last executing test programs: 12m59.097136354s ago: executing program 3 (id=783): r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008011}, 0x4844) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="110325bc6b00fedbdf2513"], 0x14}, 0x1, 0xa6ff, 0x0, 0xc801}, 0x4040) 12m58.891246719s ago: executing program 3 (id=785): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003ac0)={&(0x7f0000000840)=ANY=[@ANYBLOB=',;\x00\x00', @ANYRES16=r1, @ANYBLOB="8b0a2cbd7000ffd9df25010000000800018004000280103b01"], 0x3b2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x20, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x6}, @NL80211_ATTR_VHT_CAPABILITY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x804}, 0x20000010) 12m58.553133842s ago: executing program 3 (id=786): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x2c, 0x3, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async, rerun: 64) close_range$auto(0x2, 0xfffffffffffff000, 0x2) (async, rerun: 64) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) socket(0x1, 0x1, 0x0) (async) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async) open(0x0, 0x4242, 0xe1d2b27bdc14aabc) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) clone$auto(0x5, 0x7ffffffffffffffc, 0xffffffffffffffff, 0x0, 0x0) mlock$auto(0xfbe8, 0x4) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0xfffffffffffffff6) (async) socket(0x10, 0x2, 0xb) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) getsockopt$auto(0x3, 0x200000000001, 0x3, 0x0, 0x0) (async) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) socket(0x25, 0x2, 0x4) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) 12m57.18517803s ago: executing program 3 (id=792): msync$auto(0xf0ff1f00000000, 0x2000000005, 0x6) 12m56.784941688s ago: executing program 3 (id=793): unshare$auto(0x40000080) (async) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) removexattr$auto(0x0, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) (async, rerun: 32) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rxrpc/calls\x00', 0x100, 0x0) (rerun: 32) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/88, 0x58) (async) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/4092, 0xffc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x4000) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) socketpair$auto(0x1d, 0x2, 0x2, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) open(0x0, 0x252802, 0x190) (async, rerun: 64) socket(0x1, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf44, 0x0, 0x9) (async) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) (async) migrate_pages$auto(0x1, 0x9, 0x0, &(0x7f0000000840)=0x2) (async) connect$auto(0x3, &(0x7f00000001c0), 0x55) (async, rerun: 64) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x3ff57696, 0x9b72, 0x5, 0x8000000000008000) (async, rerun: 64) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async, rerun: 64) madvise$auto(0x0, 0x80000001, 0x8) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0xffff, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4) 12m51.852601969s ago: executing program 3 (id=805): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000280)={0x3, 0xfffffe01, [{r0, 0x0, 0x3, 0x5}, {r0, 0x0, 0x6, 0x7f}, {r0, 0x0, 0x65, 0x969}, {0xffffffffffffffff, 0x0, 0x6, 0x1}, {r0, 0x0, 0x7, 0x1bd}, {r0, 0x0, 0x7f, 0xffff}, {r0, 0x0, 0x4a7, 0x80}, {r0, 0x0, 0x3, 0xa}]}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_GET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x48, r2, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x6}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x25}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x11) mmap$auto(0x0, 0x8, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r3, 0x901064ad, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop7\x00', 0x100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fb\x00', 0xd00, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f0000000180)=""/249, 0xf9) 12m51.440323611s ago: executing program 32 (id=805): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000280)={0x3, 0xfffffe01, [{r0, 0x0, 0x3, 0x5}, {r0, 0x0, 0x6, 0x7f}, {r0, 0x0, 0x65, 0x969}, {0xffffffffffffffff, 0x0, 0x6, 0x1}, {r0, 0x0, 0x7, 0x1bd}, {r0, 0x0, 0x7f, 0xffff}, {r0, 0x0, 0x4a7, 0x80}, {r0, 0x0, 0x3, 0xa}]}) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_GET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x48, r2, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_FD={0x8, 0x17, r0}, @L2TP_ATTR_USING_IPSEC={0x5, 0x15, 0x6}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x25}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x11) mmap$auto(0x0, 0x8, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r3, 0x901064ad, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop7\x00', 0x100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fb\x00', 0xd00, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f0000000180)=""/249, 0xf9) 12m31.869086764s ago: executing program 0 (id=921): ioperm$auto(0x7, 0x6, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x1, 0x10401}, 0x0) r0 = getpid() r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000300)={{@raw=0x1, 0xa, 0xf8, 0x4671, "a401d243991a4dc376cc2bd4dbe3040e3cff152230323227f8d6c24be7ceeed84366bbadec197ea40209a468", @raw}, 0x1ea, 0x81, 0x1, @raw=0x8f10, @reserved="b2089ab0bbaab63c40853405fb772ade9448008d0040560232dbb586cf8f11ca82a2ba37174118952b850ad2099d3a3bc1c77e916330e96e2989bebf719430efe8c9a59c9349eac701c2bbb3122607916561a6da1cfdfc5dc83f4cc979d6dbf96bcb58d1f9042592b39ceec6193960c9a37975bc0153c5fce4d94f329d47f6d4", "2bb2d72b107f03a0ef0c6760e2e1fd64b8ae4a5be70b75810dfa4cc7182ed519d3613ea5b4243440fc9595b760cee784decb284ff015aa97d8f86dd61fd4f929"}) r2 = gettid() rt_tgsigqueueinfo$auto(r0, r2, 0x21, 0x0) socket(0xa, 0x2, 0x0) mmap$auto(0xffffffffffffffff, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/irq/7/effective_affinity_list\x00', 0x100, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x0, 0x13, 0xffffffffffffffff, 0x0) read$auto_proc_single_file_operations_base(r3, &(0x7f00000000c0)=""/58, 0x3a) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0x1, 0x106) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r4, 0x40345410, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x9fe, 0x40000c, 0xdf, 0x9b72, 0x2, 0x9) socket(0xa, 0x3, 0x5) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) bind$auto(0x3, 0x0, 0x6b) mincore$auto(0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) 12m31.678157399s ago: executing program 0 (id=925): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x3c, r0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x24, 0x1, 0x0, 0x1, [@nested={0x1d, 0x10, 0x0, 0x1, [@typed={0x14, 0xd, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @generic="00ba98302f"]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0xef75) ioperm$auto(0x90d5, 0xc, 0x2) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) rt_sigtimedwait$auto(&(0x7f0000000000)={0xb}, &(0x7f0000000080)={@_si_pad}, &(0x7f0000000100)={0x3, 0x3}, 0x8) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r3, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f000000e000)={0x18, r4, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x104}, 0x40) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) 12m30.641011384s ago: executing program 0 (id=932): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002dbd7000fedbdf2502000000080002000200000008"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e"], 0x1ac}, 0x1, 0x0, 0x0, 0x200408c0}, 0x40000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x0) pipe$auto(0x0) fcntl$auto(0x8000000000000001, 0x26, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) 12m30.42485305s ago: executing program 0 (id=933): ioperm$auto(0x7, 0x6, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x1, 0x10401}, 0x0) r0 = getpid() r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000300)={{@raw=0x1, 0xa, 0xf8, 0x4671, "a401d243991a4dc376cc2bd4dbe3040e3cff152230323227f8d6c24be7ceeed84366bbadec197ea40209a468", @raw}, 0x1ea, 0x81, 0x1, @raw=0x8f10, @reserved="b2089ab0bbaab63c40853405fb772ade9448008d0040560232dbb586cf8f11ca82a2ba37174118952b850ad2099d3a3bc1c77e916330e96e2989bebf719430efe8c9a59c9349eac701c2bbb3122607916561a6da1cfdfc5dc83f4cc979d6dbf96bcb58d1f9042592b39ceec6193960c9a37975bc0153c5fce4d94f329d47f6d4", "2bb2d72b107f03a0ef0c6760e2e1fd64b8ae4a5be70b75810dfa4cc7182ed519d3613ea5b4243440fc9595b760cee784decb284ff015aa97d8f86dd61fd4f929"}) r2 = gettid() rt_tgsigqueueinfo$auto(r0, r2, 0x21, 0x0) socket(0xa, 0x2, 0x0) mmap$auto(0xffffffffffffffff, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/irq/7/effective_affinity_list\x00', 0x100, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x0, 0x13, 0xffffffffffffffff, 0x0) read$auto_proc_single_file_operations_base(r3, &(0x7f00000000c0)=""/58, 0x3a) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0x1, 0x106) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r4, 0x40345410, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x9fe, 0x40000c, 0xdf, 0x9b72, 0x2, 0x9) socket(0xa, 0x3, 0x5) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) bind$auto(0x3, 0x0, 0x6b) mincore$auto(0x0, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) 12m30.186339113s ago: executing program 0 (id=934): close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) (rerun: 64) r0 = io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/stat/rt_cache\x00', 0x0, 0x0) madvise$auto(0x1, 0x20000003, 0x6) (async) lseek$auto(r1, 0x100, 0x1) (async) r2 = socket(0x2, 0x5, 0x0) (async) iopl$auto(0x3) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffdfffa) (async) rename$auto(0x0, 0x0) (async) link$auto(&(0x7f0000000340)=':,\x00', &(0x7f0000000380)='./file0\x00') (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x9) socket(0x2, 0x1, 0x84) (async) close_range$auto(0x2, 0xa, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd10\x00', 0x121000, 0x0) (rerun: 32) ioctl$auto(0x3, 0x401070cd, 0x38) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0x7}, 0xfff}, 0x5, 0x311) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) write$auto_proc_clear_refs_operations_internal(r0, &(0x7f00000003c0)="085daa7848f03ab9f5e0ca918e9783df39627a551673265b70bf4ca03b7fd551ee68d592f107c3e848f02b198d571c0f2dbb5731cee6205a2db152eb8e33b5e67eb70ffddfec5ac5745d8d047a52b4dcff18badbd4d10885d5bfb19156b5336e6c9187ffc0bd436a9dae0e8b597a18e3998021fae0006fe690355f19cd98595f357dd6ddf3bdd483f47a04e0cc41a9ec81c04df64bd7acf89c05415ccc7e2ab00a36d9779d54079852cd1a6f0c9f9be1d2c71d91720316d7e3bc85844373c2e93407cbb45a0df1c635fc1543e7", 0xcd) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="b50f4ddcb8d728da27ba0aec38263b31ec4e3760b2743fb88eb1001fee6046191891f99e6f8ca43e0d529f7ce9f520fe40208b46a28de3bfe59d8ff44efd6e3e33a54b663a6db54f4bd0df5de0b837f62babde047b8c0234095ec22990d4670e1c0aab5a45cc151d7fcf75d08ceda14f7153b5289f55fe84a92924c034f8cad0b542618d8a1d0b422a3cf7b31c69"], 0x1ac}, 0x1, 0x0, 0x0, 0x48840}, 0xc000) (async, rerun: 32) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) select$auto(0x8, 0x0, &(0x7f0000000280)={[0x10, 0xe9f, 0x4, 0x14, 0x1000, 0x47, 0xc, 0xf, 0xfffffffffffffffd, 0x0, 0x3, 0xc, 0x101, 0x8008, 0x2, 0x3]}, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r3, 0x1, &(0x7f0000000000), 0x1000) 12m29.441152005s ago: executing program 0 (id=940): r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0xc4) r1 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) ioctl$auto_UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000080)={r0, 0x8, 0x0, 0x8000}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x6, &(0x7f0000000000)=@bpf_attr_3={0x1, 0x9067, 0x40000080018c, 0x6a, 0x0, 0x8, 0x4, 0x57b8, 0xf, "63ac0600000033ebc15774e816ef77cf", 0x0, 0x100543, 0x4, 0x207, 0x3, 0x1009, 0x4, 0x2, 0xe, 0x5, @attach_btf_obj_fd, 0x166, 0x7fb, 0x800000000000006, 0xa, 0x48000000}, 0x10) writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f0000000000), 0x200}, 0x9) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x14d700, 0x0) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/cpu/1/cpuid\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x100000001) rt_sigprocmask$auto(0xb5, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x800, 0x1, 0x4, 0x5, 0x7) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) getcpu$auto(&(0x7f0000000000)=0x4, &(0x7f0000000040)=0x401, 0x0) 12m14.338455545s ago: executing program 33 (id=940): r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0xc4) r1 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) ioctl$auto_UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000080)={r0, 0x8, 0x0, 0x8000}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x6, &(0x7f0000000000)=@bpf_attr_3={0x1, 0x9067, 0x40000080018c, 0x6a, 0x0, 0x8, 0x4, 0x57b8, 0xf, "63ac0600000033ebc15774e816ef77cf", 0x0, 0x100543, 0x4, 0x207, 0x3, 0x1009, 0x4, 0x2, 0xe, 0x5, @attach_btf_obj_fd, 0x166, 0x7fb, 0x800000000000006, 0xa, 0x48000000}, 0x10) writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f0000000000), 0x200}, 0x9) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x14d700, 0x0) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/cpu/1/cpuid\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x100000001) rt_sigprocmask$auto(0xb5, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x800, 0x1, 0x4, 0x5, 0x7) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) getcpu$auto(&(0x7f0000000000)=0x4, &(0x7f0000000040)=0x401, 0x0) 4m58.106751861s ago: executing program 4 (id=3662): mmap$auto(0x1, 0x6, 0xdb, 0xeb1, 0x401, 0x8000) (async) r0 = syz_genetlink_get_family_id$auto_cifs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_CIFS_GENL_CMD_SWN_NOTIFY(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x18, r0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@CIFS_GENL_ATTR_SWN_SHARE_NAME_NOTIFY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4043}, 0x8040) (async) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6b) (async) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) (async) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000200), 0xe0080, 0x0) ioctl$auto_I2C_RDWR(r2, 0x707, 0x0) 4m57.641168454s ago: executing program 4 (id=3664): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/028/001\x00', 0x981, 0x0) r1 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/gem_names\x00', 0x101402, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r1, &(0x7f0000000240)=""/194, 0xc2) write$auto(r0, &(0x7f0000000040)='/dev/bus/usb/028/001\x00', 0x1) ioctl$auto(r0, 0x8008553d, 0x1) 4m57.283297947s ago: executing program 4 (id=3665): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) r1 = socket(0x2, 0x5, 0x0) (async) setsockopt$auto(0x3, 0x10000000084, 0x20, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) (async) r2 = memfd_create$auto(0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) (async) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x35f76dc6c6d020c6}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3fffffff", @ANYRES16=0x0, @ANYBLOB="00042bbd7000fbdbdf2528000000f400ac004cf6d67bc8bd6ca3bb83137291831f895a57878c20d4086f91d238aefa3fddc9c0418b53b7b3d2fe0bedb8ab8725ceafc63bf1a0a2d94f0de6b553ba27cadcdc383fa484c09a566533614434dfcd915f8447425f722824b2ec3c7313f984b80f24caf7f3c6d48dbd003bb40fceea9dea79bc17518abb99572fb49e5c50bff62752377c67b04dac1ffc711bc4f178de7d1aa028a70457770987582dfbc6c224c94681496390e4cdd3299b3e6e788590bb5e234d10c6b9381aa40867b4a0475f7519b9a3c0ada4080d75bbb39fc9937e099900a1a42293bc610f83d45eb96f15838da67069823186afc5055d8850ff743504001e0104005f0008006100000000000b0002005b292d5e3a2900004400430035c6eb96c42f38a26ab4267722e37ab6a55eed17e5f748c636153cbdd4ccfdac12e9d395791524bfbe49e47e7df9d823888c1ff58cdac51067c185637beb484dddb73d30f7334628080a17e1b32870a627a85368887f8c1d982aad16503028fd9e0fe6673e3edf237b020cae719f7a3cfb5246de228a05c9c47f5fcde9cd9411c21ba7808eefd538b40c0c3a4e63eba6625998d69ebeb2a32d4279087c000305ff9b52199c19ff10c1e81a72e35a451449dc2fbbda8ea3dea07200467148c92a51df0f48885ec478a0da743dca05fa0011d983ffe9c09c28f7fa957e564309d9b5b30120e9f0826871c443228c13c7114d82f5cabe57b391b4e668cb3488df4821108e1faf96da54f9c296902c47a308ff6c482ff11bddeb"], 0x168}, 0x1, 0x0, 0x0, 0x40}, 0x840) socket(0x2b, 0x1, 0x1) (async) setsockopt$auto(0x400000000000003, 0x29, 0x1e, 0x0, 0x56b) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), 0xffffffffffffffff) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) mbind$auto(0xd, 0x100000004, 0x7b, 0x0, 0x20000000000006, 0x101) (async) socket(0x21, 0xa, 0x100) (async) socket(0x9, 0x4, 0xffffff49) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) (async, rerun: 64) futex$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0xa0000001) (rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/radio_si470x_usb/parameters/max_rds_errors\x00', 0x101600, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x894}, 0x40044810) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) r3 = socket(0xa, 0x3, 0x3b) (async, rerun: 64) ioperm$auto(0x7fffffffffffffff, 0xb, 0x8) capget$auto(0x0, 0xfffffffffffffffe) (async) getsockopt$auto(r3, 0x29, 0x20, 0x0, 0x0) mq_unlink$auto(&(0x7f0000000000)='(/}%!-\x00') 4m55.986984356s ago: executing program 4 (id=3674): open(&(0x7f0000000080)='./file0\x00', 0x1ffd, 0x12) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="14000000", @ANYBLOB="4687eb"], 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x801}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x82840, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x181502, 0x0) write$auto(r1, 0x0, 0xc3) pwrite64$auto(0xc8, &(0x7f0000000180)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\b\x00\x00\x00\x00\x00\x00?