing attributes in process `syz.0.647'. syzkaller syzkaller login: [ 243.668551][ T9740] MTRR 1 not used [ 245.632386][ T9793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.670'. [ 246.780295][ T9822] kfence: disabled [ 247.891533][ T9843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.679'. [ 252.212336][T10116] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[10116] [ 252.740807][T10122] openvswitch: netlink: ct_state flags 03001eac unsupported [ 252.842785][T10122] netlink: 28 bytes leftover after parsing attributes in process `syz.2.698'. [ 257.718059][T10296] netlink: 28 bytes leftover after parsing attributes in process `syz.0.717'. [ 258.244691][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.716'. [ 259.116391][T10324] netlink: 28 bytes leftover after parsing attributes in process `syz.0.725'. [ 259.796077][T10348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.731'. [ 259.808616][T10348] tc_dump_action: action bad kind [ 261.317049][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.323468][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.910420][T10420] Format for unlinking a device is "netnsfd:ifidx" (int uint). [ 263.281793][T10428] can: request_module (can-proto-4) failed. [ 264.072148][T10439] Process accounting resumed [ 264.100927][T10439] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10439 comm: syz.2.756) [ 264.731620][T10449] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10449 comm: syz.2.757) [ 266.624216][T10491] netlink: 28 bytes leftover after parsing attributes in process `syz.1.769'. [ 267.268106][T10491] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.308784][T10491] bond0 (unregistering): (slave ): Releasing backup interface [ 267.359096][T10491] bond0 (unregistering): Released all slaves [ 267.542116][T10500] netlink: 20 bytes leftover after parsing attributes in process `syz.0.772'. [ 267.871860][T10467] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10467 comm: syz.2.761) [ 268.042442][T10511] netlink: 326 bytes leftover after parsing attributes in process `syz.0.776'. [ 268.121923][T10511] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.130736][T10511] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.231947][T10511] syz.0.776 (10511) used greatest stack depth: 20720 bytes left [ 268.235947][T10516] syz.3.779 (10516): /proc/10515/oom_adj is deprecated, please use /proc/10515/oom_score_adj instead. [ 269.003692][T10533] netlink: 74 bytes leftover after parsing attributes in process `syz.2.780'. [ 269.033259][T10531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.784'. [ 269.379840][T10526] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10526 comm: syz.2.780) [ 270.364803][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.791'. [ 270.866894][T10666] Process accounting resumed [ 271.181656][T10553] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10553 comm: syz.2.790) [ 274.097746][T10684] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10684 comm: syz.2.795) [ 274.297170][T10907] netlink: 342 bytes leftover after parsing attributes in process `syz.1.803'. [ 274.554766][T11024] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11024 comm: syz.2.808) [ 275.779045][T11034] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11034 comm: syz.2.811) [ 276.169667][T11059] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11059 comm: syz.2.820) [ 277.204870][T11068] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11068 comm: syz.2.823) [ 277.525554][T11079] nbd0: detected capacity change from 0 to 68719476736 [ 277.608243][ T5847] block nbd0: Send control failed (result -22) [ 277.629233][ T5847] block nbd0: Request send failed, requeueing [ 277.652768][ T5839] block nbd0: Receive control failed (result -32) [ 277.668576][ T10] block nbd0: Dead connection, failed to find a fallback [ 277.676170][ T10] block nbd0: shutting down sockets [ 277.681805][ T10] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.691684][ T10] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.717634][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.728779][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.738826][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.748496][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.759981][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.772424][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.782686][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.792420][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.800939][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.810600][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.819023][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.828669][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.839374][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.856112][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.874059][ T5847] ldm_validate_partition_table(): Disk read failed. [ 277.893792][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.926403][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 277.934506][ T5847] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 277.939422][T10441] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10441 comm: syz.2.756) [ 277.981973][ T5847] Buffer I/O error on dev nbd0, logical block 0, async page read [ 278.005832][ T5847] Dev nbd0: unable to read RDB block 0 [ 278.035858][ T5847] nbd0: unable to read partition table [ 278.077931][ T5847] ldm_validate_partition_table(): Disk read failed. [ 278.092482][T11083] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11083 comm: syz.2.827) [ 278.125602][ T5847] Dev nbd0: unable to read RDB block 0 [ 278.131811][ T5847] nbd0: unable to read partition table [ 279.434708][T11097] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11097 comm: syz.2.831) [ 280.020933][T11211] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11211 comm: syz.2.833) [ 280.456066][T11222] Process accounting resumed [ 280.827440][T11216] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11216 comm: syz.2.836) [ 281.127774][T11228] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11228 comm: syz.2.836) [ 282.054473][T11231] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11231 comm: syz.2.839) [ 282.301372][T11248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.842'. syzkaller syzkaller login: [ 283.608159][T11247] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11247 comm: syz.2.843) [ 283.738084][T11373] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11373 comm: syz.2.843) [ 284.271044][T11387] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 285.796286][T11385] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11385 comm: syz.2.850) [ 286.798589][T11420] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11420 comm: syz.2.858) [ 287.061687][T11454] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11454 comm: syz.2.867) [ 287.632620][T11473] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11473 comm: syz.2.870) [ 288.397475][T11487] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11487 comm: syz.2.874) [ 288.968762][T11603] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11603 comm: syz.2.879) [ 289.530499][T11619] syz.3.883(11619): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 289.851459][T11625] netlink: 5184 bytes leftover after parsing attributes in process `syz.3.885'. [ 290.031078][T11629] netlink: 28 bytes leftover after parsing attributes in process `syz.3.886'. [ 290.180608][T11629] veth0_macvtap: left promiscuous mode [ 290.271091][T11629] macvtap0: entered allmulticast mode [ 290.429103][T11627] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11627 comm: syz.2.880) [ 291.044631][T11643] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11643 comm: syz.2.890) [ 291.431437][T11654] netlink: 28 bytes leftover after parsing attributes in process `syz.2.894'. [ 291.484845][T11654] bridge_slave_1: left allmulticast mode [ 291.512413][T11654] bridge_slave_1: left promiscuous mode [ 291.549397][T11654] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.630809][T11654] bridge_slave_0: left allmulticast mode [ 291.665982][T11654] bridge_slave_0: left promiscuous mode [ 291.709977][T11654] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.317133][T11654] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11654 comm: syz.2.894) [ 292.489432][T11684] kexec: Could not allocate control_code_buffer [ 293.017217][T11698] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11698 comm: syz.2.904) [ 293.308617][T11704] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 293.339177][T11704] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 293.456068][T11704] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 293.476430][T11704] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 293.509805][T11486] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11486 comm: syz.2.874) [ 293.568315][T11704] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 293.574414][T11704] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 293.800652][T11704] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 293.898313][T11704] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 293.919992][T11709] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 11709 comm: syz.2.907) [ 294.941894][T11732] Process accounting paused [ 295.396296][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 295.465166][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 295.625217][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 295.875093][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 297.465177][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 297.545165][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 297.715066][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 297.945786][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 298.452957][T12016] delete_channel: no stack [ 298.862357][T12020] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 298.966557][T12020] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 300.885667][T12160] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 300.970052][T12276] netlink: 342 bytes leftover after parsing attributes in process `syz.1.948'. [ 302.293548][T12409] ima: Unable to open file: / (-2) [ 302.306839][T12409] ima: policy update failed [ 302.371401][ T29] audit: type=1802 audit(1734624668.992:4): pid=12409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.958" res=0 errno=0 [ 304.999590][T12472] netlink: 28 bytes leftover after parsing attributes in process `syz.1.974'. [ 305.080729][T12472] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 305.455694][T12489] netlink: 'syz.0.978': attribute type 46 has an invalid length. [ 307.309993][T12525] netlink: 4 bytes leftover after parsing attributes in process `syz.1.989'. [ 310.845885][T12725] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1015'. [ 315.213765][T12838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1043'. [ 316.693186][T12848] kexec: Could not allocate control_code_buffer [ 317.454906][T12871] GUP no longer grows the stack in syz.3.1055 (12871): 1000-41000 (0) [ 317.485077][T12871] CPU: 1 UID: 0 PID: 12871 Comm: syz.3.1055 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 317.496217][T12871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 317.506425][T12871] Call Trace: [ 317.509763][T12871] [ 317.512852][T12871] dump_stack_lvl+0x16c/0x1f0 [ 317.517725][T12871] gup_vma_lookup+0x1d2/0x220 [ 317.522575][T12871] __get_user_pages+0x236/0x3b50 [ 317.527677][T12871] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 317.533273][T12871] ? get_dump_page+0xb6/0x230 [ 317.538112][T12871] ? get_dump_page+0xb6/0x230 [ 317.543270][T12871] ? __pfx___get_user_pages+0x10/0x10 [ 317.548706][T12871] ? down_read_killable+0xcc/0x380 [ 317.553885][T12871] ? __pfx_down_read_killable+0x10/0x10 [ 317.559533][T12871] ? policy_nodemask+0xea/0x4e0 [ 317.564480][T12871] get_dump_page+0xff/0x230 [ 317.569041][T12871] ? __pfx_get_dump_page+0x10/0x10 [ 317.574224][T12871] ? do_raw_spin_unlock+0x172/0x230 [ 317.579940][T12871] ? free_unref_page+0x6f5/0x1080 [ 317.585404][T12871] dump_user_range+0x135/0x8c0 [ 317.590405][T12871] ? __pfx_dump_user_range+0x10/0x10 [ 317.595830][T12871] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 317.603560][T12871] ? __pfx_writenote+0x10/0x10 [ 317.608837][T12871] elf_core_dump+0x2787/0x3880 [ 317.614563][T12871] ? __pfx_elf_core_dump+0x10/0x10 [ 