last executing test programs: 3m14.729639291s ago: executing program 3 (id=1319): getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) ioctl$auto(r0, 0x2, 0x9) ioctl$auto(0x3, 0x400c4d05, r0) pipe$auto(&(0x7f00000000c0)) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_prog_fd, 0x3}, 0xa3) timer_create$auto(0x3, 0x0, &(0x7f0000000280)=0x6) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10}, {0x80, 0x200000000}}, 0x0) write$auto(0x3, 0x0, 0xfffffdeb) 3m14.494906954s ago: executing program 3 (id=1320): socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/pci0000:00/0000:00:03.0/virtio0/vendor\x00', 0x400, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x81) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x80802, 0x0) r1 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0) read$auto_proc_environ_operations_base(r1, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{@inferred=0xffffffffffffffff, 0x110b, 0x10000, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa00000000e1800000000000000000040000660e070100", @raw=0x2b}, 0x6, 0x181, 0x6, @inferred, @reserved="294fa6128731696b50822ae271fbb969a526bf24151b811972feed1d2e3cbcd51f764e53d99a7c725984e3c615f6c693b01da8e7b66b3d8f45bea2b1f81028f94747b01c1f3b6de2865ec8d56a9a466d66d3676277d84f090e19d63c56024114e337f6221fe4fe284e451b5fec7dd45be2a56a30e8825057fadb99f58e7c0fae", "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) socket(0x2, 0x1, 0xa) socket(0x2, 0x6, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r3, 0x104000000000010e, 0xb, 0x0, 0x400) socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000340), r4) sendmsg$auto_IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x108000, 0x800034, 0x9) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0xfdf3, 0x39) 3m13.327342813s ago: executing program 3 (id=1323): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x9, 0x200006, 0x8, 0x16, 0x602, 0x300000000000) mmap$auto(0x0, 0x4, 0x4000000000de, 0x1c, r0, 0x300000000000) madvise$auto(0x1fff, 0x20499d, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram15/queue/nomerges\x00', 0x123102, 0x0) write$auto(r1, &(0x7f00000001c0)='0\"\xfb]$|\xcb1j\xeb0B|d\x1e\xec\x99\xb9\xfd\xd3\x89O\x9f\xac+\xf6\xd7/\xc9\xe9x\xd4\xf3\xc8\xf5\x7fW\xd3\xa6\x96\xd3^\xb8\xb4gq%H\xcc\x88r\xeaO\x8e\x10\t\xc7 P\xcf\xa7H\b\x04\x87\x98\x16`\xa3S\xd46\x10Wf\xc9<7\xcf\xc9\xf1\b\x9b\x8c\x9fu;\xc48(u\xf9Bx\n\xafW%/bBT\xa9\a\xed\xd2H4\x96\xa3U\xca\xf1\xef\x14dU\x15\x16\xa7\xdd\x01\x0e\xda\xc8\xd3\x00\xc5\b\x1a\xb0mN\x01\xb1\xc8B.U\xd1\x02\'\x9a\'\xf1;\xedJ\xf6@\xac\a\xf5\xf5 |\x1ex\xb7@=\xad\xe7\xff\xd6\xc1\xcf\x11\x0f\x99+v\x873\xc4\x17]\x17!]ct\xff\t\xb2A\x0f\x91\x02\xca&\x910xffffffffffffffff, 0x3ff, 0x8}, 0x2, &(0x7f0000000280)={0x0, 0xcb}, &(0x7f0000000300)={0x7}, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0x4}, @NET_SHAPER_A_LEAVES={0x4}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x14) sendmsg$auto_NET_SHAPER_CMD_GROUP(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r2, 0x8, 0x70bd27, 0x25dfdbfb, {}, [@NET_SHAPER_A_BW_MIN={0xc, 0x3, 0x5}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000085) socket(0x10, 0x2, 0x0) getegid() mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0xffffffffffff0004, 0x19) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="8b9773033b45ef5ec8f62ddc79"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x1}, 0x1, 0x0, 0x0, 0x9e}, 0x7}, 0x4003, 0x0) r4 = socket(0x15, 0x5, 0x0) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) ustat$auto(0x801, 0x0) sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000440), r4) 24.620855133s ago: executing program 1 (id=1971): unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$auto(0x20, 0x8, 0x3ff, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) statx$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x7d, 0x3, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40090) r0 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/format\x00', 0x1, 0x0) r1 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000080), 0x1410c0, 0x0) close_range$auto(r0, r1, 0x7ffd) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(0x0, 0x0, 0x700) socket(0xa, 0x5, 0x0) ioctl$auto(0x1, 0x8941, 0x8) 15.210145859s ago: executing program 1 (id=1987): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r0 = socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) r1 = prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r2) read$auto(r2, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="e00013"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$auto(0x3, 0x890b, 0x38) ioctl$auto(0x3, 0x890c, 0x38) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r1) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x22082, 0x0) close_range$auto(0x2, 0x8000, 0x0) sendmsg$auto_TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x190, r3, 0x1, 0x3, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0xfc, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @TIPC_NLA_NODE={0xdc, 0x6, 0x0, 0x1, [@typed={0x4, 0xeb}, @generic="b02968803fe2475069f361ae320d368580b844ff72dd89609371f00f13deec6194152cfcaadabbe395c6770cec3a47eac994c043fda6c441ac89a9c55349848e7af43573537f0c67ab1647490dc0cf052d0cadb55cf29c84b61a3af90b5887ccca4af1bb56398011d72d70ff65774e7b7ee43215fbfb6639cd62d97ef44f19b3ff61c21f47ea4f697664b853348ae653918be889e63be29f537e18165c708658436b75bce84e9c593639bcf147498a2fc65a41b69fe0571a8d3547104d237f16c1892392bf22e00cb63e1d36bc9de3ca7db50f28"]}, @TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@generic="2499f8c2c4ef3370310a48e3f1ac111f3627214caba5b3026d94f973d480492e8ef528649fafc0d446c59b58df5f63526d2159b835ef4518075634c6b94e6eaa5aefa0b28753b1c035fe9ee4cd02b6c63bbaea1f3a0d17f3b0cd045bf317c464c04a39f5b13cc29a86041947fb9eb42fdd215662f243b7dd0f0a0cc92cf21c6cba58cc24fd621b4a080062edf716a40a"]}]}, 0x190}, 0x1, 0x0, 0x0, 0x4000050}, 0x2000c880) 10.443671065s ago: executing program 1 (id=2002): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket(0x21, 0x80000, 0x2) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040800) mmap$auto(0x0, 0x400005, 0xffffffffffbffffe, 0x9b72, 0x2, 0x7fff) timer_create$auto(0x4, 0x0, 0x0) r1 = socket(0x2a, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080), 0x0) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) select$auto(0x4, &(0x7f0000000000)={[0x3, 0x800, 0x77, 0x10000, 0x9, 0x8, 0xb, 0x2, 0x80000000, 0x0, 0x3, 0x1, 0xfff, 0xfffffffffffffc31, 0x47ba, 0xe]}, &(0x7f0000000180)={[0x3, 0xb1f, 0x10001, 0x2, 0x5, 0x3800, 0x7, 0x18, 0x3, 0x0, 0x4, 0x9db0, 0x5, 0x0, 0x6, 0x9]}, &(0x7f0000000440)={[0x6b87f4ab, 0xffffffffffffffff, 0x7, 0x7e8fcd8c, 0x5, 0x1, 0x7, 0xfffffffffffffff9, 0x6, 0x7, 0x2800000000000000, 0x4, 0x3, 0x6, 0x2c9, 0x6]}, &(0x7f0000000300)={0x81, 0xc0}) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x40) setsockopt$auto(0xffffffffffffffff, 0x4, 0x8001, 0x0, 0x2) lstat$auto(&(0x7f0000000340)='MAC80211_HWSIM\x00', &(0x7f00000006c0)={0x3, 0x101, 0x1, 0x4, 0x0, 0x0, 0x0, 0x8, 0x101, 0x3, 0xa, 0x0, 0x3, 0x7f, 0x81, 0x5, 0x811}) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) gettid() connect$auto(0xffffffffffffffff, 0x0, 0x55) mmap$auto(0x0, 0x5, 0x3, 0x16, 0x3, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x8000000000000000, 0x4, 0xc) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = open(&(0x7f0000000200)='./cgroup\x00', 0x400, 0x23) fchdir$auto(r2) mkdir$auto(&(0x7f0000000140)='MAC80211_HWSIM\x00', 0x1) mq_notify$auto(r1, &(0x7f00000005c0)={@sival_ptr=&(0x7f00000004c0)="515dece04a02718c1f35a5ef5e04b2dd5670207ae437a87dc9c574f157479dbc0e8660fae228fb7d512a4ca37d35c9280f97dca075888f5253e5b0ad8caeb98bf3888093ee1995a9fdcfac2e4efd204c558e68f72af1aef3c3b6e1e521a9087d1c0b70acc8704c1a2ce5c58fb600ec43c3c248fdd71820540e6430cf812df9de639ef746481fc4ba64a9fd883b6c384c8d5656c6ee6cbd72e96870c9ca33fc272d08c0c644ad7306e38f22e0f070ac07eefdc49cf40efa8d8cb614093499ac3133", @inferred=r2, 0xffff}) 9.882515913s ago: executing program 0 (id=2003): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000369866041f15b2ab0703d4c87c442f4b7b2cdfe5be4bf4553888b3dd58aa516a69d1a2ee4fa98d1c7102740d84f754bf021aa0a172a5093cd741e28d17d8d607dcca475ba96c1758a37e57151bd945fd1a798d90096941a90741a5d3e57c85d1b6b5f022e928fdce3002a5e2dc80aab672c64847df51e4f680d21c5aa05f2b483c8c6a7f46557762a21d89984caac68647715250d9a25b772d674c981eee0d5f2337d9054a8f66757339de709508f357a399b26ff3d1d8108ef176ddc2ce5eeb491981ac2338a3b8ef8f7e09010d0c51d84ad514e3cf6d2bade5b109bcfe18dce67e8de31bed3597de098f3503daf71e44966638987bfce8bb153b5dc55a", @ANYRES16=0x0], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="d08c0d9a7d7f1804eb72907e2adc0df701002bbd7000ffdb6dc1aef0769cf6bcb5c03b5c"], 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x20b42, 0x0) write$auto(r3, &(0x7f0000000040)='osys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x5) mmap$auto(0x6, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty51\x00', 0xecbc1, 0x0) mmap$auto(0xdfbb, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8004) 8.448308287s ago: executing program 2 (id=2006): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8004) r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8002, 0x0) read$auto(r0, 0x0, 0x80) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) connect$auto(r1, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2711, @my=0x0}, 0x3) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) close_range$auto(r0, r0, 0x2) 8.136087524s ago: executing program 2 (id=2007): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="d08c0d9a7d7f1804eb72907e2adc0df701002bbd7000ffdb6dc1aef0769cf6bcb5c03b5c"], 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x20b42, 0x0) write$auto(r3, &(0x7f0000000040)='osys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x5) mmap$auto(0x6, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty51\x00', 0xecbc1, 0x0) mmap$auto(0xdfbb, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8004) 7.157514849s ago: executing program 1 (id=2009): madvise$auto(0x3a3, 0x2, 0x8) r0 = openat$auto_fops_x16_ro_(0xffffffffffffff9c, 0x0, 0x50000, 0x0) close_range$auto(r0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4000008000) r1 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f0000000040)={0x0, 0x34000}, 0x4, 0x0, 0x1}, 0xed7138c}, 0x2, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(0xffffffffffffffff, 0x0, 0x40) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_getsetattr$auto(0x3, 0x0, &(0x7f0000000100)={0x8, 0x8, 0x2, 0x1}) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x0) bpf$auto(0xd, 0x0, 0x6f5) r2 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) read$auto_ptdump_curusr_fops_(r2, &(0x7f0000000280)=""/80, 0x50) prctl$auto(0x23, 0x4, 0x7fffffffefff, 0x0, 0x0) madvise$auto(0x0, 0x100fffd, 0x6) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 6.83872887s ago: executing program 5 (id=2010): unshare$auto(0x40000080) (async) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x119e41, 0x0) (async) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f00000034c0), 0x500, 0x0) ioctl$auto_IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) (async) mmap$auto(0x0, 0x81, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0x8000000000000000, 0x15) sync_file_range$auto(0xffffffffffffffff, 0xa, 0xe, 0x39cb86c0) madvise$auto(0x81, 0x5, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x9) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptmx\x00', 0x189000, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xc18, 0x8000) (async) capget$auto(0x0, 0xfffffffffffffffe) (async) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r4, 0x40085112, 0x2) (async) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x28000040}, 0x10) acct$auto(&(0x7f0000000040)='/dev/ptmx\x00') (async) read$auto_dev_fops_plock(r1, &(0x7f0000000240)=""/168, 0xa8) (async) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) bind$auto(0x3, 0x0, 0x6a) (async) openat$auto_u32_array_fops_file(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/rose6/statistics/tx_window_errors\x00', 0x101200, 0x0) read$auto(r5, 0x0, 0x7) (async) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) open_by_handle_at$auto(r2, 0x0, 0x8001) 6.636123244s ago: executing program 0 (id=2011): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) futex_waitv$auto(&(0x7f0000000000)={0xfffffffffffffffd, 0x5d94, 0x6, 0x4}, 0x200bf50, 0x1, 0x0, 0x62c1) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) ioctl$auto(r0, 0x41045508, 0x1) mprotect$auto(0x1ffff000, 0x7ffffffffffffffe, 0x4) r1 = gettid() (async) rt_sigtimedwait$auto(&(0x7f0000000140)={0x7}, 0x0, 0x0, 0x8) kill$auto(r1, 0x8) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) r2 = socket(0x2, 0x1, 0x0) (async) close_range$auto(0x2, r0, 0x0) (async) memfd_create$auto(0x0, 0xe) r3 = socket(0x2, 0x8, 0x106) (async) futex$auto(&(0x7f0000000240)=0xc9, 0x7fffffff, 0xfffffffe, &(0x7f0000000280)={0x9, 0xffffffff}, &(0x7f00000002c0)=0x3, 0x4) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000200)={{&(0x7f0000000180)="7bc2f8972bea727539e02e3c540d3cafa81193fbae5a56032c8a65f6391c3b1eb8769a6bdacaa13781078e2d41ac232ef7193eb87b133f01fb8ca9e4e076f731cda0983aefa37d09", 0x12, 0x0, 0x9, 0x0, 0x9, 0x7}, 0x800009}, 0x2, 0x4cfd) (async) write$auto(0x3, 0x0, 0xfdf3) (async, rerun: 64) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r2) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async, rerun: 32) syz_clone3(0x0, 0x0) (rerun: 32) recvfrom$auto(r3, 0x0, 0x800000000a, 0x2, 0x0, 0xfffffffffffffffd) (async, rerun: 32) r4 = io_uring_setup$auto(0x28000, 0x0) (rerun: 32) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci7/hci7:200/power/control\x00', 0x4000, 0x0) (async) mmap$auto(0x100000000200, 0x1, 0x3ff, 0x17, 0xffffffffffffffff, 0x28000) (async, rerun: 64) sendmsg$auto_GTP_CMD_ECHOREQ(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40005}, 0x0) (rerun: 64) mmap$auto(0x9f, 0x3, 0xfffffffffffffffd, 0x8000000009b72, r4, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x2, 0x80805, 0x0) 6.223986936s ago: executing program 5 (id=2012): close_range$auto(0x2, 0x8, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000000c0), 0x480001, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x20e, 0x6}, 0x6, 0x100000) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3}, 0x6b) sendmsg$auto_VDPA_CMD_DEV_NEW(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x338439ac83331612}, 0x20000844) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) close_range$auto(0x2, 0x8000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x11, 0x3, 0x10) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x1) bpf$auto(0x0, 0x0, 0x10) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) mmap$auto(0x2000000, 0x20009, 0x8, 0xeb1, 0x401, 0x8000) r2 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) read$auto_userio_fops_userio(r2, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) 5.844129211s ago: executing program 2 (id=2013): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/make-it-fail\x00', 0x41200, 0x0) readv$auto(r0, &(0x7f0000000240)={&(0x7f00000001c0), 0x361}, 0x6) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x3, 0x3, 0x105, 0x7, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [0x1b16, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x4, 0x0, 0xc06f, 0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xc3d0, 0x107, 0x6, 0x0, 0x80000001, 0x4, 0x0, 0x80000000000, 0xff]}, 0x1fe, 0x81) ioperm$auto(0x5, 0x9, 0x2) modify_ldt$auto(0x11, 0x0, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1d, 0x2, 0x6) poll$auto(0x0, 0x2, 0xc) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x8, 0x8243, 0x0, 0x0, 0x4) getsockopt$auto(0x3, 0x200000000001, 0x3b, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth0_vlan\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_AGE={0x8, 0x4, 0x5}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IFINDEX={0x8, 0x2, r3}, @HSR_A_IFINDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x9c0a7fc06f585e63) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180), 0x2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0xb, 0x4008) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.656453713s ago: executing program 5 (id=2014): socket(0xa, 0x80000, 0x3a) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) close_range$auto(r1, r1, 0x20000000) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x161342, 0x100) r2 = socket(0x1d, 0x3, 0x1) socket(0xf, 0x1, 0xffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xc004) socketpair$auto(0x3, 0x5, 0x7, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mknod$auto(0x0, 0x1081, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x3, 0x8000000000000003, 0x7238) madvise$auto(0x0, 0x1010001, 0x100000003) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), r2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) mmap$auto(0x0, 0xfee, 0xffffffff, 0x9b72, 0x2, 0x8000) r3 = socket(0xa, 0x801, 0x84) listen$auto(r3, 0x3) getsockopt$auto(r3, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x881) 4.411271396s ago: executing program 2 (id=2015): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000369866041f15b2ab0703d4c87c442f4b7b2cdfe5be4bf4553888b3dd58aa516a69d1a2ee4fa98d1c7102740d84f754bf021aa0a172a5093cd741e28d17d8d607dcca475ba96c1758a37e57151bd945fd1a798d90096941a90741a5d3e57c85d1b6b5f022e928fdce3002a5e2dc80aab672c64847df51e4f680d21c5aa05f2b483c8c6a7f46557762a21d89984caac68647715250d9a25b772d674c981eee0d5f2337d9054a8f66757339de709508f357a399b26ff3d1d8108ef176ddc2ce5eeb491981ac2338a3b8ef8f7e09010d0c51d84ad514e3cf6d2bade5b109bcfe18dce67e8de31bed3597de098f3503daf71e44966638987bfce8bb153b5dc55a", @ANYRES16=0x0, @ANYBLOB], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="d08c0d9a7d7f1804eb72907e2adc0df701002bbd7000ffdb6dc1aef0769cf6bcb5c03b5c"], 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x20b42, 0x0) write$auto(r3, &(0x7f0000000040)='osys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x5) mmap$auto(0x6, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty51\x00', 0xecbc1, 0x0) mmap$auto(0xdfbb, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8004) 3.66808975s ago: executing program 0 (id=2016): mmap$auto(0x0, 0x402000b, 0x6, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0xb5d1af1605322c72) r1 = open_by_handle_at$auto(r0, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2) write$auto(r1, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) read$auto_tracing_thresh_fops_trace(r1, &(0x7f00000000c0)=""/151, 0x97) 3.135792714s ago: executing program 5 (id=2017): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$auto(r0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x2, 