\x01\x88\v\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\b\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x2000, 0x0) 4m54.68561034s ago: executing program 4 (id=3684): socket(0x1f, 0x6, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x3) ioctl$auto(0xffffffffffffffff, 0x4bfa, 0x100000000000afcb) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000003c0), 0x80, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x82200, 0x0) r0 = socket(0x10, 0x800, 0x800) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r1 = io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) statmount$auto(0x0, &(0x7f0000000380)={0x8, 0x1, 0x9, 0x80003, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x200000009, 0x5, 0x3, 0x5, 0x7, 0xbaa7, 0xa07, 0x0, 0x0, 0x0, 0x0, [0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7802aafb]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r0, @ANYRES16=r1, @ANYRESOCT=0x0], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4}, 0x40001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0xf2ee, 0x40000000000df, 0x209b72, 0x4e477f5a, 0x7f) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) socket(0x2, 0x2, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x8, 0xffffffffffffffff, 0x9b72, 0x2, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x4, 0x4000000006, 0x2) 4m53.367939598s ago: executing program 4 (id=3692): mmap$auto(0x6ca, 0x8, 0xdd, 0x9b72, 0x2, 0x3) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x4200003, 0x5, 0x40eb2, 0x402, 0x300000000000) (async) mlockall$auto(0x7) (async) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb1, 0x6, 0x300000000000) (async) madvise$auto(0x4, 0x7fffffffffffffff, 0xa) (async) mmap$auto(0x0, 0x40000000000007, 0x40000000005f, 0x44eb1, 0x6, 0x300000000000) (async) socket(0x2, 0x1, 0x7fffffff) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) madvise$auto(0x0, 0xffffffffffff0002, 0xaf42) socket(0x11, 0x2, 0x300) (async) socket(0xa, 0x80000, 0x106) bind$auto(0x4, 0x0, 0x0) (async) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) (async) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5\x85\x91p\xe6\x1eRN8\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf\x16[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU\xb6z\x0f\xa0\x98\xca\xf5{\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0xc) (async) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) (async) clone3$auto(0x0, 0x40) (async) getrandom$auto(0x0, 0x6000000, 0x3) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x20000000000, 0x7ff, 0xffb, 0x8000000008011, 0x3, 0x0) (async) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x7, 0x2772}, 0xc, &(0x7f00000000c0)={0x3, 0x6}, 0x0, 0x8) (async) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0x1c5040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000000c0)={0x3, "6e546c3c3a265f11056b516535b1935cf3c6b75a2aeaf8af28111479136c52c5"}) (async) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x401, "36a26e2b59209f6bd4aafa4ed15fdb060008aff80ce276e7a58eeeac58be00", @raw=0x903f}) 4m37.693431029s ago: executing program 34 (id=3692): mmap$auto(0x6ca, 0x8, 0xdd, 0x9b72, 0x2, 0x3) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x4200003, 0x5, 0x40eb2, 0x402, 0x300000000000) (async) mlockall$auto(0x7) (async) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb1, 0x6, 0x300000000000) (async) madvise$auto(0x4, 0x7fffffffffffffff, 0xa) (async) mmap$auto(0x0, 0x40000000000007, 0x40000000005f, 0x44eb1, 0x6, 0x300000000000) (async) socket(0x2, 0x1, 0x7fffffff) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) madvise$auto(0x0, 0xffffffffffff0002, 0xaf42) socket(0x11, 0x2, 0x300) (async) socket(0xa, 0x80000, 0x106) bind$auto(0x4, 0x0, 0x0) (async) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) (async) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5\x85\x91p\xe6\x1eRN8\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf\x16[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU\xb6z\x0f\xa0\x98\xca\xf5{\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0xc) (async) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) (async) clone3$auto(0x0, 0x40) (async) getrandom$auto(0x0, 0x6000000, 0x3) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x20000000000, 0x7ff, 0xffb, 0x8000000008011, 0x3, 0x0) (async) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x7, 0x2772}, 0xc, &(0x7f00000000c0)={0x3, 0x6}, 0x0, 0x8) (async) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0x1c5040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000000c0)={0x3, "6e546c3c3a265f11056b516535b1935cf3c6b75a2aeaf8af28111479136c52c5"}) (async) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x401, "36a26e2b59209f6bd4aafa4ed15fdb060008aff80ce276e7a58eeeac58be00", @raw=0x903f}) 16.035070443s ago: executing program 2 (id=4459): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0xb) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose13/dev_port\x00', 0x8c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r0 = openat$auto_fops_init_pkru_pkeys(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$auto_fops_init_pkru_pkeys(r0, 0x0, 0x2b) 14.832438748s ago: executing program 1 (id=4462): fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe$auto(0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x2, 0x0) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x1, 0x3}}, 0x22) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x0) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5, 0xffffffff}, 0x3}, 0x40000004, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002c80), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000002cc0)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4812) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10001}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040084}, 0x4000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0xfdef) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/team0/accept_ra_from_local\x00', 0x58b80, 0x0) 14.47724216s ago: executing program 2 (id=4463): socket(0x1f, 0x6, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x3) ioctl$auto(0xffffffffffffffff, 0x4bfa, 0x100000000000afcb) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000003c0), 0x80, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x82200, 0x0) r0 = socket(0x10, 0x800, 0x800) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r1 = io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) statmount$auto(0x0, &(0x7f0000000380)={0x8, 0x1, 0x9, 0x80003, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x200000009, 0x5, 0x3, 0x5, 0x7, 0xbaa7, 0xa07, 0x0, 0x0, 0x0, 0x0, [0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7802aafb]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r0, @ANYRES16=r1, @ANYRESOCT=0x0], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) socket(0x2, 0x2, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x8, 0xffffffffffffffff, 0x9b72, 0x2, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x4, 0x4000000006, 0x2) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0xfffffffffffffe8a, &(0x7f0000000a80)={0x0, 0x1b}, 0x1, 0x0, 0x0, 0x8004c51}, 0x884) 13.134652935s ago: executing program 1 (id=4464): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0xc3100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x700a, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video55\x00', 0x280, 0x0) ioctl$auto(r0, 0x202, r1) mmap$auto(0xfffffffffffffffe, 0x8000000020009, 0xdf, 0x100000000e891, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r2 = fanotify_init$auto(0x5, 0x2) io_uring_setup$auto(0x85, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x8, 0x329, 0x10011, 0x2, 0x8000) io_uring_register$auto(0x100000001, 0x15, 0x0, 0x5) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000080)='X\xb5[h\xcd\xaf\x06\x01\x00') acct$auto(0x0) mmap$auto(0x0, 0x9, 0x3ff57697, 0x9b72, r0, 0x8000000000008000) socket(0xa, 0x80000, 0x106) connect$auto(r2, &(0x7f00000000c0)=@xdp={0x2c, 0x5, 0x0, 0x20}, 0x55) r3 = pipe2$auto(0x0, 0x80) setsockopt$auto(0x3, 0x0, 0x9, 0x0, 0x10000005) setsockopt$auto(0x3, 0x6, 0x4, 0x0, 0x8) r4 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) fallocate$auto(r3, 0x7fff, 0x800000000000804, 0xcbd5d) mmap$auto(0x0, 0x2020009, 0x2000000003, 0xeb1, r1, 0x100) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/reboot/type\x00', 0x8802, 0x0) write$auto(r5, 0x0, 0x400fdea) copy_file_range$auto(r4, &(0x7f0000000140)=0xffff, r4, &(0x7f0000000180)=0x80, 0x21c1, 0x0) eventfd$auto(0x3) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000000840)="4cea7ed1dc1f91f3c388b5622a274610e10800ca08ba7aa1995d92e1d0ae2ef23f241bb2bfd9800e9b74", 0x2a) 13.002808341s ago: executing program 5 (id=4465): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0xf34) ptrace$auto(0x6, 0x1, 0x3, 0x180000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000080)={0x3, 0x26, 0x1c2, @inferred, 0x0, "9d4f8ef3f785aae5a5ff69c61ed549546c1eadce39439cb9f7fe26fe87659c9dd52e80eb5a7b5bdce62f726f940b383b8d24"}) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x4d) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffffff, &(0x7f0000000040)="6655f13b8aaae776a4ef80d4b0e1285903903efa80ca8b827dd6ec504bea7b10a7ab34de89628c61aef48bd57b1ba14596924b6ebf3c9e7383de56f0613d10fc81c7e6c949d9f1eb03186d03a9a47609ec43", 0x52) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffffff, 0x0, 0x0) 11.4139925s ago: executing program 1 (id=4466): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x400}, 0x5, &(0x7f00000000c0), 0x200002, 0x8}, 0x803}, 0xa, 0x10, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x1b, r1, 0x1004, r1}, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x29, 0x2, 0x0) getcwd$auto(&(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0xffff) getsockopt$auto(r2, 0x119, 0x6, 0x0, 0x0) write$auto(r2, &(0x7f0000000040)='^*(/+-\x00', 0x7fff) init_module$auto(0xffffffffffffffff, 0x8001, 0xfffffffffffffffe) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x59, &(0x7f0000005340)={&(0x7f0000000000)={0x14, r4, 0x1, 0x70bd2b, 0x25df9bfc}, 0x14}, 0x1, 0x0, 0x0, 0x2004c010}, 0x20000000) close_range$auto(0xffffffffffffffff, r0, 0x80) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) shmget$auto(0x26982d7c, 0x8, 0xffffffff) tkill$auto(0x1, 0x9) sendfile$auto(0x1, 0x3, 0x0, 0xc01) 10.919311053s ago: executing program 5 (id=4467): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f0000000080)={0xfffffffa, 0x0, 0x7, 0x0, 0x2, 0x2, 0x4, 0x0, 0x8d51, 0x9, 0x6, {0x9, 0x40}, 0x6, 0x9, 0x8, 0x3, 0x0, 0x5f6a, 0x409, 0x7fffffff, 0x0, 0xa, 0x6}) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) 10.915321519s ago: executing program 6 (id=4468): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) r0 = socket(0x1e, 0x2, 0x0) getsockopt$auto(r0, 0x10f, 0x82, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fstat$auto(r1, 0x0) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0x5c8) r2 = set_tid_address$auto(&(0x7f0000000800)=0x6f72) capset$auto(&(0x7f0000000840)={0x9, r2}, &(0x7f0000000880)={0xfffffffd, 0x68000000, 0xd5af39c}) write$auto(0x3, 0x0, 0x7fffffff) syz_clone(0x5000000, &(0x7f00000000c0)="3e3193ebd7dcc2a7c1bdca7bff006753b28a11681d7c7033e60382bed07e7b67f37f07bc809005dab044543cb06f813a2ddfe3248efcc475d7767bb1ce088f22dbd741e61ff61fdd0265116d075f50e8f533", 0x52, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="5fa2e5671a3eabcf89c857ce2a7d40b6d40e5a3fadb88e3d9a4f3c061d23a5bae0301873d481d6746ac126a8fce5bc1700a4256c1495bf8c73aa89d894c200a3fba280e56853e4bd95b7385e59f5") msgctl$auto(0x5, 0x8, &(0x7f00000002c0)={{0x3, 0xee00, 0xee01, 0x5, 0x7d, 0x7, 0x9}, &(0x7f0000000240)=0x40, &(0x7f0000000280)=0x5, 0x3, 0x5, 0x7, 0x6, 0x400, 0x3000, 0x3, 0x5, @raw=0x4, @inferred=0xffffffffffffffff}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) 10.540592787s ago: executing program 2 (id=4469): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1942, 0x0) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8924, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r1, r1, 0x0, 0x7fffe000) mmap$auto(0x0, 0xdb33, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/irq/12/per_cpu_count\x00', 0x8000, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000e80)=""/215, 0xd7) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000001700)=""/4096, 0xffffffffffffff2e) setsockopt$auto(r3, 0x27, 0x1d, 0x0, 0x23) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) setreuid$auto(0x15, 0x5) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/bond0/bonding/lacp_active\x00', 0x20600, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/17, 0x11) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) io_submit$auto(0x5, 0x6, &(0x7f0000000100)=&(0x7f00000000c0)={0x1, 0x8, 0x216a40, 0x1ff, 0xfe01, 0xffffffffffffffff, 0x5, 0x3, 0x805}) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000040)={0x0, 0x4}, 0x1, &(0x7f0000000280)={&(0x7f00000002c0)="0c9fe508f699da3b81a37434a44e8760e9bcfad0bd8361c5911ac3259504ca6a09d539c4a5a14ed7006339ad9f9ecb753055db31449c20cb95274ce4643f34eaf7e9b05ffd1ea62bee52b0c50e7ddb31b38857d8696089d7102df20e7fe13c25cbdde9755c5830a51fe5dccdad0c677356301ad2c08ef2f257b4e792649747be70d49b9bdf9994c7c8e72a8c443020a25e7b70737234865a1f9b14874942ceec345907b0e1c47e42b1469942fd34490bcaaac215a6c1ed239e48a4b1109506be40b0141d92a570552b8adfa4516f6a9d2d7b232ceb92bf49e90445f9c1ec86542fea0bc0cb6022040197913ac87deb735e86ae7c9481cfc198a6e889bff54773f64e9c9d80ef8a8538b7866acfb77d5fcc9e2a5984c48c644ebc3e50ffdfdc62512f803498d62dbcdfa930ddeba4eb915cc5febad176efa1a1e91a802f7c94842a86519a299849f49299eb2f5481988f305f49b53905af5baaa1babcf176d4afdd49ce27bedff0", 0xf}, 0x6, 0x0) 8.140754551s ago: executing program 6 (id=4470): ioperm$auto(0x7, 0x6, 0x2) r0 = pidfd_getfd$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3537) r1 = openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/printk_formats\x00', 0x10180, 0x0) ioctl$auto(r0, 0x40, r1) r2 = openat$auto_fops_u64_ro_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ramdisk_pages/ram5\x00', 0x42002, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000000)={0xfffffffffffffffe, 0x0, r2}) dup3$auto(0x8000000000000001, r3, 0xfffffffb) 7.301932773s ago: executing program 5 (id=4471): openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x8, 0x2, 0x6, 0x0, 0xf2) socketpair$auto(0x2, 0x4, 0x8000000000000000, 0x0) socket(0x2a, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) getpgrp(0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) select$auto(0x6, 0x0, &(0x7f0000000100)={[0x9, 0x4000000009, 0x0, 0x1, 0x9, 0x3, 0x6, 0x2, 0x9, 0x5e58296f, 0x4000000000000000, 0x9, 0x3, 0x200, 0x8, 0x6]}, 0x0, 0x0) 7.177838947s ago: executing program 1 (id=4472): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0xf34) ptrace$auto(0x6, 0x1, 0x3, 0x180000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000080)={0x3, 0x26, 0x1c2, @inferred, 0x0, "9d4f8ef3f785aae5a5ff69c61ed549546c1eadce39439cb9f7fe26fe87659c9dd52e80eb5a7b5bdce62f726f940b383b8d24"}) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x4d) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffffff, &(0x7f0000000040)="6655f13b8aaae776a4ef80d4b0e1285903903efa80ca8b827dd6ec504bea7b10a7ab34de89628c61aef48bd57b1ba14596924b6ebf3c9e7383de56f0613d10fc81c7e6c949d9f1eb03186d03a9a47609ec43", 0x52) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffffff, 0x0, 0x0) 6.765526192s ago: executing program 2 (id=4473): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vivid.0/video4linux/vbi4/name\x00', 0x64101, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20200, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20200, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) (async) openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000000c0), r0) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0x5, 0x0, 0x0, @u64}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x80) (async) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@typed={0xc, 0x5, 0x0, 0x0, @u64}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)={0x40, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_BEACON_HEAD={0x2c, 0xe, "7b34e50000cf292537d6b4603867dc3cf2272e8f46002279ee256be397bdb168d3d4d338b136e92b"}]}, 0x40}, 0x1, 0x0, 0x0, 0x804}, 0x2) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) 6.263910986s ago: executing program 6 (id=4474): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = socket(0x1, 0x1, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0xff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = open(0x0, 0x1e7d43, 0xa6) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x2000040080000004, 0xe) pread64$auto(0xffffffffffffffff, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') setns(r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r6, r5, 0x4, 0x1ff, r3, @relative_fd=r2, 0xe600}, 0xf) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) bind$auto(r0, 0x0, 0x6b) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x80000541b, 0x38) 5.937108698s ago: executing program 2 (id=4475): shmctl$auto(0x0, 0xc, 0x0) madvise$auto(0x0, 0x2000007, 0x3) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x6, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xffffffffffffffff, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0x8, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x8, 0x8, 0x0, 0x6, 0x0, 0xfffffffffffbfffd, 0x5, 0x10000000000001, 0x10000000000, 0xe, 0x4, 0xfffffffffffffe00, 0x0, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x7, 0xc567]}, 0x1fe, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd03, &(0x7f00000001c0)) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x420080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 5.276230248s ago: executing program 2 (id=4476): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0xf34) ptrace$auto(0x6, 0x1, 0x3, 0x180000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000080)={0x3, 0x26, 0x1c2, @inferred, 0x0, "9d4f8ef3f785aae5a5ff69c61ed549546c1eadce39439cb9f7fe26fe87659c9dd52e80eb5a7b5bdce62f726f940b383b8d24"}) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x4d) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffffff, &(0x7f0000000040)="6655f13b8aaae776a4ef80d4b0e1285903903efa80ca8b827dd6ec504bea7b10a7ab34de89628c61aef48bd57b1ba14596924b6ebf3c9e7383de56f0613d10fc81c7e6c949d9f1eb03186d03a9a47609ec43", 0x52) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffffff, 0x0, 0x0) 4.55008207s ago: executing program 5 (id=4477): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003ac0)={&(0x7f0000000840)=ANY=[@ANYBLOB=',;\x00\x00', @ANYRES16=r1, @ANYBLOB="8b0a2cbd7000ffd9df25010000740800018004000280103b01"], 0x3b2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x20, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x6}, @NL80211_ATTR_VHT_CAPABILITY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x804}, 0x20000010) 4.518075887s ago: executing program 1 (id=4478): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22042, 0x75) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @local, 0x1}, 0x55) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000804}, 0x0) 4.083346754s ago: executing program 6 (id=4479): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = socket(0x1, 0x1, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0xff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = open(0x0, 0x1e7d43, 0xa6) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x2000040080000004, 0xe) pread64$auto(0xffffffffffffffff, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') setns(r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r6, r5, 0x4, 0x1ff, r3, @relative_fd=r2, 0xe600}, 0xf) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) bind$auto(r0, 0x0, 0x6b) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x80000541b, 0x38) 2.760133128s ago: executing program 5 (id=4481): fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe$auto(0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x2, 0x0) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x1, 0x3}}, 0x22) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x0) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5, 0xffffffff}, 0x3}, 0x40000004, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002c80), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000002cc0)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4812) 2.272200355s ago: executing program 1 (id=4482): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0xf34) ptrace$auto(0x6, 0x1, 0x3, 0x180000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000080)={0x3, 0x26, 0x1c2, @inferred, 0x0, "9d4f8ef3f785aae5a5ff69c61ed549546c1eadce39439cb9f7fe26fe87659c9dd52e80eb5a7b5bdce62f726f940b383b8d24"}) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x4d) r1 = openat$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/ports/3/udp_ports_reset\x00', 0x2, 0x0) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(r1, &(0x7f0000000040)="6655f13b8aaae776a4ef80d4b0e1285903903efa80ca8b827dd6ec504bea7b10a7ab34de89628c61aef48bd57b1ba14596924b6ebf3c9e7383de56f0613d10fc81c7e6c949d9f1eb03186d03a9a47609ec43", 0x52) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(r1, 0x0, 0x0) 2.02168052s ago: executing program 6 (id=4483): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/mempolicy/weighted_interleave/node0\x00', 0xc2082, 0x0) r0 = socket(0x1e, 0x2, 0x0) getsockopt$auto(r0, 0x10f, 0x82, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) write$auto(0x3, 0x0, 0xfffffdef) 1.061879508s ago: executing program 5 (id=4484): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/shmem_enabled\x00', 0xc8002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0xf34) ptrace$auto(0x6, 0x1, 0x3, 0x180000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000080)={0x3, 0x26, 0x1c2, @inferred, 0x0, "9d4f8ef3f785aae5a5ff69c61ed549546c1eadce39439cb9f7fe26fe87659c9dd52e80eb5a7b5bdce62f726f940b383b8d24"}) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x4d) r1 = openat$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/ports/3/udp_ports_reset\x00', 0x2, 0x0) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(r1, &(0x7f0000000040)="6655f13b8aaae776a4ef80d4b0e1285903903efa80ca8b827dd6ec504bea7b10a7ab34de89628c61aef48bd57b1ba14596924b6ebf3c9e7383de56f0613d10fc81c7e6c949d9f1eb03186d03a9a47609ec43", 0x52) write$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(r1, 0x0, 0x0) 0s ago: executing program 6 (id=4485): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) r0 = socket$auto(0x3, 0x8, 0x8) ioctl$auto_COMEDI_BUFINFO(r0, 0xc02c640e, &(0x7f0000000000)={0x2c, 0x10001, 0x6, 0x3, 0x80000000, 0x2, 0x555f9d6e}) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r1 = open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x840000000002, 0x3, 0xff) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) capset$auto(0x0, 