317.620183][T12871] ? kasan_save_stack+0x42/0x60 [ 317.625532][T12871] ? kasan_save_stack+0x33/0x60 [ 317.630819][T12871] ? kasan_save_track+0x14/0x30 [ 317.636507][T12871] ? __kasan_kmalloc+0xaa/0xb0 [ 317.641421][T12871] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 317.646952][T12871] ? do_coredump+0x1665/0x43e0 [ 317.652346][T12871] ? get_signal+0x23f3/0x2610 [ 317.657278][T12871] ? rcu_is_watching+0x12/0xc0 [ 317.662203][T12871] ? trace_lock_acquire+0x14e/0x1f0 [ 317.667835][T12871] ? __pfx_sort+0x10/0x10 [ 317.672402][T12871] ? get_signal+0x23f3/0x2610 [ 317.677552][T12871] ? do_coredump+0x2dd5/0x43e0 [ 317.682460][T12871] do_coredump+0x2dd5/0x43e0 [ 317.687322][T12871] ? __pfx_do_coredump+0x10/0x10 [ 317.692531][T12871] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 317.698796][T12871] get_signal+0x23f3/0x2610 [ 317.703446][T12871] ? force_sig_fault+0xad/0xf0 [ 317.708288][T12871] ? __pfx_get_signal+0x10/0x10 [ 317.713586][T12871] arch_do_signal_or_restart+0x90/0x7e0 [ 317.719507][T12871] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 317.725823][T12871] ? __bad_area_nosemaphore+0x334/0x6a0 [ 317.731460][T12871] ? do_user_addr_fault+0x920/0x13f0 [ 317.736899][T12871] irqentry_exit_to_user_mode+0x13f/0x280 [ 317.743487][T12871] asm_exc_page_fault+0x26/0x30 [ 317.748436][T12871] RIP: 0033:0x401000 [ 317.753372][T12871] Code: Unable to access opcode bytes at 0x400fd6. [ 317.760263][T12871] RSP: 002b:000000000000000a EFLAGS: 00010202 [ 317.766822][T12871] RAX: 0000000000000000 RBX: 00007f7978175fa0 RCX: 00007f7977f85d29 [ 317.774942][T12871] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 317.782993][T12871] RBP: 00007f7978001aa8 R08: 0000000000000002 R09: 0000000000000000 [ 317.791457][T12871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.799591][T12871] R13: 0000000000000000 R14: 00007f7978175fa0 R15: 00007ffd0bc833a8 [ 317.807913][T12871] [ 322.716754][T12963] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1080'. [ 322.749764][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.755897][T12963] vcan0: entered promiscuous mode [ 322.764538][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.801682][T12960] delete_channel: no stack [ 326.436786][T13133] nbd: must specify a size in bytes for the device [ 326.457807][T13015] Process accounting resumed [ 326.614337][T13015] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13015 comm: syz.2.1092) [ 327.974479][T13162] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13162 comm: iou-sqp-13152) [ 328.952395][T13282] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13282 comm: syz.2.1108) [ 329.835827][T13321] random: crng reseeded on system resumption [ 330.602868][T13305] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13305 comm: syz.2.1114) [ 331.714843][T13346] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13346 comm: syz.2.1121) [ 333.001853][T13369] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13369 comm: syz.2.1128) [ 333.707945][T13413] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13413 comm: syz.2.1138) [ 333.954007][T13429] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13429 comm: syz.2.1144) [ 334.080266][T13434] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1142'. [ 334.497544][T13540] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13540 comm: syz.2.1145) [ 335.251008][T13549] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13549 comm: syz.2.1149) [ 335.550526][T13574] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13574 comm: syz.2.1156) [ 335.617240][ T29] audit: type=1326 audit(1734624702.242:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13579 comm="syz.1.1158" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4e23185d29 code=0x0 [ 335.920832][T13592] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1161'. [ 336.040683][T13593] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13593 comm: syz.2.1160) [ 337.454526][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.495726][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.517004][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.547483][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.566976][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.593857][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.616279][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 337.641291][T13629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1171'. [ 341.141718][T13599] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13599 comm: syz.2.1163) [ 341.524243][T13803] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13803 comm: syz.2.1191) [ 341.807216][T13812] __nla_validate_parse: 57 callbacks suppressed [ 341.807245][T13812] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1194'. [ 341.827203][T13815] nbd: must specify an index to disconnect [ 341.979462][T13812] veth1_macvtap: left promiscuous mode [ 342.102454][T13820] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1196'. [ 343.324119][T13818] kexec: Could not allocate control_code_buffer [ 343.421854][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 343.433727][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 343.442623][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 343.453207][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 343.461203][ T5843] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 343.469055][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 343.814007][T13813] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13813 comm: syz.2.1193) [ 344.127876][T13829] chnl_net:caif_netlink_parms(): no params data found [ 344.236751][T13841] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13841 comm: syz.2.1204) [ 344.272027][T13829] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.337940][T13829] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.360798][T13829] bridge_slave_0: entered allmulticast mode [ 344.390994][T13829] bridge_slave_0: entered promiscuous mode [ 344.412668][T13829] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.437544][T13829] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.452117][T13829] bridge_slave_1: entered allmulticast mode [ 344.466699][T13829] bridge_slave_1: entered promiscuous mode [ 344.534473][T13857] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13857 comm: syz.2.1208) [ 344.637891][T13862] netlink: 1204 bytes leftover after parsing attributes in process `syz.3.1209'. [ 344.734463][T13829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.749147][T13829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.751178][T13862] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1209'. [ 345.103191][T13829] team0: Port device team_slave_0 added [ 345.153507][T13829] team0: Port device team_slave_1 added [ 345.231696][T13868] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13868 comm: syz.2.1210) [ 345.318327][T13829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.346182][T13829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.457150][T13829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.511472][T13829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.531011][T13829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.549155][T13978] FAULT_INJECTION: forcing a failure. [ 345.549155][T13978] name failslab, interval 1, probability 0, space 0, times 0 [ 345.591750][T13978] CPU: 1 UID: 0 PID: 13978 Comm: syz.3.1211 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 345.595325][T13829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.603464][T13978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 345.624489][T13978] Call Trace: [ 345.627916][T13978] [ 345.630952][ T5839] Bluetooth: hci3: command tx timeout [ 345.636696][T13978] dump_stack_lvl+0x16c/0x1f0 [ 345.641572][T13978] should_fail_ex+0x497/0x5b0 [ 345.646334][T13978] ? fs_reclaim_acquire+0xae/0x150 [ 345.651836][T13978] should_failslab+0xc2/0x120 [ 345.656618][T13978] __kmalloc_noprof+0xce/0x4f0 [ 345.661493][T13978] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 345.667397][T13978] ? tomoyo_realpath_from_path+0xbf/0x710 [ 345.673359][T13978] tomoyo_realpath_from_path+0xbf/0x710 [ 345.679130][T13978] ? tomoyo_path_number_perm+0x235/0x5b0 [ 345.684902][T13978] tomoyo_path_number_perm+0x248/0x5b0 [ 345.690550][T13978] ? tomoyo_path_number_perm+0x235/0x5b0 [ 345.696453][T13978] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 345.702594][T13978] ? __pfx_lock_release+0x10/0x10 [ 345.707697][T13978] ? trace_lock_acquire+0x14e/0x1f0 [ 345.712978][T13978] ? lock_acquire+0x2f/0xb0 [ 345.717572][T13978] ? __fget_files+0x40/0x3a0 [ 345.722251][T13978] ? __fget_files+0x206/0x3a0 [ 345.727013][T13978] security_file_ioctl+0x9b/0x240 [ 345.732165][T13978] __x64_sys_ioctl+0xb7/0x200 [ 345.736912][T13978] do_syscall_64+0xcd/0x250 [ 345.741577][T13978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.747605][T13978] RIP: 0033:0x7f7977f85d29 [ 345.752097][T13978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.772028][T13978] RSP: 002b:00007f7978e3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 345.780698][T13978] RAX: ffffffffffffffda RBX: 00007f7978175fa0 RCX: 00007f7977f85d29 [ 345.788744][T13978] RDX: 0000000000000038 RSI: 0000000040085618 RDI: 0000000000000003 [ 345.796900][T13978] RBP: 00007f7978e3c090 R08: 0000000000000000 R09: 0000000000000000 [ 345.804930][T13978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.813028][T13978] R13: 0000000000000000 R14: 00007f7978175fa0 R15: 00007ffd0bc833a8 [ 345.821140][T13978] [ 345.992805][T13829] hsr_slave_0: entered promiscuous mode [ 346.012091][T13829] hsr_slave_1: entered promiscuous mode [ 346.027907][T13829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 346.046505][T13829] Cannot create hsr debugfs directory [ 346.065055][T13978] ERROR: Out of memory at tomoyo_realpath_from_path. [ 346.537581][T13829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 346.553713][T13829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 346.573987][T13829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 346.594429][T13829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 346.773906][T13994] netlink: 322 bytes leftover after parsing attributes in process `syz.3.1215'. [ 346.893313][T13980] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 13980 comm: syz.2.1212) [ 347.111647][T13829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.133393][T13829] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.148274][ T9369] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.155770][ T9369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.180990][T14002] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14002 comm: syz.2.1218) [ 347.203292][ T9369] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.210813][ T9369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.623109][T14004] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14004 comm: syz.2.1219) [ 347.720626][ T5839] Bluetooth: hci3: command tx timeout [ 347.963873][T13829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.025925][T14019] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14019 comm: syz.2.1222) [ 348.648769][T13829] veth0_vlan: entered promiscuous mode [ 348.670861][T13829] veth1_vlan: entered promiscuous mode [ 348.729784][T13829] veth0_macvtap: entered promiscuous mode [ 348.753751][T13829] veth1_macvtap: entered promiscuous mode [ 348.797031][T13829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 348.819136][T13829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.849164][T13829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 348.862738][T14044] Process accounting resumed [ 348.869998][T13829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.890167][T13829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 348.905216][T13829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.918551][T13829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.981824][T13829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 349.015668][T13829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 349.040128][T13829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 349.070450][T13829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 349.089940][T13829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 349.105581][T13829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 349.128567][T13829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.179576][T13829] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.199088][T13829] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.208605][T14053] syz.0.1230 