last executing test programs: 2m58.259802483s ago: executing program 0 (id=1594): statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x0, 0x402000, 0x0, 0xe, 0x1, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xffffffffffffffff, 0x4, 0x2f, 0x0, 0x0, 0x1006, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x3, 0xfffffffffffffffc, 0x2, 0x8, 0x10000000007, 0xc567]}, 0x1fa, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r1, 0x40085112, 0x3) ioctl$auto__ctl_fops_dm_ioctl(r0, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd05, &(0x7f00000001c0)) 2m58.121746098s ago: executing program 0 (id=1596): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc) io_uring_setup$auto(0x6, 0x0) lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0) socket(0xa, 0x2, 0x3a) fspick$auto(0x926, 0x0, 0x10) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x8, 0x3) r1 = socket(0x2, 0x6, 0x0) getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r2 = getuid() msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, 0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff}) setresuid$auto(r2, 0x0, r3) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x514, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x34f, 0x7a, 0x0, 0x1, [@nested={0x320, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x283, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d486959ed8532e76172335133a32f51f7b6acefd306acf6931f5fa72ed462e02a8697fbe27b6e47bf01edf164baa57d965c208da8fe15cff", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a1"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x514}}, 0x4c090) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001}) capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000}) 2m57.7678603s ago: executing program 0 (id=1598): ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) munmap$auto(0x3, 0x4da) r0 = socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0x5, 0xa) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8880) capset$auto(&(0x7f0000000080)={0x3, 0x0}, &(0x7f0000000140)={0x4, 0xffffff5e}) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) read$auto_random_fops_random(0xffffffffffffffff, &(0x7f0000000400)=""/183, 0xb7) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xfebf0c436aa031f1) seccomp$auto(0x1, 0x8, &(0x7f0000000400)) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0) r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)="3173a3", 0x3) 2m56.820667246s ago: executing program 0 (id=1601): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/overcommit_memory\x00', 0xf22437c730143eb6, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/wg0/drop_gratuitous_arp\x00', 0x202, 0x0) sendfile$auto(r2, r2, 0x0, 0x7fffe000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) copy_file_range$auto(r3, 0x0, r3, &(0x7f0000000180)=0x80, 0x21c1, 0x0) mmap$auto(0x0, 0x20009, 0xe1, 0xeb1, 0x40000000000a5, 0x8000) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7020fddbdf250700000008000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000084) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x40080) setrlimit$auto(0x1000000007, 0x0) open_tree$auto(0xffffffffffffffff, 0x0, 0x1001) pipe2$auto(0x0, 0x7d) ioctl$sock_SIOCGIFINDEX(r1, 0x5452, 0x0) write$auto(r0, 0x0, 0x0) 2m56.271084871s ago: executing program 0 (id=1610): userfaultfd$auto(0x1) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) munmap$auto(0x5, 0xa) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3) 2m51.595309187s ago: executing program 0 (id=1619): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), r0) r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/flags\x00', 0x408800, 0x0) sendmsg$auto_GTP_CMD_ECHOREQ(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012dbd7000fbdbdf250300000008000200ff7f000014000b00fc000000000000000000000000000001080004000000000014400c00fe8000000000000000000000000000bb08000200070000000c0003000000000000000000080007006f0d718abd82f12e274086eabc09f4", @ANYRES32=r2, @ANYBLOB='\b\x00\t\x00\n\x00\x00\x00'], 0x70}, 0x1, 0x0, 0x0, 0x2000800}, 0x4000) madvise$auto(0x6, 0xffffffffffff0001, 0x702b) munmap$auto(0x20001000, 0x4) connect$auto(0x3, 0x0, 0x54) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mincore$auto(0x1000, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000) socket(0x0, 0x800, 0x92d) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99??\x00\x00\x00\x01\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) r3 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) move_pages$auto(0x1, 0x3, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x2, 0x1, 0x0) socket(0x21, 0x3, 0x95) ioctl$auto(0x8000000000000001, 0x89ef, 0x9) read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf254b000000060066004e200000040067001c00e700b82cad0c51f2a83adcfca107dd3f5f75695d36947dbd531ecfb154d85fcfa6e1"], 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x40810) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/scsi_tmf_0/max_active\x00', 0x123902, 0x0) write$auto(r4, &(0x7f00000001c0)='0\"\xfb]$|\xcb1j\xeb0B|d\x1e\xec\x99\xb9\xfd\xd3\x89O\x9f\xac+\xf6\xd7/\xc9\xe9x\xd4\xf3\xc8\xf5\x7fW\xd3\xa6\x96\xd3^\xb8\xb4gq%H\xcc\x88r\xeaO\x8e\x10\t\xc7 P\xcf\xa7H\b\x04\x87\x98\x16`\xa3S\xd46\x10Wf\xc9<7\xcf\xc9\xf1\b\x9b\x8c\x9fu;\xc48(u\xf9Bx\n\xafW%/bBT\xa9\a\xed\xd2H4\x96\xa3U\xca\xf1\xef\x14dU\x15\x16\xa7\xdd\x01\x0e\xda\xc8\xd3\x00\xc5\b\x1a\xb0mN\x01\xb1\xc8B.U\xd1\x02\'\x9a\'\xf1;\xedJ\xf6@\xac\a\xf5\xf5 |\x1ex\xb7@=\xad\xe7\xff\xd6\xc1\xcf\x11\x0f\x99+v\x873\xc4\x17]\x17!]ct\xff\t\xb2A\x0f\x91\x02\xca&\x910xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff}) setresuid$auto(r2, 0x0, r3) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x4e0, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x31b, 0x7a, 0x0, 0x1, [@nested={0x2ec, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x24e, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d4", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a13228"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x4e0}}, 0x4c090) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001}) capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000}) 46.93690627s ago: executing program 1 (id=1874): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000) map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9) unshare$auto(0x40000080) msgctl$auto(0xe, 0x9, 0x0) r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0) socket(0x28, 0x2, 0xf) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0) bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0) r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2) sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) 42.920104277s ago: executing program 1 (id=1881): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x10, 