0x0) ioctl$auto(r2, 0xc0105500, r2) setns(0xffffffffffffffff, 0x0) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) write$auto_msr_fops_msr(r1, 0x0, 0x0) getsockname$auto(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0xaea) fcntl$auto(0x0, 0x407, 0x100000) mlockall$auto(0x7) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) memfd_create$auto(&(0x7f0000000000)='A\x00\x00\x00\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\f\x00\x00\v\x00E\xdb\x81\xd9\xd8\xe640\xc6\xa4Sr\x82\xcc\"K\xe1IIT\x00\x00\x00', 0xe) rseq$auto(0x0, 0x8000, 0x0, 0x6) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) kernel console output (not intermixed with test programs): ] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2642'. [ 585.972909][T14269] nbd: must specify at least one socket [ 587.384366][T14296] netlink: zone id is out of range [ 587.400895][T14276] netlink: 'syz.1.2650': attribute type 21 has an invalid length. [ 587.422149][T14296] netlink: set zone limit has 8 unknown bytes [ 587.460272][T14276] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2650'. [ 588.257476][T14307] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2659'. [ 588.316565][T14307] : renamed from hsr_slave_0 (while UP) [ 588.907323][T14331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2667'. [ 589.094589][ T29] audit: type=1107 audit(6029874754.926:27): pid=14333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 589.648223][T14335] netlink: 'syz.2.2668': attribute type 21 has an invalid length. [ 589.673927][T14335] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2668'. [ 591.189706][T14369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2680'. [ 591.198887][T14369] netlink: ct family unspecified [ 591.517778][T14375] netlink: zone id is out of range [ 591.552386][T14375] netlink: set zone limit has 8 unknown bytes [ 592.119956][T14382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2684'. [ 592.917096][ T29] audit: type=1107 audit(6029874758.746:28): pid=14396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 592.993853][T14393] netlink: zone id is out of range [ 593.033912][T14393] netlink: set zone limit has 8 unknown bytes [ 594.177871][T14419] ptrace attach of "./syz-executor exec"[8636] was attempted by "./syz-executor exec"[14419] [ 594.727148][T14428] netlink: zone id is out of range [ 594.758751][T14428] netlink: set zone limit has 8 unknown bytes [ 597.168502][ T29] audit: type=1800 audit(6029874762.996:29): pid=14499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2723" name="discovery_nqn" dev="configfs" ino=43962 res=0 errno=0 [ 597.207959][T14499] netlink: 146 bytes leftover after parsing attributes in process `syz.4.2723'. [ 598.088542][T14495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2722'. [ 598.325190][T14527] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2733'. [ 598.395854][T14527] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2733'. [ 598.492002][T14523] syz.5.2731 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 598.530899][T14530] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2736'. [ 598.540289][T14530] netlink: ct family unspecified [ 599.063065][T14545] ptrace attach of "./syz-executor exec"[12725] was attempted by "./syz-executor exec"[14545] [ 599.810317][T14563] netlink: zone id is out of range [ 599.841996][T14563] netlink: set zone limit has 8 unknown bytes [ 600.774899][T14588] ptrace attach of "./syz-executor exec"[13417] was attempted by "./syz-executor exec"[14588] [ 600.849363][T14577] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2752'. [ 601.055341][T14593] nbd: must specify at least one socket [ 601.253623][ T29] audit: type=1107 audit(6029874767.086:30): pid=14599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 601.686984][T14613] delete_channel: no stack [ 602.030162][T14622] Invalid ELF header magic: != ELF [ 602.052731][T14623] Invalid ELF header magic: != ELF [ 602.624672][T14635] nbd: must specify at least one socket [ 602.877703][T14622] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2766'. [ 603.095689][T14622] geneve1: entered allmulticast mode [ 604.617335][T14679] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2783'. [ 604.695342][T14677] nbd: must specify at least one socket [ 605.286896][T14697] netlink: zone id is out of range [ 605.340368][T14697] netlink: set zone limit has 8 unknown bytes [ 605.636255][T14701] netlink: 146 bytes leftover after parsing attributes in process `syz.5.2789'. [ 605.871421][T14698] netlink: 'syz.5.2789': attribute type 1 has an invalid length. [ 607.118954][T14744] nbd: must specify at least one socket [ 607.937679][T14782] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 609.284668][T14820] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2823'. [ 609.425962][T14820] bond0: (slave bond_slave_0): Releasing backup interface [ 609.796778][T14827] netlink: zone id is out of range [ 609.832929][T14827] netlink: set zone limit has 8 unknown bytes [ 611.186709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 611.352041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 611.360640][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 611.749963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 611.799063][T14858] mkiss: ax0: crc mode is auto. [ 611.806438][T14854] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2833'. [ 612.260286][T14867] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2839'. [ 612.316909][T14867] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 612.572263][T14867] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.844305][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 612.883028][T14875] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2841'. [ 613.044382][T14875] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 613.064269][T14875] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.123903][T14875] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.224116][T14875] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 614.120273][T14909] nbd: must specify at least one socket [ 614.270527][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 614.466347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 614.477608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 614.663712][T14926] HSR: entered promiscuous mode [ 615.142209][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 615.997842][T14962] snd_aloop snd_aloop.0: control 4365:65536:6:é'x?F¢é/èìzFË·fCªáª:0 is already present [ 616.675769][T14969] netlink: zone id is out of range [ 616.706751][T14969] netlink: set zone limit has 8 unknown bytes [ 617.634457][T14988] netlink: zone id is out of range [ 617.671297][T14988] netlink: set zone limit has 8 unknown bytes [ 618.040039][T15008] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2877'. [ 618.175222][T14999] HfR: entered promiscuous mode [ 618.407597][T15009] nbd: must specify at least one socket [ 619.624416][T15029] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2883'. [ 619.643143][T15029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 619.817943][T15032] nbd: must specify at least one socket [ 619.994179][T15029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 620.774386][T15045] Invalid ELF header magic: != ELF [ 620.794970][T15054] Process accounting resumed [ 622.150662][T15087] nbd: must specify at least one socket [ 622.369833][T15093] HfR: entered promiscuous mode [ 622.382974][T15091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2910'. [ 622.509815][T15099] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2902'. [ 622.660913][T15096] Process accounting resumed [ 623.123757][T15111] Process accounting resumed [ 623.434457][T15119] netlink: zone id is out of range [ 623.445443][T15119] netlink: set zone limit has 8 unknown bytes [ 623.564497][T15114] nvme_fabrics: missing parameter 'transport=%s' [ 623.598492][T15114] nvme_fabrics: missing parameter 'nqn=%s' [ 624.171279][T15135] nbd: must specify at least one socket [ 625.837051][T15157] netlink: 322 bytes leftover after parsing attributes in process `syz.5.2921'. [ 626.935592][T15181] Process accounting resumed [ 627.021475][T15189] Process accounting resumed [ 628.139516][T15215] netlink: zone id is out of range [ 628.160800][T15215] netlink: set zone limit has 8 unknown bytes [ 629.362809][T15249] HfR: entered promiscuous mode [ 629.379277][T15248] openvswitch: HfR: Dropping previously announced user features [ 629.696931][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.708808][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.094403][T15254] nbd: must specify at least one socket [ 631.122868][T15281] netlink: zone id is out of range [ 631.152303][T15281] netlink: set zone limit has 8 unknown bytes [ 631.777622][ T5842] Bluetooth: hci1: command 0x0406 tx timeout [ 632.018774][T15293] nbd: must specify at least one socket [ 632.471545][T15323] netlink: zone id is out of range [ 632.528049][T15323] netlink: set zone limit has 8 unknown bytes [ 632.994316][T15329] netlink: zone id is out of range [ 633.039976][T15329] netlink: set zone limit has 8 unknown bytes [ 634.928233][T15375] nbd: must specify at least one socket [ 635.447454][T15403] netlink: 'syz.4.2995': attribute type 27 has an invalid length. [ 635.496297][T15403] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2995'. [ 636.503497][T15439] kernel read not supported for file /#)-\&[} (pid: 15439 comm: syz.5.3002) [ 636.570721][ T29] audit: type=1800 audit(6029876850.541:31): pid=15439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3002" name="#)-\&[}" dev="mqueue" ino=29186 res=0 errno=0 [ 636.932594][T15455] openvswitch: HSR: Dropping previously announced user features [ 637.114561][T15459] can0: slcan on ptm0. [ 637.353304][T15461] netlink: zone id is out of range [ 637.361005][T15466] netlink: zone id is out of range [ 637.370661][T15466] netlink: set zone limit has 8 unknown bytes [ 637.378476][T15461] netlink: zone id is out of range [ 637.391705][T15461] netlink: set zone limit has 8 unknown bytes [ 637.675456][T15458] can0 (unregistered): slcan off ptm0. [ 638.662285][T15498] nbd: must specify at least one socket [ 638.716659][T15503] netlink: zone id is out of range [ 638.752386][T15503] netlink: set zone limit has 8 unknown bytes [ 639.091115][T15519] netlink: zone id is out of range [ 639.107568][T15519] netlink: zone id is out of range [ 639.127440][T15519] netlink: set zone limit has 8 unknown bytes [ 639.545784][T15543] FAULT_INJECTION: forcing a failure. [ 639.545784][T15543] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 639.595092][T15543] CPU: 1 UID: 0 PID: 15543 Comm: syz.2.3033 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 639.605965][T15543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 639.616434][T15543] Call Trace: [ 639.619766][T15543] [ 639.622746][T15543] dump_stack_lvl+0x16c/0x1f0 [ 639.627497][T15543] should_fail_ex+0x497/0x5b0 [ 639.632241][T15543] ? fs_reclaim_acquire+0xae/0x150 [ 639.637427][T15543] should_fail_alloc_page+0xe7/0x130 [ 639.642795][T15543] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 639.649032][T15543] __alloc_pages_noprof+0x190/0x25b0 [ 639.654480][T15543] ? mark_lock+0xb5/0xc60 [ 639.658889][T15543] ? __pfx_mark_lock+0x10/0x10 [ 639.663734][T15543] ? __pfx_mark_lock+0x10/0x10 [ 639.668592][T15543] ? hlock_class+0x4e/0x130 [ 639.673176][T15543] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 639.678979][T15543] ? hlock_class+0x4e/0x130 [ 639.683555][T15543] ? mark_lock+0xb5/0xc60 [ 639.687968][T15543] ? mark_lock+0xb5/0xc60 [ 639.692388][T15543] ? __pfx_mark_lock+0x10/0x10 [ 639.697244][T15543] ? hlock_class+0x4e/0x130 [ 639.701825][T15543] ? __lock_acquire+0xcc5/0x3c40 [ 639.706834][T15543] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 639.712884][T15543] ? policy_nodemask+0xea/0x4e0 [ 639.717809][T15543] alloc_pages_mpol_noprof+0x2c9/0x610 [ 639.723332][T15543] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 639.729372][T15543] ? find_held_lock+0x2d/0x110 [ 639.734188][T15543] folio_alloc_mpol_noprof+0x36/0xd0 [ 639.739509][T15543] shmem_alloc_folio+0x135/0x160 [ 639.744511][T15543] shmem_alloc_and_add_folio+0x48b/0xc00 [ 639.750291][T15543] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 639.756251][T15543] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 639.762482][T15543] ? shmem_huge_global_enabled+0x176/0x250 [ 639.768393][T15543] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 639.774366][T15543] shmem_get_folio_gfp+0x689/0x1530 [ 639.779620][T15543] ? __pfx___lock_acquire+0x10/0x10 [ 639.784854][T15543] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 639.790644][T15543] shmem_write_begin+0x161/0x300 [ 639.795625][T15543] ? __pfx_fault_in_readable+0x10/0x10 [ 639.801127][T15543] ? __pfx_shmem_write_begin+0x10/0x10 [ 639.806638][T15543] generic_perform_write+0x2ba/0x920 [ 639.811991][T15543] ? __mark_inode_dirty+0x64e/0xe50 [ 639.817243][T15543] ? __pfx_generic_perform_write+0x10/0x10 [ 639.823091][T15543] ? __mark_inode_dirty+0x6b8/0xe50 [ 639.828350][T15543] ? generic_update_time+0xcf/0xf0 [ 639.833520][T15543] ? mnt_put_write_access_file+0x45/0xf0 [ 639.839204][T15543] shmem_file_write_iter+0x10e/0x140 [ 639.844564][T15543] vfs_write+0x5ae/0x1150 [ 639.848959][T15543] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 639.854815][T15543] ? __pfx___mutex_lock+0x10/0x10 [ 639.859898][T15543] ? __pfx_vfs_write+0x10/0x10 [ 639.864726][T15543] ksys_write+0x12b/0x250 [ 639.869098][T15543] ? __pfx_ksys_write+0x10/0x10 [ 639.873999][T15543] do_syscall_64+0xcd/0x250 [ 639.878551][T15543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.884678][T15543] RIP: 0033:0x7f2496985d29 [ 639.889130][T15543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.908789][T15543] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 639.917243][T15543] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 639.925248][T15543] RDX: 000000000000005b RSI: 0000000020000380 RDI: 0000000000000004 [ 639.933247][T15543] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 639.941388][T15543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 639.949415][T15543] R13: 0000000000000000 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 639.957448][T15543] [ 640.834818][T15575] HSR: entered promiscuous mode [ 641.972852][T15579] netlink: 322 bytes leftover after parsing attributes in process `syz.1.3042'. [ 642.184241][T15615] nbd: must specify at least one socket [ 642.326750][T15619] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3056'. [ 642.370160][T15619] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 642.399634][T15619] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 643.929913][ T29] audit: type=1804 audit(6029876857.950:32): pid=15653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3066" name="#)-\&[}" dev="mqueue" ino=49443 res=1 errno=0 [ 643.935422][T15653] kernel read not supported for file /#)-\&[} (pid: 15653 comm: syz.4.3066) [ 644.003079][ T29] audit: type=1804 audit(6029876858.030:33): pid=15654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3066" name="#)-\&[}" dev="mqueue" ino=49443 res=1 errno=0 [ 644.068413][ T29] audit: type=1804 audit(6029876858.091:34): pid=15654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3066" name="#)-\&[}" dev="mqueue" ino=49443 res=1 errno=0 [ 644.141370][ T29] audit: type=1800 audit(6029876858.131:35): pid=15653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3066" name="#)-\&[}" dev="mqueue" ino=49443 res=0 errno=0 [ 645.073450][T15670] Process accounting resumed [ 645.116402][T15670] kernel write not supported for file /cpuinfo (pid: 15670 comm: syz.1.3071) [ 645.515631][T15675] net_ratelimit: 6 callbacks suppressed [ 645.515659][T15675] netlink: zone id is out of range [ 645.553897][T15675] netlink: zone id is out of range [ 645.604915][T15675] netlink: set zone limit has 8 unknown bytes [ 645.985099][T15684] CIFS: VFS: Invalid SecurityFlags:  [ 646.491974][T15693] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 646.867570][T15704] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3084'. [ 648.273605][T15750] Process accounting resumed [ 648.278563][T15750] kernel write not supported for file /cpuinfo (pid: 15750 comm: syz.5.3093) [ 649.488075][T15768] netlink: zone id is out of range [ 649.506174][T15768] netlink: zone id is out of range [ 649.548042][T15768] netlink: set zone limit has 8 unknown bytes [ 650.447587][T15782] Process accounting resumed [ 650.454564][T15782] kernel write not supported for file /cpuinfo (pid: 15782 comm: syz.5.3103) [ 651.036560][T15805] Process accounting resumed [ 651.700048][T15825] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3118'. [ 651.731381][T15826] mmap: syz.1.3118 (15826): VmData 37863424 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 651.781737][T15825] IPv6: NLM_F_CREATE should be specified when creating new route [ 651.809783][T15828] Process accounting resumed [ 651.835249][T15828] kernel write not supported for file /cpuinfo (pid: 15828 comm: syz.2.3117) [ 651.934246][T15832] Process accounting resumed [ 652.624854][T15850] netlink: zone id is out of range [ 652.691612][T15850] netlink: set zone limit has 8 unknown bytes [ 652.907424][T15860] FAULT_INJECTION: forcing a failure. [ 652.907424][T15860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 652.938217][T15860] CPU: 0 UID: 0 PID: 15860 Comm: syz.5.3129 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 652.949166][T15860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 652.959266][T15860] Call Trace: [ 652.962588][T15860] [ 652.965583][T15860] dump_stack_lvl+0x16c/0x1f0 [ 652.970570][T15860] should_fail_ex+0x497/0x5b0 [ 652.975296][T15860] _copy_to_iter+0x29b/0x1400 [ 652.980025][T15860] ? trace_lock_acquire+0x14e/0x1f0 [ 652.985278][T15860] ? __pfx__copy_to_iter+0x10/0x10 [ 652.990446][T15860] ? __virt_addr_valid+0x1a4/0x590 [ 652.995616][T15860] ? __virt_addr_valid+0x5e/0x590 [ 653.000686][T15860] ? __phys_addr_symbol+0x30/0x80 [ 653.005755][T15860] ? __check_object_size+0x488/0x710 [ 653.011094][T15860] seq_read_iter+0xd00/0x12b0 [ 653.015824][T15860] proc_reg_read_iter+0x21d/0x310 [ 653.020896][T15860] vfs_read+0x87f/0xbe0 [ 653.025095][T15860] ? __pfx_vfs_read+0x10/0x10 [ 653.029838][T15860] ksys_read+0x12b/0x250 [ 653.034121][T15860] ? __pfx_ksys_read+0x10/0x10 [ 653.038951][T15860] do_syscall_64+0xcd/0x250 [ 653.043502][T15860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.049453][T15860] RIP: 0033:0x7fe74b985d29 [ 653.053902][T15860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.073560][T15860] RSP: 002b:00007fe74c739038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 653.082017][T15860] RAX: ffffffffffffffda RBX: 00007fe74bb75fa0 RCX: 00007fe74b985d29 [ 653.090027][T15860] RDX: 0000000080000000 RSI: 00000000200011c0 RDI: 0000000000000003 [ 653.098037][T15860] RBP: 00007fe74c739090 R08: 0000000000000000 R09: 0000000000000000 [ 653.106042][T15860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.114045][T15860] R13: 0000000000000000 R14: 00007fe74bb75fa0 R15: 00007ffebd34ff88 [ 653.122066][T15860] [ 653.564815][T15879] Process accounting resumed [ 653.775036][T15878] netlink: zone id is out of range [ 653.780407][T15878] netlink: zone id is out of range [ 653.799058][T15878] netlink: set zone limit has 8 unknown bytes [ 653.933423][T15885] random: crng reseeded on system resumption [ 654.956067][T15905] FAULT_INJECTION: forcing a failure. [ 654.956067][T15905] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 655.013463][T15905] CPU: 1 UID: 0 PID: 15905 Comm: syz.5.3143 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 655.024332][T15905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 655.034444][T15905] Call Trace: [ 655.037780][T15905] [ 655.040764][T15905] dump_stack_lvl+0x16c/0x1f0 [ 655.045516][T15905] should_fail_ex+0x497/0x5b0 [ 655.050277][T15905] _copy_to_user+0x32/0xd0 [ 655.054773][T15905] simple_read_from_buffer+0xd0/0x160 [ 655.060206][T15905] proc_fail_nth_read+0x198/0x270 [ 655.065288][T15905] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 655.070885][T15905] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 655.076479][T15905] vfs_read+0x1df/0xbe0 [ 655.080675][T15905] ? __fget_files+0x1fc/0x3a0 [ 655.085395][T15905] ? __pfx___mutex_lock+0x10/0x10 [ 655.090462][T15905] ? __pfx_vfs_read+0x10/0x10 [ 655.095182][T15905] ? __fget_files+0x206/0x3a0 [ 655.099917][T15905] ksys_read+0x12b/0x250 [ 655.104201][T15905] ? __pfx_ksys_read+0x10/0x10 [ 655.109045][T15905] do_syscall_64+0xcd/0x250 [ 655.113619][T15905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.119569][T15905] RIP: 0033:0x7fe74b98473c [ 655.124021][T15905] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 655.143684][T15905] RSP: 002b:00007fe74c739030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 655.152137][T15905] RAX: ffffffffffffffda RBX: 00007fe74bb75fa0 RCX: 00007fe74b98473c [ 655.160178][T15905] RDX: 000000000000000f RSI: 00007fe74c7390a0 RDI: 0000000000000004 [ 655.168189][T15905] RBP: 00007fe74c739090 R08: 0000000000000000 R09: 0000000000000000 [ 655.176193][T15905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 655.184194][T15905] R13: 0000000000000000 R14: 00007fe74bb75fa0 R15: 00007ffebd34ff88 [ 655.192241][T15905] [ 655.571440][T15911] nbd: must specify at least one socket [ 656.970175][T15962] netlink: zone id is out of range [ 656.976321][T15962] netlink: zone id is out of range [ 656.989508][T15962] netlink: set zone limit has 8 unknown bytes [ 657.730740][T15971] netlink: zone id is out of range [ 657.769169][T15971] netlink: set zone limit has 8 unknown bytes [ 657.852407][T15973] nbd: must specify at least one socket [ 660.039629][T16013] netlink: zone id is out of range [ 660.051640][T16013] netlink: zone id is out of range [ 660.089145][T16013] netlink: set zone limit has 8 unknown bytes [ 660.846057][T16028] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 660.866418][T16029] nbd: must specify at least one socket [ 661.378675][T16043] netlink: 'syz.1.3180': attribute type 4 has an invalid length. [ 661.454456][T16043] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3180'. [ 662.724362][T16069] netlink: zone id is out of range [ 662.758955][T16069] netlink: set zone limit has 8 unknown bytes [ 663.051012][T16083] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3191'. [ 663.920538][ T8636] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 663.946851][T16103] nbd: must specify at least one socket [ 664.239641][T16107] netlink: 'syz.2.3203': attribute type 4 has an invalid length. [ 664.269410][T16107] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3203'. [ 664.402910][T14790] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.443372][T16109] netlink: zone id is out of range [ 664.461933][T16109] netlink: set zone limit has 8 unknown bytes [ 664.506546][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 664.519589][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 664.528094][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 664.543195][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 664.552960][ T5842] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 664.564491][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 664.659082][T14790] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.792998][T16121] snd_aloop snd_aloop.0: control 5:-2147483647:1:IAªƒ>/Æ[k<÷ÎÇmgx¶U(!5ºœ+-Cî°ÜY¶:0 is already present [ 665.008153][T14790] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.175547][T16131] can: request_module (can-proto-0) failed. [ 665.305221][T14790] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.367937][T16113] chnl_net:caif_netlink_parms(): no params data found [ 665.768466][T16113] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.793675][T16113] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.818752][T16113] bridge_slave_0: entered allmulticast mode [ 665.839751][T16113] bridge_slave_0: entered promiscuous mode [ 665.861416][T16125] delete_channel: no stack [ 665.879107][T16113] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.886372][T16113] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.932198][T16113] bridge_slave_1: entered allmulticast mode [ 665.949357][T16113] bridge_slave_1: entered promiscuous mode [ 666.088732][T16113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 666.135159][T16113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 666.330577][T14790] bridge_slave_1: left allmulticast mode [ 666.350022][T14790] bridge_slave_1: left promiscuous mode [ 666.359217][T14790] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.389922][T14790] bridge_slave_0: left allmulticast mode [ 666.399108][T14790] bridge_slave_0: left promiscuous mode [ 666.424334][T14790] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.694426][ T5842] Bluetooth: hci2: command tx timeout [ 666.961859][T14790] erspan0 (unregistering): left allmulticast mode [ 667.550434][T14790] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 667.583136][T14790] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 667.624463][T14790] bond0 (unregistering): Released all slaves [ 667.728147][T16113] team0: Port device team_slave_0 added [ 667.754889][T16113] team0: Port device team_slave_1 added [ 668.020488][T16113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 668.054282][T16113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.136382][T16113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 668.152310][T16113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 668.160137][T16113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 668.187054][T16113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 668.461625][T16113] hsr_slave_0: entered promiscuous mode [ 668.510240][T16113] hsr_slave_1: entered promiscuous mode [ 668.535690][T16113] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 668.555009][T16113] Cannot create hsr debugfs directory [ 668.567439][T16197] nbd: must specify at least one socket [ 668.773185][ T5842] Bluetooth: hci2: command tx timeout [ 670.091690][T16113] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 670.218767][T16113] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 670.283339][T16113] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 670.343883][T16113] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 670.827208][T16113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 670.842634][ T5842] Bluetooth: hci2: command tx timeout [ 670.898525][T16257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3238'. [ 670.959425][T16113] 8021q: adding VLAN 0 to HW filter on device team0 [ 670.967619][T16240] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3234'. [ 671.321797][ T3506] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.328991][ T3506] bridge0: port 1(bridge_slave_0) entered forwarding state [ 671.425851][T14796] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.433082][T14796] bridge0: port 2(bridge_slave_1) entered forwarding state [ 671.471471][T16264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3238'. [ 672.341636][T16288] netlink: zone id is out of range [ 672.418520][T16288] netlink: set zone limit has 8 unknown bytes [ 672.506327][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 672.903307][T16113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.906190][ T5844] Bluetooth: hci2: command tx timeout [ 673.202794][T16326] netlink: 'syz.2.3246': attribute type 1 has an invalid length. [ 673.220283][T16326] nbd: error processing sock list [ 673.281445][T16326] netlink: 218 bytes leftover after parsing attributes in process `syz.2.3246'. [ 673.475707][T16326] ati: renamed from gre0 (while UP) [ 673.509578][T16326] netlink: 218 bytes leftover after parsing attributes in process `syz.2.3246'. [ 673.853212][T14790] hsr_slave_0: left promiscuous mode [ 673.861074][T14790] hsr_slave_1: left promiscuous mode [ 673.963066][T14790] veth1_macvtap: left promiscuous mode [ 673.986977][T14790] veth0_macvtap: left promiscuous mode [ 674.017707][T14790] veth1_vlan: left promiscuous mode [ 674.023374][T14790] veth0_vlan: left promiscuous mode [ 675.502050][T16395] netlink: zone id is out of range [ 675.531818][T16395] netlink: set zone limit has 8 unknown bytes [ 675.798067][T14790] team0 (unregistering): Port device team_slave_1 removed [ 675.924655][T14790] team0 (unregistering): Port device team_slave_0 removed [ 676.928059][T16113] veth0_vlan: entered promiscuous mode [ 677.036872][T16113] veth1_vlan: entered promiscuous mode [ 677.074205][T16113] veth0_macvtap: entered promiscuous mode [ 677.148705][T16113] veth1_macvtap: entered promiscuous mode [ 677.239907][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.259168][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.269714][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.280820][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.290735][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.308675][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.321970][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.333264][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.343565][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.354432][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.364829][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 677.375636][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.391030][T16113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 677.401470][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.412104][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.422240][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.433971][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.444698][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.455622][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.465573][T16113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 677.476097][T16113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 677.487160][T16113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 677.498898][T16113] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.508503][T16113] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.517282][T16113] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.526222][T16113] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 677.708082][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 677.725785][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 677.773406][ T3506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 677.809848][ T3506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 678.596656][T16426] nbd: must specify at least one socket [ 678.974361][T16440] nbd: must specify at least one socket syzkaller syzkaller login: [ 680.331611][T16475] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 680.880339][T16482] nbd: must specify at least one socket [ 682.512745][T16546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3291'. [ 682.613579][T16552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3291'. [ 683.029994][T16560] nbd: must specify at least one socket [ 683.933347][T16578] nbd: must specify at least one socket [ 684.158497][T16433] kexec: Could not allocate control_code_buffer [ 684.669022][T16595] sysfs_service_op_store: Client not running :-5: [ 685.454172][T16602] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3301'. [ 686.328061][T16620] HfR: entered promiscuous mode [ 686.437107][T16620] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3306'. [ 686.550184][T16620] HfR: left promiscuous mode [ 686.917861][T16634] netlink: 85 bytes leftover after parsing attributes in process `syz.2.3310'. [ 687.878891][T16652] nbd: must specify at least one socket [ 689.060053][T16673] Process accounting resumed [ 689.814489][T16685] Process accounting resumed [ 690.821002][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.827407][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.420468][T16733] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3334'. [ 692.828255][T16733] hsr_slave_1 (unregistering): left promiscuous mode [ 693.113146][T16752] netlink: 'syz.1.3340': attribute type 3 has an invalid length. syzkaller syzkaller login: [ 693.755954][T16751] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 695.648920][T16729] kexec: Could not allocate control_code_buffer [ 696.171090][T16808] syz.5.3353(16808): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 696.935623][T16821] netlink: zone id is out of range [ 696.963566][T16821] netlink: set zone limit has 8 unknown bytes [ 697.512238][T16834] Process accounting resumed [ 699.194703][T16853] Invalid ELF header magic: != ELF [ 699.433628][T16855] netlink: 'syz.2.3367': attribute type 4 has an invalid length. [ 699.454130][T16855] netlink: 'syz.2.3367': attribute type 4 has an invalid length. [ 700.402255][T16875] openvswitch: netlink: Key type 29 is not supported [ 700.782515][T16876] Process accounting resumed [ 701.561287][T16889] nbd: must specify at least one socket [ 704.123018][T16906] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 704.227247][T16906] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 704.256382][T16906] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 704.402841][T16906] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 704.457682][T16906] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 704.629834][ T5844] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 704.656431][T16941] Process accounting resumed [ 704.800604][T16906] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 704.853919][T16906] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 704.887979][T16928] [U] H)r”5¡tA9Õ-‰qR#@þI É\xûr7’鸎ԃZ:»Ûéí9nj2o@ðRänl[Õ;˜YÀMÔÇÓ[‘¨µ…[?IXÔœN„ð"¥wô0ù“ÎZöÍGhዸO“¨¿~¥„ÿÕ„ê¾Ç›D¼´Át‰þÕb»*M]¤¹%98?S»g 9Ñ&UM¦xÅLõHqˆ>ÍvÌ+Ï(o­C±N>ºœNõÚ㨚5¬ë [ 704.928136][T16928] [U] 5Pýª¬ô*÷ÀPËûýí]´ ³t,³办ÒT)ܪ†üžp'?p Cs£½:Ù¤®¨¹SÎãc!êÔFE.¨Pw죰0y¼ê;ªÁ\wÙAè÷ur¿Ií¶ [ 704.979589][T16906] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 704.999200][T16928] [U] 6lÎÆ[DG¨G˜„?©ð[]³"УÇ5_tÍKJ•Ù [ 705.074971][T16928] [U] êH“¶ [ 705.078190][T16928] [U] væ Š!Q[ܯ»ÏQ…0`ç_£Âêê5[ËMÕÓK´¼ tC&˜Þ*_eAÈTPéâ‰æƒ È£Ÿõv2[Òm憥þ6ˆÆ¯úO“¤¸F1rÄIq(üØ'´œY™©^ÈnÑÛG$oÿO×ØòÞC'ÌáXà%Šñp‡ gQ Ûí¶ÑY½éM’ [ 705.093381][T16928] [U] C´~˜I’½›r¨}7ГYD0d&t.èëuvn8Ƹ²ØÖû¤Ul²*ÆrêŽðH…ögK¤ÍœÁ_À¡$‚/Úh˜2À‘ætb‚RšGi®Ô¬Ç‡;ít=¯w`Ý/ˆHŸU$”˜ŒÖyeYÅ'°©„ü]4;B·(…SZeå‹I+;KN#s>o [ 705.108378][T16928] [U] ù,Êg{•]Ã\„§BN>Àí딆å/3ÌQa›ƒN…`pf é;ÔPV‡ÿ•çM&Hµþn‹bKæXºRÙRaC#DR"*:©®ýs²Îô*²˜9Òå;vV~x [ 705.134099][T16928] [U] +±Öþ‘Zz‘°<éêÈÛ½=T¶ˆEj{‡r"75 [ 705.139794][T16928] [U] ?ÇŸ@c0¸ª!%BÌžeeÙŒ`„#â!ø±vé]¼ÊlÓ¯ªçFéã/¬ [ 705.146578][T16928] [U] Å >H:$”›Óà¥@ñäˆkg–þ‰²eœ§cëÈßIæáÁOøijImÖÛ¤ÿ[¥Ã+ [ 705.216377][T16928] [U] B—¯ÉUû¦¿o—ûÂQ~ÃÂ#À?¼ÀtÎ~äGa´.È{!c©™"ò€N2‰Î´(bølDP4ÂKOÆýÈ|nŠ6”p S©¡‚«²Ýš¢|¤žL¢$ð0,b©ˆ*ù­Œ-êE+Îœ‹ (})bÏÍL— –‚º§ˆ¤ø°G—Y¦5 [ 705.237337][T16928] [U] FI†hÃ<èÞÌ0Z®ÄJÃ@O [ 705.246526][T16928] [U] – f’n‰ý$9¼Ì dÿ[ä¬Ôã2 [ 705.255858][T16928] [U] TœJw× Õ(qMZJ+<ê‹/[½9ÆÉ綴´'xuÛžßkµqß%ÞJcBªoŠ%¹7¡mÉy怗‰³G [ 705.264833][T16928] [U] ¤ óE9dPhùLŠ¢pËQu!µ{« q.¡l>ÁC¢ T*]!j½<‹Clw'Fù%äÑ$\ųǧDÁý;¼ÀyG´‹ý2¯î;^©ß‰½ië”PW6@ÏpµÀ‹°Ò!6XqgƒÑôóÆ\®rhˆn2ÄŸ¦g‘ç~Go·µÂëŠËs¾à¹Í¤«©ctäT›î}Î€Ê [ 705.282486][T16928] [U] Ü·Æ\ý„wžnŽ;¬sÙÝÜÏÒ(¢·ß¿š/Ê Ú×I%â”%xmfÃY©†Ø}ûI½‘5fî߉‹½}Zà£2ÕÐØÕ‰t?£Í®}i¨¹‚Ïð¦Î–²¸œ³HcõKzìéO€YbG1ʬN„ìyc –ƈ1Ftx¹nÁ©žÎ`ãÆîû~Åü°>'5 ¦P2³AËLÁò맹ª©˜n•n ÓÀ„Ò€*¯úr'AƒõpŽNPjÁf|h–%¤U( [ 705.331881][T16928] [U] ü­à(7¥mY áqÞUb¢²|=oÔ…Æz”ª“ÿˆ˜èZo#%bAdÁðZGÓÌÁ2>~ÓW}½À‡/Z]Ò VÃmÞ›ñ%¢$ã'ú~Ýüw­PºË [ 705.343033][T16928] [U] [ 705.345805][T16928] [U] [ 705.348574][T16928] [U] [ 705.418770][T16928] [U] [ 705.421604][T16928] [U] [ 705.424374][T16928] [U] [ 705.427171][T16928] [U] [ 705.442194][T16928] [U] [ 705.445012][T16928] [U] [ 705.447778][T16928] [U] [ 705.450538][T16928] [U] [ 705.487885][T16928] [U] [ 705.490691][T16928] [U] [ 705.493459][T16928] [U] [ 705.496228][T16928] [U] [ 705.512312][T16928] [U] [ 705.515115][T16928] [U] [ 705.517875][T16928] [U] [ 705.520806][T16928] [U] [ 705.552080][T16928] [U] [ 705.554888][T16928] [U] [ 705.557666][T16928] [U] [ 705.560432][T16928] [U] [ 705.574828][T16928] [U] [ 705.577689][T16928] [U] [ 705.580487][T16928] [U] [ 705.583265][T16928] [U] [ 705.653373][T16928] [U] [ 705.656200][T16928] [U] [ 705.658957][T16928] [U] [ 705.661724][T16928] [U] [ 705.731372][T16928] [U] [ 705.734207][T16928] [U] [ 705.737017][T16928] [U] [ 705.739783][T16928] [U] [ 705.841194][T16928] [U] [ 705.844002][T16928] [U] [ 705.846770][T16928] [U] [ 705.849530][T16928] [U] [ 705.925860][T16928] [U] [ 706.009531][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 706.248486][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 706.422968][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 706.458111][T16966] netlink: zone id is out of range [ 706.528196][T16966] netlink: set zone limit has 8 unknown bytes [ 706.805419][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 707.051429][T16978] nbd: must specify at least one socket [ 707.598242][T16982] nbd: must specify at least one socket [ 708.338410][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 708.498868][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 708.644384][T17000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3396'. [ 708.874705][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 710.666665][T17020] nbd: must specify at least one socket [ 710.944287][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 713.321054][T17076] nbd: must specify at least one socket [ 713.658621][T17088] FAULT_INJECTION: forcing a failure. [ 713.658621][T17088] name failslab, interval 1, probability 0, space 0, times 0 [ 713.691925][T17088] CPU: 0 UID: 0 PID: 17088 Comm: syz.1.3420 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 713.703050][T17088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 713.713176][T17088] Call Trace: [ 713.716527][T17088] [ 713.719539][T17088] dump_stack_lvl+0x16c/0x1f0 [ 713.724291][T17088] should_fail_ex+0x497/0x5b0 [ 713.729038][T17088] ? fs_reclaim_acquire+0xae/0x150 [ 713.734226][T17088] should_failslab+0xc2/0x120 [ 713.738980][T17088] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 713.744856][T17088] ? __alloc_skb+0x2b3/0x380 [ 713.749540][T17088] __alloc_skb+0x2b3/0x380 [ 713.754076][T17088] ? __pfx___alloc_skb+0x10/0x10 [ 713.759090][T17088] ? __pfx___lock_acquire+0x10/0x10 [ 713.764351][T17088] ? hlock_class+0x4e/0x130 [ 713.768915][T17088] alloc_skb_with_frags+0xe4/0x850 [ 713.774100][T17088] ? hlock_class+0x4e/0x130 [ 713.778644][T17088] ? mark_lock+0xb5/0xc60 [ 713.783029][T17088] sock_alloc_send_pskb+0x7f1/0x980 [ 713.788283][T17088] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 713.794051][T17088] ? hlock_class+0x4e/0x130 [ 713.798600][T17088] ? __lock_acquire+0xcc5/0x3c40 [ 713.803590][T17088] tun_get_user+0xd3b/0x3e40 [ 713.808254][T17088] ? __pfx_tun_get_user+0x10/0x10 [ 713.813364][T17088] ? find_held_lock+0x2d/0x110 [ 713.818184][T17088] ? __pfx_lock_release+0x10/0x10 [ 713.823272][T17088] tun_chr_write_iter+0xdc/0x210 [ 713.828258][T17088] vfs_write+0x5ae/0x1150 [ 713.832626][T17088] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 713.838216][T17088] ? __pfx_lock_release+0x10/0x10 [ 713.843273][T17088] ? __pfx_vfs_write+0x10/0x10 [ 713.848079][T17088] ? lock_acquire+0x2f/0xb0 [ 713.852613][T17088] ? __fget_files+0x40/0x3a0 [ 713.857371][T17088] __x64_sys_pwrite64+0x1f6/0x250 [ 713.862457][T17088] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 713.868044][T17088] ? do_user_addr_fault+0x83d/0x13f0 [ 713.873370][T17088] do_syscall_64+0xcd/0x250 [ 713.877925][T17088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.883884][T17088] RIP: 0033:0x7f6b1d585d29 [ 713.888329][T17088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 713.908020][T17088] RSP: 002b:00007f6b1e434038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 713.916474][T17088] RAX: ffffffffffffffda RBX: 00007f6b1d775fa0 RCX: 00007f6b1d585d29 [ 713.924497][T17088] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 713.932506][T17088] RBP: 00007f6b1e434090 R08: 0000000000000000 R09: 0000000000000000 [ 713.940507][T17088] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 713.948516][T17088] R13: 0000000000000001 R14: 00007f6b1d775fa0 R15: 00007fff04b54948 [ 713.956534][T17088] [ 715.495285][T17108] Process accounting resumed [ 715.643546][T17104] nbd: must specify at least one socket [ 716.013600][T17127] netlink: zone id is out of range [ 716.038927][T17127] netlink: set zone limit has 8 unknown bytes [ 716.808283][T17146] Process