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 349.219075][T13829] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.219183][T13829] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.260798][T14027] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14027 comm: syz.2.1225) [ 349.414250][T14056] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14056 comm: syz.2.1232) [ 349.570484][ T9371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.592421][ T9371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.627518][ T2966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.661466][ T2966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.672048][T14060] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14060 comm: syz.2.1233) [ 349.786097][ T5839] Bluetooth: hci3: command tx timeout [ 350.912730][T14068] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14068 comm: syz.2.1234) [ 351.731509][T14096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1238'. [ 351.865288][ T5839] Bluetooth: hci3: command tx timeout [ 352.004519][T14098] IPVS: length: 11322 != 8 [ 352.157527][T14096] team0: Port device team_slave_1 removed [ 352.701902][T14094] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14094 comm: syz.2.1238) [ 353.087791][T14115] netlink: 'syz.2.1246': attribute type 11 has an invalid length. [ 353.119192][T14115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1246'. [ 353.261704][T14114] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14114 comm: syz.2.1246) [ 353.600517][T14135] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14135 comm: syz.2.1248) [ 353.980182][T14141] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1249'. [ 354.208961][T14142] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 14142 comm: syz.2.1250) [ 354.793205][T14141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.815176][T14141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.834615][T14141] bond0 (unregistering): Released all slaves [ 356.589473][T14294] nfs: Unknown parameter 'DÅGzÝùë舆iÄFÏ¢†Ž&MjoC´ñ#ˆ„ôÂÿ™Åo¸ÚXoäª\´ÞFBøƒËnj“º>./file0' [ 356.659132][T14161] Process accounting paused [ 357.006780][T14301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1263'. [ 357.725321][T14314] program syz.3.1265 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 357.836352][T14314] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 360.871263][T14486] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 361.191716][T14496] tipc: Started in network mode [ 361.197061][T14496] tipc: Node identity ffffffff, cluster identity 4711 [ 361.204043][T14496] tipc: Node number set to 4294967295 [ 361.716345][T14508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 361.762974][T14508] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 361.813617][T14508] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 361.822207][T14508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 361.829006][T14508] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 361.840556][T14508] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 362.786553][T14533] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1298'. [ 362.861449][T14537] capability: warning: `syz.3.1302' uses deprecated v2 capabilities in a way that may be insecure [ 363.050993][T14538] sg_read: process 62 (syz.4.1299) changed security contexts after opening file descriptor, this is not allowed. [ 363.489607][T14545] QAT: Device 0 not found [ 363.795189][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 363.795579][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 363.865941][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 363.867930][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 364.123129][T14528] kexec: Could not allocate control_code_buffer [ 364.461680][T14668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1310'. [ 365.497558][T14702] program syz.3.1319 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 365.963454][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 366.606358][T14829] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1326'. [ 366.672571][T14830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1326'. [ 366.871344][T14830] macsec0: entered allmulticast mode [ 366.888314][T14830] veth1_macvtap: entered allmulticast mode [ 367.286950][T14824] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 367.318169][T14824] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 367.362798][T14824] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 367.405606][T14824] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 369.314489][ T5839] Bluetooth: hci0: command 0x0406 tx timeout [ 369.385212][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 369.385246][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 369.465269][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 372.463473][T14897] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1342'. [ 372.766707][T15028] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 372.920025][T14897] team0: Port device team_slave_1 removed [ 374.709822][T15051] bridge0: port 3(batadv0) entered blocking state [ 374.717661][T15051] bridge0: port 3(batadv0) entered disabled state [ 374.736069][T15051] batadv0: entered allmulticast mode [ 374.742931][T15051] batadv0: entered promiscuous mode [ 374.763126][T15051] bridge0: port 3(batadv0) entered blocking state [ 374.769836][T15051] bridge0: port 3(batadv0) entered forwarding state [ 374.911507][ T9369] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 374.921445][ T9369] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 375.840675][T15074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1363'. [ 376.181639][T15081] netlink: 5995 bytes leftover after parsing attributes in process `syz.4.1362'. [ 377.786541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 380.752316][T15143] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1379'. [ 383.203984][T15147] kexec: Could not allocate control_code_buffer [ 384.189826][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.196291][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.861300][T15185] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1390'. [ 384.883352][T15185] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1390'. [ 386.553745][T15202] kexec: Could not allocate control_code_buffer [ 388.519720][T15121] Process accounting resumed [ 388.579817][T15121] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15121 comm: syz.2.1373) [ 390.898333][T15205] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15205 comm: syz.2.1391) [ 392.464736][T15445] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15445 comm: syz.2.1404) [ 393.529667][T15476] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15476 comm: syz.2.1408) [ 394.276962][T15482] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15482 comm: syz.2.1410) [ 395.368011][T15479] kexec: Could not allocate control_code_buffer [ 395.508973][T15492] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15492 comm: syz.2.1412) [ 395.711474][T15498] HfR: entered promiscuous mode [ 396.081553][T15164] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15164 comm: syz.2.1382) [ 396.308506][T15501] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15501 comm: syz.2.1416) [ 397.748982][T15524] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 398.966035][T15526] kexec: Could not allocate control_code_buffer [ 399.131385][T15513] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1418'. [ 399.237659][T15513] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 399.428876][T15512] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15512 comm: syz.2.1418) [ 401.154489][T15680] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1432'. [ 401.341745][T15672] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15672 comm: syz.2.1428) [ 401.521689][T15555] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15555 comm: syz.2.1428) [ 402.355471][T15690] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15690 comm: syz.2.1434) [ 402.556417][T15714] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1439'. [ 402.658118][T15711] can: request_module (can-proto-0) failed. [ 402.916406][T15721] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15721 comm: syz.2.1441) [ 403.123827][T15732] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15732 comm: syz.2.1441) [ 403.658751][T15713] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15713 comm: syz.2.1441) [ 403.942180][T15751] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15751 comm: syz.2.1448) [ 404.202858][T15759] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15759 comm: syz.2.1451) [ 404.220369][T15762] netlink: zone id is out of range [ 404.264577][T15762] netlink: set zone limit has 8 unknown bytes [ 405.783880][T15767] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15767 comm: syz.2.1453) [ 406.113897][T15802] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15802 comm: syz.2.1463) [ 407.378579][T15905] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15905 comm: syz.2.1465) [ 408.640496][T15941] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15941 comm: syz.2.1471) [ 408.676301][T15953] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1475'. [ 408.726209][T15953] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1475'. [ 409.712139][T15771] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15771 comm: syz.2.1453) [ 410.637710][T15981] kexec: Could not allocate control_code_buffer [ 413.618864][T16327] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 16327 comm: syz.2.1478) [ 413.903135][T15986] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 15986 comm: syz.2.1478) [ 416.258153][T16577] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1506'. [ 418.540272][T16345] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 16345 comm: syz.2.1498) [ 418.960829][T16604] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1512'. [ 419.202806][T16606] Process accounting paused [ 420.068837][T16722] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1518'. [ 420.859229][T16841] ecryptfs_miscdev_write: memdup_user returned error [-14] [ 425.627689][T17353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1552'. [ 426.231653][ T29] audit: type=1800 audit(1734624792.852:6): pid=17368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1558" name="dbroot" dev="configfs" ino=30949 res=0 errno=0 [ 426.234456][T17368] db_root: not a directory: /proc/locks [ 426.495857][T17375] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1561'. [ 426.605699][T17377] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1562'. [ 426.698785][T17380] FAULT_INJECTION: forcing a failure. [ 426.698785][T17380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 426.712581][T17380] CPU: 1 UID: 0 PID: 17380 Comm: syz.3.1563 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 426.723423][T17380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 426.733536][T17380] Call Trace: [ 426.736864][T17380] [ 426.739890][T17380] dump_stack_lvl+0x16c/0x1f0 [ 426.744660][T17380] should_fail_ex+0x497/0x5b0 [ 426.749426][T17380] _copy_from_user+0x2e/0xd0 [ 426.754113][T17380] do_sock_getsockopt+0x319/0x870 [ 426.759221][T17380] ? trace_lock_acquire+0x70/0x1f0 [ 426.764510][T17380] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 426.770138][T17380] ? lock_acquire+0x2f/0xb0 [ 426.774714][T17380] ? __fget_files+0x40/0x3a0 [ 426.779390][T17380] ? __fget_files+0x206/0x3a0 [ 426.784165][T17380] __sys_getsockopt+0x12f/0x260 [ 426.789202][T17380] __x64_sys_getsockopt+0xbd/0x160 [ 426.794399][T17380] ? do_syscall_64+0x91/0x250 [ 426.799336][T17380] ? lockdep_hardirqs_on+0x7c/0x110 [ 426.804617][T17380] do_syscall_64+0xcd/0x250 [ 426.809215][T17380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.815362][T17380] RIP: 0033:0x7f7977f85d29 [ 426.819948][T17380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.839633][T17380] RSP: 002b:00007f7978e3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 426.848247][T17380] RAX: ffffffffffffffda RBX: 00007f7978175fa0 RCX: 00007f7977f85d29 [ 426.856280][T17380] RDX: 0000000000000033 RSI: 0000000000000000 RDI: 0000000000000003 [ 426.864460][T17380] RBP: 00007f7978e3c090 R08: 0000000000000000 R09: 0000000000000000 [ 426.872493][T17380] R10: 9999999999999999 R11: 0000000000000246 R12: 0000000000000001 [ 426.880545][T17380] R13: 0000000000000000 