0x5, 0x800, 0x14, r1, 0x5) r2 = openat$auto_fake_panic_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x28001, 0x0) close_range$auto(r2, r0, 0x1) open(0x0, 0xa240, 0x15e) socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x0, 0x2000000005, 0x6) fchdir$auto(0xffffffffffffffff) 3.031449321s ago: executing program 0 (id=2018): socket(0xa, 0xa, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x40000007a, 0x4, 0x6, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) munlock$auto(0x9, 0x29b9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/oom_score_adj\x00', 0x80440, 0x0) readv$auto(r0, &(0x7f00000000c0)={&(0x7f0000000080), 0x65}, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x75, 0x0, &(0x7f0000000000)=0x9000c) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) madvise$auto(0x0, 0x54, 0x6) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, 0x0) mmap$auto(0x0, 0x9, 0xff7, 0x8000000008012, 0x1000000004, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) unshare$auto(0x40000080) 3.029958293s ago: executing program 2 (id=2019): fchmod$auto(0xffffffffffffffff, 0x7439) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r0) sendmsg$auto_WG_CMD_SET_DEVICE(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002800)={0x30, r1, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x841}, 0x80) setreuid$auto(0x4, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) process_mrelease$auto(0x4, 0x0) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r2) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="04002abd7000fbdbdf250f00000006001400020000000a00090038549bbc32e80000a853cf9d6cd5bb06a484c8466daf0d5f39968bded0b8d0082e120dc673003d461a9546716ba0c5534cff9f25d115b43577385f28747b17d530c1f9a83acfe640b91122016384cba68214e2bc61e664133b133d2be6656c35a8b901eaf03f7dc4242a9df52bac1b221f66fa7f791943905a06f96e0fb68cd81b799750fe1bb3598ff53bd854b7c2745550eb0632d43afacb09e41d7771b4cb8e07fe19872b42f955d3fe68494bb4121785d407f4d8ad829fe533a1a65fb698ab1387a6b34346f38e8228197e5803d9af79c412e2159f80b0465c8eeb9a148eb841e271a16adefc315993afe15e7dbdc511f16c60b1ca66d76a3c1dd8b47f3c5b32578e53b03fb86b7fdfd319ab826ecf61324b7b61e78b67a735d05e5842573632fd873feefdc2fdddb8f306768496e51885d837e017cab680f5ed928eae92132b9b32ea6871da84f23e252d0b40cf738c8aa26d5f48"], 0x28}, 0x1, 0x0, 0x0, 0x4dd0808de70779d3}, 0x88) setpriority$auto(0x0, 0xd63, 0xffff) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) read$auto_zero_fops_mem(r4, &(0x7f0000001180)=""/4096, 0x1000) fchmod$auto(0xffffffffffffffff, 0x7439) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r0) (async) sendmsg$auto_WG_CMD_SET_DEVICE(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002800)={0x30, r1, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x841}, 0x80) (async) setreuid$auto(0x4, 0x8) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) process_mrelease$auto(0x4, 0x0) (async) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r2) (async) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="04002abd7000fbdbdf250f00000006001400020000000a00090038549bbc32e80000a853cf9d6cd5bb06a484c8466daf0d5f39968bded0b8d0082e120dc673003d461a9546716ba0c5534cff9f25d115b43577385f28747b17d530c1f9a83acfe640b91122016384cba68214e2bc61e664133b133d2be6656c35a8b901eaf03f7dc4242a9df52bac1b221f66fa7f791943905a06f96e0fb68cd81b799750fe1bb3598ff53bd854b7c2745550eb0632d43afacb09e41d7771b4cb8e07fe19872b42f955d3fe68494bb4121785d407f4d8ad829fe533a1a65fb698ab1387a6b34346f38e8228197e5803d9af79c412e2159f80b0465c8eeb9a148eb841e271a16adefc315993afe15e7dbdc511f16c60b1ca66d76a3c1dd8b47f3c5b32578e53b03fb86b7fdfd319ab826ecf61324b7b61e78b67a735d05e5842573632fd873feefdc2fdddb8f306768496e51885d837e017cab680f5ed928eae92132b9b32ea6871da84f23e252d0b40cf738c8aa26d5f48"], 0x28}, 0x1, 0x0, 0x0, 0x4dd0808de70779d3}, 0x88) (async) setpriority$auto(0x0, 0xd63, 0xffff) (async) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async) read$auto_zero_fops_mem(r4, &(0x7f0000001180)=""/4096, 0x1000) (async) 2.40005357s ago: executing program 2 (id=2020): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={0x0, 0x1c}}, 0x24008000) 2.182807259s ago: executing program 5 (id=2021): mmap$auto(0x0, 0x400005, 0xffffffff, 0x9b71, 0x2, 0x8000) r0 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) munmap$auto(0x1000000, 0x2000000c) write$auto_tomoyo_self_operations_securityfs_if(r0, &(0x7f00000001c0)='<', 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clock_adjtime$auto(0x8, 0x0) 1.115940504s ago: executing program 0 (id=2022): r0 = socket(0x11, 0x6, 0x4087) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0xc0400, 0x0) bind$auto(r0, &(0x7f0000000040)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x7a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x2) r1 = getsockopt$auto(r0, 0x84, 0x84, 0x0, &(0x7f0000000180)=0x9f) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyae\x00', 0x521802, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000840)="4c9b6e", 0x3) listen$auto(r1, 0x1) keyctl$auto(0x11, 0xfffffffffffffffa, 0x0, 0x4, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) setreuid$auto(0x0, 0x20000000004) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto(0x3, 0x401070ca, 0xa742) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r3, 0x0, 0xd51, 0x80008) prctl$auto(0x23, 0xe, 0x2009, 0x0, 0x0) 980.712102ms ago: executing program 0 (id=2023): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000369866041f15b2ab0703d4c87c442f4b7b2cdfe5be4bf4553888b3dd58aa516a69d1a2ee4fa98d1c7102740d84f754bf021aa0a172a5093cd741e28d17d8d607dcca475ba96c1758a37e57151bd945fd1a798d90096941a90741a5d3e57c85d1b6b5f022e928fdce3002a5e2dc80aab672c64847df51e4f680d21c5aa05f2b483c8c6a7f46557762a21d89984caac68647715250d9a25b772d674c981eee0d5f2337d9054a8f66757339de709508f357a399b26ff3d1d8108ef176ddc2ce5eeb491981ac2338a3b8ef8f7e09010d0c51d84ad514e3cf6d2bade5b109bcfe18dce67e8de31bed3597de098f3503daf71e44966638987bfce8bb153b5dc55a", @ANYRES16=0x0], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="d08c0d9a7d7f1804eb72907e2adc0df701002bbd7000ffdb6dc1aef0769cf6bcb5c03b5c"], 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x20b42, 0x0) write$auto(r3, &(0x7f0000000040)='osys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x5) mmap$auto(0x6, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty51\x00', 0xecbc1, 0x0) mmap$auto(0xdfbb, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8004) 0s ago: executing program 5 (id=2024): r0 = socket(0x1d, 0x2, 0x6) gettid() r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram15\x00', 0x80, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) sendfile$auto(r4, r3, 0x0, 0x6585) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000000)=ANY=[], 0x14}}, 0x4010) syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000100), r0) mmap$auto(0x0, 0x8400008, 0x8001, 0x1010, r1, 0xfffffffffffffffa) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) pwrite64$auto(r5, 0x0, 0x1, 0x4000000005) kexec_load$auto(0x2, 0x9, &(0x7f00000000c0)={@kbuf=&(0x7f0000000000)="e165588155d93d5a09c9b55ac1e17c796fd076969e7a7ec338c94776ff4fc71fe3e8cb7a11500ef554afe00fa852c834089552a9c86424b18abe", 0x0, 0xd39, 0x5}, 0xffff) clone$auto(0x5, 0x4000000000000000, &(0x7f0000000180), &(0x7f00000001c0)=0x4, 0x7ff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/tty50\x00', 0x4201, 0x0) mremap$auto(0x2, 0x90000000, 0x3, 0x1000, 0x6) ioctl$auto_TIOCSETD2(r6, 0x5423, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) clock_gettime$auto(0x7fffffff, 0x0) unshare$auto(0x40000080) kernel console output (not intermixed with test programs): 7.201577][ T5839] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.208997][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.248843][ T5143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.256846][ T5143] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.266260][ T5143] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.559490][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 67.575004][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 67.630036][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 67.716328][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.724703][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.732597][ T5828] bridge_slave_0: entered allmulticast mode [ 67.739339][ T5828] bridge_slave_0: entered promiscuous mode [ 67.751682][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.758988][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.766432][ T5828] bridge_slave_1: entered allmulticast mode [ 67.773160][ T5828] bridge_slave_1: entered promiscuous mode [ 67.816416][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.823627][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.830818][ T5825] bridge_slave_0: entered allmulticast mode [ 67.837921][ T5825] bridge_slave_0: entered promiscuous mode [ 67.873697][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.886191][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.896084][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.903377][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.910544][ T5825] bridge_slave_1: entered allmulticast mode [ 67.917285][ T5825] bridge_slave_1: entered promiscuous mode [ 67.975301][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.983173][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.990316][ T5826] bridge_slave_0: entered allmulticast mode [ 67.997652][ T5826] bridge_slave_0: entered promiscuous mode [ 68.007321][ T5828] team0: Port device team_slave_0 added [ 68.015643][ T5828] team0: Port device team_slave_1 added [ 68.028287][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.035683][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.042962][ T5826] bridge_slave_1: entered allmulticast mode [ 68.049526][ T5826] bridge_slave_1: entered promiscuous mode [ 68.074776][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.084161][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 68.118081][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.125403][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.151503][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.166159][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.184999][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.197141][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.218535][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.225554][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.251691][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.277836][ T5825] team0: Port device team_slave_0 added [ 68.326059][ T5825] team0: Port device team_slave_1 added [ 68.342756][ T5826] team0: Port device team_slave_0 added [ 68.379136][ T5826] team0: Port device team_slave_1 added [ 68.385382][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.393133][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.400974][ T5829] bridge_slave_0: entered allmulticast mode [ 68.407731][ T5829] bridge_slave_0: entered promiscuous mode [ 68.415765][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.422933][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.430227][ T5829] bridge_slave_1: entered allmulticast mode [ 68.437900][ T5829] bridge_slave_1: entered promiscuous mode [ 68.446999][ T5828] hsr_slave_0: entered promiscuous mode [ 68.454053][ T5828] hsr_slave_1: entered promiscuous mode [ 68.461376][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.468430][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.494589][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.537410][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.544604][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.570588][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.603490][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.635690][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.642816][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.668998][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.687845][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.712142][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.719114][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.745239][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.791315][ T5829] team0: Port device team_slave_0 added [ 68.800616][ T5825] hsr_slave_0: entered promiscuous mode [ 68.807428][ T5825] hsr_slave_1: entered promiscuous mode [ 68.815582][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.823539][ T5825] Cannot create hsr debugfs directory [ 68.837212][ T5829] team0: Port device team_slave_1 added [ 68.900391][ T5826] hsr_slave_0: entered promiscuous mode [ 68.906654][ T5826] hsr_slave_1: entered promiscuous mode [ 68.915827][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.923774][ T5826] Cannot create hsr debugfs directory [ 68.934931][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.941972][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.967995][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.990153][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.997369][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.023670][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.115976][ T5829] hsr_slave_0: entered promiscuous mode [ 69.122711][ T5829] hsr_slave_1: entered promiscuous mode [ 69.129182][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.137465][ T5829] Cannot create hsr debugfs directory [ 69.232900][ T5143] Bluetooth: hci0: command tx timeout [ 69.238757][ T5831] Bluetooth: hci2: command tx timeout [ 69.257568][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 69.277720][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 69.310490][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 69.317629][ T5831] Bluetooth: hci1: command tx timeout [ 69.323776][ T5143] Bluetooth: hci3: command tx timeout [ 69.340214][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 69.368858][ T5825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.391311][ T5825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.407608][ T5825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.429196][ T5825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.465817][ T5826] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 69.479046][ T5826] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 69.504035][ T5826] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 69.527268][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 69.542540][ T5826] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 69.561217][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 69.571265][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 69.584153][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 69.701043][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.756954][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.779545][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.790988][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.806343][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.813674][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.857196][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.867164][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.874310][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.884525][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.897245][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.904392][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.924776][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.931961][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.947578][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.955376][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.981361][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.991084][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.998217][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.093407][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.118380][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.125578][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.146565][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.153744][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.365359][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.417102][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.498525][ T5828] veth0_vlan: entered promiscuous mode [ 70.531742][ T5828] veth1_vlan: entered promiscuous mode [ 70.555939][ T5826] veth0_vlan: entered promiscuous mode [ 70.598596][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.608872][ T5826] veth1_vlan: entered promiscuous mode [ 70.627105][ T5828] veth0_macvtap: entered promiscuous mode [ 70.638659][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.657275][ T5828] veth1_macvtap: entered promiscuous mode [ 70.701260][ T5826] veth0_macvtap: entered promiscuous mode [ 70.715378][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.734897][ T5826] veth1_macvtap: entered promiscuous mode [ 70.746690][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.770834][ T5829] veth0_vlan: entered promiscuous mode [ 70.787771][ T5828] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.797217][ T5828] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.807371][ T5828] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.816280][ T5828] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.845395][ T5825] veth0_vlan: entered promiscuous mode [ 70.858374][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.872702][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.885192][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.904583][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.916370][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.928274][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.938464][ T5829] veth1_vlan: entered promiscuous mode [ 70.966120][ T5826] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.975143][ T5826] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.984441][ T5826] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.994068][ T5826] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.008725][ T5825] veth1_vlan: entered promiscuous mode [ 71.053952][ T5829] veth0_macvtap: entered promiscuous mode [ 71.108506][ T5829] veth1_macvtap: entered promiscuous mode [ 71.136613][ T5825] veth0_macvtap: entered promiscuous mode [ 71.147051][ T5825] veth1_macvtap: entered promiscuous mode [ 