0x2, 0xc) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) ioperm$auto(0x7, 0x6, 0xffffffffffff4064) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) 42.313079432s ago: executing program 1 (id=1883): userfaultfd$auto(0x1) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) munmap$auto(0x3, 0x4da) r0 = socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0x5, 0xa) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)="3173a3", 0x3) 40.945107414s ago: executing program 1 (id=1887): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) shutdown$auto(0x200000003, 0x2) open(0x0, 0x4242, 0xe1d2b27bdc14aabc) socket(0x2, 0x3, 0x1) ioctl$auto(0x1, 0x890c, 0x8) 25.631656001s ago: executing program 33 (id=1887): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) shutdown$auto(0x200000003, 0x2) open(0x0, 0x4242, 0xe1d2b27bdc14aabc) socket(0x2, 0x3, 0x1) ioctl$auto(0x1, 0x890c, 0x8) 20.802562904s ago: executing program 2 (id=1915): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x300) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/maps\x00', 0x200, 0x0) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), r0) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002abd70002502000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000) 20.545691961s ago: executing program 2 (id=1919): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc) io_uring_setup$auto(0x6, 0x0) lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0) socket(0xa, 0x2, 0x3a) fspick$auto(0x926, 0x0, 0x10) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x8, 0x3) r1 = socket(0x2, 0x6, 0x0) getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r2 = getuid() msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, 0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff}) setresuid$auto(r2, 0x0, r3) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x508, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x343, 0x7a, 0x0, 0x1, [@nested={0x314, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x278, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d486959ed8532e76172335133a32f51f7b6acefd306acf6931f5fa72ed462e02a8697fbe27b6e47bf01edf", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a13228"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x508}}, 0x4c090) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001}) capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000}) 14.498348327s ago: executing program 4 (id=1929): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x88) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55) write$auto(0x3, 0x0, 0xfdef) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0xfffffffa, 0x3fc00, 0x4, @raw=0x5, &(0x7f0000000000)={@raw=0x6cd3dc16, 0x9, 0x10001, 0x7, "d0157f1da2e1b2c4464508046b8161ce335165000000000e04000000ccbe1a4ec13d465abb852246134abf87"}, "3e3e8bb7e73ba219b52c8a714934c55da88879fb30a0a166170c4bb1bc9cf1f6e9b3dbca453bff6195359c982cb5cb4c674a"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x8000000008, 0xb, 0x40000009b71, 0xca7, 0x8000000000008000) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x8000000000003}, 0x8) read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81) 13.741344535s ago: executing program 3 (id=1934): r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0) pwrite64$auto(r0, &(0x7f0000000140)='\vX_n\x91p\xe6\x1eRN8\x99C\x05s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x52, 0x3) 13.562993963s ago: executing program 3 (id=1935): userfaultfd$auto(0x1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) munmap$auto(0x5, 0xa) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3) 13.467482437s ago: executing program 2 (id=1936): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000) map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9) unshare$auto(0x40000080) msgctl$auto(0xe, 0x9, 0x0) r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0) socket(0x28, 0x2, 0xf) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0) bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0) r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, 0x0, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) read$auto(0x3, 0x0, 0x80) 11.903736465s ago: executing program 4 (id=1937): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0xb5d1af1605322c72) open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2) pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9) ppoll$auto(&(0x7f0000000000)={r0, 0x202}, 0x9, 0x0, 0x0, 0x8) r3 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x14, 0x1, 0x0, 0x1, [@nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x1d}]}, @typed={0x8, 0x13, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x2, 0x3a) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000000)={0x38, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_BACKEND_IDENTIFIER={0x6, 0xa, ',!'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880) write$auto_drm_connector_fops_drm_debugfs(r2, &(0x7f0000000100)="66958ddde5c88f39d148b0dfb04f2842b30695684c672af7cf29f9eea007e5ddfb4aef052597b69f07cc3600475a6b63b3fab7db1ec676f35a39a820a06ea908bf373b0a4c", 0x45) 11.183183226s ago: executing program 4 (id=1938): userfaultfd$auto(0x1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) munmap$auto(0x5, 0xa) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xc8, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3) 9.83306192s ago: executing program 3 (id=1939): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) close_range$auto(0x2, 0x8, 0x0) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2) pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9) 6.91343216s ago: executing program 5 (id=1904): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x20001000, 0x4) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) access$auto(&(0x7f0000000000)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x3) connect$auto(0x3, 0x0, 0x54) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mincore$auto(0x1000, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000) socket(0x0, 0x800, 0x92d) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r1 = socket(0xb, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0xc0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x10001, 0x3, 0x8001) madvise$auto(0x0, 0x80000001, 0xa) r2 = gettid() process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) copy_file_range$auto(0x2, 0x0, 0x2, 0x0, 0x8001, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0xb812, 0x89ce, 0xc) sendmsg$auto_NBD_CMD_CONNECT(r0, 0x0, 0x8880) socket$nl_generic(0x10, 0x3, 0x10) 6.898246677s ago: executing program 4 (id=1947): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000003240), 