accounting resumed [ 717.179329][T17122] Process accounting resumed [ 718.177158][T17158] Process accounting resumed [ 718.673141][T17190] Process accounting resumed [ 718.864496][T17197] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3456'. [ 718.913597][T17197] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3456'. [ 720.069967][T17223] nbd: must specify at least one socket [ 720.290869][T17213] warning: `syz.4.3450' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 721.230955][T17248] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3459'. [ 721.289812][T17246] Invalid ELF header magic: != ELF [ 721.519556][T17246] Invalid ELF header magic: != ELF [ 721.569531][T17246] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3459'. [ 721.680166][T17248] Invalid ELF header magic: != ELF [ 721.695222][T17249] Invalid ELF header magic: != ELF [ 722.366235][T17258] nbd: must specify at least one socket [ 722.855004][T17274] Process accounting resumed [ 723.151674][T17287] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3467'. [ 724.396628][T17293] Process accounting resumed [ 724.536592][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 724.550371][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 724.560674][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 724.570328][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 724.578494][ T5842] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 724.586288][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 724.820270][T14682] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 725.282447][T17331] FAULT_INJECTION: forcing a failure. [ 725.282447][T17331] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 725.323558][T17331] CPU: 0 UID: 0 PID: 17331 Comm: syz.2.3475 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 725.334422][T17331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 725.344539][T17331] Call Trace: [ 725.347857][T17331] [ 725.350892][T17331] dump_stack_lvl+0x16c/0x1f0 [ 725.355634][T17331] should_fail_ex+0x497/0x5b0 [ 725.360404][T17331] ? fs_reclaim_acquire+0xae/0x150 [ 725.365595][T17331] should_fail_alloc_page+0xe7/0x130 [ 725.370958][T17314] nbd: must specify at least one socket [ 725.370963][T17331] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 725.382727][T17331] __alloc_pages_noprof+0x190/0x25b0 [ 725.388100][T17331] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 725.393910][T17331] ? rcu_is_watching+0x12/0xc0 [ 725.398739][T17331] ? trace_kmalloc+0x2d/0xd0 [ 725.403382][T17331] ? __kmalloc_node_track_caller_noprof+0x23b/0x520 [ 725.410030][T17331] ? rcu_watching_snap_stopped_since+0xf1/0x110 [ 725.416314][T17331] ? __alloc_skb+0x164/0x380 [ 725.421120][T17331] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 725.427056][T17331] ? policy_nodemask+0xea/0x4e0 [ 725.431954][T17331] alloc_pages_mpol_noprof+0x2c9/0x610 [ 725.437468][T17331] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 725.443497][T17331] ? __pfx___lock_acquire+0x10/0x10 [ 725.448732][T17331] ? hlock_class+0x4e/0x130 [ 725.453277][T17331] alloc_skb_with_frags+0x24b/0x850 [ 725.458516][T17331] sock_alloc_send_pskb+0x7f1/0x980 [ 725.463764][T17331] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 725.469529][T17331] ? hlock_class+0x4e/0x130 [ 725.474071][T17331] ? __lock_acquire+0xcc5/0x3c40 [ 725.479045][T17331] tun_get_user+0xd3b/0x3e40 [ 725.483690][T17331] ? __pfx_tun_get_user+0x10/0x10 [ 725.488753][T17331] ? find_held_lock+0x2d/0x110 [ 725.493571][T17331] ? __pfx_lock_release+0x10/0x10 [ 725.498640][T17331] tun_chr_write_iter+0xdc/0x210 [ 725.503629][T17331] vfs_write+0x5ae/0x1150 [ 725.508089][T17331] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 725.513698][T17331] ? __pfx_lock_release+0x10/0x10 [ 725.518758][T17331] ? __pfx_vfs_write+0x10/0x10 [ 725.523561][T17331] ? lock_acquire+0x2f/0xb0 [ 725.528118][T17331] ? __fget_files+0x40/0x3a0 [ 725.532759][T17331] __x64_sys_pwrite64+0x1f6/0x250 [ 725.537827][T17331] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 725.543417][T17331] ? do_user_addr_fault+0x83d/0x13f0 [ 725.548739][T17331] do_syscall_64+0xcd/0x250 [ 725.553287][T17331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.559231][T17331] RIP: 0033:0x7f2496985d29 [ 725.563672][T17331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 725.583312][T17331] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 725.591848][T17331] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 725.599849][T17331] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 725.607856][T17331] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 725.615966][T17331] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 725.623963][T17331] R13: 0000000000000001 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 725.631978][T17331] [ 725.859754][T15422] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.939478][T17312] chnl_net:caif_netlink_parms(): no params data found [ 726.057861][T15422] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.218361][T15422] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.391745][T15422] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.632380][ T5842] Bluetooth: hci3: command tx timeout [ 726.645606][T17312] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.673568][T17312] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.681257][T17312] bridge_slave_0: entered allmulticast mode [ 726.689689][T17312] bridge_slave_0: entered promiscuous mode [ 726.712364][T17312] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.727297][T17312] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.745066][T17312] bridge_slave_1: entered allmulticast mode [ 726.767534][T17312] bridge_slave_1: entered promiscuous mode [ 726.919764][T17312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.964105][T17312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.095957][T15422] veth1_to_hsr: left allmulticast mode [ 727.116132][T15422] veth1_to_hsr: left promiscuous mode [ 727.134792][T15422] bridge0: port 3(veth1_to_hsr) entered disabled state [ 727.160905][T15422] bridge_slave_1: left allmulticast mode [ 727.175018][T15422] bridge_slave_1: left promiscuous mode [ 727.181875][T15422] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.196472][T15422] bridge_slave_0: left allmulticast mode [ 727.228571][T15422] bridge_slave_0: left promiscuous mode [ 727.238662][T15422] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.378770][T17373] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3483'. [ 727.463191][T17376] FAULT_INJECTION: forcing a failure. [ 727.463191][T17376] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 727.489100][T17376] CPU: 0 UID: 0 PID: 17376 Comm: syz.2.3485 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 727.499966][T17376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 727.510104][T17376] Call Trace: [ 727.513444][T17376] [ 727.516428][T17376] dump_stack_lvl+0x16c/0x1f0 [ 727.521176][T17376] should_fail_ex+0x497/0x5b0 [ 727.526019][T17376] _copy_from_iter+0x29b/0x1400 [ 727.530996][T17376] ? trace_lock_acquire+0x14e/0x1f0 [ 727.536286][T17376] ? __pfx__copy_from_iter+0x10/0x10 [ 727.541647][T17376] ? __virt_addr_valid+0x1a4/0x590 [ 727.546837][T17376] ? __virt_addr_valid+0x5e/0x590 [ 727.551930][T17376] ? __phys_addr_symbol+0x30/0x80 [ 727.557042][T17376] ? __check_object_size+0x488/0x710 [ 727.562420][T17376] skb_copy_datagram_from_iter+0x124/0x710 [ 727.568304][T17376] ? hlock_class+0x4e/0x130 [ 727.572883][T17376] ? __lock_acquire+0xcc5/0x3c40 [ 727.577893][T17376] tun_get_user+0x197f/0x3e40 [ 727.582661][T17376] ? __pfx_tun_get_user+0x10/0x10 [ 727.587771][T17376] ? find_held_lock+0x2d/0x110 [ 727.592596][T17376] ? __pfx_lock_release+0x10/0x10 [ 727.597704][T17376] tun_chr_write_iter+0xdc/0x210 [ 727.602724][T17376] vfs_write+0x5ae/0x1150 [ 727.607114][T17376] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 727.612728][T17376] ? __pfx_lock_release+0x10/0x10 [ 727.617808][T17376] ? __pfx_vfs_write+0x10/0x10 [ 727.622640][T17376] ? lock_acquire+0x2f/0xb0 [ 727.627204][T17376] ? __fget_files+0x40/0x3a0 [ 727.631884][T17376] __x64_sys_pwrite64+0x1f6/0x250 [ 727.636988][T17376] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 727.642625][T17376] ? do_user_addr_fault+0x83d/0x13f0 [ 727.647988][T17376] do_syscall_64+0xcd/0x250 [ 727.652681][T17376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.658658][T17376] RIP: 0033:0x7f2496985d29 [ 727.663130][T17376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 727.682857][T17376] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 727.693795][T17376] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 727.693826][T17376] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 727.693849][T17376] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 727.693871][T17376] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 727.693891][T17376] R13: 0000000000000001 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 727.693933][T17376] [ 727.921327][T15422] erspan0 (unregistering): left allmulticast mode [ 728.225937][T17386] netlink: zone id is out of range [ 728.263752][T17386] netlink: set zone limit has 8 unknown bytes [ 728.479672][T17392] Process accounting resumed [ 728.638735][T17396] Process accounting resumed [ 728.684263][T15422] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 728.694067][ T5842] Bluetooth: hci3: command tx timeout [ 728.718196][T15422] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 728.733636][T15422] bond0 (unregistering): Released all slaves [ 728.821098][T17312] team0: Port device team_slave_0 added [ 728.845468][T15422] HfR: left promiscuous mode [ 728.941560][T17312] team0: Port device team_slave_1 added [ 729.311030][T15422] HSR: left promiscuous mode [ 729.342939][T17312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 729.376901][T17312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 729.455805][T17312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 729.512649][T17312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 729.542467][T17419] FAULT_INJECTION: forcing a failure. [ 729.542467][T17419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 729.554522][T17312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 729.586011][T17312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 729.606710][T17419] CPU: 1 UID: 0 PID: 17419 Comm: syz.2.3494 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 729.617567][T17419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 729.627683][T17419] Call Trace: [ 729.631006][T17419] [ 729.633975][T17419] dump_stack_lvl+0x16c/0x1f0 [ 729.638721][T17419] should_fail_ex+0x497/0x5b0 [ 729.643472][T17419] _copy_from_iter+0x29b/0x1400 [ 729.648495][T17419] ? _copy_from_iter+0x159/0x1400 [ 729.653590][T17419] ? __pfx__copy_from_iter+0x10/0x10 [ 729.658950][T17419] ? __pfx__copy_from_iter+0x10/0x10 [ 729.664303][T17419] ? __virt_addr_valid+0x1a4/0x590 [ 729.669493][T17419] copy_page_from_iter+0xa5/0x120 [ 729.674591][T17419] skb_copy_datagram_from_iter+0x29b/0x710 [ 729.680477][T17419] tun_get_user+0x197f/0x3e40 [ 729.685248][T17419] ? __pfx_tun_get_user+0x10/0x10 [ 729.690344][T17419] ? find_held_lock+0x2d/0x110 [ 729.695180][T17419] ? __pfx_lock_release+0x10/0x10 [ 729.700291][T17419] tun_chr_write_iter+0xdc/0x210 [ 729.705309][T17419] vfs_write+0x5ae/0x1150 [ 729.709709][T17419] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 729.715327][T17419] ? __pfx_lock_release+0x10/0x10 [ 729.720406][T17419] ? __pfx_vfs_write+0x10/0x10 [ 729.725243][T17419] ? lock_acquire+0x2f/0xb0 [ 729.729803][T17419] ? __fget_files+0x40/0x3a0 [ 729.734471][T17419] __x64_sys_pwrite64+0x1f6/0x250 [ 729.739564][T17419] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 729.745177][T17419] ? do_user_addr_fault+0x83d/0x13f0 [ 729.750549][T17419] do_syscall_64+0xcd/0x250 [ 729.755129][T17419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.761099][T17419] RIP: 0033:0x7f2496985d29 [ 729.765569][T17419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.785244][T17419] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 729.793815][T17419] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 729.801845][T17419] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 729.809877][T17419] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 729.817906][T17419] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 729.826022][T17419] R13: 0000000000000001 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 729.834118][T17419] [ 730.147161][T17430] Process accounting resumed [ 730.267593][T17312] hsr_slave_0: entered promiscuous mode [ 730.292073][T17312] hsr_slave_1: entered promiscuous mode [ 730.308340][T17312] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 730.332983][T17312] Cannot create hsr debugfs directory [ 730.514438][T17450] Process accounting resumed [ 730.763834][ T5842] Bluetooth: hci3: command tx timeout [ 731.782492][T17496] Process accounting resumed [ 731.867554][T17488] netlink: zone id is out of range [ 731.926341][T17488] netlink: set zone limit has 8 unknown bytes [ 732.035891][T17480] delete_channel: no stack [ 732.206896][T17507] FAULT_INJECTION: forcing a failure. [ 732.206896][T17507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 732.345452][T17507] CPU: 0 UID: 0 PID: 17507 Comm: syz.1.3509 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 732.356318][T17507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 732.366433][T17507] Call Trace: [ 732.369763][T17507] [ 732.372830][T17507] dump_stack_lvl+0x16c/0x1f0 [ 732.377589][T17507] should_fail_ex+0x497/0x5b0 [ 732.382342][T17507] _copy_from_iter+0x29b/0x1400 [ 732.387275][T17507] ? _copy_from_iter+0x159/0x1400 [ 732.392385][T17507] ? __pfx__copy_from_iter+0x10/0x10 [ 732.397746][T17507] ? __pfx__copy_from_iter+0x10/0x10 [ 732.403108][T17507] ? __virt_addr_valid+0x1a4/0x590 [ 732.408306][T17507] copy_page_from_iter+0xa5/0x120 [ 732.413500][T17507] skb_copy_datagram_from_iter+0x29b/0x710 [ 732.419394][T17507] tun_get_user+0x197f/0x3e40 [ 732.424166][T17507] ? __pfx_tun_get_user+0x10/0x10 [ 732.429259][T17507] ? find_held_lock+0x2d/0x110 [ 732.434103][T17507] ? __pfx_lock_release+0x10/0x10 [ 732.439204][T17507] tun_chr_write_iter+0xdc/0x210 [ 732.444216][T17507] vfs_write+0x5ae/0x1150 [ 732.448613][T17507] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 732.454234][T17507] ? __pfx_lock_release+0x10/0x10 [ 732.459319][T17507] ? __pfx_vfs_write+0x10/0x10 [ 732.464152][T17507] ? lock_acquire+0x2f/0xb0 [ 732.468710][T17507] ? __fget_files+0x40/0x3a0 [ 732.473388][T17507] __x64_sys_pwrite64+0x1f6/0x250 [ 732.478496][T17507] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 732.484112][T17507] ? do_user_addr_fault+0x83d/0x13f0 [ 732.489477][T17507] do_syscall_64+0xcd/0x250 [ 732.494057][T17507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.500035][T17507] RIP: 0033:0x7f6b1d585d29 [ 732.504508][T17507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.524357][T17507] RSP: 002b:00007f6b1e434038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 732.532847][T17507] RAX: ffffffffffffffda RBX: 00007f6b1d775fa0 RCX: 00007f6b1d585d29 [ 732.541070][T17507] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 732.549103][T17507] RBP: 00007f6b1e434090 R08: 0000000000000000 R09: 0000000000000000 [ 732.557144][T17507] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 732.565168][T17507] R13: 0000000000000001 R14: 00007f6b1d775fa0 R15: 00007fff04b54948 [ 732.573215][T17507] [ 732.810101][T17510] nbd: must specify at least one socket [ 732.831507][ T5842] Bluetooth: hci3: command tx timeout [ 732.863521][T15422] hsr_slave_0: left promiscuous mode [ 732.999163][T15422] hsr_slave_1: left promiscuous mode [ 733.121840][T15422] veth1_macvtap: left promiscuous mode [ 733.148410][T15422] veth0_macvtap: left promiscuous mode [ 733.156770][T15422] veth1_vlan: left promiscuous mode [ 733.157644][T15422] veth0_vlan: left promiscuous mode [ 733.872078][T17546] FAULT_INJECTION: forcing a failure. [ 733.872078][T17546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 733.905706][T17546] CPU: 1 UID: 0 PID: 17546 Comm: syz.1.3522 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 733.916569][T17546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 733.926682][T17546] Call Trace: [ 733.930006][T17546] [ 733.932989][T17546] dump_stack_lvl+0x16c/0x1f0 [ 733.937741][T17546] should_fail_ex+0x497/0x5b0 [ 733.942494][T17546] _copy_from_iter+0x29b/0x1400 [ 733.947428][T17546] ? _copy_from_iter+0x159/0x1400 [ 733.952529][T17546] ? __pfx__copy_from_iter+0x10/0x10 [ 733.957904][T17546] ? __pfx__copy_from_iter+0x10/0x10 [ 733.963261][T17546] ? __virt_addr_valid+0x1a4/0x590 [ 733.968471][T17546] copy_page_from_iter+0xa5/0x120 [ 733.973569][T17546] skb_copy_datagram_from_iter+0x29b/0x710 [ 733.979453][T17546] tun_get_user+0x197f/0x3e40 [ 733.984231][T17546] ? __pfx_tun_get_user+0x10/0x10 [ 733.989328][T17546] ? find_held_lock+0x2d/0x110 [ 733.994275][T17546] ? __pfx_lock_release+0x10/0x10 [ 733.999378][T17546] tun_chr_write_iter+0xdc/0x210 [ 734.004393][T17546] vfs_write+0x5ae/0x1150 [ 734.008789][T17546] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 734.014413][T17546] ? __pfx_lock_release+0x10/0x10 [ 734.019491][T17546] ? __pfx_vfs_write+0x10/0x10 [ 734.024342][T17546] ? lock_acquire+0x2f/0xb0 [ 734.028901][T17546] ? __fget_files+0x40/0x3a0 [ 734.033568][T17546] __x64_sys_pwrite64+0x1f6/0x250 [ 734.038663][T17546] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 734.044280][T17546] ? do_user_addr_fault+0x83d/0x13f0 [ 734.049630][T17546] do_syscall_64+0xcd/0x250 [ 734.054209][T17546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.060178][T17546] RIP: 0033:0x7f6b1d585d29 [ 734.064648][T17546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 734.084492][T17546] RSP: 002b:00007f6b1e434038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 734.092977][T17546] RAX: ffffffffffffffda RBX: 00007f6b1d775fa0 RCX: 00007f6b1d585d29 [ 734.101012][T17546] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 734.109043][T17546] RBP: 00007f6b1e434090 R08: 0000000000000000 R09: 0000000000000000 [ 734.117085][T17546] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 734.125105][T17546] R13: 0000000000000001 R14: 00007f6b1d775fa0 R15: 00007fff04b54948 [ 734.133152][T17546] [ 734.441790][T17555] Process accounting resumed [ 735.026714][T17572] kAFS: No cell specified [ 735.148487][T15422] team0 (unregistering): Port device team_slave_1 removed [ 735.248313][T15422] team0 (unregistering): Port device team_slave_0 removed [ 736.070008][T17586] Process accounting resumed [ 736.159973][T17591] FAULT_INJECTION: forcing a failure. [ 736.159973][T17591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 736.201700][T17591] CPU: 1 UID: 0 PID: 17591 Comm: syz.1.3536 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 736.212569][T17591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 736.222680][T17591] Call Trace: [ 736.225998][T17591] [ 736.228963][T17591] dump_stack_lvl+0x16c/0x1f0 [ 736.233798][T17591] should_fail_ex+0x497/0x5b0 [ 736.238556][T17591] _copy_from_iter+0x29b/0x1400 [ 736.243495][T17591] ? _copy_from_iter+0x159/0x1400 [ 736.248608][T17591] ? __pfx__copy_from_iter+0x10/0x10 [ 736.254064][T17591] ? __pfx__copy_from_iter+0x10/0x10 [ 736.259440][T17591] ? __virt_addr_valid+0x1a4/0x590 [ 736.264634][T17591] copy_page_from_iter+0xa5/0x120 [ 736.269729][T17591] skb_copy_datagram_from_iter+0x29b/0x710 [ 736.275619][T17591] tun_get_user+0x197f/0x3e40 [ 736.280379][T17591] ? __pfx_tun_get_user+0x10/0x10 [ 736.285464][T17591] ? find_held_lock+0x2d/0x110 [ 736.290302][T17591] ? __pfx_lock_release+0x10/0x10 [ 736.295401][T17591] tun_chr_write_iter+0xdc/0x210 [ 736.300409][T17591] vfs_write+0x5ae/0x1150 [ 736.304810][T17591] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 736.310435][T17591] ? __pfx_lock_release+0x10/0x10 [ 736.315528][T17591] ? __pfx_vfs_write+0x10/0x10 [ 736.320355][T17591] ? lock_acquire+0x2f/0xb0 [ 736.324894][T17591] ? __fget_files+0x40/0x3a0 [ 736.329535][T17591] __x64_sys_pwrite64+0x1f6/0x250 [ 736.334600][T17591] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 736.340185][T17591] ? do_user_addr_fault+0x83d/0x13f0 [ 736.345509][T17591] do_syscall_64+0xcd/0x250 [ 736.350052][T17591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.355987][T17591] RIP: 0033:0x7f6b1d585d29 [ 736.360425][T17591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.380156][T17591] RSP: 002b:00007f6b1e434038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 736.388646][T17591] RAX: ffffffffffffffda RBX: 00007f6b1d775fa0 RCX: 00007f6b1d585d29 [ 736.396657][T17591] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 736.404658][T17591] RBP: 00007f6b1e434090 R08: 0000000000000000 R09: 0000000000000000 [ 736.412657][T17591] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 736.421093][T17591] R13: 0000000000000001 R14: 00007f6b1d775fa0 R15: 00007fff04b54948 [ 736.429115][T17591] [ 736.725902][T17599] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3539'. [ 736.986349][T17600] Process accounting resumed [ 737.164331][T17570] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3530'. [ 737.244469][T17312] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 737.335886][T17312] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 737.646787][T17312] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 737.740880][T17312] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 737.874280][T17312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.893902][T17312] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.906568][T14796] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.913755][T14796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.939245][T14792] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.946486][T14792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.002324][T17629] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3544'. [ 738.050923][T17629] netlink: 274 bytes leftover after parsing attributes in process `syz.1.3544'. [ 738.206845][T17312] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 738.520544][T17642] Process accounting resumed [ 738.550925][T17648] Process accounting resumed [ 739.047773][T17661] Process accounting resumed [ 739.092299][T17312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.842259][T17312] veth0_vlan: entered promiscuous mode [ 739.880736][T17312] veth1_vlan: entered promiscuous mode [ 739.906824][T17312] veth0_macvtap: entered promiscuous mode [ 739.916172][T17312] veth1_macvtap: entered promiscuous mode [ 739.932766][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.943531][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.953586][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.964210][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.974193][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.985066][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.995224][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.006366][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.016871][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.027568][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.037532][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.048328][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.058372][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 740.068920][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.081580][T17312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 740.114744][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.125377][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.135666][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.146508][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.157088][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.167716][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.177751][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.188559][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.198992][T17312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.210092][T17312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.221339][T17312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 740.233383][T17312] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.242336][T17312] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.251087][T17312] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.259891][T17312] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.997564][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 740.998799][T15422] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 741.005567][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 741.013642][T15422] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 741.799177][T17747] Process accounting resumed [ 742.381632][T17766] FAULT_INJECTION: forcing a failure. [ 742.381632][T17766] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 742.410189][T17766] CPU: 0 UID: 0 PID: 17766 Comm: syz.2.3570 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 742.421143][T17766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 742.431266][T17766] Call Trace: [ 742.434604][T17766] [ 742.437676][T17766] dump_stack_lvl+0x16c/0x1f0 [ 742.442600][T17766] should_fail_ex+0x497/0x5b0 [ 742.447365][T17766] _copy_from_iter+0x29b/0x1400 [ 742.452292][T17766] ? _copy_from_iter+0x159/0x1400 [ 742.457392][T17766] ? __pfx__copy_from_iter+0x10/0x10 [ 742.462757][T17766] ? __pfx__copy_from_iter+0x10/0x10 [ 742.468239][T17766] ? __virt_addr_valid+0x1a4/0x590 [ 742.473428][T17766] copy_page_from_iter+0xa5/0x120 [ 742.478528][T17766] skb_copy_datagram_from_iter+0x29b/0x710 [ 742.484417][T17766] tun_get_user+0x197f/0x3e40 [ 742.489179][T17766] ? __pfx_tun_get_user+0x10/0x10 [ 742.494264][T17766] ? find_held_lock+0x2d/0x110 [ 742.499082][T17766] ? __pfx_lock_release+0x10/0x10 [ 742.504154][T17766] tun_chr_write_iter+0xdc/0x210 [ 742.509134][T17766] vfs_write+0x5ae/0x1150 [ 742.513501][T17766] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 742.519112][T17766] ? __pfx_lock_release+0x10/0x10 [ 742.524169][T17766] ? __pfx_vfs_write+0x10/0x10 [ 742.528974][T17766] ? lock_acquire+0x2f/0xb0 [ 742.533508][T17766] ? __fget_files+0x40/0x3a0 [ 742.538341][T17766] __x64_sys_pwrite64+0x1f6/0x250 [ 742.543404][T17766] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 742.548992][T17766] ? do_user_addr_fault+0x83d/0x13f0 [ 742.554315][T17766] do_syscall_64+0xcd/0x250 [ 742.558891][T17766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.564822][T17766] RIP: 0033:0x7f2496985d29 [ 742.569277][T17766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 742.588923][T17766] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 742.597460][T17766] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 742.605466][T17766] RDX: 000000000000fded RSI: 0000000020000080 RDI: 00000000000000c8 [ 742.613466][T17766] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 742.621470][T17766] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 742.629473][T17766] R13: 0000000000000001 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 742.637496][T17766] [ 743.715883][T17793] Process accounting resumed [ 744.946051][T17827] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 746.103637][T17856] netlink: 'syz.4.3595': attribute type 16 has an invalid length. [ 746.121399][T17856] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3595'. [ 747.720516][T17888] netlink: 'syz.1.3606': attribute type 16 has an invalid length. [ 747.745418][T17890] Process accounting resumed [ 747.752400][T17888] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3606'. [ 748.748513][T17918] FAULT_INJECTION: forcing a failure. [ 748.748513][T17918] name failslab, interval 1, probability 0, space 0, times 0 [ 748.827890][T17918] CPU: 1 UID: 0 PID: 17918 Comm: syz.5.3616 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 748.838757][T17918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 748.848880][T17918] Call Trace: [ 748.852210][T17918] [ 748.855195][T17918] dump_stack_lvl+0x16c/0x1f0 [ 748.860033][T17918] should_fail_ex+0x497/0x5b0 [ 748.864874][T17918] ? fs_reclaim_acquire+0xae/0x150 [ 748.870064][T17918] should_failslab+0xc2/0x120 [ 748.874821][T17918] __kmalloc_node_noprof+0xd1/0x520 [ 748.880105][T17918] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 748.885645][T17918] __kvmalloc_node_noprof+0xad/0x1a0 [ 748.891055][T17918] seq_read_iter+0x82a/0x12b0 [ 748.895808][T17918] ? __mutex_trylock_common+0xea/0x250 [ 748.901610][T17918] kernfs_fop_read_iter+0x414/0x580 [ 748.906874][T17918] ? rw_verify_area+0xd0/0x700 [ 748.911679][T17918] vfs_read+0x87f/0xbe0 [ 748.915879][T17918] ? __pfx_vfs_read+0x10/0x10 [ 748.920614][T17918] ksys_read+0x12b/0x250 [ 748.924913][T17918] ? __pfx_ksys_read+0x10/0x10 [ 748.929842][T17918] do_syscall_64+0xcd/0x250 [ 748.934406][T17918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.940347][T17918] RIP: 0033:0x7f53d1f85d29 [ 748.944804][T17918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.964457][T17918] RSP: 002b:00007f53d2e08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 748.972922][T17918] RAX: ffffffffffffffda RBX: 00007f53d2175fa0 RCX: 00007f53d1f85d29 [ 748.980952][T17918] RDX: 00000000000000c3 RSI: 0000000020000040 RDI: 0000000000000003 [ 748.988967][T17918] RBP: 00007f53d2e08090 R08: 0000000000000000 R09: 0000000000000000 [ 748.996985][T17918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 749.005092][T17918] R13: 0000000000000000 R14: 00007f53d2175fa0 R15: 00007ffcb734ab38 [ 749.013109][T17918] [ 749.248217][T17925] nbd: must specify at least one socket [ 749.773999][T17939] Process accounting resumed [ 750.997477][T17970] nbd: must specify at least one socket [ 751.464678][ T29] audit: type=1107 audit(6029876975.042:36): pid=17986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 751.530034][T17992] Process accounting resumed [ 751.934268][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 751.940804][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.059992][T18007] lo: entered allmulticast mode [ 752.119108][T18007] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3642'. [ 752.344520][T18015] nbd: must specify at least one socket [ 752.524117][T18006] lo: left allmulticast mode [ 752.797021][ T29] audit: type=1107 audit(6029876976.389:37): pid=18024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 752.886040][T18028] Process accounting resumed [ 754.645052][T18064] Invalid ELF header magic: != ELF [ 755.486839][T18069] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3663'. [ 756.123599][T18087] netlink: zone id is out of range [ 756.165291][T18087] netlink: set zone limit has 8 unknown bytes [ 756.656665][T18100] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 756.688084][T18100] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 757.188052][T18117] Process accounting resumed [ 757.255204][T18118] nbd: must specify at least one socket [ 759.300793][T18167] nbd: must specify at least one socket [ 759.305447][T18174] Process accounting resumed [ 759.522113][T18181] nbd: must specify at least one socket [ 760.640777][T18207] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3699'. [ 760.664930][T18207] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 761.208967][T18216] Process accounting resumed [ 761.503095][T18222] FAULT_INJECTION: forcing a failure. [ 761.503095][T18222] name failslab, interval 1, probability 0, space 0, times 0 [ 761.555486][T18222] CPU: 0 UID: 0 PID: 18222 Comm: syz.2.3702 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 761.566343][T18222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 761.576460][T18222] Call Trace: [ 761.579784][T18222] [ 761.582763][T18222] dump_stack_lvl+0x16c/0x1f0 [ 761.587509][T18222] should_fail_ex+0x497/0x5b0 [ 761.592263][T18222] ? fs_reclaim_acquire+0xae/0x150 [ 761.597450][T18222] should_failslab+0xc2/0x120 [ 761.602200][T18222] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 761.607644][T18222] ? lockdep_init_map_type+0x16d/0x7d0 [ 761.613163][T18222] ? security_inode_alloc+0x3b/0x2b0 [ 761.618537][T18222] security_inode_alloc+0x3b/0x2b0 [ 761.623729][T18222] inode_init_always_gfp+0xce4/0x1030 [ 761.629175][T18222] alloc_inode+0x82/0x230 [ 761.633590][T18222] sock_alloc+0x40/0x280 [ 761.637917][T18222] do_accept+0xf8/0x530 [ 761.642149][T18222] ? do_raw_spin_lock+0x12d/0x2c0 [ 761.647254][T18222] ? __pfx_do_accept+0x10/0x10 [ 761.652076][T18222] ? __pfx_lock_release+0x10/0x10 [ 761.657136][T18222] __sys_accept4+0xfe/0x1b0 [ 761.661678][T18222] ? __pfx___sys_accept4+0x10/0x10 [ 761.666831][T18222] ? ksys_write+0x1ba/0x250 [ 761.671373][T18222] ? __pfx_ksys_write+0x10/0x10 [ 761.676276][T18222] __x64_sys_accept+0x74/0xb0 [ 761.680996][T18222] ? lockdep_hardirqs_on+0x7c/0x110 [ 761.686239][T18222] do_syscall_64+0xcd/0x250 [ 761.690791][T18222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.696731][T18222] RIP: 0033:0x7f2496985d29 [ 761.701178][T18222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.720823][T18222] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 761.729271][T18222] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 761.737273][T18222] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 761.745270][T18222] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 761.753280][T18222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 761.761297][T18222] R13: 0000000000000000 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 761.769317][T18222] [ 762.484251][T18243] netlink: 178 bytes leftover after parsing attributes in process `syz.5.3709'. [ 763.356162][T18262] FAULT_INJECTION: forcing a failure. [ 763.356162][T18262] name failslab, interval 1, probability 0, space 0, times 0 [ 763.420899][T18262] CPU: 0 UID: 0 PID: 18262 Comm: syz.5.3715 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 763.431781][T18262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 763.442249][T18262] Call Trace: [ 763.445572][T18262] [ 763.448544][T18262] dump_stack_lvl+0x16c/0x1f0 [ 763.453383][T18262] should_fail_ex+0x497/0x5b0 [ 763.458305][T18262] ? fs_reclaim_acquire+0xae/0x150 [ 763.463481][T18262] should_failslab+0xc2/0x120 [ 763.468237][T18262] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 763.474037][T18262] ? __d_alloc+0x35/0x8c0 [ 763.478445][T18262] __d_alloc+0x35/0x8c0 [ 763.482698][T18262] d_alloc_pseudo+0x1c/0xc0 [ 763.487264][T18262] alloc_file_pseudo+0xd2/0x200 [ 763.492196][T18262] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 763.497772][T18262] sock_alloc_file+0x50/0x1d0 [ 763.502520][T18262] do_accept+0x23e/0x530 [ 763.506805][T18262] ? do_raw_spin_lock+0x12d/0x2c0 [ 763.511872][T18262] ? __pfx_do_accept+0x10/0x10 [ 763.516695][T18262] ? __pfx_lock_release+0x10/0x10 [ 763.522108][T18262] __sys_accept4+0xfe/0x1b0 [ 763.526660][T18262] ? __pfx___sys_accept4+0x10/0x10 [ 763.531811][T18262] ? ksys_write+0x1ba/0x250 [ 763.536364][T18262] ? __pfx_ksys_write+0x10/0x10 [ 763.541259][T18262] __x64_sys_accept+0x74/0xb0 [ 763.545978][T18262] ? lockdep_hardirqs_on+0x7c/0x110 [ 763.551245][T18262] do_syscall_64+0xcd/0x250 [ 763.555808][T18262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.561746][T18262] RIP: 0033:0x7f53d1f85d29 [ 763.566189][T18262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.585916][T18262] RSP: 002b:00007f53d2e08038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 763.594365][T18262] RAX: ffffffffffffffda RBX: 00007f53d2175fa0 RCX: 00007f53d1f85d29 [ 763.602367][T18262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 763.610455][T18262] RBP: 00007f53d2e08090 R08: 0000000000000000 R09: 0000000000000000 [ 763.618453][T18262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 763.626453][T18262] R13: 0000000000000000 R14: 00007f53d2175fa0 R15: 00007ffcb734ab38 [ 763.634472][T18262] [ 766.024329][T18296] netlink: zone id is out of range [ 766.054466][T18296] netlink: set zone limit has 8 unknown bytes [ 767.072976][T18315] netlink: 'syz.1.3730': attribute type 19 has an invalid length. [ 767.094071][T18315] netlink: 310 bytes leftover after parsing attributes in process `syz.1.3730'. [ 767.114739][T18316] netlink: 'syz.1.3730': attribute type 19 has an invalid length. [ 767.126000][T18316] netlink: 310 bytes leftover after parsing attributes in process `syz.1.3730'. [ 767.249116][T18315] netlink: 'syz.1.3730': attribute type 19 has an invalid length. [ 767.274477][T18315] netlink: 310 bytes leftover after parsing attributes in process `syz.1.3730'. [ 767.521683][T18325] FAULT_INJECTION: forcing a failure. [ 767.521683][T18325] name failslab, interval 1, probability 0, space 0, times 0 [ 767.584260][T18325] CPU: 1 UID: 0 PID: 18325 Comm: syz.2.3731 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 767.595120][T18325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 767.605230][T18325] Call Trace: [ 767.608560][T18325] [ 767.611721][T18325] dump_stack_lvl+0x16c/0x1f0 [ 767.616456][T18325] should_fail_ex+0x497/0x5b0 [ 767.621199][T18325] ? fs_reclaim_acquire+0xae/0x150 [ 767.626366][T18325] should_failslab+0xc2/0x120 [ 767.631192][T18325] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 767.636626][T18325] ? security_file_alloc+0x34/0x2b0 [ 767.641881][T18325] security_file_alloc+0x34/0x2b0 [ 767.646956][T18325] init_file+0x93/0x480 [ 767.651174][T18325] alloc_empty_file+0x91/0x1e0 [ 767.656003][T18325] alloc_file_pseudo+0x13d/0x200 [ 767.661006][T18325] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 767.666545][T18325] sock_alloc_file+0x50/0x1d0 [ 767.671291][T18325] do_accept+0x23e/0x530 [ 767.675589][T18325] ? do_raw_spin_lock+0x12d/0x2c0 [ 767.680665][T18325] ? __pfx_do_accept+0x10/0x10 [ 767.685586][T18325] ? __pfx_lock_release+0x10/0x10 [ 767.690666][T18325] __sys_accept4+0xfe/0x1b0 [ 767.695226][T18325] ? __pfx___sys_accept4+0x10/0x10 [ 767.700387][T18325] ? ksys_write+0x1ba/0x250 [ 767.704946][T18325] ? __pfx_ksys_write+0x10/0x10 [ 767.709857][T18325] __x64_sys_accept+0x74/0xb0 [ 767.714597][T18325] ? lockdep_hardirqs_on+0x7c/0x110 [ 767.719853][T18325] do_syscall_64+0xcd/0x250 [ 767.724416][T18325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 767.730376][T18325] RIP: 0033:0x7f2496985d29 [ 767.734828][T18325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 767.754689][T18325] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 767.763154][T18325] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 767.771169][T18325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 767.779183][T18325] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 767.787191][T18325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 767.795204][T18325] R13: 0000000000000000 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 767.803267][T18325] [ 769.604706][T18337] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3737'. [ 769.860259][T18344] kafs: addr_prefs: Invalid Command [ 772.014483][T18366] nbd: must specify at least one socket [ 773.509000][T18395] nbd: must specify at least one socket [ 775.200249][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 775.212265][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 775.233189][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 775.290990][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 775.298753][ T5844] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 775.306281][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 775.780803][T18434] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3764'. [ 776.125488][T18447] random: crng reseeded on system resumption [ 776.174660][T18416] chnl_net:caif_netlink_parms(): no params data found [ 776.198694][T18448] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3767'. [ 776.240935][T18448] : renamed from gre0 (while UP) [ 776.301500][T18448] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3767'. [ 776.561152][T18416] bridge0: port 1(bridge_slave_0) entered blocking state [ 776.612479][T18416] bridge0: port 1(bridge_slave_0) entered disabled state [ 776.619803][T18416] bridge_slave_0: entered allmulticast mode [ 776.653442][T18416] bridge_slave_0: entered promiscuous mode [ 776.763961][T18416] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.771242][T18416] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.831774][T18416] bridge_slave_1: entered allmulticast mode [ 776.849703][T18416] bridge_slave_1: entered promiscuous mode [ 776.957951][T18416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 