R14: 00007f7978175fa0 R15: 00007ffd0bc833a8 [ 426.888691][T17380] [ 428.836264][T17413] Ignoring unsupported numa_zonelist_order value: [ 428.836264][T17413] [ 429.097731][T17401] kexec: Could not allocate control_code_buffer [ 429.151782][T17415] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1572'. [ 429.185936][T17415] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 429.587377][T17419] FAULT_INJECTION: forcing a failure. [ 429.587377][T17419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 429.675235][T17419] CPU: 0 UID: 0 PID: 17419 Comm: syz.2.1573 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 429.686374][T17419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 429.696504][T17419] Call Trace: [ 429.699823][T17419] [ 429.702798][T17419] dump_stack_lvl+0x16c/0x1f0 [ 429.707548][T17419] should_fail_ex+0x497/0x5b0 [ 429.712348][T17419] _copy_to_user+0x32/0xd0 [ 429.716858][T17419] mptcp_put_int_option.constprop.0+0x1c7/0x240 [ 429.723184][T17419] ? __pfx_mptcp_put_int_option.constprop.0+0x10/0x10 [ 429.730035][T17419] ? lock_acquire+0x2f/0xb0 [ 429.734622][T17419] ? __local_bh_enable_ip+0xa4/0x120 [ 429.740059][T17419] mptcp_getsockopt+0x88d/0xba0 [ 429.745018][T17419] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 429.750466][T17419] ? lock_acquire+0x2f/0xb0 [ 429.755075][T17419] ? __might_fault+0xe3/0x190 [ 429.760036][T17419] ? __might_fault+0xe3/0x190 [ 429.765061][T17419] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 429.771117][T17419] do_sock_getsockopt+0x3fe/0x870 [ 429.776210][T17419] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 429.781819][T17419] ? lock_acquire+0x2f/0xb0 [ 429.786389][T17419] ? __fget_files+0x40/0x3a0 [ 429.791066][T17419] ? __fget_files+0x206/0x3a0 [ 429.796004][T17419] __sys_getsockopt+0x12f/0x260 [ 429.800947][T17419] __x64_sys_getsockopt+0xbd/0x160 [ 429.806215][T17419] ? do_syscall_64+0x91/0x250 [ 429.810948][T17419] ? lockdep_hardirqs_on+0x7c/0x110 [ 429.816214][T17419] do_syscall_64+0xcd/0x250 [ 429.820776][T17419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.826715][T17419] RIP: 0033:0x7f74d1785d29 [ 429.831248][T17419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.850913][T17419] RSP: 002b:00007f74cf5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 429.859602][T17419] RAX: ffffffffffffffda RBX: 00007f74d1975fa0 RCX: 00007f74d1785d29 [ 429.867637][T17419] RDX: 0000000000000033 RSI: 0000000000000000 RDI: 0000000000000003 [ 429.875643][T17419] RBP: 00007f74cf5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 429.883653][T17419] R10: 9999999999999999 R11: 0000000000000246 R12: 0000000000000001 [ 429.891666][T17419] R13: 0000000000000000 R14: 00007f74d1975fa0 R15: 00007ffe8c0623f8 [ 429.899689][T17419] [ 433.716430][T17668] [U] [ 433.719257][T17668] [U] [ 433.722111][T17668] [U] [ 433.724879][T17668] [U] [ 433.763149][T17668] [U] [ 433.765963][T17668] [U] [ 433.768734][T17668] [U] [ 433.771761][T17668] [U] [ 433.844068][T17668] [U] [ 433.847009][T17668] [U] [ 433.849805][T17668] [U] [ 433.852570][T17668] [U] [ 433.896343][T17668] [U] [ 433.899166][T17668] [U] [ 433.902131][T17668] [U] [ 433.904906][T17668] [U] [ 433.953979][T17668] [U] [ 433.956812][T17668] [U] [ 433.959581][T17668] [U] [ 433.962345][T17668] [U] [ 434.030346][T17668] [U] [ 434.033184][T17668] [U] [ 434.035964][T17668] [U] [ 434.038729][T17668] [U] [ 434.066428][T17668] [U] [ 434.069257][T17668] [U] [ 434.072030][T17668] [U] [ 434.074796][T17668] [U] [ 434.144530][T17668] [U] [ 434.147459][T17668] [U] [ 434.150238][T17668] [U] [ 434.153020][T17668] [U] [ 434.331212][T17668] [U] [ 434.629362][T17782] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1591'. [ 435.226328][T17782] team0: Port device team_slave_0 removed [ 435.902210][T17801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1596'. [ 435.929568][T17801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1596'. [ 440.931655][T17947] [U] [ 440.934475][T17947] [U] [ 440.937243][T17947] [U] [ 440.940106][T17947] [U] [ 440.981090][T17947] [U] [ 440.983901][T17947] [U] [ 440.986674][T17947] [U] [ 440.989445][T17947] [U] [ 441.027508][T17947] [U] [ 441.030321][T17947] [U] [ 441.033201][T17947] [U] [ 441.036023][T17947] [U] [ 441.049992][T17955] [U] [ 445.392479][T18328] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1629'. [ 445.628023][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.644974][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 449.634861][T18583] Process accounting resumed [ 449.665257][T18583] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18583 comm: syz.2.1642) [ 450.682547][T18604] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18604 comm: syz.2.1647) [ 451.875541][T18623] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18623 comm: syz.2.1652) [ 452.485984][T18647] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18647 comm: syz.2.1658) [ 453.970466][T18664] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18664 comm: syz.2.1661) [ 455.198250][T18680] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18680 comm: syz.2.1666) [ 455.702135][T18707] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18707 comm: syz.2.1675) [ 455.750115][T18699] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1672'. [ 455.826803][T18699] veth1_macvtap: left promiscuous mode [ 455.840470][T18699] macsec0: entered promiscuous mode [ 455.851742][T18713] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(49) [ 456.002112][T18712] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18712 comm: syz.2.1676) [ 456.767330][T18665] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18665 comm: syz.2.1661) [ 457.161815][T18726] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18726 comm: syz.2.1677) [ 457.862793][T18834] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18834 comm: syz.2.1681) [ 458.423318][T18848] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18848 comm: syz.2.1684) [ 458.821087][T18858] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18858 comm: syz.2.1687) [ 459.318063][T18967] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18967 comm: syz.2.1689) [ 459.660288][T18983] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18983 comm: syz.2.1693) [ 460.005992][T18989] netlink: 'syz.2.1696': attribute type 3 has an invalid length. [ 462.163815][T19115] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1703'. [ 463.293485][T18992] warn_unsupported: 2 callbacks suppressed [ 463.293513][T18992] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 18992 comm: syz.2.1697) [ 465.130620][T19142] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19142 comm: syz.2.1710) [ 466.310452][T19170] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19170 comm: syz.2.1717) [ 467.409721][T19185] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19185 comm: syz.2.1721) [ 467.909033][T19260] mkiss: ax0: crc mode is auto. [ 468.208880][T19247] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19247 comm: syz.2.1726) [ 468.945340][T19315] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19315 comm: syz.2.1729) [ 469.548906][T19431] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19431 comm: syz.2.1733) [ 470.738124][T19445] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19445 comm: syz.2.1736) [ 471.095967][T19459] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19459 comm: syz.2.1741) [ 472.207603][T19469] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19469 comm: syz.2.1742) [ 472.496877][T19489] FAULT_INJECTION: forcing a failure. [ 472.496877][T19489] name failslab, interval 1, probability 0, space 0, times 0 [ 472.537894][T19489] CPU: 1 UID: 0 PID: 19489 Comm: syz.3.1748 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 472.548779][T19489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 472.558904][T19489] Call Trace: [ 472.562239][T19489] [ 472.565220][T19489] dump_stack_lvl+0x16c/0x1f0 [ 472.569975][T19489] should_fail_ex+0x497/0x5b0 [ 472.574732][T19489] ? fs_reclaim_acquire+0xae/0x150 [ 472.579969][T19489] should_failslab+0xc2/0x120 [ 472.584738][T19489] __kmalloc_node_noprof+0xd1/0x520 [ 472.590028][T19489] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 472.595581][T19489] __kvmalloc_node_noprof+0xad/0x1a0 [ 472.601054][T19489] proc_sys_call_handler+0x2f6/0x5d0 [ 472.606431][T19489] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 472.612418][T19489] vfs_read+0x87f/0xbe0 [ 472.616653][T19489] ? __pfx_vfs_read+0x10/0x10 [ 472.621434][T19489] ksys_read+0x12b/0x250 [ 472.625846][T19489] ? __pfx_ksys_read+0x10/0x10 [ 472.630757][T19489] do_syscall_64+0xcd/0x250 [ 472.635377][T19489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.641539][T19489] RIP: 0033:0x7f7977f85d29 [ 472.646027][T19489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.665720][T19489] RSP: 002b:00007f7978e1b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 472.674646][T19489] RAX: ffffffffffffffda RBX: 00007f7978176080 RCX: 00007f7977f85d29 [ 472.682687][T19489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 472.690721][T19489] RBP: 00007f7978e1b090 R08: 0000000000000000 R09: 0000000000000000 [ 472.698768][T19489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.706836][T19489] R13: 0000000000000000 R14: 00007f7978176080 R15: 00007ffd0bc833a8 [ 472.714900][T19489] [ 472.735235][T19488] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19488 comm: syz.2.1747) [ 473.445032][T19494] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19494 comm: syz.2.1750) [ 474.207061][T19496] kexec: Could not allocate control_code_buffer [ 475.230935][T19522] kexec: Could not allocate control_code_buffer [ 475.558331][T19522] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19522 comm: syz.2.1753) [ 475.763903][T19433] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19433 comm: syz.2.1733) [ 476.906081][T19542] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19542 comm: syz.2.1763) [ 478.005977][T19558] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19558 comm: syz.2.1767) [ 478.344419][T19579] Process accounting resumed [ 478.430192][T19587] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19587 comm: syz.2.1777) [ 478.617178][T19601] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 19601 comm: syz.2.1778) [ 479.718911][T19614] Process accounting paused [ 480.018340][T19634] netlink: 'syz.2.1786': attribute type 1 has an invalid length. [ 480.051809][T19634] netlink: 318 bytes leftover after parsing attributes in process `syz.2.1786'. [ 482.571565][T19882] scsi_strcpy_devinfo: vendor string ';íÙ/&cŒÀ' is too long [ 482.928110][T19988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1804'. [ 485.316492][T20013] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.140313][T20060] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1817'. [ 487.280664][T20157] Invalid ELF header magic: != ELF [ 489.808768][T20411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1834'. [ 490.076152][T20606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1838'. [ 490.150605][T20608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1838'. [ 491.061492][T20603] [U] [ 491.064390][T20603] [U] [ 491.067165][T20603] [U] [ 491.069981][T20603] [U] [ 491.093728][T20603] [U] [ 491.096565][T20603] [U] [ 491.099346][T20603] [U] [ 491.102111][T20603] [U] [ 491.129253][T20604] [U] [ 492.992822][T20670] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 493.041083][T20670] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1856'. [ 496.303589][T20739] sp0: Synchronizing with TNC [ 496.541795][T20743] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1875'. [ 498.070639][T20961] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1880'. [ 498.097663][T20961] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1880'. [ 498.957326][T20986] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1886'. [ 499.261268][T20990] kexec: Could not allocate control_code_buffer syzkaller syzkaller login: [ 500.360237][ T29] audit: type=1800 audit(4295163946.239:7): pid=21123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1900" name="features" dev="configfs" ino=35402 res=0 errno=0 [ 500.591305][T21131] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1902'. [ 500.913970][T21128] kexec: Could not allocate control_code_buffer [ 504.264766][T21516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1927'. [ 504.690301][T21522] netlink: zone id is out of range [ 504.799386][T21522] netlink: set zone limit has 8 unknown bytes [ 