0x20001, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x28240, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x22100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto(0x0, 0xb, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00'}) 6.893768858s ago: executing program 2 (id=1948): unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) removexattr$auto(0x0, 0x0) mmap$auto(0x4, 0xf8, 0x8, 0xeb5, 0xffffffffffffffff, 0xfffffffffffffff2) getrandom$auto(0x0, 0x6000000, 0x3) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000040)=""/88, 0x58) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000001080)=""/4092, 0xffc) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1, 0x1, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x7) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)=0x40) connect$auto(0x3, &(0x7f00000001c0), 0x55) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x80000001, 0x8) 3.619315448s ago: executing program 5 (id=1940): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x300) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/maps\x00', 0x200, 0x0) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), r0) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002abd70002502000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000) 3.618715933s ago: executing program 2 (id=1941): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000f1da34d2b84da88d90dfcfab6bea62a418ffeaa6064f852d0b0018af8d7a8e01b94b2a450e52d18572be98698bc911a4affd1e9d42ace4ea42251a5abedb785b92ba77eb5308af21f689540d44efe490add170af0a8fa7173a4bb1d617563be192e5c24e661ff2f0bf1f55f9133fd8e3da83b3fc2cad2b0ee6fb8d6ea7005fe1f4347977", @ANYRES16=r1, @ANYBLOB="010129bd7000fddbdf250d0000000c0006000100000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001100)=""/4106, 0x100a) read$auto(r0, 0x0, 0x2) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000080), r2) r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r5 = socket(0x11, 0xa, 0x1000) setregid$auto(0x5, 0x6) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto(0x0, 0x3ff, 0x0, 0x1000006, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x401, 0x8000) timer_create$auto(0x2, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000805}, 0x10) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="e3b727bf70ffffff7f0000000000dcb68952543a1f62c3ab33ca708b9dd70bc3000f00818d618ae358476c3f7d93d3fbef716d7dee4ab8261677bc79353ee173dd01f9b1d6c9780f1036445ee065d410dbe43ee31abd79282a16be415a258be6af56c311cca7141a0cb296186063ce996810aa94334f4564b36df31dc75bcfbb6d7721847b870d989715"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) timer_settime$auto(0x0, 0x7ff, &(0x7f0000000000)={{0xa6, 0x7}, {0x0, 0x3}}, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0xb, 0x10007}, {0x9, 0xcd21}}, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x4) process_mrelease$auto(0x4, 0x0) ioctl$auto(r5, 0x2, 0x2) read$auto_proc_pid_numa_maps_operations_internal(r4, &(0x7f0000000000)=""/110, 0x6e) 3.618666063s ago: executing program 3 (id=1942): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a) 3.61833979s ago: executing program 4 (id=1950): r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0) pwrite64$auto(r0, 0x0, 0x52, 0x3) 3.429470018s ago: executing program 3 (id=1943): userfaultfd$auto(0x1) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) munmap$auto(0x3, 0x4da) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)="3173a3", 0x3) 269.251364ms ago: executing program 3 (id=1944): ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) munmap$auto(0x3, 0x4da) r0 = socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0x5, 0xa) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) capset$auto(&(0x7f0000000080)={0x3, 0x0}, &(0x7f0000000140)={0x4, 0xffffff5e}) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801) read$auto_random_fops_random(0xffffffffffffffff, &(0x7f0000000400)=""/183, 0xb7) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xfebf0c436aa031f1) seccomp$auto(0x1, 0x8, &(0x7f0000000400)) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0) r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)="3173a3", 0x3) 207.681886ms ago: executing program 5 (id=1945): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000) map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9) unshare$auto(0x40000080) msgctl$auto(0xe, 0x9, 0x0) r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0) socket(0x28, 0x2, 0xf) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0) bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0) r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2) sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) 60.13074ms ago: executing program 4 (id=1946): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x0) pipe$auto(0x0) fcntl$auto(0x8000000000000001, 0x26, 0x2) r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r4, 0x0, 0xe) 0s ago: executing program 2 (id=1949): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x88) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55) write$auto(0x3, 0x0, 0xfdef) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0xfffffffa, 0x3fc00, 0x4, @raw=0x5, &(0x7f0000000000)={@raw=0x6cd3dc16, 0x9, 0x10001, 0x7, "d0157f1da2e1b2c4464508046b8161ce335165000000000e04000000ccbe1a4ec13d465abb852246134abf87"}, "3e3e8bb7e73ba219b52c8a714934c55da88879fb30a0a166170c4bb1bc9cf1f6e9b3dbca453bff6195359c982cb5cb4c674a"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x8000000008, 0xb, 0x40000009b71, 0xca7, 0x8000000000008000) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x8000000000003}, 0x8) read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81) kernel console output (not intermixed with test programs): v: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.697209][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.718142][ T5844] team0: Port device team_slave_0 added [ 93.724967][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.732420][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.758639][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.800219][ T5844] team0: Port device team_slave_1 added [ 93.821802][ T5839] hsr_slave_0: entered promiscuous mode [ 93.829670][ T5839] hsr_slave_1: entered promiscuous mode [ 93.908707][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.915808][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.928172][ T5850] Bluetooth: hci3: command tx timeout [ 93.942327][ T5148] Bluetooth: hci1: command tx timeout [ 93.948371][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.953385][ T5837] Bluetooth: hci0: command tx timeout [ 93.966366][ T5843] Bluetooth: hci2: command tx timeout [ 93.987788][ T5845] hsr_slave_0: entered promiscuous mode [ 93.994254][ T5845] hsr_slave_1: entered promiscuous mode [ 94.001430][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.009364][ T5845] Cannot create hsr debugfs directory [ 94.019170][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.029491][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.056609][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.071515][ T5835] hsr_slave_0: entered promiscuous mode [ 94.081535][ T5835] hsr_slave_1: entered promiscuous mode [ 94.088483][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.096094][ T5835] Cannot create hsr debugfs directory [ 94.230365][ T5844] hsr_slave_0: entered promiscuous mode [ 94.237284][ T5844] hsr_slave_1: entered promiscuous mode [ 94.244041][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.253826][ T5844] Cannot create hsr debugfs directory [ 94.473425][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.485431][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.511881][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.524366][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.602235][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.618492][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.631070][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.652907][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.700824][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.737539][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.762809][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.794780][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.835341][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.857460][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.875172][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.900992][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.953593][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.995938][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.021330][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.049504][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.057087][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.082820][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.090053][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.158699][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.189642][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.196866][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.220134][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.278583][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.301234][ T3565] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.308477][ T3565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.331624][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.378847][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.392867][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.401691][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.434154][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.441638][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.473000][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.480342][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.507465][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.514640][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.643498][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.774837][ T5839] veth0_vlan: entered promiscuous mode [ 95.813603][ T5839] veth1_vlan: entered promiscuous mode [ 95.896080][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.951689][ T5839] veth0_macvtap: entered promiscuous mode [ 95.993071][ T5839] veth1_macvtap: entered promiscuous mode [ 96.009934][ T5843] Bluetooth: hci0: command tx timeout [ 96.009974][ T5148] Bluetooth: hci1: command tx timeout [ 96.015477][ T5843] Bluetooth: hci3: command tx timeout [ 96.021610][ T5837] Bluetooth: hci2: command tx timeout [ 96.075514][ T5835] veth0_vlan: entered promiscuous mode [ 96.091761][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.111989][ T5835] veth1_vlan: entered promiscuous mode [ 96.130337][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.147337][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.168483][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.179098][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.188409][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.197820][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.221269][ T5835] veth0_macvtap: entered promiscuous mode [ 96.231565][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.260249][ T5835] veth1_macvtap: entered promiscuous mode [ 96.285734][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.298207][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.310509][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.360457][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.373275][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.388423][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.418711][ T5844] veth0_vlan: entered promiscuous mode [ 96.434136][ T5835] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.443139][ T5835] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.452483][ T5835] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.461676][ T5835] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.510945][ T5844] veth1_vlan: entered promiscuous mode [ 96.527104][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.541768][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.569650][ T5845] veth0_vlan: entered promiscuous mode [ 96.635020][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.645893][ T5844] veth0_macvtap: entered promiscuous mode [ 96.655058][ T5845] veth1_vlan: entered promiscuous mode [ 96.666457][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.701944][ T5844] veth1_macvtap: entered promiscuous mode [ 96.739692][ T3510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.759500][ T3510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.768420][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.780067][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.790388][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.801381][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.814512][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.857411][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.870253][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.886134][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.898667][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.909676][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.921284][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.945182][ T5845] veth0_macvtap: entered promiscuous mode [ 