71.173082][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.182671][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.188829][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.202384][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.206676][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.213267][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.233073][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.263786][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.274482][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.285257][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.295825][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.305952][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.317337][ T5143] Bluetooth: hci0: command tx timeout [ 71.322906][ T5831] Bluetooth: hci2: command tx timeout [ 71.328581][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.339668][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.356133][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.360494][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.364333][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.379833][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.392677][ T5143] Bluetooth: hci1: command tx timeout [ 71.398106][ T5143] Bluetooth: hci3: command tx timeout [ 71.398344][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.414378][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.425037][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.439737][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.449265][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.458205][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.466986][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.484242][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.495977][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.506495][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.517753][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.527950][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.538587][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.550131][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.577626][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.578840][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.592513][ T5825] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.602352][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.609185][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.609952][ T5825] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.626686][ T5825] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.636237][ T5825] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.711542][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 71.825984][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.835164][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.862778][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.870384][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.907169][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.916189][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.940858][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.967608][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.973757][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.013450][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.408605][ T5143] Bluetooth: hci0: command tx timeout [ 73.417773][ T5831] Bluetooth: hci2: command tx timeout [ 73.498535][ T5831] Bluetooth: hci3: command tx timeout [ 73.509616][ T5831] Bluetooth: hci1: command tx timeout [ 73.788819][ T5927] Zero length message leads to an empty skb [ 75.341698][ T938] cfg80211: failed to load regulatory.db [ 75.473333][ T5831] Bluetooth: hci0: command tx timeout [ 75.479502][ T5143] Bluetooth: hci2: command tx timeout [ 75.552045][ T5143] Bluetooth: hci1: command tx timeout [ 75.557536][ T5143] Bluetooth: hci3: command tx timeout [ 75.637662][ T5962] capability: warning: `syz.1.18' uses 32-bit capabilities (legacy support in use) [ 77.069558][ T5997] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[5997] [ 77.137056][ T5997] netlink: 28 bytes leftover after parsing attributes in process `syz.3.26'. [ 77.150555][ T5997] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.161125][ T5997] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.173647][ T5997] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.188577][ T5997] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.379591][ T5978] ima: policy update failed [ 77.412782][ T29] audit: type=1802 audit(1736444742.024:2): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.22" res=0 errno=0 [ 78.277930][ T6007] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 78.519333][ T6007] lo: entered allmulticast mode [ 78.538395][ T6007] lo: left allmulticast mode [ 79.275754][ T6024] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 79.984231][ T6035] mmap: syz.1.34 (6035) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 80.267040][ T6040] Invalid ELF header magic: != ELF [ 80.753407][ T6044] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.004803][ T6043] futex_wake_op: syz.0.36 tries to shift op by 64; fix this program [ 83.173594][ T6070] netlink: 'syz.3.40': attribute type 10 has an invalid length. [ 83.191825][ T6070] netlink: 330 bytes leftover after parsing attributes in process `syz.3.40'. [ 83.229689][ T6071] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[6071] [ 83.570750][ T6090] openvswitch: netlink: Key type 141 is out of range max 32 [ 84.051889][ T6096] netlink: 334 bytes leftover after parsing attributes in process `syz.3.45'. [ 85.403469][ T6122] ubi0: attaching mtd0 [ 85.410194][ T6122] ubi0: scanning is finished [ 85.501447][ T6122] ubi0: empty MTD device detected [ 85.559004][ T6126] netlink: 338 bytes leftover after parsing attributes in process `syz.0.51'. [ 86.141906][ T6122] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 86.159508][ T6122] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 86.272163][ T6122] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 86.272220][ T6122] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 86.272242][ T6122] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 86.272264][ T6122] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 86.272287][ T6122] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1550430810 [ 86.272313][ T6122] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 86.274056][ T6138] ubi0: background thread "ubi_bgt0d" started, PID 6138 [ 88.044026][ T6158] netlink: 338 bytes leftover after parsing attributes in process `syz.1.56'. [ 88.098000][ T6158] netlink: 338 bytes leftover after parsing attributes in process `syz.1.56'. [ 88.441880][ T6156] netlink: 98 bytes leftover after parsing attributes in process `syz.1.56'. [ 88.512005][ T6156] veth0_macvtap: left promiscuous mode [ 88.884930][ T6179] syz.0.62 uses obsolete (PF_INET,SOCK_PACKET) [ 89.435495][ T6191] netlink: 'syz.0.66': attribute type 1 has an invalid length. [ 90.241103][ T6189] kAFS: Invalid Command on /proc/fs/afs/cells file [ 93.515028][ T6233] Process accounting resumed [ 95.118539][ T6278] ======================================================= [ 95.118539][ T6278] WARNING: The mand mount option has been deprecated and [ 95.118539][ T6278] and is ignored by this kernel. Remove the mand [ 95.118539][ T6278] option from the mount to silence this warning. [ 95.118539][ T6278] ======================================================= [ 95.725292][ T6292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.83'. [ 97.452336][ T6323] netlink: 20 bytes leftover after parsing attributes in process `syz.1.92'. [ 97.944985][ T6339] lo: entered allmulticast mode [ 98.004519][ T6341] netlink: 'syz.1.99': attribute type 10 has an invalid length. [ 98.021929][ T6341] netlink: 'syz.1.99': attribute type 13 has an invalid length. [ 98.767322][ T6374] netlink: 28 bytes leftover after parsing attributes in process `syz.3.101'. [ 98.774688][ T6337] lo: left allmulticast mode [ 99.057915][ T6389] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 99.120968][ T6339] kexec: Could not allocate control_code_buffer [ 99.151583][ T6395] usb usb15: usbfs: interface 0 claimed by hub while 'syz.3.102' sets config #0 [ 99.550532][ T6411] netlink: 28 bytes leftover after parsing attributes in process `syz.3.106'. [ 99.753180][ T6416] netlink: 28 bytes leftover after parsing attributes in process `syz.1.108'. [ 99.842357][ T6416] team0: Port device team_slave_1 removed [ 100.114150][ T6422] netlink: 28 bytes leftover after parsing attributes in process `syz.1.110'. [ 100.114740][ T6418] Invalid ELF header magic: != ELF [ 100.125398][ T6423] netlink: 28 bytes leftover after parsing attributes in process `syz.1.110'. [ 100.439205][ T29] audit: type=1326 audit(8277292041.460:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6428 comm="syz.1.111" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05f3f85d29 code=0x0 [ 100.729940][ T6436] mkiss: ax0: crc mode is auto. [ 101.367037][ T6468] kAFS: unparsable volume name [ 101.567055][ T6477] netlink: 146 bytes leftover after parsing attributes in process `syz.1.123'. [ 101.724711][ T6473] netlink: 146 bytes leftover after parsing attributes in process `syz.1.123'. [ 102.009286][ T6485] netlink: 146 bytes leftover after parsing attributes in process `syz.1.123'. [ 102.527790][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.128'. [ 102.567723][ T6513] netlink: 4 bytes leftover after parsing attributes in process `syz.1.128'. [ 104.962116][ T6534] process 'syz.1.134' launched ':,' with NULL argv: empty string added [ 112.689485][ T6601] .': entered promiscuous mode [ 112.769702][ T6601] openvswitch: .': Dropping previously announced user features [ 112.905719][ T6601] openvswitch: .': Dropping previously announced user features [ 113.042370][ T6601] openvswitch: .': Dropping previously announced user features [ 113.161668][ T6601] openvswitch: .': Dropping previously announced user features [ 113.243102][ T6601] openvswitch: .': Dropping previously announced user features [ 113.908744][ T6613] mkiss: ax0: crc mode is auto. [ 114.025027][ T6613] ptp ptp0: only physical clock in use now [ 114.193966][ T6621] netlink: 504 bytes leftover after parsing attributes in process `syz.1.155'. [ 114.217482][ T6621] netlink: 504 bytes leftover after parsing attributes in process `syz.1.155'. [ 114.454544][ T6626] netlink: 12 bytes leftover after parsing attributes in process `syz.0.156'. [ 116.432961][ T6663] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 118.032544][ T6690] netlink: 28 bytes leftover after parsing attributes in process `syz.2.169'. [ 118.962073][ T6712] Process accounting resumed [ 119.715038][ T6741] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 122.664821][ T6816] can: request_module (can-proto-4) failed. [ 123.712183][ T6830] can: request_module (can-proto-0) failed. [ 125.033677][ T6844] ima: policy update failed [ 125.094222][ T29] audit: type=1802 audit(8277292066.120:4): pid=6844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.203" res=0 errno=0 [ 130.615479][ T6967] CIFS: VFS: Invalid SecurityFlags: [ 130.678789][ T6969] netlink: 28 bytes leftover after parsing attributes in process `syz.3.235'. [ 130.812916][ T6974] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 130.862117][ T6969] ipvlan0: entered promiscuous mode [ 130.926625][ T6969] ipvlan0: entered allmulticast mode [ 131.023721][ T6969] veth0_vlan: entered allmulticast mode [ 131.083232][ T6977] netlink: 326 bytes leftover after parsing attributes in process `syz.2.237'. [ 131.175379][ T6977] veth1_macvtap: left promiscuous mode [ 132.584398][ T7002] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 133.106697][ T7007] netlink: 'syz.0.246': attribute type 2 has an invalid length. [ 133.237171][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.244850][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.340479][ T7015] netlink: zone id is out of range [ 133.401961][ T7015] netlink: zone id is out of range [ 133.408156][ T7015] netlink: zone id is out of range [ 133.464405][ T7015] netlink: zone id is out of range [ 133.571992][ T7015] netlink: zone id is out of range [ 133.824146][ T7015] netlink: zone id is out of range [ 133.830345][ T7015] netlink: zone id is out of range [ 134.153098][ T7015] netlink: zone id is out of range [ 134.341070][ T7015] netlink: zone id is out of range [ 134.552329][ T7015] netlink: zone id is out of range [ 136.303797][ T7062] syz.2.253 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 136.646033][ T7068] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 141.639216][ T7138] netlink: 32 bytes leftover after parsing attributes in process `syz.0.267'. [ 142.232686][ T7144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.268'. [ 142.272717][ T7144] netlink: 8 bytes leftover after parsing attributes in process `syz.3.268'. [ 142.904460][ T7154] netlink: 246 bytes leftover after parsing attributes in process `syz.0.271'. [ 144.353873][ T7177] ima: policy update failed [ 144.360739][ T29] audit: type=1802 audit(8277292085.380:5): pid=7177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.277" res=0 errno=0 [ 145.127117][ T7203] netlink: 20 bytes leftover after parsing attributes in process `syz.2.278'. [ 146.096815][ T7233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.287'. [ 146.236658][ T7234] mkiss: ax0: crc mode is auto. [ 148.903296][ T7286] netlink: 28 bytes leftover after parsing attributes in process `syz.1.299'. [ 149.031979][ T7286] gretap0: entered promiscuous mode [ 149.500371][ T7313] Invalid ELF header magic: != ELF [ 149.663592][ T7318] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 149.716065][ T7319] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 149.730252][ T7319] CPU: 1 UID: 0 PID: 7319 Comm: syz.3.305 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 149.742984][ T7319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 149.755054][ T7319] Call Trace: [ 149.758977][ T7319] [ 149.762480][ T7319] dump_stack_lvl+0x16c/0x1f0 [ 149.768094][ T7319] sysfs_warn_dup+0x7f/0xa0 [ 149.773503][ T7319] sysfs_do_create_link_sd+0x124/0x140 [ 149.780049][ T7319] sysfs_create_link+0x61/0xc0 [ 149.785754][ T7319] device_add+0x62e/0x1a70 [ 149.791047][ T7319] ? __pfx_device_add+0x10/0x10 [ 149.796856][ T7319] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 149.803924][ T7319] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 149.811099][ T7319] wiphy_register+0x1c7a/0x2860 [ 149.816932][ T7319] ? netdev_run_todo+0x837/0x12d0 [ 149.822971][ T7319] ? __pfx_wiphy_register+0x10/0x10 [ 149.829223][ T7319] ieee80211_register_hw+0x2951/0x3fa0 [ 149.835781][ T7319] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 149.842741][ T7319] ? net_generic+0xea/0x2a0 [ 149.848146][ T7319] ? lockdep_init_map_type+0x16d/0x7d0 [ 149.854688][ T7319] ? rcu_is_watching+0x12/0xc0 [ 149.860400][ T7319] ? trace_hrtimer_init+0x1a6/0x230 [ 149.866633][ T7319] ? __hrtimer_init+0x106/0x2c0 [ 149.872451][ T7319] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 149.879335][ T7319] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 149.886616][ T7319] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 149.892965][ T7319] hwsim_new_radio_nl+0xb42/0x12b0 [ 149.899099][ T7319] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 149.905764][ T7319] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 149.914608][ T7319] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 149.923454][ T7319] genl_family_rcv_msg_doit+0x202/0x2f0 [ 149.930110][ T7319] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 149.937386][ T7319] ? genl_get_cmd+0x195/0x580 [ 149.942997][ T7319] ? bpf_lsm_capable+0x9/0x10 [ 149.948604][ T7319] ? security_capable+0x7e/0x260 [ 149.954528][ T7319] ? ns_capable+0xd7/0x110 [ 149.959824][ T7319] genl_rcv_msg+0x565/0x800 [ 149.965225][ T7319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 149.971251][ T7319] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 149.977915][ T7319] netlink_rcv_skb+0x165/0x410 [ 149.983625][ T7319] ? __pfx_genl_rcv_msg+0x10/0x10 [ 149.989657][ T7319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 149.996002][ T7319] ? down_read+0xc9/0x330 [ 150.001195][ T7319] ? __pfx_down_read+0x10/0x10 [ 150.006910][ T7319] ? netlink_deliver_tap+0x1ae/0xca0 [ 150.013264][ T7319] genl_rcv+0x28/0x40 [ 150.018048][ T7319] netlink_unicast+0x53c/0x7f0 [ 150.023773][ T7319] ? __pfx_netlink_unicast+0x10/0x10 [ 150.030128][ T7319] ? __phys_addr_symbol+0x30/0x80 [ 150.036172][ T7319] ? __check_object_size+0x488/0x710 [ 150.042526][ T7319] netlink_sendmsg+0x8b8/0xd70 [ 150.048251][ T7319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 150.054599][ T7319] ____sys_sendmsg+0x9ae/0xb40 [ 150.060314][ T7319] ? copy_msghdr_from_user+0x10b/0x160 [ 150.066870][ T7319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 150.073217][ T7319] ___sys_sendmsg+0x135/0x1e0 [ 150.078829][ T7319] ? __pfx____sys_sendmsg+0x10/0x10 [ 150.085079][ T7319] ? __pfx_lock_release+0x10/0x10 [ 150.091099][ T7319] ? trace_lock_acquire+0x14e/0x1f0 [ 150.097341][ T7319] ? __fget_files+0x206/0x3a0 [ 150.102957][ T7319] __sys_sendmsg+0x16e/0x220 [ 150.108463][ T7319] ? __pfx___sys_sendmsg+0x10/0x10 [ 150.114611][ T7319] ? do_user_addr_fault+0x83d/0x13f0 [ 150.120952][ T7319] do_syscall_64+0xcd/0x250 [ 150.126356][ T7319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.133423][ T7319] RIP: 0033:0x7f139e385d29 [ 150.138708][ T7319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.162241][ T7319] RSP: 002b:00007f139f230038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 150.172327][ T7319] RAX: ffffffffffffffda RBX: 00007f139e576080 RCX: 00007f139e385d29 [ 150.181882][ T7319] RDX: 0000000004000800 RSI: 0000000020000e00 RDI: 0000000000000003 [ 150.191434][ T7319] RBP: 00007f139e401b08 R08: 0000000000000000 R09: 0000000000000000 [ 150.200988][ T7319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.210540][ T7319] R13: 0000000000000001 R14: 00007f139e576080 R15: 00007ffce6b7e768 [ 150.220116][ T7319] [ 152.174745][ T7364] netlink: 350 bytes leftover after parsing attributes in process `syz.2.316'. [ 152.368996][ T7369] afs: Unknown parameter '¨ÎP4Å' [ 156.256721][ T7449] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 156.288594][ T7449] CIFS mount error: No usable UNC path provided in device string! [ 156.288594][ T7449] [ 156.301159][ T7449] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 156.509124][ T7453] netlink: 326 bytes leftover after parsing attributes in process `syz.3.336'. [ 157.027140][ T29] audit: type=1804 audit(4294967306.960:6): pid=7464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.338" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=1158 res=1 errno=0 [ 157.054300][ T29] audit: type=1804 audit(4294967306.990:7): pid=7464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.338" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=1158 res=1 errno=0 [ 158.030839][ T7494] random: crng reseeded on system resumption [ 159.297288][ T7516] netlink: 34 bytes leftover after parsing attributes in process `syz.1.348'. [ 159.884238][ T7520] IPVS: length: 11322 != 8 [ 162.672024][ T7562] netlink: 20 bytes leftover after parsing attributes in process `syz.3.359'. [ 162.964927][ T7571] RDS: rds_bind could not find a transport for fe80::3030:3030:3a30:302f, load rds_tcp or rds_rdma? [ 165.332149][ T29] audit: type=1800 audit(4294967315.290:8): pid=7617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.372" name="members" dev="configfs" ino=14751 res=0 errno=0 [ 167.336926][ T29] audit: type=1326 audit(4294967317.300:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.381" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05f3f85d29 code=0x0 [ 167.421902][ T29] audit: type=1326 audit(4294967317.350:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.381" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05f3f85d29 code=0x0 [ 168.761861][ T7707] netlink: 22 bytes leftover after parsing attributes in process `syz.3.389'. [ 169.161408][ T7694] ima: policy update failed [ 169.253893][ T29] audit: type=1802 audit(4294967319.220:11): pid=7694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.385" res=0 errno=0 [ 172.540335][ T7774] CIFS: VFS: Invalid SecurityFlags: [ 174.678420][ T7794] ima: policy update failed [ 174.684259][ T29] audit: type=1802 audit(4294967324.650:12): pid=7794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.411" res=0 errno=0 [ 174.903512][ T7814] netlink: 4 bytes leftover after parsing attributes in process `syz.1.415'. [ 177.200817][ T7854] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 177.892735][ T7858] netlink: 74 bytes leftover after parsing attributes in process `syz.0.427'. [ 178.419560][ T7861] netlink: 28 bytes leftover after parsing attributes in process `syz.0.427'. [ 180.173674][ T7902] ima: policy update failed [ 180.183065][ T29] audit: type=1802 audit(4294967330.150:13): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.437" res=0 errno=0 [ 181.041976][ T7942] Invalid ELF header magic: != ELF [ 184.951541][ T8012] netlink: 28 bytes leftover after parsing attributes in process `syz.3.463'. [ 185.111942][ T8012] veth1_macvtap: entered allmulticast mode [ 186.506996][ T8043] mkiss: ax1: crc mode is auto. [ 186.648066][ T8045] netlink: 28 bytes leftover after parsing attributes in process `syz.0.467'. [ 189.623092][ T8120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.484'. [ 190.795392][ T8126] ima: policy update failed [ 190.800973][ T29] audit: type=1802 audit(4294967340.760:14): pid=8126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.486" res=0 errno=0 [ 191.021053][ T8144] FAULT_INJECTION: forcing a failure. [ 191.021053][ T8144] name failslab, interval 1, probability 0, space 0, times 1 [ 191.144159][ T8144] CPU: 1 UID: 0 PID: 8144 Comm: syz.0.490 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 191.156916][ T8144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 191.168999][ T8144] Call Trace: [ 191.172944][ T8144] [ 191.176468][ T8144] dump_stack_lvl+0x16c/0x1f0 [ 191.182105][ T8144] should_fail_ex+0x497/0x5b0 [ 191.187734][ T8144] ? fs_reclaim_acquire+0xae/0x150 [ 191.193903][ T8144] should_failslab+0xc2/0x120 [ 191.199532][ T8144] __kmalloc_node_track_caller_noprof+0xcf/0x520 [ 191.207152][ T8144] ? rnbd_clt_map_device_store+0x251/0x11d0 [ 191.214254][ T8144] kstrdup+0x42/0xb0 [ 191.218945][ T8144] rnbd_clt_map_device_store+0x251/0x11d0 [ 191.225834][ T8144] ? __pfx___lock_acquire+0x10/0x10 [ 191.232092][ T8144] ? __pfx_rnbd_clt_map_device_store+0x10/0x10 [ 191.239492][ T8144] ? hlock_class+0x4e/0x130 [ 191.244910][ T8144] ? mark_lock+0xb5/0xc60 [ 191.250152][ T8144] ? __pfx_mark_lock+0x10/0x10 [ 191.255918][ T8144] ? __pfx_mark_lock+0x10/0x10 [ 191.261693][ T8144] ? trace_lock_acquire+0x14e/0x1f0 [ 191.267942][ T8144] ? kernfs_fop_write_iter+0x27b/0x500 [ 191.274514][ T8144] ? __pfx___lock_acquire+0x10/0x10 [ 191.280765][ T8144] ? rcu_is_watching+0x12/0xc0 [ 191.286502][ T8144] ? trace_contention_end+0xee/0x140 [ 191.292873][ T8144] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 191.299641][ T8144] ? rcu_is_watching+0x12/0xc0 [ 191.305379][ T8144] ? __pfx_rnbd_clt_map_device_store+0x10/0x10 [ 191.312787][ T8144] ? dev_attr_store+0x55/0x80 [ 191.318426][ T8144] dev_attr_store+0x55/0x80 [ 191.323860][ T8144] ? __pfx_dev_attr_store+0x10/0x10 [ 191.330223][ T8144] sysfs_kf_write+0x117/0x170 [ 191.335869][ T8144] kernfs_fop_write_iter+0x33d/0x500 [ 191.342241][ T8144] ? __pfx_sysfs_kf_write+0x10/0x10 [ 191.348510][ T8144] do_iter_readv_writev+0x532/0x7f0 [ 191.354771][ T8144] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 191.361653][ T8144] ? rcu_is_watching+0x12/0xc0 [ 191.367399][ T8144] ? do_writev+0x133/0x340 [ 191.372734][ T8144] vfs_writev+0x363/0xdd0 [ 191.378152][ T8144] ? fdget_pos+0x267/0x390 [ 191.383480][ T8144] ? rcu_is_watching+0x12/0xc0 [ 191.389222][ T8144] ? __pfx_vfs_writev+0x10/0x10 [ 191.395068][ T8144] ? __mutex_lock+0x1cc/0xa60 [ 191.400695][ T8144] ? find_held_lock+0x2d/0x110 [ 191.406441][ T8144] ? __pfx___mutex_lock+0x10/0x10 [ 191.412494][ T8144] ? trace_lock_acquire+0x14e/0x1f0 [ 191.418765][ T8144] ? __fget_files+0x206/0x3a0 [ 191.424406][ T8144] ? do_writev+0x133/0x340 [ 191.429728][ T8144] do_writev+0x133/0x340 [ 191.434839][ T8144] ? __pfx_do_writev+0x10/0x10 [ 191.440582][ T8144] do_syscall_64+0xcd/0x250 [ 191.446015][ T8144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.453114][ T8144] RIP: 0033:0x7f5b80185d29 [ 191.458423][ T8144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.481994][ T8144] RSP: 002b:00007f5b80ffd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 191.492098][ T8144] RAX: ffffffffffffffda RBX: 00007f5b80375fa0 RCX: 00007f5b80185d29 [ 191.501666][ T8144] RDX: 0000000000000008 RSI: 0000000020000100 RDI: 0000000000000003 [ 191.511231][ T8144] RBP: 00007f5b80ffd090 R08: 0000000000000000 R09: 0000000000000000 [ 191.520787][ T8144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.530365][ T8144] R13: 0000000000000000 R14: 00007f5b80375fa0 R15: 00007ffcbef44dc8 [ 191.539948][ T8144] [ 191.653190][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 191.660511][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 191.671364][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 191.672583][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 192.761574][ T8162] netlink: 28 bytes leftover after parsing attributes in process `syz.1.493'. [ 192.761665][ T8166] Invalid ELF header magic: != ELF [ 193.150355][ T8174] bond0: option all_slaves_active: invalid value (00000000000000000031ÿÿ) [ 193.499839][ T8189] db_root: cannot open: [ 193.673486][ T8198] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device'                                [ 193.777351][ T8198] Call Trace: [ 193.781327][ T8198] [ 193.784860][ T8198] dump_stack_lvl+0x16c/0x1f0 [ 193.790499][ T8198] should_fail_ex+0x497/0x5b0 [ 193.796144][ T8198] _copy_from_user+0x2e/0xd0 [ 193.801690][ T8198] kstrtouint_from_user+0xd7/0x1c0 [ 193.807854][ T8198] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 193.814727][ T8198] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 193.821487][ T8198] proc_fail_nth_write+0x84/0x250 [ 193.827523][ T8198] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 193.834283][ T8198] ? ksys_write+0x12b/0x250 [ 193.839692][ T8198] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 193.846454][ T8198] vfs_write+0x24c/0x1150 [ 193.851656][ T8198] ? __fget_files+0x1fc/0x3a0 [ 193.857270][ T8198] ? __pfx___mutex_lock+0x10/0x10 [ 193.863298][ T8198] ? __pfx_vfs_write+0x10/0x10 [ 193.869018][ T8198] ? __fget_files+0x206/0x3a0 [ 193.874633][ T8198] ksys_write+0x12b/0x250 [ 193.879824][ T8198] ? __pfx_ksys_write+0x10/0x10 [ 193.885646][ T8198] do_syscall_64+0xcd/0x250 [ 193.891052][ T8198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.898119][ T8198] RIP: 0033:0x7f5b801847df [ 193.903408][ T8198] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 193.926929][ T8198] RSP: 002b:00007f5b80ffd030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 193.937017][ T8198] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b801847df [ 193.946574][ T8198] RDX: 0000000000000001 RSI: 00007f5b80ffd0a0 RDI: 0000000000000004 [ 193.956134][ T8198] RBP: 00007f5b80ffd090 R08: 0000000000000000 R09: 0000000000000000 [ 193.965693][ T8198] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 193.975251][ T8198] R13: 0000000000000000 R14: 00007f5b80375fa0 R15: 00007ffcbef44dc8 [ 193.984821][ T8198] [ 194.400243][ T8190] ima: policy update failed [ 194.472655][ T29] audit: type=1802 audit(4294967344.440:15): pid=8190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.498" res=0 errno=0 [ 194.745859][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.770033][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.111187][ T8213] ima: policy update failed [ 196.138050][ T29] audit: type=1802 audit(4294967346.100:16): pid=8213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.505" res=0 errno=0 [ 196.316125][ T8233] netlink: 330 bytes leftover after parsing attributes in process `syz.0.508'. [ 196.342431][ T8233] : renamed from bond_slave_1 (while UP) [ 199.123755][ T8274] netlink: 'syz.0.517': attribute type 1 has an invalid length. [ 200.678698][ T8310] bridge0: port 3(vlan1) entered blocking state [ 200.687061][ T8310] bridge0: port 3(vlan1) entered disabled state [ 200.697289][ T8310] vlan1: entered allmulticast mode [ 200.721844][ T8310] veth0_vlan: entered allmulticast mode [ 200.737785][ T8310] vlan1: entered promiscuous mode [ 200.769699][ T8310] bridge0: port 3(vlan1) entered blocking state [ 200.777802][ T8310] bridge0: port 3(vlan1) entered forwarding state [ 202.285860][ T8360] netlink: 28 bytes leftover after parsing attributes in process `syz.3.535'. [ 202.362588][ T8360] hsr_slave_0: left promiscuous mode [ 202.369804][ T8360] hsr_slave_1: left promiscuous mode [ 204.111424][ T8410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.547'. [ 204.651380][ T8417] Invalid ELF header magic: != ELF [ 204.714939][ T8421] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[8421] [ 207.676324][ T8464] netlink: 338 bytes leftover after parsing attributes in process `syz.1.558'. [ 207.706010][ T8442] ima: policy update failed [ 207.731871][ T29] audit: type=1802 audit(4294967357.670:17): pid=8442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.554" res=0 errno=0 [ 208.503254][ T8486] netlink: 330 bytes leftover after parsing attributes in process `syz.2.564'. [ 208.587439][ T8489] netlink: 8 bytes leftover after parsing attributes in process `syz.0.563'. [ 209.780736][ T8498] ima: policy update failed [ 209.789648][ T8522] netlink: 28 bytes leftover after parsing attributes in process `syz.1.573'. [ 209.858354][ T29] audit: type=1802 audit(4294967359.790:18): pid=8498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.568" res=0 errno=0 [ 210.325418][ T8522] bond0: (slave bond_slave_1): Releasing backup interface [ 211.189972][ T8545] rnbd_client L202: map_device: Unknown parameter or missing value '/sys/devices/virtual/rnbd-client/ctl/map_device' [ 211.377892][ T8549] netlink: 28 bytes leftover after parsing attributes in process `syz.2.577'. [ 211.689917][ T8541] Process accounting resumed [ 212.625205][ T29] audit: type=1326 audit(4294967362.590:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8566 comm="syz.1.583" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05f3f85d29 code=0x0 [ 213.416027][ T8565] [U]  [ 213.419634][ T8565] [U] [ 213.422884][ T8565] [U] [ 213.426133][ T8565] [U] [ 213.435943][ T8565] [U] [ 213.439221][ T8565] [U] [ 213.442467][ T8565] [U] [ 213.445722][ T8565] [U] [ 213.449553][ T8565] [U] [ 213.452806][ T8565] [U] [ 213.456147][ T8565] [U] [ 213.459401][ T8565] [U] [ 213.471941][ T8565] [U] [ 213.475245][ T8565] [U] ÅE”\â(m$Πc1?âë:@†^¬g²¯JOT–ZÌ9NíŠA9J`Q{çØÆc‰yJ©WëaLŒ‘êb°³'ü¿\‘žRZáhj3V¯µŸúkµ÷ oÁœÇ‡G”núñnðJœ#ÍIþ_3í“â¶8ºj¦¯((µ{›KG—Y €AŸ’5iﶖ´ x»VamzäUùæ÷+°µt*£Z%k˜(k`I›Ù¦ÊÇcl®yXH [ 213.577957][ T8574] netlink: 16 bytes leftover after parsing attributes in process `syz.0.584'. [ 213.583216][ T8565] [U] +É%;þ€)°PµÖÅW¾¶¤iž² Çén}Öåµ"Ìj‚–> [ 213.596127][ T8565] [U] h‡iú[[ܦ‰²Ï›茌ڄÄn [ 213.640891][ T8565] [U] ŠaëcÙÙl/tvBÐNCµÖ³‹`YfØì¤ù‹yĮʠ³·ö²7cãѸÛ9OSèY©»VþnsWepË”ÞTÀ2¢5Ï%sMÏG1*¤%AðŠ§ºI”cñ†ô˜¯ºí}÷)Ø™ 4‚ [ 213.654975][ T8574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.584'. [ 213.712382][ T8581] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 213.731866][ T8565] [U] X [ 213.735277][ T8565] [U] |fCˆª(ìûýÖià˜y†Êj>®¹Š:V^—~áŸ@¾H??R‚Ypèy¯¨–>²¦v;ˆ™ sÇH'Órx:Œ“^½ï_O˜¥‚Ä™ß2‡< [ 213.761413][ T8565] [U] ǤòÞU~;$žðsX.vñÙyAŸárù[r,¶Éøºî´ÿô&tÿyRˆªNN«™° /Ñ [ 213.798595][ T8565] [U] GÒ©¥ÏÓ#¿‘W+«íïW0ýáµKF¥®½eÞ1ìe0’£ üÀzÊNE/Q£½‚±3IÞ[÷O%Niìv*%rÜ”I(ç@ŠusϼƒÒÔ­óo…D¿ @] [ 213.822527][ T8565] [U] Ú Òys €4ò [ 213.833631][ T8565] [U] 0±¯§!)V¯±xélc°±®†H§áÚa }’HèGÏ£PácŸh.ððZ¶šíõluD'ÛÚ3 7Nï*Ø®nàaRε{`OŽò‹})s$µáo~;R¦µü+7z–ì™@Þ`¸ŽÖ‹»o´ý7tÉBÝÀÿRÿ˜È(ÜbÏþþ¥Î ò¥S ïÊ [ 213.876969][ T8565] [U] Ÿ–žÉ¯ç/ C·½,ªÃAaé´Ø!Ýø :§±ËYÃg!‚7Öl°éùDÇí…Ñ#ØÏøm,®šïŸÎ(_Z½q¾Þ&z½2S>Ç–Ù«å%snßµ4IÒ:g§!…+ª¬bªÉû7Rá‹R9†B"Äù²k¤O¼¹^kIjT¢Ÿëc [ 213.923291][ T8565] [U] ¸^B»h¥ ¿¦jsRñýõÝS¨wb6´yàoSk?×J,áüqV盵 zÂH1CÀâ,c$¬d¾åÉDsýÕÏ="(¹î+"hïtKïíâó4¢X³ÿÜBiˆ(0û"²ýáøÌZÛrĿܯŸðºóv¶øœ5`D¦Ã×ÍðnËÀÇ1tXB!Ã…¶_ðÂm'lÔÀ³4Ð!ùÒñ,Ö’Š4.Ÿ“ÚYÚ&€F¾eLiˆÏ#ÙD‹à®_ÎG”îi­j;[pȹï4 4üÉËjÙ£œšXö n¿tYR]<·aÎdÇÓ¹bZjÈ0U:§-¼p:M™³»<€:º@Z¾)¯dÎ þÄ°¯Ýgá`iÓcú åIDU_‹ÞâNK²¦ÃŸö…­ìÕÅK÷&±´oóÞ¢7{¸û3´*Ss*„ãã…oÌY¶5Ò./E‰ïxŠõîSß[1£Ï,Àés÷ÄcÛÔ âz2IA¿xÀßÎ"í%ýD¨[lòGñÀ‡Í IÀžQä&_â«Ç{I5¯Pž—ÚÖ®©ÑÈkäs ¥N·E¬Þ>í~¡Õf‘a–ÛntR [ 216.889600][ T8620] ima: policy update failed [ 216.899411][ T29] audit: type=1802 audit(4294967366.859:20): pid=8620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.596" res=0 errno=0 [ 217.898633][ T8671] netlink: 28 bytes leftover after parsing attributes in process `syz.3.605'. [ 218.348051][ T8681] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 218.736947][ T8696] netlink: 314 bytes leftover after parsing attributes in process `syz.3.608'. [ 218.943757][ T8673] kexec: Could not allocate control_code_buffer [ 218.977883][ T8700] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 220.890261][ T8753] FAULT_INJECTION: forcing a failure. [ 220.890261][ T8753] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.912790][ T8753] CPU: 1 UID: 0 PID: 8753 Comm: syz.3.622 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 220.925541][ T8753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 220.937625][ T8753] Call Trace: [ 220.941564][ T8753] [ 220.945088][ T8753] dump_stack_lvl+0x16c/0x1f0 [ 220.950722][ T8753] should_fail_ex+0x497/0x5b0 [ 220.956346][ T8753] _copy_from_user+0x2e/0xd0 [ 220.961855][ T8753] move_addr_to_kernel+0x68/0x160 [ 220.967902][ T8753] __sys_sendto+0x1ba/0x4f0 [ 220.973335][ T8753] ? __pfx___sys_sendto+0x10/0x10 [ 220.979400][ T8753] ? reacquire_held_locks+0x20b/0x4c0 [ 220.985870][ T8753] ? do_user_addr_fault+0xdc7/0x13f0 [ 220.992273][ T8753] __x64_sys_sendto+0xe0/0x1c0 [ 220.998015][ T8753] ? do_syscall_64+0x91/0x250 [ 221.003646][ T8753] ? lockdep_hardirqs_on+0x7c/0x110 [ 221.009903][ T8753] do_syscall_64+0xcd/0x250 [ 221.015334][ T8753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.022437][ T8753] RIP: 0033:0x7f139e387bbc [ 221.027757][ T8753] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 221.051303][ T8753] RSP: 002b:00007f139f24fec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 221.061434][ T8753] RAX: ffffffffffffffda RBX: 00007f139f24ffc0 RCX: 00007f139e387bbc [ 221.071017][ T8753] RDX: 0000000000000028 RSI: 00007f139f250010 RDI: 0000000000000004 [ 221.080604][ T8753] RBP: 0000000000000000 R08: 00007f139f24ff14 R09: 000000000000000c [ 221.090193][ T8753] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 221.099776][ T8753] R13: 00007f139f24ff68 R14: 00007f139f250010 R15: 0000000000000000 [ 221.109379][ T8753] [ 221.401542][ T8756] kexec: Could not allocate control_code_buffer [ 221.477551][ T8762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.625'. [ 221.666967][ T8773] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[8773] [ 222.252118][ T8782] ima: policy update failed [ 222.262833][ T29] audit: type=1802 audit(4294967372.229:21): pid=8782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.630" res=0 errno=0 [ 222.817409][ T8795] rnbd_client L202: map_device: Unknown parameter or missing value '„ãÒ ™Îa´‘0÷Ö”|øIAR„³Ä|;«m­ÍM!O‘‚åV+ì¼²•TÔ°ÇêXZ~0€4…¦ƒ{PãHïçâŸpìÐ1Å%$-Š»ª+¸°ÆCä“@jQ.³IçÄØGó’Þ(½¥€mô¦è©x@Z-Ë aôëÈ@dNLs£?