507.043878][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.050302][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.874254][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 507.914186][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 507.927281][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 507.977559][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 507.990943][ T5839] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 507.999855][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 508.049013][T21791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1946'. [ 508.258655][T21796] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1947'. [ 508.328081][T21786] chnl_net:caif_netlink_parms(): no params data found [ 508.345568][T21801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1947'. [ 508.501159][T21786] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.508534][T21786] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.517935][T21786] bridge_slave_0: entered allmulticast mode [ 508.529227][T21786] bridge_slave_0: entered promiscuous mode [ 508.552151][T21786] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.559518][T21786] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.580104][T21786] bridge_slave_1: entered allmulticast mode [ 508.588246][T21786] bridge_slave_1: entered promiscuous mode [ 508.662963][T21786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.702870][T21786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.841640][T21810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1950'. [ 508.847986][T21786] team0: Port device team_slave_0 added [ 508.881804][T21786] team0: Port device team_slave_1 added [ 508.930937][T21813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1950'. [ 508.989305][T21786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.007376][T21786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.079013][T21786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.164798][T21786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.174577][T21786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.239513][T21786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.363388][T21786] hsr_slave_0: entered promiscuous mode [ 509.397022][T21786] hsr_slave_1: entered promiscuous mode [ 509.416695][T21786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.434795][T21786] Cannot create hsr debugfs directory [ 509.735513][T21786] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.854674][T21786] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.953497][T21786] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.003154][T21826] Process accounting resumed [ 510.042407][T21786] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.080052][ T5843] Bluetooth: hci4: command tx timeout [ 510.328099][T21786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 510.367473][T21786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 510.386146][T21786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 510.400905][T21786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 510.570845][T21786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.626640][T21786] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.668299][ T6282] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.675527][ T6282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 510.711620][ T9369] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.718975][ T9369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.068119][T21837] kexec: Could not allocate control_code_buffer [ 511.270892][T21786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 511.426564][T21786] veth0_vlan: entered promiscuous mode [ 511.466152][T21786] veth1_vlan: entered promiscuous mode [ 511.536142][T21786] veth0_macvtap: entered promiscuous mode [ 511.543165][T21855] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1961'. [ 511.567393][T21786] veth1_macvtap: entered promiscuous mode [ 511.574563][T21855] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1961'. [ 511.634514][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 511.658949][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.675138][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 511.687833][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.707028][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 511.724406][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.735611][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 511.754898][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.775281][T21786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 511.867518][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.887483][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.897660][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.921967][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.936569][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.954213][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.964664][T21786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.982420][T21786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.002953][T21786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.025942][T21786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.044848][T21786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.055713][T21786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.071731][T21786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.162014][ T5843] Bluetooth: hci4: command tx timeout [ 512.505017][ T6280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.545051][ T6280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 512.666928][ T6282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.698067][ T6282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 514.237124][ T5839] Bluetooth: hci4: command tx timeout [ 516.326051][ T5839] Bluetooth: hci4: command tx timeout [ 519.372234][T21989] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1995'. [ 519.422681][T21989] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1995'. [ 521.956603][T22026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2006'. [ 522.073377][T22030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2006'. [ 523.260539][T22042] Invalid ELF header magic: != ELF [ 528.599327][T22098] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[22098] [ 528.936457][T22113] FAULT_INJECTION: forcing a failure. [ 528.936457][T22113] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 528.966036][T22113] CPU: 1 UID: 0 PID: 22113 Comm: syz.4.2028 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 528.976907][T22113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 528.987560][T22113] Call Trace: [ 528.990976][T22113] [ 528.994048][T22113] dump_stack_lvl+0x16c/0x1f0 [ 528.998857][T22113] should_fail_ex+0x497/0x5b0 [ 529.003729][T22113] _copy_from_user+0x2e/0xd0 [ 529.008770][T22113] copy_msghdr_from_user+0x99/0x160 [ 529.014149][T22113] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 529.020054][T22113] ? __lock_acquire+0xcc5/0x3c40 [ 529.025111][T22113] ___sys_sendmsg+0xff/0x1e0 [ 529.029792][T22113] ? __pfx____sys_sendmsg+0x10/0x10 [ 529.035176][T22113] ? trace_lock_acquire+0x14e/0x1f0 [ 529.040479][T22113] __sys_sendmmsg+0x201/0x420 [ 529.045276][T22113] ? __pfx___sys_sendmmsg+0x10/0x10 [ 529.050570][T22113] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 529.056636][T22113] ? fput+0x67/0x440 [ 529.060605][T22113] ? ksys_write+0x1ba/0x250 [ 529.065179][T22113] ? __pfx_ksys_write+0x10/0x10 [ 529.070106][T22113] __x64_sys_sendmmsg+0x9c/0x100 [ 529.075138][T22113] ? lockdep_hardirqs_on+0x7c/0x110 [ 529.080412][T22113] do_syscall_64+0xcd/0x250 [ 529.084972][T22113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.091082][T22113] RIP: 0033:0x7f47fcd85d29 [ 529.095639][T22113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.115471][T22113] RSP: 002b:00007f47fdb8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 529.123979][T22113] RAX: ffffffffffffffda RBX: 00007f47fcf75fa0 RCX: 00007f47fcd85d29 [ 529.131998][T22113] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000003 [ 529.140088][T22113] RBP: 00007f47fdb8e090 R08: 0000000000000000 R09: 0000000000000000 [ 529.148092][T22113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.156131][T22113] R13: 0000000000000000 R14: 00007f47fcf75fa0 R15: 00007ffd6ce06bd8 [ 529.164175][T22113] [ 529.637289][T22116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2029'. [ 533.741711][T22129] kexec: Could not allocate control_code_buffer [ 536.118013][T22188] kexec: Could not allocate control_code_buffer [ 538.906448][T22210] kexec: Could not allocate control_code_buffer [ 549.905704][T22440] kexec: Could not allocate control_code_buffer [ 551.316330][T22492] FAULT_INJECTION: forcing a failure. [ 551.316330][T22492] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 551.384928][T22492] CPU: 0 UID: 0 PID: 22492 Comm: syz.4.2141 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 551.395986][T22492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 551.406109][T22492] Call Trace: [ 551.409436][T22492] [ 551.412411][T22492] dump_stack_lvl+0x16c/0x1f0 [ 551.417429][T22492] should_fail_ex+0x497/0x5b0 [ 551.422189][T22492] _copy_from_user+0x2e/0xd0 [ 551.426860][T22492] copy_from_sockptr_offset.constprop.0+0x106/0x190 [ 551.433553][T22492] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 551.440851][T22492] ? __local_bh_enable_ip+0xa4/0x120 [ 551.446305][T22492] ? lockdep_hardirqs_on+0x7c/0x110 [ 551.451586][T22492] do_ip_setsockopt+0x198a/0x38c0 [ 551.456687][T22492] ? find_held_lock+0x2d/0x110 [ 551.461539][T22492] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 551.467009][T22492] ip_setsockopt+0x59/0xf0 [ 551.471589][T22492] raw_setsockopt+0xb8/0x290 [ 551.476255][T22492] ? __pfx_raw_setsockopt+0x10/0x10 [ 551.481869][T22492] ? sock_common_setsockopt+0x2e/0xf0 [ 551.487311][T22492] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 551.493452][T22492] do_sock_setsockopt+0x222/0x480 [ 551.498550][T22492] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 551.504164][T22492] ? lock_acquire+0x2f/0xb0 [ 551.508814][T22492] __sys_setsockopt+0x1a0/0x230 [ 551.513783][T22492] __x64_sys_setsockopt+0xbd/0x160 [ 551.519067][T22492] ? do_syscall_64+0x91/0x250 [ 551.523916][T22492] ? lockdep_hardirqs_on+0x7c/0x110 [ 551.529193][T22492] do_syscall_64+0xcd/0x250 [ 551.533779][T22492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.539752][T22492] RIP: 0033:0x7f47fcd85d29 [ 551.544225][T22492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.563900][T22492] RSP: 002b:00007f47fdb8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 551.572607][T22492] RAX: ffffffffffffffda RBX: 00007f47fcf75fa0 RCX: 00007f47fcd85d29 [ 551.580655][T22492] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000003 [ 551.588876][T22492] RBP: 00007f47fdb8e090 R08: 0000000000000028 R09: 0000000000000000 [ 551.597000][T22492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.600924][T22476] kexec: Could not allocate control_code_buffer [ 551.605003][T22492] R13: 0000000000000000 R14: 00007f47fcf75fa0 R15: 00007ffd6ce06bd8 [ 551.619419][T22492] [ 552.124719][ T29] audit: type=1800 audit(4295360606.029:8): pid=22510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2146" name="dbroot" dev="configfs" ino=40320 res=0 errno=0 [ 552.169217][T22510] db_root: cannot open: initcall:initcall_finish [ 552.169217][T22510] initcall:initcall_start [ 552.169217][T22510] initcall:initcall_level [ 552.169217][T22510] vsyscall:emulate_vsyscall [ 552.169217][T22510] kvm:kvm_test_age_hva [ 552.169217][T22510] kvm:kvm_age_hva [ 552.169217][T22510] kvm:kvm_unmap_hva_range [ 552.169217][T22510] kvm:kvm_dirty_ring_exit [ 552.169217][T22510] kvm:kvm_dirty_ring_reset [ 552.169217][T22510] kvm:kvm_dirty_ring_push [ 552.169217][T22510] kvm:kvm_halt_poll_ns [ 552.169217][T22510] kvm:kvm_async_pf_completed [ 552.169217][T22510] kvm:kvm_async_pf_ready [ 552.169217][T22510] kvm:kvm_async_pf_not_present [ 552.169217][T22510] kvm:kvm_async_pf_repeated_fault [ 552.169217][T22510] kvm:kvm_try_async_get_page [ 552.169217][T22510] kvm:kvm_fpu [ 552.169217][T22510] kvm:kvm_iocsr [ 552.169217][T22510] kvm:kvm_mmio [ 552.169217][T22510] kvm:kvm_ack_irq [ 552.169217][T22510] kvm:kvm_msi_set_irq [ 552.169217][T22510] kvm:kvm_ioapic_delayed_eoi_inj [ 552.169217][T22510] kvm:kvm_ioapic_set_irq [ 552.169217][T22510] kvm:kvm_set_irq [ 552.169217][T22510] kvm:kvm_vcpu_wakeup [ 552.169217][T22510] kvm:kvm_userspace_exit [ 