96.955213][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.966078][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.976086][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.985444][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.014683][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.014783][ T5845] veth1_macvtap: entered promiscuous mode [ 97.064336][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.111353][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.141328][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.152698][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.163832][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.174129][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.185178][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.203046][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.253471][ T5902] bond0: option mode: unable to set because the bond device is up [ 97.279692][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.330101][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.344910][ T5904] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5'. [ 97.351943][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.367886][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.379538][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.391353][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.403252][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.431021][ T5904] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 97.440530][ T5904] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 97.450269][ T5845] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.460002][ T5845] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.469672][ T92] cfg80211: failed to load regulatory.db [ 97.476090][ T5845] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.508801][ T5845] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.553043][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.572296][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.691996][ T3565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.728637][ T3565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.834111][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.847684][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.874908][ T3458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.908230][ T3458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.088896][ T5837] Bluetooth: hci2: command tx timeout [ 98.094513][ T5837] Bluetooth: hci1: command tx timeout [ 98.103106][ T5837] Bluetooth: hci0: command tx timeout [ 98.108831][ T5837] Bluetooth: hci3: command tx timeout [ 99.269965][ T5936] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.321702][ T5936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10'. [ 99.534099][ T5939] netlink: 330 bytes leftover after parsing attributes in process `syz.3.11'. [ 99.576006][ T5939] Zero length message leads to an empty skb [ 99.653963][ T5942] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.685252][ T5942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12'. [ 100.166860][ T5843] Bluetooth: hci3: command tx timeout [ 100.168585][ T5837] Bluetooth: hci0: command tx timeout [ 100.172370][ T5850] Bluetooth: hci1: command tx timeout [ 100.177787][ T5148] Bluetooth: hci2: command tx timeout [ 100.562235][ T5956] netlink: 28 bytes leftover after parsing attributes in process `syz.3.16'. [ 100.591153][ T5956] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 100.599455][ T5956] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 102.793029][ T5987] netlink: 28 bytes leftover after parsing attributes in process `syz.1.24'. [ 102.819828][ T5988] netlink: 28 bytes leftover after parsing attributes in process `syz.3.23'. [ 103.028498][ T5987] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 103.049140][ T5987] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 103.289218][ T5995] bond0: option mode: unable to set because the bond device is up [ 104.016373][ T6007] netlink: 28 bytes leftover after parsing attributes in process `syz.3.28'. [ 106.530386][ T6033] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.208596][ T29] audit: type=1400 audit(1734746970.117:2): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6053 comm="syz.1.37" [ 110.035595][ T6071] device-mapper: ioctl: Unable to rename non-existent device, to [ 110.437176][ T6080] netlink: 28 bytes leftover after parsing attributes in process `syz.3.43'. [ 110.513472][ T6082] netlink: 28 bytes leftover after parsing attributes in process `syz.1.44'. [ 112.778504][ T6118] netlink: 28 bytes leftover after parsing attributes in process `syz.3.51'. [ 113.435190][ T6125] netlink: 28 bytes leftover after parsing attributes in process `syz.3.54'. [ 113.673148][ T6125] bond0: (slave bond_slave_1): Releasing backup interface [ 118.966970][ T6190] netlink: 330 bytes leftover after parsing attributes in process `syz.3.71'. [ 120.205797][ T6212] netlink: 28 bytes leftover after parsing attributes in process `syz.2.77'. [ 120.308740][ T6212] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 120.405589][ T6212] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 122.408577][ T6247] netlink: 28 bytes leftover after parsing attributes in process `syz.3.83'. [ 124.043426][ T6272] netlink: 28 bytes leftover after parsing attributes in process `syz.0.86'. [ 124.597311][ T6279] netlink: 28 bytes leftover after parsing attributes in process `syz.3.88'. [ 125.176852][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'. [ 125.413992][ T6292] netlink: 28 bytes leftover after parsing attributes in process `syz.3.90'. [ 126.441239][ T6295] process 'syz.1.91' launched ':,' with NULL argv: empty string added [ 126.784146][ T6302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.92'. [ 127.783506][ T6312] netlink: 28 bytes leftover after parsing attributes in process `syz.2.94'. [ 128.649634][ T6326] netlink: 28 bytes leftover after parsing attributes in process `syz.3.98'. [ 129.425180][ T6330] bond0: option mode: unable to set because the bond device is up [ 129.971725][ T6341] netlink: 28 bytes leftover after parsing attributes in process `syz.0.102'. [ 131.528003][ T6355] netlink: 8 bytes leftover after parsing attributes in process `syz.3.106'. [ 131.741135][ T6361] netlink: 342 bytes leftover after parsing attributes in process `syz.2.107'. [ 131.987917][ T6364] netlink: 28 bytes leftover after parsing attributes in process `syz.3.108'. [ 132.225120][ T6367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.109'. [ 132.594136][ T6374] bond0: option mode: unable to set because the bond device is up [ 133.023923][ T6370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.110'. [ 133.384449][ T6387] netlink: 28 bytes leftover after parsing attributes in process `syz.2.113'. [ 