777.032408][T18416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 777.225069][T18457] nbd: must specify at least one socket [ 777.463159][T18416] team0: Port device team_slave_0 added [ 777.499271][ T5844] Bluetooth: hci4: command tx timeout [ 777.648177][T18460] nbd: must specify at least one socket [ 777.777611][T18416] team0: Port device team_slave_1 added [ 777.983559][T18469] netlink: zone id is out of range [ 778.032206][T18469] netlink: set zone limit has 8 unknown bytes [ 778.218758][T18416] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 778.226633][T18416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 778.334508][T18416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 778.351864][T18416] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 778.366812][T18416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 778.480077][T18416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 778.498379][T18475] FAULT_INJECTION: forcing a failure. [ 778.498379][T18475] name failslab, interval 1, probability 0, space 0, times 0 [ 778.549578][T18475] CPU: 1 UID: 0 PID: 18475 Comm: syz.5.3774 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 778.560681][T18475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 778.570784][T18475] Call Trace: [ 778.574098][T18475] [ 778.577586][T18475] dump_stack_lvl+0x16c/0x1f0 [ 778.582408][T18475] should_fail_ex+0x497/0x5b0 [ 778.587143][T18475] ? fs_reclaim_acquire+0xae/0x150 [ 778.592308][T18475] should_failslab+0xc2/0x120 [ 778.597048][T18475] __kmalloc_cache_noprof+0x68/0x420 [ 778.602399][T18475] ? kasan_save_track+0x14/0x30 [ 778.607313][T18475] sctp_endpoint_new+0x10c/0xc90 [ 778.612312][T18475] sctp_init_sock+0xe2c/0x1330 [ 778.617135][T18475] sctp_v6_init_sock+0x16/0x70 [ 778.621954][T18475] sctp_v6_create_accept_sk+0x4e0/0x720 [ 778.627566][T18475] ? __pfx_sctp_v6_create_accept_sk+0x10/0x10 [ 778.633716][T18475] sctp_accept+0x62d/0x800 [ 778.638273][T18475] ? __pfx_sctp_accept+0x10/0x10 [ 778.643263][T18475] ? aa_sk_perm+0x2f5/0xb20 [ 778.647836][T18475] ? __pfx_autoremove_wake_function+0x10/0x10 [ 778.653974][T18475] ? __pfx_aa_sk_perm+0x10/0x10 [ 778.658899][T18475] inet_accept+0xc4/0x180 [ 778.663280][T18475] do_accept+0x337/0x530 [ 778.667582][T18475] ? __pfx_do_accept+0x10/0x10 [ 778.672417][T18475] ? __pfx_lock_release+0x10/0x10 [ 778.677491][T18475] __sys_accept4+0xfe/0x1b0 [ 778.682072][T18475] ? __pfx___sys_accept4+0x10/0x10 [ 778.687248][T18475] ? ksys_write+0x1ba/0x250 [ 778.691801][T18475] ? __pfx_ksys_write+0x10/0x10 [ 778.696715][T18475] __x64_sys_accept+0x74/0xb0 [ 778.701458][T18475] ? lockdep_hardirqs_on+0x7c/0x110 [ 778.706725][T18475] do_syscall_64+0xcd/0x250 [ 778.711304][T18475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.717259][T18475] RIP: 0033:0x7f53d1f85d29 [ 778.721719][T18475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.741379][T18475] RSP: 002b:00007f53d2e08038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 778.749840][T18475] RAX: ffffffffffffffda RBX: 00007f53d2175fa0 RCX: 00007f53d1f85d29 [ 778.757858][T18475] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 778.765874][T18475] RBP: 00007f53d2e08090 R08: 0000000000000000 R09: 0000000000000000 [ 778.773975][T18475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 778.781988][T18475] R13: 0000000000000000 R14: 00007f53d2175fa0 R15: 00007ffcb734ab38 [ 778.790024][T18475] [ 779.065677][T18416] hsr_slave_0: entered promiscuous mode [ 779.085504][T18416] hsr_slave_1: entered promiscuous mode [ 779.102591][T18416] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 779.129844][T18416] Cannot create hsr debugfs directory [ 779.547507][ T5844] Bluetooth: hci4: command tx timeout [ 779.752781][T18416] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 779.790011][T18416] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 779.860603][T18416] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 780.049752][T18416] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 780.343876][T18416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.360881][T18489] Process accounting resumed [ 780.425743][T18416] 8021q: adding VLAN 0 to HW filter on device team0 [ 780.518156][T14791] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.525398][T14791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.567392][T14791] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.574614][T14791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 780.692981][T18416] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 781.617290][ T5844] Bluetooth: hci4: command tx timeout [ 781.940889][T18416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 782.097346][T18503] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 782.533258][T18507] netlink: zone id is out of range [ 782.592126][T18507] netlink: set zone limit has 8 unknown bytes [ 783.028544][T18416] veth0_vlan: entered promiscuous mode [ 783.125139][T18416] veth1_vlan: entered promiscuous mode [ 783.351094][T18416] veth0_macvtap: entered promiscuous mode [ 783.413028][T18416] veth1_macvtap: entered promiscuous mode [ 783.503754][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 783.556345][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.601415][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 783.655678][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.685647][ T5844] Bluetooth: hci4: command tx timeout [ 783.695830][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 783.765431][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.805364][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 783.850466][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.889566][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 783.945462][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.979039][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 784.023202][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.042516][T18521] netlink: zone id is out of range [ 784.075906][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 784.091928][T18521] netlink: set zone limit has 8 unknown bytes [ 784.122347][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.173742][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 784.223612][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.268792][T18416] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 784.349503][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 784.421992][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.455441][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 784.504969][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.535875][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 784.590813][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.641714][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 784.667430][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.708122][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 784.750974][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.799870][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 784.846263][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 784.904576][T18416] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 785.085478][T18416] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.106797][T18416] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.146851][T18416] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.179457][T18416] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 785.687514][T15422] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 785.730889][T15422] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 785.841886][T15422] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 785.871210][T15422] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 786.618920][T18549] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 786.909584][T18542] Process accounting resumed [ 788.244913][T18563] nbd: must specify at least one socket [ 790.736642][T18608] netlink: zone id is out of range [ 790.762730][T18608] netlink: set zone limit has 8 unknown bytes [ 790.880864][T18605] could not allocate digest TFM handle [ 791.748663][T18632] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3813'. [ 791.835902][T18632] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.313403][T18632] bridge_slave_0 (unregistering): left allmulticast mode [ 792.322038][T18632] bridge_slave_0 (unregistering): left promiscuous mode [ 792.330666][T18632] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.352110][T18644] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 792.364814][T18638] nbd: must specify at least one socket [ 792.407722][T18644] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3818'. [ 793.211435][T18659] netlink: zone id is out of range [ 793.222654][T18659] netlink: set zone limit has 8 unknown bytes [ 793.584475][T18650] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 793.588094][T18647] could not allocate digest TFM handle [ 794.783735][T18671] Process accounting resumed [ 797.244192][T18700] netlink: zone id is out of range [ 797.295731][T18700] netlink: set zone limit has 8 unknown bytes [ 797.689827][T18706] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 801.732691][T18743] netlink: zone id is out of range [ 801.792811][T18743] netlink: set zone limit has 8 unknown bytes [ 802.527815][T18748] nbd: must specify at least one socket [ 805.620805][T18773] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3852'. [ 808.647703][T18820] Process accounting resumed [ 808.869949][T18824] Process accounting resumed [ 809.429244][T18830] Debayer A: ================= START STATUS ================= [ 809.477523][T18830] Debayer A: Debayer Mean Window Size: 3 [ 809.572305][T18830] Debayer A: ================== END STATUS ================== [ 809.756943][T18836] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3867'. [ 809.871167][T18838] nbd: must specify at least one socket [ 810.812131][T18835] nbd: must specify at least one socket [ 813.060204][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.066794][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.303367][T18862] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3874'. [ 817.025031][T18890] netlink: zone id is out of range [ 817.171081][T18890] netlink: set zone limit has 8 unknown bytes [ 818.084193][T18900] Process accounting resumed [ 819.626773][T18923] FAULT_INJECTION: forcing a failure. [ 819.626773][T18923] name failslab, interval 1, probability 0, space 0, times 0 [ 819.711042][T18923] CPU: 1 UID: 0 PID: 18923 Comm: syz.1.3887 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 819.721993][T18923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 819.732105][T18923] Call Trace: [ 819.735419][T18923] [ 819.738389][T18923] dump_stack_lvl+0x16c/0x1f0 [ 819.743141][T18923] should_fail_ex+0x497/0x5b0 [ 819.747881][T18923] ? fs_reclaim_acquire+0xae/0x150 [ 819.753065][T18923] should_failslab+0xc2/0x120 [ 819.757829][T18923] __kmalloc_noprof+0xce/0x4f0 [ 819.762674][T18923] ? d_absolute_path+0x137/0x1b0 [ 819.767704][T18923] ? tomoyo_encode2+0x100/0x3e0 [ 819.772628][T18923] tomoyo_encode2+0x100/0x3e0 [ 819.777380][T18923] tomoyo_realpath_from_path+0x1a7/0x710 [ 819.783085][T18923] tomoyo_path_number_perm+0x248/0x5b0 [ 819.788612][T18923] ? tomoyo_path_number_perm+0x235/0x5b0 [ 819.794333][T18923] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 819.800458][T18923] ? __pfx_lock_release+0x10/0x10 [ 819.805548][T18923] ? trace_lock_acquire+0x14e/0x1f0 [ 819.810829][T18923] ? lock_acquire+0x2f/0xb0 [ 819.815405][T18923] ? __fget_files+0x40/0x3a0 [ 819.820076][T18923] ? __fget_files+0x206/0x3a0 [ 819.824868][T18923] security_file_ioctl+0x9b/0x240 [ 819.830751][T18923] __x64_sys_ioctl+0xb7/0x200 [ 819.835498][T18923] do_syscall_64+0xcd/0x250 [ 819.840083][T18923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.846074][T18923] RIP: 0033:0x7f6b1d585d29 [ 819.850554][T18923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.870313][T18923] RSP: 002b:00007f6b1e413038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 819.878780][T18923] RAX: ffffffffffffffda RBX: 00007f6b1d776080 RCX: 00007f6b1d585d29 [ 819.886850][T18923] RDX: 0000000000000088 RSI: 00000000c008ae88 RDI: 0000000000000004 [ 819.894892][T18923] RBP: 00007f6b1e413090 R08: 0000000000000000 R09: 0000000000000000 [ 819.902930][T18923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 819.910963][T18923] R13: 0000000000000000 R14: 00007f6b1d776080 R15: 00007fff04b54948 [ 819.919009][T18923] [ 819.922223][ C1] vkms_vblank_simulate: vblank timer overrun [ 820.004977][T18923] ERROR: Out of memory at tomoyo_realpath_from_path. [ 821.610359][T18947] nbd: must specify at least one socket [ 827.517725][T19013] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3904'. [ 829.810916][T19046] netlink: zone id is out of range [ 830.517459][T19046] netlink: set zone limit has 8 unknown bytes [ 831.541890][T19061] netlink: zone id is out of range [ 831.585869][T19061] netlink: set zone limit has 8 unknown bytes [ 832.346197][T19067] FAULT_INJECTION: forcing a failure. [ 832.346197][T19067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 832.423398][T19067] CPU: 1 UID: 0 PID: 19067 Comm: syz.2.3922 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 832.434249][T19067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 832.444346][T19067] Call Trace: [ 832.447657][T19067] [ 832.450627][T19067] dump_stack_lvl+0x16c/0x1f0 [ 832.455364][T19067] should_fail_ex+0x497/0x5b0 [ 832.460099][T19067] ? __pfx_do_get_feature_msr+0x10/0x10 [ 832.465697][T19067] _copy_to_user+0x32/0xd0 [ 832.470177][T19067] ? __pfx_do_get_feature_msr+0x10/0x10 [ 832.475780][T19067] msr_io+0x22d/0x290 [ 832.479827][T19067] ? __pfx_msr_io+0x10/0x10 [ 832.484394][T19067] ? tomoyo_path_number_perm+0x190/0x5b0 [ 832.490101][T19067] kvm_arch_dev_ioctl+0x3b1/0x730 [ 832.495186][T19067] ? __pfx_kvm_arch_dev_ioctl+0x10/0x10 [ 832.500881][T19067] ? do_vfs_ioctl+0x513/0x1950 [ 832.505789][T19067] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 832.510866][T19067] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 832.516809][T19067] kvm_dev_ioctl+0x781/0x1aa0 [ 832.521542][T19067] ? __pfx_lock_release+0x10/0x10 [ 832.526611][T19067] ? trace_lock_acquire+0x14e/0x1f0 [ 832.531959][T19067] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 832.537129][T19067] ? __fget_files+0x206/0x3a0 [ 832.541863][T19067] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 832.547032][T19067] __x64_sys_ioctl+0x190/0x200 [ 832.551846][T19067] do_syscall_64+0xcd/0x250 [ 832.556404][T19067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.562379][T19067] RIP: 0033:0x7f2496985d29 [ 832.566834][T19067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 832.586543][T19067] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 832.595015][T19067] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 832.603039][T19067] RDX: 0000000000000088 RSI: 00000000c008ae88 RDI: 0000000000000004 [ 832.611052][T19067] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 832.619060][T19067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 832.627599][T19067] R13: 0000000000000000 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 832.635633][T19067] [ 834.629747][T19081] [U]  [ 834.632658][T19081] [U] [ 834.635410][T19081] [U] [ 834.638253][T19081] [U] [ 834.690358][T19082] [U] [ 838.919228][T19128] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3938'. [ 839.375944][T19128] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 839.386904][T19154] Process accounting resumed [ 841.540504][T19188] netlink: zone id is out of range [ 841.570384][T19188] netlink: set zone limit has 8 unknown bytes [ 842.648933][T19210] Process accounting resumed [ 844.402478][T19228] netlink: zone id is out of range [ 844.480763][T19228] netlink: set zone limit has 8 unknown bytes [ 844.847824][T19237] netlink: zone id is out of range [ 844.891417][T19237] netlink: set zone limit has 8 unknown bytes [ 846.429406][T19255] nbd: must specify at least one socket [ 847.419721][T19258] netlink: 'syz.6.3968': attribute type 10 has an invalid length. [ 847.455221][T19258] netlink: 'syz.6.3968': attribute type 13 has an invalid length. [ 847.795327][T19263] Process accounting resumed [ 847.987237][ T29] audit: type=1326 audit(6029878093.061:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19259 comm="syz.5.3967" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f53d1f85d29 code=0x0 [ 848.786371][T19277] netlink: zone id is out of range [ 848.821686][T19277] netlink: set zone limit has 8 unknown bytes [ 849.657145][T19288] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3975'. [ 849.911432][T19288] IPv6: NLM_F_CREATE should be specified when creating new route [ 850.856356][T19279] Bluetooth: hci3: command 0x0406 tx timeout [ 852.309560][T19310] openvswitch: HfR: Dropping previously announced user features [ 852.364141][T19309] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3980'. [ 852.404210][T19309] HfR: left promiscuous mode [ 853.167445][T19319] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3981'. [ 853.246054][T19317] netlink: zone id is out of range [ 853.295386][T19317] netlink: set zone limit has 8 unknown bytes [ 854.121863][T19349] rtc_cmos 00:00: Alarms can be up to one day in the future [ 854.526736][T19356] Process accounting resumed [ 855.068979][T19369] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 855.787935][ T29] audit: type=1800 audit(6029878100.912:39): pid=19379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3996" name="lu_gp_id" dev="configfs" ino=63775 res=0 errno=0 [ 856.139995][T19390] netlink: zone id is out of range [ 856.173936][T19390] netlink: set zone limit has 8 unknown bytes [ 860.012062][T19442] nbd: must specify at least one socket [ 861.303068][T19453] netlink: zone id is out of range [ 861.354710][T19453] netlink: set zone limit has 8 unknown bytes [ 862.406173][T19462] netlink: zone id is out of range [ 862.444075][T19462] netlink: set zone limit has 8 unknown bytes [ 863.112799][T19472] Process accounting resumed [ 864.104458][T19483] rtc_cmos 00:00: Alarms can be up to one day in the future [ 867.252656][T19506] netlink: zone id is out of range [ 867.299569][T19506] netlink: set zone limit has 8 unknown bytes [ 868.427388][T19522] openvswitch: netlink: Duplicate key (type 15). [ 868.923835][T19524] Process accounting resumed [ 872.872186][T19562] Process accounting resumed [ 874.265549][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 874.274222][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 879.641464][T19620] FAULT_INJECTION: forcing a failure. [ 879.641464][T19620] name failslab, interval 1, probability 0, space 0, times 0 [ 879.716574][T19620] CPU: 1 UID: 0 PID: 19620 Comm: syz.2.4056 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 879.727423][T19620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 879.737519][T19620] Call Trace: [ 879.740834][T19620] [ 879.743806][T19620] dump_stack_lvl+0x16c/0x1f0 [ 879.748551][T19620] should_fail_ex+0x497/0x5b0 [ 879.753286][T19620] ? fs_reclaim_acquire+0xae/0x150 [ 879.758457][T19620] should_failslab+0xc2/0x120 [ 879.763200][T19620] __kmalloc_noprof+0xce/0x4f0 [ 879.768036][T19620] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 879.773741][T19620] ? tomoyo_realpath_from_path+0xbf/0x710 [ 879.779526][T19620] tomoyo_realpath_from_path+0xbf/0x710 [ 879.785131][T19620] ? tomoyo_path_number_perm+0x235/0x5b0 [ 879.790841][T19620] tomoyo_path_number_perm+0x248/0x5b0 [ 879.796364][T19620] ? tomoyo_path_number_perm+0x235/0x5b0 [ 879.802066][T19620] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 879.808178][T19620] ? __pfx_lock_release+0x10/0x10 [ 879.813256][T19620] ? trace_lock_acquire+0x14e/0x1f0 [ 879.818527][T19620] ? lock_acquire+0x2f/0xb0 [ 879.823078][T19620] ? __fget_files+0x40/0x3a0 [ 879.827833][T19620] ? __fget_files+0x206/0x3a0 [ 879.832570][T19620] security_file_ioctl+0x9b/0x240 [ 879.837664][T19620] __x64_sys_ioctl+0xb7/0x200 [ 879.842397][T19620] do_syscall_64+0xcd/0x250 [ 879.846971][T19620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 879.852933][T19620] RIP: 0033:0x7f2496985d29 [ 879.857392][T19620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 879.877089][T19620] RSP: 