552.169217][T22510] kvm:kvm_rmp_fault [ 552.169217][T22510] kvm:kvm_vmgexit_msr_protocol_exit [ 552.169217][T22510] kvm:kvm_vmgexit_msr_protocol_enter [ 552.169217][T22510] kvm:kvm_vmgexit_exit [ 552.169217][T22510] kvm:kvm_vmgexit_enter [ 552.169217][T22510] kvm:kvm_hv_syndbg_get_msr [ 552.169217][T22510] kvm:kvm_hv_syndbg_set_msr [ 552.169217][T22510] kvm:kvm_nested_vmenter_failed [ 552.169217][T22510] kvm:kvm_pv_tlb_flush [ 552.169217][T22510] kvm:kvm_hv_send_ipi_ex [ 552.169217][T22510] kvm:kvm_hv_send_ipi [ 552.169217][T22510] kvm:kvm_hv_flush_tlb_ex [ 552.169217][T22510] kvm:kvm_hv_flush_tlb [ 552.169217][T22510] kvm:kvm_hv_timer_state [ 552.169217][T22510] kvm:kvm_avic_doorbell [ 552.169217][T22510] kvm:kvm_avic_kick_vcpu_slowpath [ 552.169217][T22510] kvm:kvm_avic_ga_log [ 552.169217][T22510] k [ 552.665782][T22530] FAULT_INJECTION: forcing a failure. [ 552.665782][T22530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 552.865817][T22530] CPU: 0 UID: 0 PID: 22530 Comm: syz.3.2151 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 552.876676][T22530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 552.886914][T22530] Call Trace: [ 552.890294][T22530] [ 552.893368][T22530] dump_stack_lvl+0x16c/0x1f0 [ 552.898138][T22530] should_fail_ex+0x497/0x5b0 [ 552.902902][T22530] _copy_from_user+0x2e/0xd0 [ 552.907580][T22530] copy_msghdr_from_user+0x99/0x160 [ 552.912891][T22530] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 552.918810][T22530] ___sys_sendmsg+0xff/0x1e0 [ 552.923519][T22530] ? __pfx____sys_sendmsg+0x10/0x10 [ 552.928817][T22530] ? __pfx_lock_release+0x10/0x10 [ 552.933998][T22530] ? trace_lock_acquire+0x14e/0x1f0 [ 552.939291][T22530] ? __fget_files+0x206/0x3a0 [ 552.944052][T22530] __sys_sendmsg+0x16e/0x220 [ 552.948743][T22530] ? __pfx___sys_sendmsg+0x10/0x10 [ 552.953969][T22530] do_syscall_64+0xcd/0x250 [ 552.958555][T22530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.964620][T22530] RIP: 0033:0x7fc0e2f85d29 [ 552.969192][T22530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.988873][T22530] RSP: 002b:00007fc0e3d3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 552.997365][T22530] RAX: ffffffffffffffda RBX: 00007fc0e3175fa0 RCX: 00007fc0e2f85d29 [ 553.005484][T22530] RDX: 0000000000044044 RSI: 0000000020006200 RDI: 0000000000000003 [ 553.013516][T22530] RBP: 00007fc0e3d3c090 R08: 0000000000000000 R09: 0000000000000000 [ 553.021548][T22530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 553.029586][T22530] R13: 0000000000000000 R14: 00007fc0e3175fa0 R15: 00007fff3daf9c68 [ 553.037684][T22530] [ 555.236194][T22541] kexec: Could not allocate control_code_buffer [ 556.965333][T22588] kexec: Could not allocate control_code_buffer [ 561.103350][T22657] sctp: [Deprecated]: syz.0.2188 (pid 22657) Use of int in maxseg socket option. [ 561.103350][T22657] Use struct sctp_assoc_value instead [ 563.401120][T22673] Invalid ELF header magic: != ELF [ 567.259266][T22682] syz.3.2197: vmalloc error: size 2711552, failed to allocated page array size 5296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 567.278933][T22682] CPU: 0 UID: 0 PID: 22682 Comm: syz.3.2197 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 567.289814][T22682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 567.299936][T22682] Call Trace: [ 567.303279][T22682] [ 567.306265][T22682] dump_stack_lvl+0x16c/0x1f0 [ 567.311066][T22682] warn_alloc+0x24d/0x3a0 [ 567.315483][T22682] ? __pfx_warn_alloc+0x10/0x10 [ 567.320523][T22682] ? __get_vm_area_node+0x1b0/0x2f0 [ 567.325795][T22682] ? __get_vm_area_node+0x1dc/0x2f0 [ 567.331089][T22682] __vmalloc_node_range_noprof+0x1105/0x1530 [ 567.337165][T22682] ? __lruvec_stat_mod_folio+0xa0/0x360 [ 567.342794][T22682] ? lock_acquire+0x2f/0xb0 [ 567.347391][T22682] ? bpf_check+0x206/0xc870 [ 567.352077][T22682] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 567.358502][T22682] ? rcu_is_watching+0x12/0xc0 [ 567.363352][T22682] ? trace_kmalloc+0x2d/0xd0 [ 567.368114][T22682] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 567.373936][T22682] ? __kvmalloc_node_noprof+0x6f/0x1a0 [ 567.379500][T22682] ? ktime_get+0x206/0x300 [ 567.384039][T22682] ? bpf_check+0x206/0xc870 [ 567.388636][T22682] vzalloc_noprof+0x6b/0x90 [ 567.393317][T22682] ? bpf_check+0x206/0xc870 [ 567.397912][T22682] bpf_check+0x206/0xc870 [ 567.402321][T22682] ? hlock_class+0x4e/0x130 [ 567.406914][T22682] ? __lock_acquire+0x15a9/0x3c40 [ 567.412054][T22682] ? __pfx___lock_acquire+0x10/0x10 [ 567.417356][T22682] ? __pfx_bpf_check+0x10/0x10 [ 567.422212][T22682] ? find_held_lock+0x2d/0x110 [ 567.427094][T22682] ? bpf_prog_load+0xd45/0x2670 [ 567.432028][T22682] ? __pfx_lock_release+0x10/0x10 [ 567.437662][T22682] ? trace_lock_acquire+0x14e/0x1f0 [ 567.442971][T22682] ? bpf_prog_load+0xd45/0x2670 [ 567.447902][T22682] ? ktime_get_with_offset+0x273/0x3a0 [ 567.453461][T22682] ? lockdep_hardirqs_on+0x7c/0x110 [ 567.458784][T22682] ? read_tsc+0x9/0x20 [ 567.462954][T22682] ? ktime_get_with_offset+0x20f/0x3a0 [ 567.468509][T22682] ? bpf_obj_name_cpy+0x156/0x1b0 [ 567.473645][T22682] bpf_prog_load+0xe3f/0x2670 [ 567.478498][T22682] ? __pfx_bpf_prog_load+0x10/0x10 [ 567.483680][T22682] ? find_held_lock+0x2d/0x110 [ 567.488534][T22682] ? __might_fault+0x13b/0x190 [ 567.493569][T22682] ? __might_fault+0xe3/0x190 [ 567.498359][T22682] __sys_bpf+0x5677/0x57a0 [ 567.502866][T22682] ? __pfx___sys_bpf+0x10/0x10 [ 567.507707][T22682] ? do_user_addr_fault+0xdc7/0x13f0 [ 567.513132][T22682] ? reacquire_held_locks+0x20b/0x4c0 [ 567.518598][T22682] ? do_futex+0x123/0x350 [ 567.523023][T22682] ? __pfx_do_futex+0x10/0x10 [ 567.527822][T22682] ? xfd_validate_state+0x5d/0x180 [ 567.533017][T22682] ? rcu_is_watching+0x12/0xc0 [ 567.537866][T22682] __x64_sys_bpf+0x78/0xc0 [ 567.542364][T22682] ? lockdep_hardirqs_on+0x7c/0x110 [ 567.547654][T22682] do_syscall_64+0xcd/0x250 [ 567.552243][T22682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.558234][T22682] RIP: 0033:0x7fc0e2f85d29 [ 567.562722][T22682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.582513][T22682] RSP: 002b:00007fc0e3d3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 567.591720][T22682] RAX: ffffffffffffffda RBX: 00007fc0e3175fa0 RCX: 00007fc0e2f85d29 [ 567.599908][T22682] RDX: 000000000000000a RSI: 0000000020001080 RDI: 0000000000000005 [ 567.608208][T22682] RBP: 00007fc0e3001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 567.616336][T22682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 567.624381][T22682] R13: 0000000000000000 R14: 00007fc0e3175fa0 R15: 00007fff3daf9c68 [ 567.632527][T22682] [ 567.691997][T22682] Mem-Info: [ 567.695216][T22682] active_anon:52617 inactive_anon:0 isolated_anon:0 [ 567.695216][T22682] active_file:15430 inactive_file:44028 isolated_file:0 [ 567.695216][T22682] unevictable:769 dirty:25 writeback:0 [ 567.695216][T22682] slab_reclaimable:11005 slab_unreclaimable:101463 [ 567.695216][T22682] mapped:27448 shmem:35423 pagetables:803 [ 567.695216][T22682] sec_pagetables:0 bounce:0 [ 567.695216][T22682] kernel_misc_reclaimable:0 [ 567.695216][T22682] free:1281138 free_pcp:2073 free_cma:0 [ 567.833559][T22682] Node 0 active_anon:209268kB inactive_anon:0kB active_file:61720kB inactive_file:176036kB unevictable:1540kB isolated(anon):0kB isolated(file):0kB mapped:110592kB dirty:0kB writeback:100kB shmem:138056kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10520kB pagetables:3312kB sec_pagetables:0kB all_unreclaimable? no [ 567.948744][T22682] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 568.069991][T22682] Node 0 DMA free:15228kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:132kB local_pcp:52kB free_cma:0kB [ 568.170613][T22682] lowmem_reserve[]: 0 2465 2466 0 0 [ 568.176149][T22682] Node 0 DMA32 free:1217744kB boost:28672kB min:62872kB low:71420kB high:79968kB reserved_highatomic:0KB active_anon:195232kB inactive_anon:0kB active_file:61720kB inactive_file:175204kB unevictable:1540kB writepending:200kB present:3129332kB managed:2551336kB mlocked:0kB bounce:0kB free_pcp:8964kB local_pcp:6936kB free_cma:0kB [ 568.379988][T22682] lowmem_reserve[]: 0 0 0 0 0 [ 568.431133][T22682] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:832kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 568.478360][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.485000][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.668832][T22682] lowmem_reserve[]: 0 0 0 0 0 [ 568.690060][T22682] Node 1 Normal free:3904820kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:1208kB local_pcp:0kB free_cma:0kB [ 568.734150][T22682] lowmem_reserve[]: 0 0 0 0 0 [ 568.745925][T22682] Node 0 DMA: 9*4kB (M) 1*8kB (M) 1*16kB (M) 0*32kB 1*64kB (M) 0*128kB 1*256kB (M) 1*512kB (M) 2*1024kB (UM) 0*2048kB 3*4096kB (UM) = 15228kB [ 568.800387][T22682] Node 0 DMA32: 168*4kB (UME) 1238*8kB (UME) 1030*16kB (UME) 834*32kB (UME) 657*64kB (UME) 135*128kB (UME) 323*256kB (UM) 184*512kB (UME) 86*1024kB (UM) 45*2048kB (UM) 184*4096kB (UME) = 1223856kB [ 568.848511][T22682] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 568.890087][T22682] Node 1 Normal: 220*4kB (UME) 59*8kB (UME) 32*16kB (UME) 209*32kB (UME) 118*64kB (UME) 33*128kB (UME) 16*256kB (UM) 7*512kB (UME) 6*1024kB (UM) 4*2048kB (UME) 943*4096kB (UM) = 3904872kB [ 568.944805][T22682] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 568.975299][T22682] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 569.015848][T22682] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 569.055337][T22682] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 569.065451][T22682] 92161 total pagecache pages [ 569.070396][T22682] 121 pages in swap cache [ 569.074825][T22682] Free swap = 120332kB [ 569.079135][T22682] Total swap = 124996kB [ 569.083502][T22682] 2097051 pages RAM [ 569.088116][T22682] 0 pages HighMem/MovableOnly [ 569.093573][T22682] 427367 pages reserved [ 569.097797][T22682] 0 pages cma reserved [ 569.569888][T22748] FAULT_INJECTION: forcing a failure. [ 569.569888][T22748] name failslab, interval 1, probability 0, space 0, times 0 [ 569.629189][T22748] CPU: 1 UID: 0 PID: 22748 Comm: syz.2.2217 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 569.640156][T22748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 569.650275][T22748] Call Trace: [ 569.653595][T22748] [ 569.656569][T22748] dump_stack_lvl+0x16c/0x1f0 [ 569.661326][T22748] should_fail_ex+0x497/0x5b0 [ 569.666116][T22748] should_failslab+0xc2/0x120 [ 569.670896][T22748] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 569.676342][T22748] ? skb_clone+0x190/0x3f0 [ 569.680930][T22748] skb_clone+0x190/0x3f0 [ 569.685268][T22748] netlink_deliver_tap+0xafd/0xca0 [ 569.690465][T22748] netlink_unicast+0x5e1/0x7f0 [ 569.695298][T22748] ? __pfx_netlink_unicast+0x10/0x10 [ 569.700650][T22748] ? __phys_addr_symbol+0x30/0x80 [ 569.705847][T22748] ? __check_object_size+0x488/0x710 [ 569.711229][T22748] netlink_sendmsg+0x8b8/0xd70 [ 569.716077][T22748] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.721458][T22748] ____sys_sendmsg+0x9ae/0xb40 [ 569.726305][T22748] ? copy_msghdr_from_user+0x10b/0x160 [ 569.731869][T22748] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.737251][T22748] ___sys_sendmsg+0x135/0x1e0 [ 569.742030][T22748] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.747342][T22748] ? __pfx_lock_release+0x10/0x10 [ 569.752523][T22748] ? trace_lock_acquire+0x14e/0x1f0 [ 569.757826][T22748] ? __fget_files+0x206/0x3a0 [ 569.762594][T22748] __sys_sendmsg+0x16e/0x220 [ 569.767273][T22748] ? __pfx___sys_sendmsg+0x10/0x10 [ 569.772515][T22748] do_syscall_64+0xcd/0x250 [ 569.777109][T22748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.783106][T22748] RIP: 0033:0x7f74d1785d29 [ 569.787593][T22748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.807463][T22748] RSP: 002b:00007f74cf5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 569.815952][T22748] RAX: ffffffffffffffda RBX: 00007f74d1975fa0 RCX: 00007f74d1785d29 [ 569.824089][T22748] RDX: 0000000000044044 RSI: 0000000020006200 RDI: 0000000000000003 [ 569.832143][T22748] RBP: 00007f74cf5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 569.840182][T22748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.848221][T22748] R13: 0000000000000000 R14: 00007f74d1975fa0 R15: 00007ffe8c0623f8 [ 569.856292][T22748] [ 570.280539][T22750] ptrace attach of "./syz-executor exec"[13829] was attempted by ""[22750] [ 570.759842][T22756] Invalid ELF header magic: != ELF [ 571.222824][T22764] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2222'. [ 