133.546661][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.115'. [ 133.867651][ T6399] netlink: 28 bytes leftover after parsing attributes in process `syz.1.114'. [ 134.586134][ T6406] netlink: 28 bytes leftover after parsing attributes in process `syz.2.117'. [ 135.257594][ T6414] netlink: 342 bytes leftover after parsing attributes in process `syz.0.118'. [ 135.309998][ T6416] netlink: 28 bytes leftover after parsing attributes in process `syz.2.120'. [ 135.578154][ T6419] netlink: 28 bytes leftover after parsing attributes in process `syz.3.122'. [ 136.046003][ T6431] netlink: 28 bytes leftover after parsing attributes in process `syz.3.124'. [ 136.069354][ T6434] netlink: 28 bytes leftover after parsing attributes in process `syz.2.125'. [ 136.101476][ T6427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.123'. [ 137.065364][ T6449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.127'. [ 137.529696][ T6456] netlink: 28 bytes leftover after parsing attributes in process `syz.3.130'. [ 138.425785][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.436430][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.476423][ T6467] netlink: 342 bytes leftover after parsing attributes in process `syz.3.131'. [ 139.534692][ T6470] netlink: 28 bytes leftover after parsing attributes in process `syz.2.140'. [ 143.329602][ T6483] netlink: 28 bytes leftover after parsing attributes in process `syz.0.132'. [ 144.274936][ T6491] netlink: 28 bytes leftover after parsing attributes in process `syz.1.133'. [ 146.177554][ T6516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.136'. [ 149.083559][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.138'. [ 149.798589][ T6556] netlink: 330 bytes leftover after parsing attributes in process `syz.0.148'. [ 149.826527][ T6556] : renamed from bond_slave_1 (while UP) [ 154.968809][ T6617] netlink: 330 bytes leftover after parsing attributes in process `syz.1.161'. [ 155.036893][ T6617] : renamed from bond_slave_1 (while UP) [ 158.132408][ T6657] netlink: 28 bytes leftover after parsing attributes in process `syz.2.175'. [ 158.627636][ T6665] netlink: 28 bytes leftover after parsing attributes in process `syz.0.177'. [ 160.286347][ T29] audit: type=1400 audit(1734747022.197:3): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6694 comm="syz.2.187" [ 167.737641][ T6827] netlink: 28 bytes leftover after parsing attributes in process `syz.0.225'. [ 170.126981][ T6837] bond0: option mode: unable to set because the bond device is up [ 170.290515][ T6852] netlink: 28 bytes leftover after parsing attributes in process `syz.2.234'. [ 177.655026][ T6921] bond0: option mode: unable to set because the bond device is up [ 177.987736][ T6943] netlink: 330 bytes leftover after parsing attributes in process `syz.1.259'. [ 178.054818][ T6946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.260'. [ 181.326528][ T6989] netlink: 28 bytes leftover after parsing attributes in process `syz.3.271'. [ 185.287250][ T7031] netlink: 28 bytes leftover after parsing attributes in process `syz.3.281'. [ 199.862734][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.869374][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.592909][ T7287] device-mapper: ioctl: Unable to rename non-existent device, to [ 207.979812][ T7307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.350'. [ 208.054677][ T7307] tc_dump_action: action bad kind [ 209.886835][ T7329] device-mapper: ioctl: Unable to rename non-existent device, to [ 210.267760][ T7333] syz.2.357 uses obsolete (PF_INET,SOCK_PACKET) [ 211.392484][ T7350] block nbd0: Unsupported socket: shutdown callout must be supported. [ 212.681736][ T7364] device-mapper: ioctl: Unable to rename non-existent device, to [ 214.487152][ T7393] device-mapper: ioctl: Unable to rename non-existent device, to [ 214.659983][ T7396] netlink: zone id is out of range [ 214.665177][ T7396] netlink: zone id is out of range [ 214.686313][ T7396] netlink: zone id is out of range [ 214.694991][ T7396] netlink: get zone limit has 4 unknown bytes [ 217.012619][ T7424] netlink: 342 bytes leftover after parsing attributes in process `syz.3.386'. [ 217.299440][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 217.305554][ T5850] Bluetooth: hci0: command 0x0406 tx timeout [ 217.315500][ T5846] Bluetooth: hci2: command 0x0406 tx timeout [ 217.328022][ T5837] Bluetooth: hci3: command 0x0406 tx timeout [ 217.473122][ T7433] device-mapper: ioctl: Unable to rename non-existent device, to [ 219.377700][ T7465] device-mapper: ioctl: Unable to rename non-existent device, to [ 221.256524][ T7499] netlink: 28 bytes leftover after parsing attributes in process `syz.0.410'. [ 223.072670][ T7551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.428'. [ 223.309642][ T29] audit: type=1800 audit(1734747085.227:4): pid=7554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.426" name="discovery_nqn" dev="configfs" ino=16084 res=0 errno=0 [ 223.330204][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.218674][ T7633] device-mapper: ioctl: Unable to rename non-existent device, to [ 226.261643][ T7635] block nbd0: Unsupported socket: shutdown callout must be supported. [ 227.804988][ T7668] device-mapper: ioctl: Unable to rename non-existent device, to [ 228.677137][ T7674] netlink: 40 bytes leftover after parsing attributes in process `syz.1.462'. [ 228.779865][ T7660] kexec: Could not allocate control_code_buffer [ 230.214306][ T7699] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 231.666312][ T7724] netlink: 20 bytes leftover after parsing attributes in process `syz.3.480'. [ 231.948948][ T7739] block nbd0: Unsupported socket: shutdown callout must be supported. [ 232.236757][ T7747] netlink: 28 bytes leftover after parsing attributes in process `syz.0.483'. [ 232.264220][ T7747] bridge_slave_1: left allmulticast mode [ 232.286828][ T7747] bridge_slave_1: left promiscuous mode [ 232.312841][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.347905][ T7747] bridge_slave_0: left allmulticast mode [ 232.353715][ T7747] bridge_slave_0: left promiscuous mode [ 232.375230][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.155866][ T7770] netlink: 20 bytes leftover after parsing attributes in process `syz.2.490'. [ 237.313516][ T7774] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(5) [ 240.398614][ T7815] mmap: syz.1.511 (7815) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 240.796871][ T7822] netlink: 28 bytes leftover after parsing attributes in process `syz.0.505'. [ 241.199435][ T7816] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 241.573186][ T7838] mkiss: ax0: crc mode is auto. [ 243.363501][ T7866] netlink: 28 bytes leftover after parsing attributes in process `syz.0.519'. [ 246.288661][ T7875] netlink: 342 bytes leftover