002b:00007f2497776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 879.885556][T19620] RAX: ffffffffffffffda RBX: 00007f2496b75fa0 RCX: 00007f2496985d29 [ 879.893577][T19620] RDX: 0000000000000000 RSI: 0000000000007001 RDI: 0000000000000003 [ 879.901605][T19620] RBP: 00007f2497776090 R08: 0000000000000000 R09: 0000000000000000 [ 879.909618][T19620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 879.917653][T19620] R13: 0000000000000000 R14: 00007f2496b75fa0 R15: 00007ffe94032398 [ 879.925696][T19620] [ 879.928936][ C1] vkms_vblank_simulate: vblank timer overrun [ 880.981515][T19628] netlink: 146 bytes leftover after parsing attributes in process `syz.6.4060'. [ 881.098897][T19620] ERROR: Out of memory at tomoyo_realpath_from_path. [ 881.120693][T19620] rtc_cmos 00:00: Alarms can be up to one day in the future [ 882.861263][T19657] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 882.947640][T19657] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 884.450125][T19676] Process accounting resumed [ 885.022162][T19682] netlink: 314 bytes leftover after parsing attributes in process `syz.1.4072'. [ 885.489749][T19692] nbd: must specify at least one socket [ 885.726088][T19684] Invalid ELF header magic: != ELF [ 887.431062][T19706] netlink: zone id is out of range [ 887.478207][T19706] netlink: set zone limit has 8 unknown bytes [ 888.287300][T19720] rtc_cmos 00:00: Alarms can be up to one day in the future [ 888.981095][T19727] Process accounting resumed [ 891.558877][T19750] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 891.569188][T19750] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 893.853370][T19777] Invalid ELF header magic: != ELF [ 896.570655][T19810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4101'. [ 896.680783][T19810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4101'. [ 898.523819][T19838] batman_adv: Routing algorithm '6291456' is not supported [ 900.271722][T19861] netlink: zone id is out of range [ 900.413513][T19861] netlink: set zone limit has 8 unknown bytes [ 900.556558][T19864] FAULT_INJECTION: forcing a failure. [ 900.556558][T19864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 900.600555][T19864] CPU: 1 UID: 0 PID: 19864 Comm: syz.1.4115 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 900.611405][T19864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 900.621506][T19864] Call Trace: [ 900.624822][T19864] [ 900.627788][T19864] dump_stack_lvl+0x16c/0x1f0 [ 900.632532][T19864] should_fail_ex+0x497/0x5b0 [ 900.637279][T19864] _copy_from_user+0x2e/0xd0 [ 900.641940][T19864] kstrtouint_from_user+0xd7/0x1c0 [ 900.647104][T19864] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 900.652890][T19864] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 900.658578][T19864] proc_fail_nth_write+0x84/0x250 [ 900.663667][T19864] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 900.669360][T19864] ? ksys_write+0x12b/0x250 [ 900.673924][T19864] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 900.679622][T19864] vfs_write+0x24c/0x1150 [ 900.684007][T19864] ? __fget_files+0x1fc/0x3a0 [ 900.688735][T19864] ? __pfx___mutex_lock+0x10/0x10 [ 900.693815][T19864] ? __pfx_vfs_write+0x10/0x10 [ 900.698642][T19864] ? __fget_files+0x206/0x3a0 [ 900.703382][T19864] ksys_write+0x12b/0x250 [ 900.707768][T19864] ? __pfx_ksys_write+0x10/0x10 [ 900.712688][T19864] do_syscall_64+0xcd/0x250 [ 900.717255][T19864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.723211][T19864] RIP: 0033:0x7f6b1d5847df [ 900.727760][T19864] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 900.747430][T19864] RSP: 002b:00007f6b1e434030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 900.755900][T19864] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6b1d5847df [ 900.763912][T19864] RDX: 0000000000000001 RSI: 00007f6b1e4340a0 RDI: 0000000000000004 [ 900.771935][T19864] RBP: 00007f6b1e434090 R08: 0000000000000000 R09: 0000000000000000 [ 900.779951][T19864] R10: 0000000000000c01 R11: 0000000000000293 R12: 0000000000000001 [ 900.787965][T19864] R13: 0000000000000000 R14: 00007f6b1d775fa0 R15: 00007fff04b54948 [ 900.796006][T19864] [ 901.714858][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 902.988847][T19881] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4119'. [ 904.300976][T19881] team0: Port device team_slave_0 removed [ 905.487804][T19904] netlink: 326 bytes leftover after parsing attributes in process `syz.5.4126'. [ 906.223469][T19913] rtc_cmos 00:00: Alarms can be up to one day in the future [ 909.274505][T19958] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4137'. [ 912.527664][T19988] netlink: zone id is out of range [ 912.605729][T19988] netlink: set zone limit has 8 unknown bytes [ 916.131803][T20030] netlink: zone id is out of range [ 916.176247][T20030] netlink: set zone limit has 8 unknown bytes [ 916.563987][T20036] Process accounting resumed [ 918.558019][T20056] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4163'. [ 918.686855][T20059] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4164'. [ 918.893263][T20061] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4165'. [ 921.948234][T20097] Process accounting resumed [ 922.044200][T20087] netlink: zone id is out of range [ 922.146181][T20087] netlink: set zone limit has 8 unknown bytes [ 926.751176][T20141] netlink: zone id is out of range [ 926.809497][T20141] netlink: set zone limit has 8 unknown bytes [ 931.778315][T20183] netlink: zone id is out of range [ 931.887190][T20183] netlink: set zone limit has 8 unknown bytes [ 934.702576][T20218] netlink: zone id is out of range [ 934.765962][T20218] netlink: set zone limit has 8 unknown bytes [ 934.837284][T20221] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4205'. [ 935.312946][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 935.319463][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 935.603265][T20230] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4208'. [ 936.604125][T20249] netlink: 314 bytes leftover after parsing attributes in process `syz.6.4215'. [ 936.767705][T20251] Process accounting resumed [ 937.046227][T20247] rtc_cmos 00:00: Alarms can be up to one day in the future [ 938.662436][T20262] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 938.699443][T20262] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 938.750298][T20262] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 938.787730][T20262] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 938.849470][T20262] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 938.906304][T20262] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 938.959182][T20262] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 939.674627][T19279] Bluetooth: hci1: command 0x0406 tx timeout [ 940.729173][T19279] Bluetooth: hci0: command 0x0406 tx timeout [ 940.788527][T19279] Bluetooth: hci3: command 0x0406 tx timeout [ 940.794731][T19279] Bluetooth: hci2: command 0x0c1a tx timeout [ 940.947717][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 941.233624][T20316] ima: policy update failed [ 941.272603][ T29] audit: type=1802 audit(6029878186.836:40): pid=20316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4231" res=0 errno=0 [ 941.494891][ T29] audit: type=1806 audit(6029878186.866:41): xattr="6291456" res=-22 [ 942.867844][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 943.046944][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 943.151580][T20325] rtc_cmos 00:00: Alarms can be up to one day in the future [ 953.302112][T20421] nbd: couldn't find a device at index -2 [ 954.130784][T20438] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4264'. [ 954.395807][T20442] netlink: 314 bytes leftover after parsing attributes in process `syz.6.4265'. [ 957.123556][T20477] Process accounting resumed [ 958.325979][T20502] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4277'. [ 959.281338][T20511] Process accounting resumed [ 961.275375][T20529] netlink: zone id is out of range [ 961.324844][T20529] netlink: set zone limit has 8 unknown bytes [ 964.588542][T20564] Process accounting resumed [ 965.497447][T20571] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4295'. [ 965.609990][T20574] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4295'. [ 965.826125][T20577] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 965.858225][T20576] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4297'. [ 969.718057][ T29] audit: type=1804 audit(6029878215.424:42): pid=20603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.4306" name="/newroot/sys/kernel/tracing/free_buffer" dev="tracefs" ino=1181 res=1 errno=0 [ 970.673250][T20600] netlink: 'syz.1.4302': attribute type 1 has an invalid length. [ 972.380660][T20644] netlink: 334 bytes leftover after parsing attributes in process `syz.6.4318'. [ 973.728058][T20659] netlink: 314 bytes leftover after parsing attributes in process `syz.2.4323'. [ 974.265790][T20664] netlink: zone id is out of range [ 974.331756][T20664] netlink: set zone limit has 8 unknown bytes [ 978.042639][T20710] netlink: zone id is out of range [ 978.188082][T20710] netlink: set zone limit has 8 unknown bytes [ 979.892998][T20728] Process accounting resumed [ 980.336805][T20735] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4343'. [ 980.409409][T20735] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4343'. [ 981.090729][T20741] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4345'. [ 983.656483][T20765] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4349'. [ 983.766362][T20765] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4349'. [ 986.102038][T20783] Process accounting resumed [ 995.507833][T20847] netlink: zone id is out of range [ 995.564336][T20847] netlink: set zone limit has 8 unknown bytes [ 996.433631][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 996.443765][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 999.240959][T20878] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.385708][T20877] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.947836][T20886] netlink: 'syz.6.4380': attribute type 6 has an invalid length. [ 1000.067359][T20886] netlink: 330 bytes leftover after parsing attributes in process `syz.6.4380'. [ 1002.082368][T20901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4385'. [ 1004.036343][T20917] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(3) [ 1005.624456][T20941] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1005.631365][T20941] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1005.643009][T20938] netlink: 'syz.1.4393': attribute type 6 has an invalid length. [ 1005.692085][T20938] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4393'. [ 1008.144251][T20974] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(3) [ 1009.363978][T20986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4404'. [ 1009.911862][T20989] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4407'. [ 1015.020785][T21023] netlink: zone id is out of range [ 1015.124015][T21023] netlink: set zone limit has 8 unknown bytes [ 1015.589106][T21027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4418'. [ 1015.847092][T21027] Invalid ELF header magic: != ELF [ 1016.148471][T21037] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4421'. [ 1021.989260][T21075] netlink: zone id is out of range [ 1022.108573][T21075] netlink: set zone limit has 8 unknown bytes [ 1026.724542][T21116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4441'. [ 1027.596526][T21120] Process accounting resumed [ 1028.038352][T21113] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1031.471454][T21151] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 1032.762043][T21160] Process accounting resumed [ 1040.065111][T21204] Process accounting resumed [ 1042.138441][T21221] netlink: 146 bytes leftover after parsing attributes in process `syz.5.4467'. [ 1042.410273][T21225] mkiss: ax0: crc mode is auto. [ 1049.022349][T21256] netlink: zone id is out of range [ 1049.157411][T21256] netlink: set zone limit has 8 unknown bytes [ 1049.590044][T19279] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1049.642639][T19279] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1049.720067][T19279] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1049.765722][T19279] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1049.781910][T19279] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1049.790365][T19279] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1050.363136][T21263] chnl_net:caif_netlink_parms(): no params data found [ 1051.920626][T19279] Bluetooth: hci5: command tx timeout [ 1052.400702][T12725] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 1052.879087][T21273] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.936297][T21272] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1053.061734][T21280] ------------[ cut here ]------------ [ 1053.067497][T21280] entry already in use [ 1053.115365][T21280] WARNING: CPU: 1 PID: 21280 at drivers/net/netdevsim/udp_tunnels.c:26 nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.127419][T21280] Modules linked in: [ 1053.131393][T21280] CPU: 1 UID: 0 PID: 21280 Comm: syz.5.4484 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 1053.142440][T21280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1053.153082][T21280] RIP: 0010:nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.160044][T21280] Code: c3 cc cc cc cc e8 2d b1 ca fa 44 89 f7 e8 d5 48 b8 fa e9 ee fd ff ff e8 1b b1 ca fa 90 48 c7 c7 20 7f 0a 8c e8 4e 77 8b fa 90 <0f> 0b 90 90 4c 8d 73 04 41 bf f0 ff ff ff e9 fa fe ff ff e8 95 20 [ 1053.180101][T21280] RSP: 0018:ffffc9000d977ab8 EFLAGS: 00010282 [ 1053.186372][T21280] RAX: 0000000000000000 RBX: ffffc9000d977bb0 RCX: ffffc90018752000 [ 1053.194932][T21280] RDX: 0000000000080000 RSI: ffffffff815a1736 RDI: 0000000000000001 [ 1053.202971][T21280] RBP: ffff88807e36c000 R08: 0000000000000001 R09: 0000000000000000 [ 1053.211411][T21280] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 1053.219896][T21280] R13: 0000000000000000 R14: 0000000017c10002 R15: 0000000000000000 [ 1053.228469][T21280] FS: 00007f53d2e086c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 1053.238191][T21280] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1053.245348][T21280] CR2: 000000000001f000 CR3: 000000003c5ae000 CR4: 00000000003526f0 [ 1053.254095][T21280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1053.262162][T21280] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1053.271285][T21280] Call Trace: [ 1053.275040][T21280] [ 1053.278030][T21280] ? __warn+0xea/0x3c0 [ 1053.282180][T21280] ? preempt_schedule_notrace+0x62/0xe0 [ 1053.288443][T21280] ? nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.294706][T21280] ? report_bug+0x3c0/0x580 [ 1053.299285][T21280] ? handle_bug+0x54/0xa0 [ 1053.304051][T21280] ? exc_invalid_op+0x17/0x50 [ 1053.308895][T21280] ? asm_exc_invalid_op+0x1a/0x20 [ 1053.314355][T21280] ? __warn_printk+0x1a6/0x350 [ 1053.319209][T21280] ? nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.325354][T21280] ? nsim_udp_tunnel_set_port+0x2d2/0x390 [ 1053.331601][T21280] __udp_tunnel_nic_device_sync.part.0+0x935/0xed0 [ 1053.338480][T21280] ? __pfx___udp_tunnel_nic_device_sync.part.0+0x10/0x10 [ 1053.345673][T21280] ? __pfx___mutex_lock+0x10/0x10 [ 1053.350776][T21280] __udp_tunnel_nic_reset_ntf+0x3c1/0x520 [ 1053.357095][T21280] nsim_udp_tunnels_info_reset_write+0xc2/0x110 [ 1053.363888][T21280] full_proxy_write+0xfb/0x1b0 [ 1053.368745][T21280] ? __pfx_full_proxy_write+0x10/0x10 [ 1053.374281][T21280] vfs_write+0x24c/0x1150 [ 1053.378719][T21280] ? __fget_files+0x1fc/0x3a0 [ 1053.383662][T21280] ? __pfx___mutex_lock+0x10/0x10 [ 1053.389190][T21280] ? __pfx_vfs_write+0x10/0x10 [ 1053.394160][T21280] ? __fget_files+0x206/0x3a0 [ 1053.398959][T21280] ksys_write+0x12b/0x250 [ 1053.403474][T21280] ? __pfx_ksys_write+0x10/0x10 [ 1053.408417][T21280] do_syscall_64+0xcd/0x250 [ 1053.413156][T21280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1053.419133][T21280] RIP: 0033:0x7f53d1f85d29 [ 1053.423722][T21280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1053.444247][T21280] RSP: 002b:00007f53d2e08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1053.453093][T21280] RAX: ffffffffffffffda RBX: 00007f53d2175fa0 RCX: 00007f53d1f85d29 [ 1053.461634][T21280] RDX: 0000000000000052 RSI: 0000000020000040 RDI: 0000000000000005 [ 1053.470231][T21280] RBP: 00007f53d2001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1053.478527][T21280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1053.486771][T21280] R13: 0000000000000000 R14: 00007f53d2175fa0 R15: 00007ffcb734ab38 [ 1053.494987][T21280] [ 1053.498065][T21280] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1053.505392][T21280] CPU: 1 UID: 0 PID: 21280 Comm: syz.5.4484 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 1053.516226][T21280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1053.526421][T21280] Call Trace: [ 1053.529734][T21280] [ 1053.532702][T21280] dump_stack_lvl+0x3d/0x1f0 [ 1053.537387][T21280] panic+0x71d/0x800 [ 1053.541355][T21280] ? __pfx_panic+0x10/0x10 [ 1053.545846][T21280] ? show_trace_log_lvl+0x29d/0x3d0 [ 1053.551122][T21280] ? nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.556909][T21280] check_panic_on_warn+0xab/0xb0 [ 1053.562009][T21280] __warn+0xf6/0x3c0 [ 1053.565974][T21280] ? preempt_schedule_notrace+0x62/0xe0 [ 1053.571578][T21280] ? nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.577362][T21280] report_bug+0x3c0/0x580 [ 1053.581770][T21280] handle_bug+0x54/0xa0 [ 1053.585984][T21280] exc_invalid_op+0x17/0x50 [ 1053.590573][T21280] asm_exc_invalid_op+0x1a/0x20 [ 1053.595505][T21280] RIP: 0010:nsim_udp_tunnel_set_port+0x2d3/0x390 [ 1053.601905][T21280] Code: c3 cc cc cc cc e8 2d b1 ca fa 44 89 f7 e8 d5 48 b8 fa e9 ee fd ff ff e8 1b b1 ca fa 90 48 c7 c7 20 7f 0a 8c e8 4e 77 8b fa 90 <0f> 0b 90 90 4c 8d 73 04 41 bf f0 ff ff ff e9 fa fe ff ff e8 95 20 [ 1053.621571][T21280] RSP: 0018:ffffc9000d977ab8 EFLAGS: 00010282 [ 1053.627687][T21280] RAX: 0000000000000000 RBX: ffffc9000d977bb0 RCX: ffffc90018752000 [ 1053.635705][T21280] RDX: 0000000000080000 RSI: ffffffff815a1736 RDI: 0000000000000001 [ 1053.643708][T21280] RBP: ffff88807e36c000 R08: 0000000000000001 R09: 0000000000000000 [ 1053.651714][T21280] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 1053.659726][T21280] R13: 0000000000000000 R14: 0000000017c10002 R15: 0000000000000000 [ 1053.667761][T21280] ? __warn_printk+0x1a6/0x350 [ 1053.672583][T21280] ? nsim_udp_tunnel_set_port+0x2d2/0x390 [ 1053.678351][T21280] __udp_tunnel_nic_device_sync.part.0+0x935/0xed0 [ 1053.684936][T21280] ? __pfx___udp_tunnel_nic_device_sync.part.0+0x10/0x10 [ 1053.692007][T21280] ? __pfx___mutex_lock+0x10/0x10 [ 1053.697082][T21280] __udp_tunnel_nic_reset_ntf+0x3c1/0x520 [ 1053.702861][T21280] nsim_udp_tunnels_info_reset_write+0xc2/0x110 [ 1053.709151][T21280] full_proxy_write+0xfb/0x1b0 [ 1053.713958][T21280] ? __pfx_full_proxy_write+0x10/0x10 [ 1053.719394][T21280] vfs_write+0x24c/0x1150 [ 1053.723766][T21280] ? __fget_files+0x1fc/0x3a0 [ 1053.728482][T21280] ? __pfx___mutex_lock+0x10/0x10 [ 1053.733542][T21280] ? __pfx_vfs_write+0x10/0x10 [ 1053.738371][T21280] ? __fget_files+0x206/0x3a0 [ 1053.743192][T21280] ksys_write+0x12b/0x250 [ 1053.747563][T21280] ? __pfx_ksys_write+0x10/0x10 [ 1053.752461][T21280] do_syscall_64+0xcd/0x250 [ 1053.757010][T21280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1053.762945][T21280] RIP: 0033:0x7f53d1f85d29 [ 1053.767394][T21280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1053.787036][T21280] RSP: 002b:00007f53d2e08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1053.795485][T21280] RAX: ffffffffffffffda RBX: 00007f53d2175fa0 RCX: 00007f53d1f85d29 [ 1053.803488][T21280] RDX: 0000000000000052 RSI: 0000000020000040 RDI: 0000000000000005 [ 1053.811487][T21280] RBP: 00007f53d2001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1053.819484][T21280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1053.827481][T21280] R13: 0000000000000000 R14: 00007f53d2175fa0 R15: 00007ffcb734ab38 [ 1053.835498][T21280] [ 1053.838824][T21280] Kernel Offset: disabled [ 1053.843257][T21280] Rebooting in 86400 seconds..