576.763217][T22795] kexec: Could not allocate control_code_buffer [ 578.541176][T22845] Process accounting resumed [ 578.557069][T22845] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22845 comm: syz.4.2245) [ 578.827519][T22850] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22850 comm: syz.4.2247) [ 579.194077][T22857] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22857 comm: syz.4.2248) [ 579.522580][T22864] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22864 comm: syz.4.2251) [ 579.662772][T22876] QAT: failed to copy from user cfg_data. [ 579.837220][T22880] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22880 comm: syz.4.2253) [ 580.448500][T22887] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22887 comm: syz.4.2255) [ 581.050996][T22896] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22896 comm: syz.4.2258) [ 581.402827][T22908] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22908 comm: syz.4.2261) [ 583.013697][T22916] kexec: Could not allocate control_code_buffer [ 583.047981][T22916] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22916 comm: syz.4.2263) [ 583.338030][T22926] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22926 comm: syz.4.2266) [ 583.713028][T22932] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22932 comm: syz.4.2269) [ 583.876316][T22930] ptrace attach of "./syz-executor exec"[5835] was attempted by ""[22930] [ 585.742281][T22937] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22937 comm: syz.4.2271) [ 586.044888][T22953] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2275'. [ 586.551558][T22965] FAULT_INJECTION: forcing a failure. [ 586.551558][T22965] name failslab, interval 1, probability 0, space 0, times 0 [ 586.741453][T22965] CPU: 0 UID: 0 PID: 22965 Comm: syz.2.2277 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 586.752365][T22965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 586.762527][T22965] Call Trace: [ 586.765855][T22965] [ 586.769273][T22965] dump_stack_lvl+0x16c/0x1f0 [ 586.774137][T22965] should_fail_ex+0x497/0x5b0 [ 586.779005][T22965] should_failslab+0xc2/0x120 [ 586.783894][T22965] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 586.789445][T22965] ? skb_clone+0x190/0x3f0 [ 586.793950][T22965] skb_clone+0x190/0x3f0 [ 586.798297][T22965] netlink_deliver_tap+0xafd/0xca0 [ 586.803510][T22965] netlink_unicast+0x6b4/0x7f0 [ 586.808357][T22965] ? __pfx_netlink_unicast+0x10/0x10 [ 586.814245][T22965] ? genl_rcv_msg+0x4bd/0x800 [ 586.819040][T22965] netlink_ack+0x6a5/0xb20 [ 586.823819][T22965] netlink_rcv_skb+0x327/0x410 [ 586.828762][T22965] ? __pfx_genl_rcv_msg+0x10/0x10 [ 586.833873][T22965] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.839257][T22965] ? down_read+0xc9/0x330 [ 586.843701][T22965] ? __pfx_down_read+0x10/0x10 [ 586.848552][T22965] ? netlink_deliver_tap+0x1ae/0xca0 [ 586.853921][T22965] genl_rcv+0x28/0x40 [ 586.857989][T22965] netlink_unicast+0x53c/0x7f0 [ 586.862828][T22965] ? __pfx_netlink_unicast+0x10/0x10 [ 586.868190][T22965] ? __phys_addr_symbol+0x30/0x80 [ 586.873293][T22965] ? __check_object_size+0x488/0x710 [ 586.878675][T22965] netlink_sendmsg+0x8b8/0xd70 [ 586.883521][T22965] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.888899][T22965] ____sys_sendmsg+0x9ae/0xb40 [ 586.893739][T22965] ? copy_msghdr_from_user+0x10b/0x160 [ 586.899284][T22965] ? __pfx_____sys_sendmsg+0x10/0x10 [ 586.904690][T22965] ___sys_sendmsg+0x135/0x1e0 [ 586.909458][T22965] ? __pfx____sys_sendmsg+0x10/0x10 [ 586.914759][T22965] ? __pfx_lock_release+0x10/0x10 [ 586.919857][T22965] ? trace_lock_acquire+0x14e/0x1f0 [ 586.925209][T22965] ? __fget_files+0x206/0x3a0 [ 586.929978][T22965] __sys_sendmsg+0x16e/0x220 [ 586.934675][T22965] ? __pfx___sys_sendmsg+0x10/0x10 [ 586.939941][T22965] do_syscall_64+0xcd/0x250 [ 586.944618][T22965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.950613][T22965] RIP: 0033:0x7f74d1785d29 [ 586.955090][T22965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.974858][T22965] RSP: 002b:00007f74cf5d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 586.983352][T22965] RAX: ffffffffffffffda RBX: 00007f74d1976080 RCX: 00007f74d1785d29 [ 586.991389][T22965] RDX: 0000000000044044 RSI: 0000000020006200 RDI: 0000000000000003 [ 586.999423][T22965] RBP: 00007f74cf5d5090 R08: 0000000000000000 R09: 0000000000000000 [ 587.007602][T22965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 587.015638][T22965] R13: 0000000000000001 R14: 00007f74d1976080 R15: 00007ffe8c0623f8 [ 587.023712][T22965] [ 587.487856][T22959] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22959 comm: syz.4.2276) [ 588.048334][T22972] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22972 comm: syz.4.2282) [ 589.046690][T22983] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 22983 comm: syz.4.2284) [ 589.785219][T23006] netlink: 'syz.4.2287': attribute type 46 has an invalid length. [ 590.297228][T23002] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 23002 comm: syz.4.2287) [ 590.610567][ T29] audit: type=1326 audit(4295360644.548:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23011 comm="syz.0.2291" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbaa7b85d29 code=0x0 [ 591.287440][T23019] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 23019 comm: syz.4.2293) [ 591.361574][T23019] Process accounting resumed [ 591.420423][T23019] bridge0: port 3(team0) entered blocking state [ 591.509509][T23019] bridge0: port 3(team0) entered disabled state [ 591.539952][T23019] team0: entered allmulticast mode [ 591.604919][T23019] team_slave_0: entered allmulticast mode [ 591.623208][T23019] team0: entered promiscuous mode [ 591.642275][T23019] team_slave_0: entered promiscuous mode [ 591.664608][T23019] bridge0: port 3(team0) entered blocking state [ 591.671073][T23019] bridge0: port 3(team0) entered forwarding state [ 595.585679][T23083] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2313'. [ 595.811683][T23084] sp0: Synchronizing with TNC [ 602.336659][T23188] netlink: 'syz.0.2343': attribute type 46 has an invalid length. [ 608.511458][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 608.531510][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 608.545792][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 608.557718][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 608.579406][ T5843] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 608.589391][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 609.227402][T23280] chnl_net:caif_netlink_parms(): no params data found [ 609.907572][T23280] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.917287][T23280] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.935527][T23280] bridge_slave_0: entered allmulticast mode [ 609.972984][T23280] bridge_slave_0: entered promiscuous mode [ 610.006274][T23280] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.033752][T23280] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.041193][T23280] bridge_slave_1: entered allmulticast mode [ 610.048518][T23280] bridge_slave_1: entered promiscuous mode [ 610.136991][T23280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 610.164718][T23280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 610.206841][T23306] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2374'. [ 610.273999][T23280] team0: Port device team_slave_0 added [ 610.292503][T23280] team0: Port device team_slave_1 added [ 610.402033][T23280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 610.438223][T23280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.464641][ C0] vkms_vblank_simulate: vblank timer overrun [ 610.530174][T23280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 610.553966][T23280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 610.561555][T23280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.587723][ C0] vkms_vblank_simulate: vblank timer overrun [ 610.597536][T23280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 610.677692][ T5843] Bluetooth: hci1: command tx timeout [ 610.713652][T23280] hsr_slave_0: entered promiscuous mode [ 610.727886][T23280] hsr_slave_1: entered promiscuous mode [ 610.770036][T23280] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 610.777824][T23280] Cannot create hsr debugfs directory [ 611.023051][T23280] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.110070][T23280] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.187473][T23280] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.294371][T23280] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.643343][T23280] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 611.661128][T23280] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 611.680666][T23280] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 611.691884][T23280] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 611.875277][T23280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 611.915523][T23280] 8021q: adding VLAN 0 to HW filter on device team0 [ 611.959688][ T6280] bridge0: port 1(bridge_slave_0) entered blocking state [ 611.967044][ T6280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.007146][T22881] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.014543][T22881] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.748712][ T5843] Bluetooth: hci1: command tx timeout [ 612.759910][T23280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 612.813356][T23280] veth0_vlan: entered promiscuous mode [ 612.835048][T23280] veth1_vlan: entered promiscuous mode [ 612.870399][T23280] veth0_macvtap: entered promiscuous mode [ 612.916810][T23280] veth1_macvtap: entered promiscuous mode [ 612.967281][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 612.990895][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.004618][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 613.021296][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.037762][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 613.057683][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.077572][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 613.097981][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.127454][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 613.149361][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.163993][T23280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 613.202792][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.232124][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.263761][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.289724][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.317351][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.339719][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.360549][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.381568][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.404553][T23280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 613.421875][T23280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 613.449884][T23280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 613.491032][T23280] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.508289][T23280] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.528205][T23280] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.537002][T23280] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.789770][T22881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 613.817210][T22881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 613.907145][T22881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 613.947960][T22881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.826927][ T5843] Bluetooth: hci1: command tx timeout [ 616.915619][ T5843] Bluetooth: hci1: command tx timeout [ 618.005976][T23401] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2399'. [ 619.235775][T23409] binder: 23407:23409 ioctl 400c620e 9 returned -22 [ 620.086515][T23417] FAULT_INJECTION: forcing a failure. [ 620.086515][T23417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 620.144124][T23417] CPU: 0 UID: 0 PID: 23417 Comm: syz.3.2402 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 620.155000][T23417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 620.165100][T23417] Call Trace: [ 620.168425][T23417] [ 620.171402][T23417] dump_stack_lvl+0x16c/0x1f0 [ 620.176159][T23417] should_fail_ex+0x497/0x5b0 [ 620.180927][T23417] _copy_from_user+0x2e/0xd0 [ 620.185612][T23417] copy_msghdr_from_user+0x99/0x160 [ 620.190983][T23417] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 620.196951][T23417] ___sys_sendmsg+0xff/0x1e0 [ 620.201600][T23417] ? __pfx____sys_sendmsg+0x10/0x10 [ 620.206877][T23417] ? __pfx_lock_release+0x10/0x10 [ 620.212034][T23417] ? trace_lock_acquire+0x14e/0x1f0 [ 620.217300][T23417] ? __fget_files+0x206/0x3a0 [ 620.222024][T23417] __sys_sendmsg+0x16e/0x220 [ 620.226690][T23417] ? __pfx___sys_sendmsg+0x10/0x10 [ 620.231877][T23417] do_syscall_64+0xcd/0x250 [ 620.236537][T23417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.242612][T23417] RIP: 0033:0x7fc0e2f85d29 [ 620.247059][T23417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.266754][T23417] RSP: 002b:00007fc0e3d1b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 620.275228][T23417] RAX: ffffffffffffffda RBX: 00007fc0e3176080 RCX: 00007fc0e2f85d29 [ 620.283244][T23417] RDX: 0000000004040004 RSI: 0000000020000180 RDI: 0000000000000002 [ 620.291328][T23417] RBP: 00007fc0e3d1b090 R08: 0000000000000000 R09: 0000000000000000 [ 620.299353][T23417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.307366][T23417] R13: 0000000000000001 R14: 00007fc0e3176080 R15: 00007fff3daf9c68 [ 620.315386][T23417] [ 620.560169][T23384] kexec: Could not allocate control_code_buffer [ 621.301121][ T1205] [ 621.303526][ T1205] ====================================================== [ 621.310681][ T1205] WARNING: possible circular locking dependency detected [ 621.317741][ T1205] 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 Not tainted [ 621.324995][ T1205] ------------------------------------------------------ [ 621.332049][ T1205] kworker/0:2/1205 is trying to acquire lock: [ 621.338246][ T1205] ffffffff8fabfb08 (rtnl_mutex){+.