after parsing attributes in process `syz.1.522'. [ 248.856746][ T7924] netlink: 342 bytes leftover after parsing attributes in process `syz.3.536'. [ 250.456064][ T7957] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 252.001741][ T7981] sp0: Synchronizing with TNC [ 252.163102][ T7987] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 253.018217][ T7995] netlink: 28 bytes leftover after parsing attributes in process `syz.1.560'. [ 255.710222][ T8023] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 256.761807][ T8035] ptrace attach of "./syz-executor exec"[5844] was attempted by "./syz-executor exec"[8035] [ 257.376581][ T8039] netlink: 28 bytes leftover after parsing attributes in process `syz.0.572'. [ 258.966422][ T8052] block nbd0: Unsupported socket: shutdown callout must be supported. [ 259.852286][ T8061] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 260.593608][ T8070] netlink: 28 bytes leftover after parsing attributes in process `syz.3.583'. [ 261.289073][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.295459][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.258752][ T8085] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[8085] [ 262.819557][ T8094] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 265.054653][ T8118] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 265.486814][ T8121] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[8121] [ 267.575029][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.601'. [ 268.176386][ T8152] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 268.342806][ T8154] block nbd0: Unsupported socket: shutdown callout must be supported. [ 269.974387][ T8164] netlink: 28 bytes leftover after parsing attributes in process `syz.0.611'. [ 270.719577][ T8176] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[8176] [ 270.840862][ T8180] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 271.535179][ T8188] block nbd0: Unsupported socket: shutdown callout must be supported. [ 278.716489][ T8211] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 279.574283][ T8227] netlink: 28 bytes leftover after parsing attributes in process `syz.3.633'. [ 279.846415][ T8233] block nbd0: Unsupported socket: shutdown callout must be supported. [ 279.999535][ T8238] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 280.135353][ T8240] sp0: Synchronizing with TNC [ 281.302326][ T8264] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. syzkaller syzkaller login: [ 281.796353][ T8274] block nbd0: Unsupported socket: shutdown callout must be supported. [ 282.442399][ T8289] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 283.464015][ T8309] sp0: Synchronizing with TNC [ 283.756511][ T8314] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 284.020591][ T8319] block nbd0: Unsupported socket: shutdown callout must be supported. syzkaller syzkaller login: [ 286.966810][ T8338] block nbd0: Unsupported socket: shutdown callout must be supported. [ 287.632385][ T8352] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 288.098507][ T8361] netlink: 28 bytes leftover after parsing attributes in process `syz.0.675'. [ 288.315679][ T8371] sp0: Synchronizing with TNC [ 289.242871][ T8383] erspan0: entered allmulticast mode syzkaller syzkaller login: [ 292.296386][ T8395] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 292.546384][ T8401] block nbd0: Unsupported socket: shutdown callout must be supported. [ 293.018782][ T8397] netlink: 28 bytes leftover after parsing attributes in process `syz.2.687'. [ 293.194596][ T8423] netlink: 28 bytes leftover after parsing attributes in process `syz.0.695'. [ 293.309456][ T8426] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 293.430736][ T8422] block nbd0: Unsupported socket: shutdown callout must be supported. [ 295.310289][ T8445] erspan0: entered allmulticast mode [ 296.166326][ T8454] block nbd0: Unsupported socket: shutdown callout must be supported. [ 297.010863][ T8469] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 298.639437][ T8486] block nbd0: Unsupported socket: shutdown callout must be supported. [ 299.148674][ T8492] netlink: 28 bytes leftover after parsing attributes in process `syz.1.716'. [ 299.347971][ T8496] netlink: 28 bytes leftover after parsing attributes in process `syz.3.706'. [ 299.466743][ T8501] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 299.691883][ T8508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.721'. [ 300.192237][ T8516] sp0: Synchronizing with TNC [ 300.620019][ T8525] netlink: 28 bytes leftover after parsing attributes in process `syz.1.724'. [ 301.052524][ T8534] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. syzkaller syzkaller login: [ 302.089171][ T8549] netlink: 28 bytes leftover after parsing attributes in process `syz.2.730'. [ 302.556615][ T8556] block nbd0: Unsupported socket: shutdown callout must be supported. [ 303.606573][ T8564] block nbd0: Unsupported socket: shutdown callout must be supported. [ 304.089727][ T8571] netlink: 28 bytes leftover after parsing attributes in process `syz.3.736'. [ 304.282490][ T8577] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 304.746288][ T8575] sp0: Synchronizing with TNC [ 306.530585][ T8607] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. syzkaller syzkaller login: [ 306.991625][ T8612] netlink: 28 bytes leftover after parsing attributes in process `syz.2.748'. [ 307.452872][ T8618] block nbd0: Unsupported socket: shutdown callout must be supported. [ 308.380282][ T8624] netlink: zone id is out of range [ 308.385488][ T8624] netlink: zone id is out of range [ 308.411131][ T8624] netlink: del zone limit has 8 unknown bytes [ 308.819941][ T8630] netlink: 24 bytes leftover after parsing attributes in process `syz.3.756'. [ 309.958541][ T8637] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 310.480691][ T8641] block nbd0: Unsupported socket: shutdown callout must be supported. [ 312.745085][ T8645] sp0: Synchronizing with TNC [ 313.333270][ T8658] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 313.666556][ T8662] block nbd0: Unsupported socket: shutdown callout must be supported. [ 313.776413][ T8664] block nbd0: Unsupported socket: shutdown callout must be supported. [ 314.035343][ T8671] netlink: 28 bytes leftover after parsing attributes in process `syz.3.772'. syzkaller syzkaller login: [ 314.366392][ T8678] block nbd0: Unsupported socket: shutdown callout must be supported. [ 314.884336][ T8686] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 316.727323][ T8704] block nbd0: Unsupported socket: shutdown callout must be supported. [ 316.766058][ T8709] netlink: 28 bytes leftover after parsing attributes in process `syz.2.785'. [ 317.191269][ T8713] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 