®J®có;ðj÷k¼Ç»ºõܼ(¹¹ 5²øyw«Eí [ 222.817409][ T8795] þ#´á°ïIà)TÕõ:Qu‹ŠÝ*@![' [ 223.426647][ T8810] FAULT_INJECTION: forcing a failure. [ 223.426647][ T8810] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 223.514847][ T8810] CPU: 0 UID: 0 PID: 8810 Comm: syz.2.636 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 223.527660][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 223.539745][ T8810] Call Trace: [ 223.543696][ T8810] [ 223.547224][ T8810] dump_stack_lvl+0x16c/0x1f0 [ 223.552866][ T8810] should_fail_ex+0x497/0x5b0 [ 223.558505][ T8810] ? fs_reclaim_acquire+0xae/0x150 [ 223.564660][ T8810] should_fail_alloc_page+0xe7/0x130 [ 223.571029][ T8810] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 223.578432][ T8810] ? __pfx_mark_lock+0x10/0x10 [ 223.584184][ T8810] __alloc_pages_noprof+0x190/0x25b0 [ 223.590558][ T8810] ? __pfx_mark_lock+0x10/0x10 [ 223.596309][ T8810] ? register_lock_class+0xb1/0x1240 [ 223.602679][ T8810] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 223.609574][ T8810] ? hlock_class+0x4e/0x130 [ 223.615007][ T8810] ? mark_lock+0xb5/0xc60 [ 223.620229][ T8810] ? hlock_class+0x4e/0x130 [ 223.625663][ T8810] ? hlock_class+0x4e/0x130 [ 223.631091][ T8810] ? mark_lock+0xb5/0xc60 [ 223.636320][ T8810] ? __pfx_mark_lock+0x10/0x10 [ 223.642065][ T8810] ? __pfx_mark_lock+0x10/0x10 [ 223.647823][ T8810] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 223.654920][ T8810] ? policy_nodemask+0xea/0x4e0 [ 223.660773][ T8810] alloc_pages_mpol_noprof+0x2c9/0x610 [ 223.667349][ T8810] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 223.674541][ T8810] ? __lock_acquire+0xcc5/0x3c40 [ 223.680491][ T8810] ? find_held_lock+0x2d/0x110 [ 223.686448][ T8810] folio_alloc_mpol_noprof+0x36/0xd0 [ 223.692812][ T8810] vma_alloc_folio_noprof+0xee/0x1b0 [ 223.699177][ T8810] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 223.706271][ T8810] ? __pfx___lock_acquire+0x10/0x10 [ 223.712534][ T8810] do_wp_page+0x1f68/0x4670 [ 223.717976][ T8810] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 223.724763][ T8810] ? __pfx_do_wp_page+0x10/0x10 [ 223.730602][ T8810] ? rcu_is_watching+0x12/0xc0 [ 223.736352][ T8810] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 223.742824][ T8810] ? lock_acquire+0x2f/0xb0 [ 223.748247][ T8810] ? __handle_mm_fault+0xdfa/0x2a40 [ 223.754514][ T8810] __handle_mm_fault+0x1ade/0x2a40 [ 223.760679][ T8810] ? lock_vma_under_rcu+0x6b9/0x980 [ 223.766941][ T8810] ? __pfx___handle_mm_fault+0x10/0x10 [ 223.773562][ T8810] handle_mm_fault+0x3fa/0xaa0 [ 223.779323][ T8810] do_user_addr_fault+0x60d/0x13f0 [ 223.785487][ T8810] exc_page_fault+0x5c/0xc0 [ 223.790920][ T8810] asm_exc_page_fault+0x26/0x30 [ 223.796767][ T8810] RIP: 0033:0x7fa9e393f885 [ 223.802078][ T8810] Code: 0f 1f 44 00 00 8b 57 18 64 8b 04 25 d0 02 00 00 39 c2 0f 84 0d 01 00 00 41 54 55 53 83 7f 30 02 48 89 fb 74 28 b8 08 00 00 00 0f c1 03 83 c0 08 85 c0 0f 88 fc 00 00 00 a8 01 75 78 31 d2 5b [ 223.825629][ T8810] RSP: 002b:00007fa9e475dde0 EFLAGS: 00010293 [ 223.832930][ T8810] RAX: 0000000000000008 RBX: 00007fa9e46a7d60 RCX: 0000000000000000 [ 223.842515][ T8810] RDX: 0000000000000000 RSI: 00007fa9e3a3af3e RDI: 00007fa9e46a7d60 [ 223.852099][ T8810] RBP: 00007fa9e475df00 R08: 0000000000000000 R09: 0000000000000005 [ 223.861690][ T8810] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa9e3a3aae0 [ 223.871277][ T8810] R13: 0000000000000016 R14: 00007fa9e3b4b440 R15: 0000000000000000 [ 223.880880][ T8810] [ 223.888710][ T8810] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 224.053692][ T8829] netlink: 342 bytes leftover after parsing attributes in process `syz.2.639'. [ 224.990780][ T8843] netlink: 252 bytes leftover after parsing attributes in process `syz.2.643'. [ 225.485756][ T8851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.644'. [ 226.359863][ T8867] FAULT_INJECTION: forcing a failure. [ 226.359863][ T8867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.485632][ T8867] CPU: 1 UID: 0 PID: 8867 Comm: syz.3.647 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 226.498392][ T8867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 226.510467][ T8867] Call Trace: [ 226.514411][ T8867] [ 226.517930][ T8867] dump_stack_lvl+0x16c/0x1f0 [ 226.523560][ T8867] should_fail_ex+0x497/0x5b0 [ 226.529210][ T8867] _copy_to_user+0x32/0xd0 [ 226.534541][ T8867] simple_read_from_buffer+0xd0/0x160 [ 226.541009][ T8867] proc_fail_nth_read+0x198/0x270 [ 226.547089][ T8867] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.553734][ T8867] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.560377][ T8867] vfs_read+0x1df/0xbe0 [ 226.565367][ T8867] ? __fget_files+0x1fc/0x3a0 [ 226.571004][ T8867] ? __pfx___mutex_lock+0x10/0x10 [ 226.577058][ T8867] ? __pfx_vfs_read+0x10/0x10 [ 226.582701][ T8867] ? __fget_files+0x206/0x3a0 [ 226.588350][ T8867] ksys_read+0x12b/0x250 [ 226.593468][ T8867] ? __pfx_ksys_read+0x10/0x10 [ 226.599207][ T8867] ? do_user_addr_fault+0x83d/0x13f0 [ 226.605572][ T8867] do_syscall_64+0xcd/0x250 [ 226.611003][ T8867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.618104][ T8867] RIP: 0033:0x7f139e38473c [ 226.623419][ T8867] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 226.646970][ T8867] RSP: 002b:00007f139f251030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 226.657092][ T8867] RAX: ffffffffffffffda RBX: 00007f139e575fa0 RCX: 00007f139e38473c [ 226.666685][ T8867] RDX: 000000000000000f RSI: 00007f139f2510a0 RDI: 0000000000000005 [ 226.676270][ T8867] RBP: 00007f139f251090 R08: 0000000000000000 R09: 0000000000000000 [ 226.685858][ T8867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.695450][ T8867] R13: 0000000000000000 R14: 00007f139e575fa0 R15: 00007ffce6b7e768 [ 226.705058][ T8867] [ 227.085469][ T29] audit: type=1807 audit(4294967377.049:22): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 227.103069][ T8877] ima: policy update failed [ 227.138058][ T29] audit: type=1802 audit(4294967377.069:23): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.649" res=0 errno=0 [ 227.201886][ T29] audit: type=1802 audit(4294967377.069:24): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.649" res=0 errno=0 [ 228.095073][ T8907] netlink: 338 bytes leftover after parsing attributes in process `syz.3.657'. [ 228.369051][ T8922] netlink: 28 bytes leftover after parsing attributes in process `syz.0.658'. [ 228.398244][ T8921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.658'. [ 230.320347][ T8988] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 230.704205][ T8993] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 231.209892][ T9014] netlink: 'syz.0.677': attribute type 2 has an invalid length. [ 231.681476][ T9032] netlink: 'syz.3.681': attribute type 11 has an invalid length. [ 232.137708][ T9037] netlink: 40 bytes leftover after parsing attributes in process `syz.3.682'. [ 233.814967][ T9072] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 236.483153][ T9108] cifs: Unknown parameter 'T.ŸÜÛæ¨Å¼c[ŸÐê€$âæµÈ)ü±UóÑnEó-Ê™¾l®öÚ-ºŒ -¾_€™¯Ôåáª5Z äoåé¢mžÐfwYÍhº*/ÿxDlÝ©Š×ígÕkÇAí³ùÏ7ÍØØ9’ôXöa/fê_ÿAR£ˆ™‘ÈxM ‚v¬—pÿ±$^;ôØq‡3±«£n졵-6©+e„k„¾ñÇ<°kœcÔ)n.üeMÍ÷Na¨t®ÐSMÎÆ1,þ¤•u&— ³Z­HöÃìÈÁi!ݵ‡†À_¦rŠ¦8@ÅæK$Ï©Åú>x' [ 236.914207][ T9120] netlink: 28 bytes leftover after parsing attributes in process `syz.3.698'. [ 241.607150][ T9172] rnbd_client L213: map_device: Parameters missing [ 242.259177][ T9195] Invalid ELF header magic: != ELF [ 242.274321][ T9175] Process accounting paused [ 242.415747][ T9200] net_ratelimit: 2 callbacks suppressed [ 242.415769][ T9200] openvswitch: netlink: IPv4 tunnel dst address is zero [ 242.717122][ T9210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.720'. [ 242.776804][ T9210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.720'. [ 244.842368][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 246.206293][ T9292] netlink: 32 bytes leftover after parsing attributes in process `syz.0.734'. [ 246.240601][ T9297] netlink: 28 bytes leftover after parsing attributes in process `syz.0.734'. [ 246.349742][ T9296] Invalid ELF header magic: != ELF [ 246.476359][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 246.486689][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 246.654936][ T9306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.737'. [ 248.253447][ T9333] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 248.977766][ T9343] netlink: 20 bytes leftover after parsing attributes in process `syz.0.747'. [ 249.003781][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 250.513177][ T9362] zero sized request [ 251.060821][ T9369] netlink: 350 bytes leftover after parsing attributes in process `syz.3.752'. [ 251.482675][ T9381] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 251.565549][ T9382] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 254.307415][ T9427] zero sized request [ 254.659367][ T9429] Invalid ELF header magic: != ELF [ 256.073021][ T9442] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 256.114452][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.122284][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.933885][ T9450] netlink: 12 bytes leftover after parsing attributes in process `syz.1.771'. [ 256.987470][ T9450] nbd: must specify a size in bytes for the device [ 257.013235][ T9442] netlink: 'syz.0.769': attribute type 2 has an invalid length. [ 259.852769][ T9508] netlink: 178 bytes leftover after parsing attributes in process `syz.2.783'. [ 263.550604][ T9562] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 263.962016][ T9559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.797'. [ 264.013672][ T9560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.797'. [ 264.649109][ T9584] netlink: 28 bytes leftover after parsing attributes in process `syz.3.801'. [ 264.916362][ T9586] netlink: 4 bytes leftover after parsing attributes in process `syz.1.802'. [ 265.018716][ T9577] [U] Õlu6€»v˜]ZÕ¡¿þèÞÉif¹%7¦rýG§5%Q¡¨*m [ 265.328905][ T9584] team0 (unregistering): Port device team_slave_0 removed [ 265.392191][ T9584] team0 (unregistering): Port device team_slave_1 removed [ 267.341046][ T9642] netlink: 350 bytes leftover after parsing attributes in process `syz.3.812'. [ 267.564968][ T9646] sysfs_service_op_store: Client not running :-5: [ 267.913404][ T9657] netlink: 20 bytes leftover after parsing attributes in process `syz.1.818'. [ 271.303071][ T9742] netlink: 'syz.1.838': attribute type 1 has an invalid length. [ 271.399694][ T9751] WARNING! power/level is deprecated; use power/control instead [ 272.787907][ T9757] Process accounting resumed [ 272.871834][ T9787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.849'. [ 274.134488][ T9822] netlink: 350 bytes leftover after parsing attributes in process `syz.2.859'. [ 274.293698][ T9831] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 274.931629][ T9854] netlink: 'syz.0.866': attribute type 1 has an invalid length. [ 277.969098][ T9921] erspan0: entered allmulticast mode [ 279.161806][ T9934] netlink: 338 bytes leftover after parsing attributes in process `syz.1.879'. [ 279.994838][ T9938] netlink: 28 bytes leftover after parsing attributes in process `syz.2.880'. [ 280.009360][ T9938] lo: entered promiscuous mode [ 280.017840][ T9938] lo: entered allmulticast mode [ 280.096216][ T9938] netlink: 32 bytes leftover after parsing attributes in process `syz.2.880'. [ 280.208857][ T9961] netlink: 28 bytes leftover after parsing attributes in process `syz.1.886'. [ 280.600868][ T9961] team0 (unregistering): Port device team_slave_0 removed [ 284.371389][T10039] Invalid ELF header magic: != ELF [ 289.484345][T10118] netlink: 'syz.3.921': attribute type 4 has an invalid length. [ 289.505041][T10118] netlink: 330 bytes leftover after parsing attributes in process `syz.3.921'. [ 292.817486][T10180] could not allocate digest TFM handle [ 292.899139][T10156] delete_channel: no stack [ 292.925308][T10177] could not allocate digest TFM handle [ 297.239267][T10278] netlink: 1204 bytes leftover after parsing attributes in process `syz.2.960'. [ 300.923792][T10370] nbd: socks must be embedded in a SOCK_ITEM attr [ 300.958017][T10370] block nbd0: shutting down sockets [ 301.525013][T10392] netlink: 12 bytes leftover after parsing attributes in process `syz.3.986'. [ 302.032189][T10405] netlink: 28 bytes leftover after parsing attributes in process `syz.2.988'. [ 302.195683][T10412] netlink: 168 bytes leftover after parsing attributes in process `syz.1.990'. [ 302.226695][T10405] veth0_macvtap: left promiscuous mode [ 302.254008][T10405] macvtap0: entered allmulticast mode [ 303.402290][T10426] Process accounting paused [ 305.781356][T10481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'. [ 306.731460][T10511] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1013'. [ 306.786910][T10500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1011'. [ 308.522507][T10556] nbd: socks must be embedded in a SOCK_ITEM attr [ 308.549882][T10556] block nbd0: shutting down sockets [ 313.650734][T10671] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1049'. [ 315.671144][T10723] netlink: del zone limit has 4 unknown bytes [ 316.694181][ T29] audit: type=1326 audit(8277292077.350:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10745 comm="syz.0.1069" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b80185d29 code=0x0 [ 317.512070][T10768] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 317.556870][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.564948][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.750403][T10800] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1078'. [ 321.829625][T10867] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 321.976120][T10867] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 322.337748][T10865] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 326.012097][T10944] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[10944] [ 326.242956][T10952] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1111'. [ 326.722322][T10964] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1114'. [ 326.755130][T10967] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1114'. [ 327.024705][T10979] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 327.138008][T10981] HfR: entered promiscuous mode [ 327.365079][T10986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1119'. [ 327.593248][T10993] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 331.452392][T11080] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1141'. [ 331.514748][T11080] macvtap0: entered allmulticast mode [ 332.081345][T11115] lo: entered allmulticast mode [ 332.864957][T11128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1154'. [ 332.879653][T11128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1154'. [ 332.945884][T11114] lo: left allmulticast mode [ 333.316507][T11140] program syz.2.1157 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 333.342411][T11140] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 333.430569][T11140] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1157'. [ 333.552707][T11140] Process accounting resumed [ 334.084865][T11115] kexec: Could not allocate control_code_buffer [ 335.289019][T11184] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1168'. [ 335.922412][ T29] audit: type=1326 audit(8277292096.600:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11211 comm="syz.0.1175" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b80185d29 code=0x0 [ 338.904015][T11300] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 341.707784][T11358] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1204'. [ 341.748606][T11363] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1206'. [ 342.412162][T11382] netlink: 'syz.3.1210': attribute type 1 has an invalid length. [ 343.479987][T11404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1214'. [ 343.480037][T11408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1214'. [ 343.536346][T11405] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1214'. [ 344.453284][T11427] netlink: 'syz.3.1219': attribute type 21 has an invalid length. [ 344.481910][T11427] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1219'. [ 344.887003][T11434] Invalid ELF header magic: != ELF [ 345.332291][T11445] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1221'. [ 345.567923][T11445] geneve1: entered allmulticast mode [ 347.488107][T11482] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1231'. [ 347.863456][T11493] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[11493] [ 348.467473][T11511] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1237'. [ 350.901740][T11571] lo: entered allmulticast mode [ 350.919766][T11571] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1254'. [ 351.885058][T11570] lo: left allmulticast mode [ 352.991916][T11571] kexec: Could not allocate control_code_buffer [ 353.342991][T11608] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1265'. [ 356.034054][T11664] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1278'. [ 356.244800][T11672] raw_sendmsg: syz.0.1279 forgot to set AF_INET. Fix it! [ 357.301300][T11698] Invalid ELF header magic: != ELF [ 364.089423][ T29] audit: type=1326 audit(8277292124.749:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11834 comm="syz.3.1315" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f139e385d29 code=0x0 [ 364.642693][T11848] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1318'. [ 364.677836][T11852] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1318'. [ 365.483642][T11854] UHID_CREATE from different security context by process 1190 (syz.2.1317), this is not allowed. [ 366.926114][T11896] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1327'. [ 367.455944][T11913] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1332'. [ 367.498345][T11913] gretap0: entered promiscuous mode [ 375.654974][T12093] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 375.718424][T12093] platform regulatory.0: loading /lib/firmware/updates/6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8/regulatory.db failed with error -74 [ 375.777059][T12093] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 375.792410][T12093] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 375.810684][T12093] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 375.824148][T12093] platform regulatory.0: loading /lib/firmware/6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8/regulatory.db failed with error -74 [ 375.840213][T12093] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 375.853781][T12093] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 375.865187][T12093] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 375.877661][T12093] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 376.384002][T12103] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 376.400097][T12103] platform regulatory.0: loading /lib/firmware/updates/6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8/regulatory.db failed with error -74 [ 376.420326][T12103] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 376.446355][T12103] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 376.473580][T12103] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 376.498865][T12103] platform regulatory.0: loading /lib/firmware/6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8/regulatory.db failed with error -74 [ 376.514810][T12103] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.0.1373: iget: checksum invalid [ 376.528441][T12103] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 376.539988][T12103] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 376.551713][T12103] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 377.764691][T12139] netlink: 322 bytes leftover after parsing attributes in process `syz.0.1381'. [ 378.538112][T12154] MTRR 1 not used [ 378.601770][T12154] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1385'. [ 379.044731][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.055217][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.109987][T12165] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1387'. [ 379.169939][T12165] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1387'. [ 381.252497][T12204] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 381.599027][T12208] Dead loop on virtual device ip6_vti0, fix it urgently! [ 381.665976][T12208] Dead loop on virtual device ip6_vti0, fix it urgently! [ 381.705967][T12208] Dead loop on virtual device ip6_vti0, fix it urgently! [ 381.800676][T12218] block nbd0: must specify backend [ 