+.}-{4:4}, at: smc_vlan_by_tcpsk+0x251/0x620 [ 621.347305][ T1205] [ 621.347305][ T1205] but task is already holding lock: [ 621.354713][ T1205] ffff8880582d9958 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_connect_work+0x53c/0xae0 [ 621.364115][ T1205] [ 621.364115][ T1205] which lock already depends on the new lock. [ 621.364115][ T1205] [ 621.374644][ T1205] [ 621.374644][ T1205] the existing dependency chain (in reverse order) is: [ 621.383799][ T1205] [ 621.383799][ T1205] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 621.391525][ T1205] lock_sock_nested+0x3a/0xf0 [ 621.396802][ T1205] sockopt_lock_sock+0x54/0x70 [ 621.402175][ T1205] do_ip_setsockopt+0x101/0x38c0 [ 621.407698][ T1205] ip_setsockopt+0x59/0xf0 [ 621.412696][ T1205] raw_setsockopt+0xb8/0x290 [ 621.417862][ T1205] do_sock_setsockopt+0x222/0x480 [ 621.423470][ T1205] __sys_setsockopt+0x1a0/0x230 [ 621.428917][ T1205] __x64_sys_setsockopt+0xbd/0x160 [ 621.434649][ T1205] do_syscall_64+0xcd/0x250 [ 621.439739][ T1205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.446233][ T1205] [ 621.446233][ T1205] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 621.453519][ T1205] __lock_acquire+0x249e/0x3c40 [ 621.458970][ T1205] lock_acquire.part.0+0x11b/0x380 [ 621.464665][ T1205] __mutex_lock+0x19b/0xa60 [ 621.469758][ T1205] smc_vlan_by_tcpsk+0x251/0x620 [ 621.475288][ T1205] __smc_connect+0x466/0x4890 [ 621.480539][ T1205] smc_connect_work+0x54f/0xae0 [ 621.485966][ T1205] process_one_work+0x958/0x1b30 [ 621.491478][ T1205] worker_thread+0x6c8/0xf00 [ 621.496645][ T1205] kthread+0x2c1/0x3a0 [ 621.501306][ T1205] ret_from_fork+0x45/0x80 [ 621.506391][ T1205] ret_from_fork_asm+0x1a/0x30 [ 621.511753][ T1205] [ 621.511753][ T1205] other info that might help us debug this: [ 621.511753][ T1205] [ 621.522024][ T1205] Possible unsafe locking scenario: [ 621.522024][ T1205] [ 621.529520][ T1205] CPU0 CPU1 [ 621.534926][ T1205] ---- ---- [ 621.540330][ T1205] lock(sk_lock-AF_INET); [ 621.544815][ T1205] lock(rtnl_mutex); [ 621.551467][ T1205] lock(sk_lock-AF_INET); [ 621.558630][ T1205] lock(rtnl_mutex); [ 621.562665][ T1205] [ 621.562665][ T1205] *** DEADLOCK *** [ 621.562665][ T1205] [ 621.570846][ T1205] 3 locks held by kworker/0:2/1205: [ 621.576200][ T1205] #0: ffff88814dbe3d48 ((wq_completion)smc_hs_wq){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 621.587030][ T1205] #1: ffffc900044ffd80 ((work_completion)(&smc->connect_work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 621.599059][ T1205] #2: ffff8880582d9958 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_connect_work+0x53c/0xae0 [ 621.608902][ T1205] [ 621.608902][ T1205] stack backtrace: [ 621.614886][ T1205] CPU: 0 UID: 0 PID: 1205 Comm: kworker/0:2 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 621.625890][ T1205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 621.635997][ T1205] Workqueue: smc_hs_wq smc_connect_work [ 621.641608][ T1205] Call Trace: [ 621.645015][ T1205] [ 621.647990][ T1205] dump_stack_lvl+0x116/0x1f0 [ 621.652737][ T1205] print_circular_bug+0x41c/0x610 [ 621.657900][ T1205] check_noncircular+0x31a/0x400 [ 621.662923][ T1205] ? __pfx_check_noncircular+0x10/0x10 [ 621.668523][ T1205] ? __lock_acquire+0x2077/0x3c40 [ 621.673634][ T1205] ? lockdep_lock+0xc6/0x200 [ 621.678299][ T1205] ? __pfx_lockdep_lock+0x10/0x10 [ 621.683396][ T1205] __lock_acquire+0x249e/0x3c40 [ 621.688340][ T1205] ? __pfx___lock_acquire+0x10/0x10 [ 621.693620][ T1205] ? __pfx_lock_release+0x10/0x10 [ 621.698714][ T1205] lock_acquire.part.0+0x11b/0x380 [ 621.703898][ T1205] ? smc_vlan_by_tcpsk+0x251/0x620 [ 621.709077][ T1205] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 621.714794][ T1205] ? rcu_is_watching+0x12/0xc0 [ 621.719634][ T1205] ? trace_lock_acquire+0x14e/0x1f0 [ 621.724910][ T1205] ? smc_vlan_by_tcpsk+0x251/0x620 [ 621.730087][ T1205] ? lock_acquire+0x2f/0xb0 [ 621.734648][ T1205] ? smc_vlan_by_tcpsk+0x251/0x620 [ 621.739819][ T1205] __mutex_lock+0x19b/0xa60 [ 621.744394][ T1205] ? smc_vlan_by_tcpsk+0x251/0x620 [ 621.749569][ T1205] ? smc_vlan_by_tcpsk+0x251/0x620 [ 621.754749][ T1205] ? __pfx___mutex_lock+0x10/0x10 [ 621.759935][ T1205] ? smc_vlan_by_tcpsk+0x32e/0x620 [ 621.765116][ T1205] ? smc_vlan_by_tcpsk+0x251/0x620 [ 621.770292][ T1205] smc_vlan_by_tcpsk+0x251/0x620 [ 621.775380][ T1205] ? __pfx_smc_vlan_by_tcpsk+0x10/0x10 [ 621.781346][ T1205] __smc_connect+0x466/0x4890 [ 621.786093][ T1205] ? __pfx___smc_connect+0x10/0x10 [ 621.791265][ T1205] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 621.796719][ T1205] ? mark_held_locks+0x9f/0xe0 [ 621.801566][ T1205] ? __local_bh_enable_ip+0xa4/0x120 [ 621.806936][ T1205] smc_connect_work+0x54f/0xae0 [ 621.811907][ T1205] ? __pfx_smc_connect_work+0x10/0x10 [ 621.817347][ T1205] ? lock_acquire+0x2f/0xb0 [ 621.821908][ T1205] ? process_one_work+0x8bb/0x1b30 [ 621.827120][ T1205] process_one_work+0x958/0x1b30 [ 621.832126][ T1205] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 621.837820][ T1205] ? __pfx_process_one_work+0x10/0x10 [ 621.843314][ T1205] ? rcu_is_watching+0x12/0xc0 [ 621.848150][ T1205] ? assign_work+0x1a0/0x250 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 621.852819][ T1205] worker_thread+0x6c8/0xf00 [ 621.857479][ T1205] ? __kthread_parkme+0x148/0x220 [ 621.862662][ T1205] ? __pfx_worker_thread+0x10/0x10 [ 621.867845][ T1205] kthread+0x2c1/0x3a0 [ 621.872016][ T1205] ? _raw_spin_unlock_irq+0x23/0x50 [ 621.877288][ T1205] ? __pfx_kthread+0x10/0x10 [ 621.881947][ T1205] ret_from_fork+0x45/0x80 [ 621.886423][ T1205] ? __pfx_kthread+0x10/0x10 [ 621.891089][ T1205] ret_from_fork_asm+0x1a/0x30 [ 621.895943][ T1205] [ 623.291074][T22870] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.444708][T22870] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.781403][T22870] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 623.896644][T22870] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.066080][T22870] team0: left allmulticast mode [ 624.071024][T22870] team_slave_0: left allmulticast mode [ 624.082194][T22870] team0: left promiscuous mode [ 624.087047][T22870] team_slave_0: left promiscuous mode [ 624.102617][T22870] bridge0: port 3(team0) entered disabled state [ 624.110953][T22870] bridge_slave_1: left allmulticast mode [ 624.128621][T22870] bridge_slave_1: left promiscuous mode [ 624.142070][T22870] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.174867][T22870] bridge_slave_0: left allmulticast mode [ 624.180591][T22870] bridge_slave_0: left promiscuous mode [ 624.192423][T22870] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.472531][T22870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 624.536154][T22870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 624.607136][T22870] bond0 (unregistering): Released all slaves [ 624.993159][T22870] hsr_slave_0: left promiscuous mode [ 624.999280][T22870] hsr_slave_1: left promiscuous mode [ 625.005657][T22870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 625.017267][T22870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.025486][T22870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 625.036029][T22870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.045856][T22870] veth1_macvtap: left promiscuous mode [ 625.051844][T22870] veth0_macvtap: left promiscuous mode [ 625.057483][T22870] veth1_vlan: left promiscuous mode [ 625.063594][T22870] veth0_vlan: left promiscuous mode [ 625.229559][T22870] team0 (unregistering): Port device team_slave_0 removed [ 625.680301][T22870] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.717974][T22870] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.782428][T22870] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.836695][T22870] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.936101][T22870] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.986182][T22870] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.046760][T22870] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.098105][T22870] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.198749][T22870] bridge_slave_1: left allmulticast mode [ 626.205780][T22870] bridge_slave_1: left promiscuous mode [ 626.212111][T22870] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.222558][T22870] bridge_slave_0: left allmulticast mode [ 626.228428][T22870] bridge_slave_0: left promiscuous mode [ 626.234986][T22870] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.245053][T22870] bridge_slave_1: left allmulticast mode [ 626.251192][T22870] bridge_slave_1: left promiscuous mode [ 626.257027][T22870] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.266491][T22870] bridge_slave_0: left allmulticast mode [ 626.274458][T22870] bridge_slave_0: left promiscuous mode [ 626.280608][T22870] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.496943][T22870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.507235][T22870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.518575][T22870] bond0 (unregistering): Released all slaves [ 626.531087][T22870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.541801][T22870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.551557][T22870] bond0 (unregistering): Released all slaves [ 626.918919][T22870] hsr_slave_0: left promiscuous mode [ 626.925638][T22870] hsr_slave_1: left promiscuous mode [ 626.932109][T22870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.939558][T22870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.949975][T22870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.957899][T22870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.968459][T22870] hsr_slave_0: left promiscuous mode [ 626.976114][T22870] hsr_slave_1: left promiscuous mode [ 626.982898][T22870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 626.990703][T22870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.998497][T22870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 627.006134][T22870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 627.017648][T22870] veth1_macvtap: left promiscuous mode [ 627.023377][T22870] veth0_macvtap: left promiscuous mode [ 627.028977][T22870] veth1_vlan: left promiscuous mode [ 627.034380][T22870] veth0_vlan: left promiscuous mode [ 627.040350][T22870] veth1_macvtap: left promiscuous mode [ 627.045979][T22870] veth0_macvtap: left promiscuous mode [ 627.052609][T22870] veth1_vlan: left promiscuous mode [ 627.057914][T22870] veth0_vlan: left promiscuous mode [ 627.264203][T22870] team0 (unregistering): Port device team_slave_1 removed [ 627.295780][T22870] team0 (unregistering): Port device team_slave_0 removed [ 627.520135][T22870] team0 (unregistering): Port device team_slave_1 removed [ 627.549102][T22870] team0 (unregistering): Port device team_slave_0 removed [ 629.864665][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.871332][ T1293] ieee802154 phy1 wpan1: encryption failed: -22