382.042548][T12225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1403'. [ 382.081267][T12225] ipvlan0: entered allmulticast mode [ 382.123526][T12225] veth0_vlan: entered allmulticast mode [ 383.871985][T12247] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 384.028085][T12247] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 384.137848][T12247] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 384.850343][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 384.883687][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 384.902019][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 384.917251][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 384.927847][ T5840] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 384.936770][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 386.209311][T12259] chnl_net:caif_netlink_parms(): no params data found [ 386.369696][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1415'. [ 386.548498][T12293] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1415'. [ 386.990008][T12259] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.014758][T12259] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.071861][ T5840] Bluetooth: hci4: command tx timeout [ 387.162744][T12259] bridge_slave_0: entered allmulticast mode [ 387.170989][T12259] bridge_slave_0: entered promiscuous mode [ 387.346795][T12259] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.376080][T12259] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.405897][T12259] bridge_slave_1: entered allmulticast mode [ 387.431767][T12259] bridge_slave_1: entered promiscuous mode [ 387.518296][T12259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.570522][T12259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.688026][T12259] team0: Port device team_slave_0 added [ 387.714886][T12259] team0: Port device team_slave_1 added [ 387.797148][T12259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.835213][T12259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.959112][T12259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.017225][T12259] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.052207][T12259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.120610][T12259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.231366][T12259] hsr_slave_0: entered promiscuous mode [ 388.241536][T12259] hsr_slave_1: entered promiscuous mode [ 388.257666][T12259] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 388.302409][T12259] Cannot create hsr debugfs directory [ 388.764836][T12259] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 388.825505][T12259] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 388.856511][T12259] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 388.887706][T12259] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 389.151766][ T5840] Bluetooth: hci4: command tx timeout [ 389.203494][T12259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 389.229143][T12259] 8021q: adding VLAN 0 to HW filter on device team0 [ 389.253247][ T7041] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.261849][ T7041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 389.351211][ T7041] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.359811][ T7041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 390.069993][T12259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 390.817653][T12259] veth0_vlan: entered promiscuous mode [ 390.879340][T12259] veth1_vlan: entered promiscuous mode [ 391.040505][T12259] veth0_macvtap: entered promiscuous mode [ 391.093280][T12259] veth1_macvtap: entered promiscuous mode [ 391.171455][T12259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.216894][T12259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.229445][T12259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.243107][ T5840] Bluetooth: hci4: command tx timeout [ 391.252642][T12259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.264989][T12259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 391.278727][T12259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.292291][T12259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 391.336312][T12259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.354605][T12259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.412990][T12259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.462310][T12259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.501528][T12259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.538185][T12259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.598683][T12259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 391.630553][T12259] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.661809][T12259] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.682139][T12259] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.707750][T12259] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.782950][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!! [ 392.375724][ T7025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.428108][ T7025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 392.607326][ T9874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.627484][ T9874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.312445][ T5840] Bluetooth: hci4: command tx timeout [ 393.757803][T12409] netlink: Unknown conntrack attr (type=146, max=9) [ 396.743256][T12487] FAULT_INJECTION: forcing a failure. [ 396.743256][T12487] name failslab, interval 1, probability 0, space 0, times 0 [ 396.822514][T12487] CPU: 1 UID: 0 PID: 12487 Comm: syz.4.1464 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 396.835475][T12487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 396.847565][T12487] Call Trace: [ 396.851516][T12487] [ 396.855053][T12487] dump_stack_lvl+0x16c/0x1f0 [ 396.860694][T12487] should_fail_ex+0x497/0x5b0 [ 396.866332][T12487] ? fs_reclaim_acquire+0xae/0x150 [ 396.872491][T12487] should_failslab+0xc2/0x120 [ 396.878130][T12487] __kmalloc_noprof+0xce/0x4f0 [ 396.883868][T12487] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 396.890625][T12487] ? tomoyo_realpath_from_path+0xbf/0x710 [ 396.897489][T12487] tomoyo_realpath_from_path+0xbf/0x710 [ 396.904143][T12487] ? tomoyo_path_number_perm+0x235/0x5b0 [ 396.910907][T12487] tomoyo_path_number_perm+0x248/0x5b0 [ 396.917462][T12487] ? tomoyo_path_number_perm+0x235/0x5b0 [ 396.924225][T12487] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 396.931429][T12487] ? __pfx_lock_release+0x10/0x10 [ 396.937450][T12487] ? trace_lock_acquire+0x14e/0x1f0 [ 396.943687][T12487] ? lock_acquire+0x2f/0xb0 [ 396.949081][T12487] ? __fget_files+0x40/0x3a0 [ 396.954596][T12487] ? __fget_files+0x206/0x3a0 [ 396.960207][T12487] security_file_ioctl+0x9b/0x240 [ 396.966231][T12487] __x64_sys_ioctl+0xb7/0x200 [ 396.971848][T12487] do_syscall_64+0xcd/0x250 [ 396.977266][T12487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.984339][T12487] RIP: 0033:0x7f8903f85d29 [ 396.989630][T12487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.013155][T12487] RSP: 002b:00007f8904d88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 397.023247][T12487] RAX: ffffffffffffffda RBX: 00007f8904175fa0 RCX: 00007f8903f85d29 [ 397.032808][T12487] RDX: 0000000000000003 RSI: 00000000400c4d05 RDI: 0000000000000003 [ 397.042364][T12487] RBP: 00007f8904d88090 R08: 0000000000000000 R09: 0000000000000000 [ 397.051921][T12487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.061478][T12487] R13: 0000000000000000 R14: 00007f8904175fa0 R15: 00007ffd5d6b2c38 [ 397.071060][T12487] [ 397.094600][T12487] ERROR: Out of memory at tomoyo_realpath_from_path. [ 397.104971][T12487] mtrr: base(0x600000) is not aligned on a size(0x4000000000) boundary [ 397.343637][T12504] netlink: 'syz.2.1469': attribute type 33 has an invalid length. [ 397.370282][T12504] netlink: 322 bytes leftover after parsing attributes in process `syz.2.1469'. [ 398.494503][T12525] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 398.540965][T12525] lo: entered allmulticast mode [ 398.698292][T12524] lo: left allmulticast mode [ 398.826087][T12534] FAULT_INJECTION: forcing a failure. [ 398.826087][T12534] name failslab, interval 1, probability 0, space 0, times 0 [ 398.867867][T12534] CPU: 1 UID: 0 PID: 12534 Comm: syz.4.1476 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 398.880844][T12534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 398.892928][T12534] Call Trace: [ 398.896874][T12534] [ 398.900398][T12534] dump_stack_lvl+0x16c/0x1f0 [ 398.906042][T12534] should_fail_ex+0x497/0x5b0 [ 398.911685][T12534] ? fs_reclaim_acquire+0xae/0x150 [ 398.917849][T12534] should_failslab+0xc2/0x120 [ 398.923497][T12534] __kmalloc_noprof+0xce/0x4f0 [ 398.929244][T12534] ? tomoyo_encode2+0x100/0x3e0 [ 398.935103][T12534] tomoyo_encode2+0x100/0x3e0 [ 398.940749][T12534] tomoyo_realpath_from_path+0x1a7/0x710 [ 398.947538][T12534] ? tomoyo_path_number_perm+0x235/0x5b0 [ 398.954340][T12534] tomoyo_path_number_perm+0x248/0x5b0 [ 398.960932][T12534] ? tomoyo_path_number_perm+0x235/0x5b0 [ 398.967729][T12534] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 398.974972][T12534] ? __pfx_lock_release+0x10/0x10 [ 398.981023][T12534] ? trace_lock_acquire+0x14e/0x1f0 [ 398.987295][T12534] ? lock_acquire+0x2f/0xb0 [ 398.992764][T12534] ? __fget_files+0x40/0x3a0 [ 398.998299][T12534] ? __fget_files+0x206/0x3a0 [ 399.003939][T12534] security_file_ioctl+0x9b/0x240 [ 399.010000][T12534] __x64_sys_ioctl+0xb7/0x200 [ 399.015637][T12534] do_syscall_64+0xcd/0x250 [ 399.021069][T12534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.028171][T12534] RIP: 0033:0x7f8903f85d29 [ 399.033483][T12534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.057053][T12534] RSP: 002b:00007f8904d88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 399.067184][T12534] RAX: ffffffffffffffda RBX: 00007f8904175fa0 RCX: 00007f8903f85d29 [ 399.076779][T12534] RDX: 0000000000000003 RSI: 00000000400c4d05 RDI: 0000000000000003 [ 399.086365][T12534] RBP: 00007f8904d88090 R08: 0000000000000000 R09: 0000000000000000 [ 399.095954][T12534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 399.105543][T12534] R13: 0000000000000000 R14: 00007f8904175fa0 R15: 00007ffd5d6b2c38 [ 399.115157][T12534] [ 399.169222][T12534] ERROR: Out of memory at tomoyo_realpath_from_path. [ 399.222555][T12534] mtrr: base(0x600000) is not aligned on a size(0x4000000000) boundary [ 399.870384][T12557] zram: Added device: zram1 [ 400.793864][T12575] FAULT_INJECTION: forcing a failure. [ 400.793864][T12575] name failslab, interval 1, probability 0, space 0, times 0 [ 400.831784][T12575] CPU: 1 UID: 0 PID: 12575 Comm: syz.4.1487 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 400.844755][T12575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 400.856841][T12575] Call Trace: [ 400.860790][T12575] [ 400.864318][T12575] dump_stack_lvl+0x16c/0x1f0 [ 400.869959][T12575] should_fail_ex+0x497/0x5b0 [ 400.875612][T12575] ? fs_reclaim_acquire+0xae/0x150 [ 400.881774][T12575] should_failslab+0xc2/0x120 [ 400.887415][T12575] __kmalloc_noprof+0xce/0x4f0 [ 400.893162][T12575] ? mtrr_file_add.constprop.0+0x1c9/0x2a0 [ 400.900161][T12575] mtrr_file_add.constprop.0+0x1c9/0x2a0 [ 400.906952][T12575] mtrr_ioctl+0x4a5/0xcd0 [ 400.912185][T12575] ? __pfx_mtrr_ioctl+0x10/0x10 [ 400.918028][T12575] ? __pfx_lock_release+0x10/0x10 [ 400.924078][T12575] ? __fget_files+0x206/0x3a0 [ 400.929718][T12575] ? __pfx_mtrr_ioctl+0x10/0x10 [ 400.935574][T12575] proc_reg_unlocked_ioctl+0x226/0x320 [ 400.942148][T12575] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 400.949346][T12575] __x64_sys_ioctl+0x190/0x200 [ 400.955081][T12575] do_syscall_64+0xcd/0x250 [ 400.960514][T12575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.967611][T12575] RIP: 0033:0x7f8903f85d29 [ 400.972927][T12575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.996477][T12575] RSP: 002b:00007f8904d88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 401.006599][T12575] RAX: ffffffffffffffda RBX: 00007f8904175fa0 RCX: 00007f8903f85d29 [ 401.016185][T12575] RDX: 0000000000000003 RSI: 00000000400c4d05 RDI: 0000000000000003 [ 401.025773][T12575] RBP: 00007f8904d88090 R08: 0000000000000000 R09: 0000000000000000 [ 401.035364][T12575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 401.044948][T12575] R13: 0000000000000000 R14: 00007f8904175fa0 R15: 00007ffd5d6b2c38 [ 401.054551][T12575] [ 402.222197][T12614] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1493'. [ 402.409012][T12619] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 402.444007][T12619] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 403.112728][ T29] audit: type=1800 audit(8277292163.779:28): pid=12630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1495" name="version" dev="configfs" ino=36831 res=0 errno=0 [ 403.169916][T12630] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 403.687762][T12644] netlink: Unknown conntrack attr (type=146, max=9) [ 404.139742][T12656] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1501'. [ 404.598463][T12651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1500'. [ 409.907786][T12742] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1519'. [ 414.617625][T12840] netlink: Unknown conntrack attr (type=146, max=9) [ 415.224847][T12860] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 418.372414][T12922] netlink: 122 bytes leftover after parsing attributes in process `syz.1.1563'. [ 418.420450][T12924] netlink: 122 bytes leftover after parsing attributes in process `syz.1.1563'. [ 418.463955][T12922] netlink: 122 bytes leftover after parsing attributes in process `syz.1.1563'. [ 419.207203][T12944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1568'. [ 421.005616][T12989] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 421.093728][T12993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1579'. [ 421.146679][T12995] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1579'. [ 421.250051][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1579'. [ 423.553094][T13045] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1592'. [ 428.378045][T13117] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1611'. [ 430.502399][T13159] rnbd_client L213: map_device: Parameters missing [ 432.286938][T13202] GUP no longer grows the stack in syz.2.1629 (13202): 1000-401000 (0) [ 432.373356][T13202] CPU: 1 UID: 0 PID: 13202 Comm: syz.2.1629 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 432.386339][T13202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 432.398436][T13202] Call Trace: [ 432.402391][T13202] [ 432.405923][T13202] dump_stack_lvl+0x16c/0x1f0 [ 432.411566][T13202] gup_vma_lookup+0x1d2/0x220 [ 432.417203][T13202] __get_user_pages+0x236/0x3b50 [ 432.423264][T13202] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 432.429949][T13202] ? __gup_longterm_locked+0x123/0x1870 [ 432.436642][T13202] ? __gup_longterm_locked+0x123/0x1870 [ 432.443340][T13202] ? __pfx___get_user_pages+0x10/0x10 [ 432.449822][T13202] ? down_read_killable+0xcc/0x380 [ 432.455999][T13202] ? __pfx_down_read_killable+0x10/0x10 [ 432.462703][T13202] ? __pfx___lock_acquire+0x10/0x10 [ 432.468982][T13202] __gup_longterm_locked+0x211/0x1870 [ 432.475481][T13202] ? __pfx___gup_longterm_locked+0x10/0x10 [ 432.482492][T13202] ? gup_fast_fallback+0x84c/0x2690 [ 432.488764][T13202] ? __pfx_lock_release+0x10/0x10 [ 432.494820][T13202] ? lock_acquire+0x2f/0xb0 [ 432.500247][T13202] ? ___pte_offset_map+0x42/0x540 [ 432.506438][T13202] gup_fast_fallback+0x1802/0x2690 [ 432.512638][T13202] ? __pfx_gup_fast_fallback+0x10/0x10 [ 432.519223][T13202] ? do_syscall_64+0xcd/0x250 [ 432.524867][T13202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.532206][T13202] get_user_pages_fast+0xa8/0x100 [ 432.538281][T13202] ? __pfx_get_user_pages_fast+0x10/0x10 [ 432.545094][T13202] get_futex_key+0x1f5/0x1000 [ 432.550754][T13202] ? __pfx_get_futex_key+0x10/0x10 [ 432.556934][T13202] ? kasan_save_track+0x14/0x30 [ 432.562788][T13202] ? __kasan_kmalloc+0xaa/0xb0 [ 432.568539][T13202] futex_lock_pi+0x282/0x7a0 [ 432.574074][T13202] ? preempt_schedule_common+0x44/0xc0 [ 432.580654][T13202] ? __pfx_futex_lock_pi+0x10/0x10 [ 432.586815][T13202] ? try_to_wake_up+0x953/0x1490 [ 432.592798][T13202] ? plist_check_head+0xa3/0x150 [ 432.598773][T13202] ? futex_wake+0x18e/0x4e0 [ 432.604226][T13202] ? __pfx_futex_wake_mark+0x10/0x10 [ 432.610606][T13202] do_futex+0x11b/0x350 [ 432.615631][T13202] ? __pfx_do_futex+0x10/0x10 [ 432.621290][T13202] ? find_held_lock+0x2d/0x110 [ 432.627053][T13202] __x64_sys_futex+0x1e1/0x4c0 [ 432.633250][T13202] ? __pfx___x64_sys_futex+0x10/0x10 [ 432.639976][T13202] ? rcu_is_watching+0x12/0xc0 [ 432.646178][T13202] do_syscall_64+0xcd/0x250 [ 432.651947][T13202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.659692][T13202] RIP: 0033:0x7fa9e3985d29 [ 432.665856][T13202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.694627][T13202] RSP: 002b:00007fa9e471d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 432.706390][T13202] RAX: ffffffffffffffda RBX: 00007fa9e3b76160 RCX: 00007fa9e3985d29 [ 432.716198][T13202] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 432.725791][T13202] RBP: 00007fa9e3a01b08 R08: 0000000000000000 R09: 0000000080000001 [ 432.735392][T13202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.744992][T13202] R13: 0000000000000000 R14: 00007fa9e3b76160 R15: 00007ffd8850ff58 [ 432.754606][T13202] [ 432.955952][T13219] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1633'. [ 439.246972][T13347] Invalid ELF header magic: != ELF [ 440.475647][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.491771][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.832472][T13389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1670'. [ 440.850133][T13389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1670'. [ 442.386853][T13416] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.1.1677: iget: checksum invalid [ 442.421275][T13416] platform regulatory.0: loading /lib/firmware/updates/6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8/regulatory.db failed with error -74 [ 442.463087][T13416] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.1.1677: iget: checksum invalid [ 442.526279][T13416] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 442.610833][T13416] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.1.1677: iget: checksum invalid [ 442.702685][T13416] platform regulatory.0: loading /lib/firmware/6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8/regulatory.db failed with error -74 [ 442.763617][T13416] EXT4-fs error (device sda1): ext4_lookup:1813: inode #248: comm syz.1.1677: iget: checksum invalid [ 442.874259][T13416] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 442.949469][T13416] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 442.980414][T13416] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 443.185322][T13426] Invalid ELF header magic: != ELF [ 446.806621][T13503] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1696'. [ 448.238591][T13528] futex_wake_op: syz.0.1702 tries to shift op by 64; fix this program [ 449.693123][T13568] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 450.957888][T13589] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1716'. [ 453.352494][T13614] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 455.714092][T13693] openvswitch: netlink: Flow actions attr not present in new flow. [ 456.783411][T13733] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1749'. [ 456.847080][T13733] hsr_slave_0: left promiscuous mode [ 456.859645][T13733] hsr_slave_1: left promiscuous mode [ 457.513013][T13765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1756'. [ 458.526144][ T5840] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 458.651195][T13809] HfR: entered promiscuous mode [ 458.736877][T13810] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1768'. [ 458.769057][T13810] HfR: left promiscuous mode [ 463.167423][T13916] lo: entered allmulticast mode [ 463.182967][T13916] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1796'. [ 463.896952][T13931] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1798'. [ 464.005604][T13915] lo: left allmulticast mode [ 464.945497][T13916] kexec: Could not allocate control_code_buffer [ 467.072103][T13975] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1808'. [ 472.634212][T14071] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1823'. [ 475.061693][T14094] netlink: 'syz.2.1828': attribute type 1 has an invalid length. [ 477.060975][T14110] lo: entered promiscuous mode [ 477.266617][T14110] lo: left promiscuous mode [ 478.532892][T14146] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1841'. [ 479.615012][T14161] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1845'. [ 479.738980][T14164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1843'. [ 480.690387][T14173] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1847'. [ 482.175867][T14188] delete_channel: no stack [ 484.155352][T14204] Invalid ELF header magic: != ELF [ 485.529021][T14229] nfs: Bad value for 'source' [ 485.552061][T14228] nfs: Bad value for 'source' [ 491.264558][T14323] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1883'. [ 491.979557][T14334] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1892'. [ 492.224456][T14334] team0: Port device team_slave_0 removed [ 496.639964][T14387] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 498.331521][T14404] cgroup: fork rejected by pids controller in /syz1 [ 501.645209][T14481] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1916'. [ 501.875607][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.883457][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.602016][T14522] can: request_module (can-proto-4) failed. [ 507.631066][ T6704] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.862079][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 507.885873][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 507.895846][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 507.907780][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 507.907924][ T6704] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.933687][ T5839] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 507.948366][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 508.074733][ T6704] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.309209][ T6704] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.456013][T14535] chnl_net:caif_netlink_parms(): no params data found [ 508.832981][ T6704] bridge_slave_1: left allmulticast mode [ 508.861749][ T6704] bridge_slave_1: left promiscuous mode [ 508.880276][ T6704] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.938846][ T6704] bridge_slave_0: left allmulticast mode [ 508.945885][ T6704] bridge_slave_0: left promiscuous mode [ 508.970059][ T6704] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.037781][ T5840] Bluetooth: hci1: command tx timeout [ 510.403526][ T6704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 510.483799][ T6704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 510.513322][ T6704] bond0 (unregistering): Released all slaves [ 510.877246][T14535] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.891885][T14535] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.931749][T14535] bridge_slave_0: entered allmulticast mode [ 510.955274][T14535] bridge_slave_0: entered promiscuous mode [ 511.037085][T14535] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.064914][T14535] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.103140][T14535] bridge_slave_1: entered allmulticast mode [ 511.111410][T14535] bridge_slave_1: entered promiscuous mode [ 511.271403][T14535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.316957][T14535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.876441][T14535] team0: Port device team_slave_0 added [ 511.904979][T14535] team0: Port device team_slave_1 added [ 512.110422][T14535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.121017][ T5840] Bluetooth: hci1: command tx timeout [ 512.146354][T14535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.191913][T14535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.233759][T14535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.281714][T14535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.361697][T14535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.432590][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 512.454896][ T6704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 512.508440][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 512.542624][ T6704] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 512.618416][ T6704] veth1_macvtap: left promiscuous mode [ 512.662004][ T6704] veth0_macvtap: left promiscuous mode [ 512.670167][ T6704] veth1_vlan: left promiscuous mode [ 512.703248][ T6704] veth0_vlan: left promiscuous mode [ 514.191883][ T5840] Bluetooth: hci1: command tx timeout [ 514.672346][ T6704] team0 (unregistering): Port device team_slave_1 removed [ 516.272620][ T5840] Bluetooth: hci1: command tx timeout [ 516.536459][T14535] hsr_slave_0: entered promiscuous mode [ 516.586462][T14535] hsr_slave_1: entered promiscuous mode [ 516.616234][T14535] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 516.633394][T14535] Cannot create hsr debugfs directory [ 517.395766][T14535] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 517.471944][T14535] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 517.514343][T14535] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 517.678996][T14535] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 518.038556][T14535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 518.121176][T14535] 8021q: adding VLAN 0 to HW filter on device team0 [ 518.232992][ T6704] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.241607][ T6704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 518.273312][ T6704] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.281985][ T6704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 518.632283][T14535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 519.018108][T14535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 519.458968][T14535] veth0_vlan: entered promiscuous mode [ 519.489753][T14535] veth1_vlan: entered promiscuous mode [ 519.534343][T14535] veth0_macvtap: entered promiscuous mode [ 519.545608][T14535] veth1_macvtap: entered promiscuous mode [ 519.579038][T14535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.615967][T14535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.651616][T14535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.673663][T14535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.686616][T14535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.699942][T14535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.744746][T14535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 519.816849][T14535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 519.853058][T14535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.882972][T14535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 519.896587][T14535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.928973][T14535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 519.969747][T14535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.008985][T14535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 520.107905][T14535] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.129088][T14535] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.162154][T14535] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.181717][T14535] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.410303][ T6698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 520.440069][ T6698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 520.522329][ T6698] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 520.538569][ T6698] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.775504][T14734] could not allocate digest TFM handle binfmt_misc [ 525.269939][T14791] netlink: 178 bytes leftover after parsing attributes in process `syz.5.1958'. [ 525.664566][T14802] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 525.696719][T14800] can: request_module (can-proto-0) failed. [ 526.023171][T14807] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1961'. [ 526.120879][T14807] ip6gre0: entered promiscuous mode [ 532.336261][T14008] syz.2.1811 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 532.348759][T14008] CPU: 1 UID: 0 PID: 14008 Comm: syz.2.1811 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 532.361697][T14008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 532.373762][T14008] Call Trace: [ 532.377687][T14008] [ 532.381194][T14008] dump_stack_lvl+0x16c/0x1f0 [ 532.386815][T14008] dump_header+0x101/0x900 [ 532.392117][T14008] oom_kill_process+0x270/0xa60 [ 532.397949][T14008] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 532.404709][T14008] out_of_memory+0x351/0x1700 [ 532.410325][T14008] ? __pfx_out_of_memory+0x10/0x10 [ 532.416474][T14008] ? rcu_read_unlock+0x17/0x60 [ 532.422215][T14008] ? find_held_lock+0x2d/0x110 [ 532.427964][T14008] mem_cgroup_out_of_memory+0x207/0x270 [ 532.434630][T14008] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 532.441917][T14008] ? do_raw_spin_unlock+0x172/0x230 [ 532.448173][T14008] try_charge_memcg+0x54c/0xaf0 [ 532.453999][T14008] ? __pfx_try_charge_memcg+0x10/0x10 [ 532.460446][T14008] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 532.466992][T14008] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 532.473543][T14008] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 532.480210][T14008] __mem_cgroup_charge+0x9b/0x280 [ 532.486266][T14008] shmem_alloc_and_add_folio+0x507/0xc00 [ 532.493041][T14008] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 532.500428][T14008] ? shmem_allowable_huge_orders+0xd0/0x410 [ 532.507505][T14008] shmem_get_folio_gfp+0x689/0x1530 [ 532.513746][T14008] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 532.520502][T14008] ? find_held_lock+0x2d/0x110 [ 532.526230][T14008] shmem_write_begin+0x161/0x300 [ 532.532174][T14008] ? __pfx_shmem_write_begin+0x10/0x10 [ 532.538717][T14008] ? timestamp_truncate+0x21f/0x2e0 [ 532.544973][T14008] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 532.553215][T14008] generic_perform_write+0x2ba/0x920 [ 532.559569][T14008] ? __pfx_generic_perform_write+0x10/0x10 [ 532.566541][T14008] ? inode_needs_update_time.part.0+0x191/0x270 [ 532.574038][T14008] shmem_file_write_iter+0x10e/0x140 [ 532.580383][T14008] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 532.587347][T14008] __kernel_write_iter+0x318/0xa80 [ 532.593489][T14008] ? __pfx___kernel_write_iter+0x10/0x10 [ 532.600245][T14008] ? get_dump_page+0x15b/0x230 [ 532.605976][T14008] ? __pfx___might_resched+0x10/0x10 [ 532.612323][T14008] dump_user_range+0x389/0x8c0 [ 532.618047][T14008] ? __pfx_dump_user_range+0x10/0x10 [ 532.624494][T14008] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 532.631880][T14008] ? __pfx_writenote+0x10/0x10 [ 532.637600][T14008] elf_core_dump+0x2787/0x3880 [ 532.643331][T14008] ? __pfx_elf_core_dump+0x10/0x10 [ 532.649463][T14008] ? try_to_wake_up+0x949/0x1490 [ 532.655384][T14008] ? __pfx_lock_release+0x10/0x10 [ 532.661421][T14008] ? rwsem_wake.isra.0+0xbe/0x120 [ 532.667465][T14008] ? rcu_is_watching+0x12/0xc0 [ 532.673176][T14008] ? trace_lock_acquire+0x14e/0x1f0 [ 532.679410][T14008] ? __pfx_sort+0x10/0x10 [ 532.684607][T14008] ? get_signal+0x23f3/0x2610 [ 532.690224][T14008] ? do_coredump+0x2dd5/0x43e0 [ 532.695946][T14008] do_coredump+0x2dd5/0x43e0 [ 532.701473][T14008] ? __pfx_do_coredump+0x10/0x10 [ 532.707399][T14008] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 532.714521][T14008] get_signal+0x23f3/0x2610 [ 532.719933][T14008] ? __pfx_get_signal+0x10/0x10 [ 532.725751][T14008] ? rcu_is_watching+0x12/0xc0 [ 532.731465][T14008] ? trace_irq_disable.constprop.0+0xea/0x140 [ 532.738760][T14008] arch_do_signal_or_restart+0x90/0x7e0 [ 532.745431][T14008] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 532.752831][T14008] ? do_user_addr_fault+0xa4b/0x13f0 [ 532.759203][T14008] irqentry_exit_to_user_mode+0x13f/0x280 [ 532.766086][T14008] asm_exc_page_fault+0x26/0x30 [ 532.771910][T14008] RIP: 0033:0x400fff [ 532.776581][T14008] Code: Unable to access opcode bytes at 0x400fd5. [ 532.784361][T14008] RSP: 002b:000000000000000a EFLAGS: 00010286 [ 532.791640][T14008] RAX: 0000000000000000 RBX: 00007fa9e3b76080 RCX: 00007fa9e3985d29 [ 532.801208][T14008] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b44 [ 532.810766][T14008] RBP: 00007fa9e3a01b08 R08: 0000000000000002 R09: 0000000000000000 [ 532.820326][T14008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.829904][T14008] R13: 0000000000000000 R14: 00007fa9e3b76080 R15: 00007ffd8850ff58 [ 532.839494][T14008] [ 532.843426][T14008] memory: usage 307196kB, limit 307200kB, failcnt 14278 [ 532.892606][T14008] memory+swap: usage 381204kB, limit 9007199254740988kB, failcnt 0 [ 532.950835][T14008] kmem: usage 4084kB, limit 9007199254740988kB, failcnt 0 [ 533.020570][T14008] Memory cgroup stats for /syz2: [ 533.020946][T14008] cache 309989376 [ 533.100936][T14008] rss 147456 [ 533.196389][T14008] rss_huge 0 [ 533.200279][T14008] shmem 309911552 [ 533.516493][T14008] mapped_file 3940352 [ 533.521330][T14008] dirty 0 [ 533.583952][T14008] writeback 0 [ 533.587955][T14008] workingset_refault_anon 7037 [ 533.651609][T14008] workingset_refault_file 3001 [ 533.657385][T14008] swap 75780096 [ 533.751596][T14008] swapcached 253952 [ 533.756224][T14008] pgpgin 1114482 [ 533.760494][T14008] pgpgout 1043813 [ 533.821607][T14008] pgfault 473634 [ 533.825920][T14008] pgmajfault 1634 [ 533.830280][T14008] inactive_anon 146493440 [ 533.973090][T14008] active_anon 163819520 [ 533.978412][T14008] inactive_file 0 [ 534.048067][T14008] active_file 65536 [ 534.106433][T14008] unevictable 0 [ 534.110636][T14008] hierarchical_memory_limit 314572800 [ 534.240287][T14008] hierarchical_memsw_limit 9223372036854771712 [ 534.327594][T14008] total_cache 309989376 [ 534.362057][T14008] total_rss 147456 [ 534.393236][T14008] total_rss_huge 0 [ 534.397758][T14008] total_shmem 309911552 [ 534.476552][T14008] total_mapped_file 3940352 [ 534.536930][T14008] total_dirty 0 [ 534.541142][T14008] total_writeback 0 [ 534.622198][T14008] total_workingset_refault_anon 7037 [ 534.642048][T14008] total_workingset_refault_file 3001 [ 534.648444][T14008] total_swap 75780096 [ 534.703534][T14008] total_swapcached 253952 [ 534.708779][T14008] total_pgpgin 1114482 [ 534.730150][T14008] total_pgpgout 1043813 [ 534.750828][T14008] total_pgfault 473634 [ 534.761898][T14008] total_pgmajfault 1634 [ 534.769584][T14008] total_inactive_anon 146493440 [ 534.789411][T14008] total_active_anon 163819520 [ 534.826368][T14008] total_inactive_file 0 [ 534.831414][T14008] total_active_file 65536 [ 534.991515][T14008] total_unevictable 0 [ 534.996432][T14008] anon_cost 0 [ 535.000658][T14008] file_cost 0 [ 535.123364][T14008] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1811,pid=14011,uid=0 [ 535.277412][T14008] Memory cgroup out of memory: Killed process 14011 (syz.2.1811) total-vm:131432kB, anon-rss:1056kB, file-rss:24624kB, shmem-rss:4028kB, UID:0 pgtables:228kB oom_score_adj:1000 [ 536.073034][T14442] syz.1.1900 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 536.366342][T14442] CPU: 0 UID: 0 PID: 14442 Comm: syz.1.1900 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 536.379316][T14442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 536.391378][T14442] Call Trace: [ 536.395305][T14442] [ 536.398813][T14442] dump_stack_lvl+0x16c/0x1f0 [ 536.404433][T14442] dump_header+0x101/0x900 [ 536.409731][T14442] oom_kill_process+0x270/0xa60 [ 536.415546][T14442] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 536.422306][T14442] out_of_memory+0x351/0x1700 [ 536.427920][T14442] ? __pfx_out_of_memory+0x10/0x10 [ 536.434049][T14442] ? rcu_read_unlock+0x17/0x60 [ 536.439771][T14442] ? find_held_lock+0x2d/0x110 [ 536.445494][T14442] mem_cgroup_out_of_memory+0x207/0x270 [ 536.452144][T14442] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 536.459424][T14442] ? do_raw_spin_unlock+0x172/0x230 [ 536.465662][T14442] try_charge_memcg+0x54c/0xaf0 [ 536.471488][T14442] ? __pfx_try_charge_memcg+0x10/0x10 [ 536.477935][T14442] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 536.484482][T14442] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 536.491029][T14442] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 536.497679][T14442] __mem_cgroup_charge+0x9b/0x280 [ 536.503716][T14442] shmem_alloc_and_add_folio+0x507/0xc00 [ 536.510477][T14442] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 536.517867][T14442] ? shmem_allowable_huge_orders+0xd0/0x410 [ 536.524957][T14442] shmem_get_folio_gfp+0x689/0x1530 [ 536.531216][T14442] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 536.537978][T14442] ? mark_held_locks+0x9f/0xe0 [ 536.543701][T14442] ? timestamp_truncate+0x21f/0x2e0 [ 536.549947][T14442] shmem_write_begin+0x161/0x300 [ 536.555876][T14442] ? __pfx_shmem_write_begin+0x10/0x10 [ 536.562419][T14442] ? inode_set_ctime_current+0x2a7/0x900 [ 536.569177][T14442] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 536.577399][T14442] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 536.584583][T14442] generic_perform_write+0x2ba/0x920 [ 536.590929][T14442] ? __pfx_generic_perform_write+0x10/0x10 [ 536.597893][T14442] ? __mark_inode_dirty+0x2a5/0xe50 [ 536.604136][T14442] ? generic_update_time+0xcf/0xf0 [ 536.610282][T14442] ? mnt_put_write_access_file+0x45/0xf0 [ 536.617040][T14442] shmem_file_write_iter+0x10e/0x140 [ 536.623383][T14442] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 536.630345][T14442] __kernel_write_iter+0x318/0xa80 [ 536.636476][T14442] ? __pfx___kernel_write_iter+0x10/0x10 [ 536.643232][T14442] ? get_dump_page+0x15b/0x230 [ 536.648949][T14442] ? __pfx___might_resched+0x10/0x10 [ 536.655287][T14442] ? copy_mc_enhanced_fast_string+0xa/0x13 [ 536.662261][T14442] dump_user_range+0x389/0x8c0 [ 536.667986][T14442] ? __pfx_dump_user_range+0x10/0x10 [ 536.674330][T14442] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 536.681713][T14442] ? __pfx_writenote+0x10/0x10 [ 536.687431][T14442] elf_core_dump+0x2787/0x3880 [ 536.693151][T14442] ? __pfx_elf_core_dump+0x10/0x10 [ 536.699283][T14442] ? try_to_wake_up+0x949/0x1490 [ 536.705200][T14442] ? __pfx_lock_release+0x10/0x10 [ 536.711237][T14442] ? rwsem_wake.isra.0+0xbe/0x120 [ 536.717282][T14442] ? rcu_is_watching+0x12/0xc0 [ 536.722998][T14442] ? trace_lock_acquire+0x14e/0x1f0 [ 536.729235][T14442] ? __pfx_sort+0x10/0x10 [ 536.734427][T14442] ? get_signal+0x23f3/0x2610 [ 536.740038][T14442] ? do_coredump+0x2dd5/0x43e0 [ 536.745758][T14442] do_coredump+0x2dd5/0x43e0 [ 536.751277][T14442] ? __pfx_do_coredump+0x10/0x10 [ 536.757205][T14442] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 536.764338][T14442] get_signal+0x23f3/0x2610 [ 536.769748][T14442] ? __pfx_get_signal+0x10/0x10 [ 536.775571][T14442] ? rcu_is_watching+0x12/0xc0 [ 536.781296][T14442] ? trace_irq_disable.constprop.0+0xea/0x140 [ 536.788574][T14442] arch_do_signal_or_restart+0x90/0x7e0 [ 536.795235][T14442] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 536.802628][T14442] ? do_user_addr_fault+0xa4b/0x13f0 [ 536.808970][T14442] irqentry_exit_to_user_mode+0x13f/0x280 [ 536.815838][T14442] asm_exc_page_fault+0x26/0x30 [ 536.821656][T14442] RIP: 0033:0x0 [ 536.825796][T14442] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 536.834624][T14442] RSP: 002b:0000000000000009 EFLAGS: 00010217 [ 536.841895][T14442] RAX: 0000000000000000 RBX: 00007f05f4176160 RCX: 00007f05f3f85d29 [ 536.851454][T14442] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000020003b46 [ 536.861015][T14442] RBP: 00007f05f4001b08 R08: 0000000000000007 R09: 0000000000000000 [ 536.870571][T14442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 536.880130][T14442] R13: 0000000000000000 R14: 00007f05f4176160 R15: 00007fff5146e358 [ 536.889707][T14442] [ 537.129431][T14442] memory: usage 306988kB, limit 307200kB, failcnt 15449 [ 537.191774][T14442] memory+swap: usage 362520kB, limit 9007199254740988kB, failcnt 0 [ 537.381790][T14442] kmem: usage 3848kB, limit 9007199254740988kB, failcnt 0 [ 537.390385][T14442] Memory cgroup stats for /syz1: [ 537.390570][T14442] cache 304664576 [ 537.520557][ T31] oom_reaper: reaped process 14011 (syz.2.1811), now anon-rss:84kB, file-rss:21952kB, shmem-rss:188kB [ 537.681660][T14442] rss 5640192 [ 537.685657][T14442] rss_huge 2097152 [ 537.821670][T14442] shmem 303403008 [ 537.932963][T14442] mapped_file 1101824 [ 537.937797][T14442] dirty 0 [ 537.941322][T14442] writeback 0 [ 538.101906][T14442] workingset_refault_anon 6823 [ 538.296150][T14442] workingset_refault_file 4090 [ 538.408600][T14442] swap 57475072 [ 538.438588][T14442] swapcached 90112 [ 538.472128][T14442] pgpgin 1133235 [ 538.476432][T14442] pgpgout 1062054 [ 538.601644][T14442] pgfault 546025 [ 538.605967][T14442] pgmajfault 1639 [ 538.610337][T14442] inactive_anon 187289600 [ 538.687982][T14845] syz.0.1967 (14845) used greatest stack depth: 20800 bytes left [ 538.814618][T14442] active_anon 118075392 [ 538.851778][T14442] inactive_file 0 [ 538.949873][T14952] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1975'. [ 539.121805][T14442] active_file 1261568 [ 539.284327][T14442] unevictable 0 [ 539.288528][T14442] hierarchical_memory_limit 314572800 [ 539.619578][T14442] hierarchical_memsw_limit 9223372036854771712 [ 539.831715][T14442] total_cache 304664576 [ 539.836759][T14442] total_rss 5640192 [ 539.841338][T14442] total_rss_huge 2097152 [ 540.057357][T14442] total_shmem 303403008 [ 540.251704][T14442] total_mapped_file 1101824 [ 540.257179][T14442] total_dirty 0 [ 540.261338][T14442] total_writeback 0 [ 540.486364][T14442] total_workingset_refault_anon 6823 [ 540.590584][T14994] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 540.610865][T14442] total_workingset_refault_file 4090 [ 540.654480][T14442] total_swap 57475072 [ 540.721582][T14442] total_swapcached 90112 [ 540.897371][T14442] total_pgpgin 1133235 [ 541.021213][T14442] total_pgpgout 1062054 [ 541.126289][T14442] total_pgfault 546025 [ 541.131234][T14442] total_pgmajfault 1639 [ 541.260345][T14442] total_inactive_anon 187289600 [ 541.381222][T14442] total_active_anon 118075392 [ 541.427919][T14442] total_inactive_file 0 [ 541.605131][T14442] total_active_file 1261568 [ 541.610594][T14442] total_unevictable 0 [ 541.763063][T14442] anon_cost 0 [ 541.767066][T14442] file_cost 0 [ 541.877275][T14442] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.439,pid=7914,uid=0 [ 542.054996][T14988] kafs: addr_prefs: Invalid Command [ 542.543178][T14442] Memory cgroup out of memory: Killed process 7914 (syz.1.439) total-vm:105812kB, anon-rss:828kB, file-rss:20796kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:0 [ 542.860772][T14010] syz.2.1811 (14010) used greatest stack depth: 19248 bytes left [ 543.120296][T14011] syz.2.1811 (14011) used greatest stack depth: 18384 bytes left [ 543.907722][T14007] syz.2.1811 (14007) used greatest stack depth: 17280 bytes left [ 543.992794][T14988] HSR: entered promiscuous mode [ 547.937509][T15116] Invalid ELF header magic: != ELF [ 550.637904][T15141] netlink: 'syz.2.2005': attribute type 10 has an invalid length. [ 550.652206][T15141] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2005'. [ 550.873936][T15143] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2006'. [ 553.611028][T15176] netlink: 'syz.2.2013': attribute type 33 has an invalid length. [ 553.620705][T15176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2013'. [ 559.622160][T15230] [ 559.624992][T15230] ====================================================== [ 559.633422][T15230] WARNING: possible circular locking dependency detected [ 559.641851][T15230] 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 Not tainted [ 559.650389][T15230] ------------------------------------------------------ [ 559.658821][T15230] syz.5.2024/15230 is trying to acquire lock: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 559.666096][T15230] ffff8880257e1438 (&q->q_usage_counter(io)#16){++++}-{0:0}, at: submit_bio_noacct_nocheck+0x892/0xd70 [ 559.679414][T15230] [ 559.679414][T15230] but task is already holding lock: [ 559.688256][T15230] ffff8880249d3740 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x750 [ 559.701214][T15230] [ 559.701214][T15230] which lock already depends on the new lock. [ 559.701214][T15230] [ 559.713685][T15230] [ 559.713685][T15230] the existing dependency chain (in reverse order) is: [ 559.724640][T15230] [ 559.724640][T15230] -> #4 (mapping.invalidate_lock#2){++++}-{4:4}: [ 559.735009][T15230] down_read+0x9a/0x330 [ 559.740625][T15230] filemap_fault+0x2e0/0x2820 [ 559.746862][T15230] __do_fault+0x10a/0x490 [ 559.753264][T15230] do_pte_missing+0xebd/0x3e00 [ 559.760469][T15230] __handle_mm_fault+0x103c/0x2a40 [ 559.767916][T15230] handle_mm_fault+0x3fa/0xaa0 [ 559.774268][T15230] __get_user_pages+0x8d9/0x3b50 [ 559.780819][T15230] populate_vma_page_range+0x27f/0x3a0 [ 559.788012][T15230] __mm_populate+0x1d6/0x380 [ 559.795777][T15230] vm_mmap_pgoff+0x293/0x360 [ 559.801937][T15230] ksys_mmap_pgoff+0x32c/0x5c0 [ 559.808277][T15230] __x64_sys_mmap+0x125/0x190 [ 559.814625][T15230] do_syscall_64+0xcd/0x250 [ 559.820656][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.828354][T15230] [ 559.828354][T15230] -> #3 (&mm->mmap_lock){++++}-{4:4}: [ 559.837418][T15230] __might_fault+0x11b/0x190 [ 559.843562][T15230] _copy_from_user+0x29/0xd0 [ 559.849694][T15230] __blk_trace_setup+0xa8/0x180 [ 559.856153][T15230] blk_trace_setup+0x47/0x70 [ 559.862276][T15230] sg_ioctl+0x7a3/0x26b0 [ 559.867987][T15230] __x64_sys_ioctl+0x190/0x200 [ 559.874315][T15230] do_syscall_64+0xcd/0x250 [ 559.880964][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.888660][T15230] [ 559.888660][T15230] -> #2 (&q->debugfs_mutex){+.+.}-{4:4}: [ 559.898042][T15230] __mutex_lock+0x19b/0xa60 [ 559.904070][T15230] blk_register_queue+0x13c/0x4f0 [ 559.910719][T15230] add_disk_fwnode+0x785/0x1300 [ 559.917153][T15230] brd_alloc.isra.0+0x50a/0x7c0 [ 559.923610][T15230] brd_init+0x12b/0x1d0 [ 559.929221][T15230] do_one_initcall+0x128/0x630 [ 559.935593][T15230] kernel_init_freeable+0x58f/0x8b0 [ 559.942463][T15230] kernel_init+0x1c/0x2b0 [ 559.948285][T15230] ret_from_fork+0x45/0x80 [ 559.954203][T15230] ret_from_fork_asm+0x1a/0x30 [ 559.960673][T15230] [ 559.960673][T15230] -> #1 (&q->sysfs_lock){+.+.}-{4:4}: [ 559.969940][T15230] __mutex_lock+0x19b/0xa60 [ 559.976082][T15230] queue_attr_store+0xe2/0x170 [ 559.982420][T15230] sysfs_kf_write+0x117/0x170 [ 559.988657][T15230] kernfs_fop_write_iter+0x33d/0x500 [ 559.995616][T15230] vfs_write+0x5ae/0x1150 [ 560.001428][T15230] ksys_write+0x12b/0x250 [ 560.007234][T15230] do_syscall_64+0xcd/0x250 [ 560.013256][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.020947][T15230] [ 560.020947][T15230] -> #0 (&q->q_usage_counter(io)#16){++++}-{0:0}: [ 560.031264][T15230] __lock_acquire+0x249e/0x3c40 [ 560.037706][T15230] lock_acquire.part.0+0x11b/0x380 [ 560.044457][T15230] __submit_bio+0x49c/0x540 [ 560.050482][T15230] submit_bio_noacct_nocheck+0x892/0xd70 [ 560.057865][T15230] submit_bio_noacct+0x93a/0x1e20 [ 560.064515][T15230] mpage_readahead+0x41d/0x590 [ 560.070852][T15230] read_pages+0x1a8/0xdc0 [ 560.076663][T15230] page_cache_ra_unbounded+0x3dc/0x750 [ 560.083826][T15230] page_cache_ra_order+0x8f2/0xc80 [ 560.090575][T15230] page_cache_sync_ra+0x4b4/0x9c0 [ 560.097219][T15230] filemap_get_pages+0xd7b/0x1be0 [ 560.103865][T15230] filemap_splice_read+0x5cc/0xd00 [ 560.110615][T15230] do_splice_read+0x282/0x370 [ 560.116836][T15230] splice_direct_to_actor+0x2a4/0xa40 [ 560.123892][T15230] do_splice_direct+0x178/0x250 [ 560.130323][T15230] do_sendfile+0xaed/0xe30 [ 560.136237][T15230] __x64_sys_sendfile64+0x1da/0x220 [ 560.143100][T15230] do_syscall_64+0xcd/0x250 [ 560.149121][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.156809][T15230] [ 560.156809][T15230] other info that might help us debug this: [ 560.156809][T15230] [ 560.169062][T15230] Chain exists of: [ 560.169062][T15230] &q->q_usage_counter(io)#16 --> &mm->mmap_lock --> mapping.invalidate_lock#2 [ 560.169062][T15230] [ 560.186793][T15230] Possible unsafe locking scenario: [ 560.186793][T15230] [ 560.195718][T15230] CPU0 CPU1 [ 560.202173][T15230] ---- ---- [ 560.208593][T15230] rlock(mapping.invalidate_lock#2); [ 560.215033][T15230] lock(&mm->mmap_lock); [ 560.223234][T15230] lock(mapping.invalidate_lock#2); [ 560.232596][T15230] rlock(&q->q_usage_counter(io)#16); [ 560.239145][T15230] [ 560.239145][T15230] *** DEADLOCK *** [ 560.239145][T15230] [ 560.248898][T15230] 1 lock held by syz.5.2024/15230: [ 560.255010][T15230] #0: ffff8880249d3740 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x750 [ 560.268898][T15230] [ 560.268898][T15230] stack backtrace: [ 560.275944][T15230] CPU: 1 UID: 0 PID: 15230 Comm: syz.5.2024 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0 [ 560.288844][T15230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 560.301004][T15230] Call Trace: [ 560.304926][T15230] [ 560.308429][T15230] dump_stack_lvl+0x116/0x1f0 [ 560.314038][T15230] print_circular_bug+0x41c/0x610 [ 560.320073][T15230] check_noncircular+0x31a/0x400 [ 560.326012][T15230] ? __pfx_check_noncircular+0x10/0x10 [ 560.332582][T15230] ? lockdep_lock+0xc6/0x200 [ 560.338096][T15230] ? __pfx_lockdep_lock+0x10/0x10 [ 560.344124][T15230] __lock_acquire+0x249e/0x3c40 [ 560.349941][T15230] ? __pfx___lock_acquire+0x10/0x10 [ 560.356170][T15230] lock_acquire.part.0+0x11b/0x380 [ 560.362294][T15230] ? submit_bio_noacct_nocheck+0x892/0xd70 [ 560.369264][T15230] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 560.376012][T15230] ? rcu_is_watching+0x12/0xc0 [ 560.381741][T15230] ? trace_lock_acquire+0x14e/0x1f0 [ 560.387988][T15230] ? submit_bio_noacct_nocheck+0x892/0xd70 [ 560.394973][T15230] ? lock_acquire+0x2f/0xb0 [ 560.400371][T15230] ? submit_bio_noacct_nocheck+0x892/0xd70 [ 560.407360][T15230] __submit_bio+0x49c/0x540 [ 560.412776][T15230] ? submit_bio_noacct_nocheck+0x892/0xd70 [ 560.419743][T15230] ? __pfx___submit_bio+0x10/0x10 [ 560.425774][T15230] ? ktime_get+0x206/0x300 [ 560.431068][T15230] ? lockdep_hardirqs_on+0x7c/0x110 [ 560.437304][T15230] ? submit_bio_noacct_nocheck+0x892/0xd70 [ 560.444292][T15230] submit_bio_noacct_nocheck+0x892/0xd70 [ 560.451089][T15230] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 560.458503][T15230] ? __pfx___might_resched+0x10/0x10 [ 560.464849][T15230] ? __pfx_xa_load+0x10/0x10 [ 560.470363][T15230] submit_bio_noacct+0x93a/0x1e20 [ 560.476400][T15230] mpage_readahead+0x41d/0x590 [ 560.482129][T15230] ? __pfx_mpage_readahead+0x10/0x10 [ 560.488486][T15230] ? __pfx_blkdev_get_block+0x10/0x10 [ 560.494946][T15230] ? __folio_batch_add_and_move+0x5f3/0xc60 [ 560.502036][T15230] ? __pfx_lock_release+0x10/0x10 [ 560.508069][T15230] ? __pfx_blkdev_readahead+0x10/0x10 [ 560.514523][T15230] read_pages+0x1a8/0xdc0 [ 560.519730][T15230] ? lock_acquire+0x2f/0xb0 [ 560.525136][T15230] ? __pfx_lru_add+0x10/0x10 [ 560.530644][T15230] ? __pfx_read_pages+0x10/0x10 [ 560.536458][T15230] ? find_held_lock+0x2d/0x110 [ 560.542183][T15230] page_cache_ra_unbounded+0x3dc/0x750 [ 560.548745][T15230] page_cache_ra_order+0x8f2/0xc80 [ 560.554883][T15230] page_cache_sync_ra+0x4b4/0x9c0 [ 560.560911][T15230] filemap_get_pages+0xd7b/0x1be0 [ 560.566952][T15230] ? __pfx_filemap_get_pages+0x10/0x10 [ 560.573512][T15230] ? __pfx___might_resched+0x10/0x10 [ 560.579874][T15230] filemap_splice_read+0x5cc/0xd00 [ 560.586018][T15230] ? do_sendfile+0xaed/0xe30 [ 560.591515][T15230] ? __x64_sys_sendfile64+0x1da/0x220 [ 560.597972][T15230] ? do_syscall_64+0xcd/0x250 [ 560.603600][T15230] ? __pfx_filemap_splice_read+0x10/0x10 [ 560.610386][T15230] ? lockdep_init_map_type+0x16d/0x7d0 [ 560.616945][T15230] ? __pfx_filemap_splice_read+0x10/0x10 [ 560.623730][T15230] do_splice_read+0x282/0x370 [ 560.629344][T15230] splice_direct_to_actor+0x2a4/0xa40 [ 560.635786][T15230] ? __pfx_direct_splice_actor+0x10/0x10 [ 560.642539][T15230] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 560.649602][T15230] ? __fget_files+0x1fc/0x3a0 [ 560.655207][T15230] do_splice_direct+0x178/0x250 [ 560.661022][T15230] ? __pfx_do_splice_direct+0x10/0x10 [ 560.667457][T15230] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 560.674519][T15230] do_sendfile+0xaed/0xe30 [ 560.679810][T15230] ? __pfx_do_sendfile+0x10/0x10 [ 560.685729][T15230] ? __x64_sys_futex+0x1e1/0x4c0 [ 560.691648][T15230] ? __x64_sys_futex+0x1ea/0x4c0 [ 560.697566][T15230] __x64_sys_sendfile64+0x1da/0x220 [ 560.703799][T15230] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 560.710658][T15230] do_syscall_64+0xcd/0x250 [ 560.716060][T15230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.723123][T15230] RIP: 0033:0x7f6610585d29 [ 560.728406][T15230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.751927][T15230] RSP: 002b:00007f6611354038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 560.762010][T15230] RAX: ffffffffffffffda RBX: 00007f6610775fa0 RCX: 00007f6610585d29 [ 560.771560][T15230] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 560.781108][T15230] RBP: 00007f6610601b08 R08: 0000000000000000 R09: 0000000000000000 [ 560.790660][T15230] R10: 0000000000006585 R11: 0000000000000246 R12: 0000000000000000 [ 560.800217][T15230] R13: 0000000000000000 R14: 00007f6610775fa0 R15: 00007ffe743af3e8 [ 560.809779][T15230] [ 561.830745][T14894] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 561.877566][T14894] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 562.031971][ T5828] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 562.331240][ T5828] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 562.367448][ T5828] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 562.514203][ T6704] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.556693][T15224] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 562.611018][T15224] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 562.702090][ T6704] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.746670][ T6704] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.826195][ T6704] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.995183][ T6704] bridge_slave_1: left allmulticast mode [ 563.010242][ T6704] bridge_slave_1: left promiscuous mode [ 563.017598][ T6704] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.072775][ T6704] bridge_slave_0: left allmulticast mode [ 563.079574][ T6704] bridge_slave_0: left promiscuous mode [ 563.091718][ T6704] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.295094][ T6704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.310279][ T6704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.325342][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.333842][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.369396][ T6704] bond0 (unregistering): Released all slaves [ 563.738306][ T6704] hsr_slave_0: left promiscuous mode [ 563.753504][ T6704] hsr_slave_1: left promiscuous mode [ 563.778588][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 563.789919][ T6704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 563.835241][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 563.851812][ T6704] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 563.874805][ T6704] veth1_macvtap: left promiscuous mode [ 563.881995][ T6704] veth0_macvtap: left promiscuous mode [ 563.888902][ T6704] veth1_vlan: left promiscuous mode [ 563.895680][ T6704] veth0_vlan: left promiscuous mode [ 564.264253][ T6704] team0 (unregistering): Port device team_slave_1 removed [ 564.315275][ T6704] team0 (unregistering): Port device team_slave_0 removed