317.468519][ T8717] nbd: illegal input index 50331648 [ 317.533237][ T8708] tty tty12: ldisc open failed (-12), clearing slot 11 [ 317.616564][ T8721] netlink: 60 bytes leftover after parsing attributes in process `syz.0.789'. [ 317.625929][ T8721] openvswitch: netlink: Message has 7 unknown bytes. [ 318.560943][ T8736] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 319.032141][ T8751] netlink: 28 bytes leftover after parsing attributes in process `syz.0.798'. [ 319.476319][ T8761] block nbd0: Unsupported socket: shutdown callout must be supported. [ 321.051933][ T8777] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 321.746666][ T8790] block nbd0: Unsupported socket: shutdown callout must be supported. [ 322.728757][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.735272][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.750298][ T8808] netlink: 28 bytes leftover after parsing attributes in process `syz.1.815'. [ 323.346675][ T8817] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 323.870887][ T8830] nbd: illegal input index 50331648 [ 324.000779][ T8833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.822'. [ 324.549911][ T8839] netlink: 'syz.3.824': attribute type 4 has an invalid length. [ 324.566308][ T8839] netlink: 110 bytes leftover after parsing attributes in process `syz.3.824'. [ 325.379545][ T8846] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 326.097001][ T8862] netlink: 60 bytes leftover after parsing attributes in process `syz.1.831'. [ 326.115080][ T8862] openvswitch: netlink: Message has 7 unknown bytes. [ 329.903964][ T8899] block nbd0: Unsupported socket: shutdown callout must be supported. [ 332.436551][ T8905] block nbd0: Unsupported socket: shutdown callout must be supported. [ 337.569910][ T8942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.851'. [ 338.617516][ T8956] netlink: 28 bytes leftover after parsing attributes in process `syz.1.854'. [ 338.962659][ T8954] bond0: option mode: unable to set because the bond device is up [ 340.265206][ T8979] netlink: 28 bytes leftover after parsing attributes in process `syz.1.861'. [ 341.103933][ T8996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.865'. [ 341.916413][ T9011] netlink: zone id is out of range [ 341.951583][ T9011] netlink: set zone limit has 8 unknown bytes [ 342.019354][ T9020] bond0: option mode: unable to set because the bond device is up [ 342.516394][ T9034] block nbd0: Unsupported socket: shutdown callout must be supported. [ 343.724257][ T9048] netlink: 28 bytes leftover after parsing attributes in process `syz.3.873'. [ 345.736727][ T9089] netlink: 28 bytes leftover after parsing attributes in process `syz.3.879'. [ 346.963434][ T9052] syz.0.874 (9052) used greatest stack depth: 20224 bytes left [ 347.402827][ T9108] bond0: option mode: unable to set because the bond device is up [ 350.905173][ T9130] netlink: 28 bytes leftover after parsing attributes in process `syz.2.886'. [ 350.966626][ T9131] block nbd0: Unsupported socket: shutdown callout must be supported. [ 351.093159][ T9136] ======================================================= [ 351.093159][ T9136] WARNING: The mand mount option has been deprecated and [ 351.093159][ T9136] and is ignored by this kernel. Remove the mand [ 351.093159][ T9136] option from the mount to silence this warning. [ 351.093159][ T9136] ======================================================= [ 351.465360][ T9141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.888'. [ 351.914567][ T8890] syz.0.840 (8890) used greatest stack depth: 19584 bytes left [ 352.324691][ T9147] netlink: zone id is out of range [ 352.347213][ T9147] netlink: set zone limit has 8 unknown bytes [ 358.484046][ T9238] block nbd0: Unsupported socket: shutdown callout must be supported. [ 360.295575][ T9250] netlink: 28 bytes leftover after parsing attributes in process `syz.3.913'. [ 360.646284][ T9255] netlink: 28 bytes leftover after parsing attributes in process `syz.3.914'. [ 361.381006][ T9261] Process accounting resumed [ 363.870292][ T9271] block nbd0: Unsupported socket: shutdown callout must be supported. [ 364.402092][ T9283] netlink: 28 bytes leftover after parsing attributes in process `syz.3.922'. [ 364.949005][ T9298] netlink: 28 bytes leftover after parsing attributes in process `syz.1.925'. [ 365.636379][ T9309] block nbd0: Unsupported socket: shutdown callout must be supported. [ 365.746824][ T9314] block nbd0: Unsupported socket: shutdown callout must be supported. [ 365.951183][ T9320] netlink: 28 bytes leftover after parsing attributes in process `syz.1.932'. [ 366.616917][ T9324] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 366.686620][ T9326] netlink: 342 bytes leftover after parsing attributes in process `syz.1.933'. [ 368.576397][ T9356] Process accounting resumed [ 368.799774][ T9365] netlink: 28 bytes leftover after parsing attributes in process `syz.2.943'. [ 369.511644][ T9372] block nbd0: Unsupported socket: shutdown callout must be supported. [ 372.876432][ T9388] block nbd0: Unsupported socket: shutdown callout must be supported. [ 372.973775][ T9391] netlink: 28 bytes leftover after parsing attributes in process `syz.2.949'. [ 373.902494][ T9403] can: request_module (can-proto-0) failed. [ 374.935016][ T9417] netlink: 28 bytes leftover after parsing attributes in process `syz.3.955'. [ 375.476206][ T9426] block nbd0: Unsupported socket: shutdown callout must be supported. [ 376.039870][ T9432] block nbd0: Unsupported socket: shutdown callout must be supported. [ 379.027173][ T9452] netlink: 28 bytes leftover after parsing attributes in process `syz.0.967'. [ 380.366950][ T9478] block nbd0: Unsupported socket: shutdown callout must be supported. [ 380.561613][ T9489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.975'. [ 380.803153][ T9489] team0: Port device team_slave_0 removed [ 381.775562][ T9505] netlink: 330 bytes leftover after parsing attributes in process `syz.2.976'. [ 381.806171][ T9505] mac80211_hwsim hwsim37 : renamed from wlan0 [ 381.871788][ T9514] netlink: zone id is out of range [ 381.886246][ T9514] netlink: zone id is out of range [ 381.896173][ T9514] netlink: zone id is out of range [ 381.906270][ T9514] netlink: get zone limit has 4 unknown bytes [ 383.277992][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.3.983'. [ 383.736842][ T9559] block nbd0: Unsupported socket: shutdown callout must be supported. [ 384.175032][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.181537][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.385572][ T29] audit: type=1800 audit(3695.730:5): pid=9575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.990" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 385.002374][ T29] audit: type=1800 audit(3696.330:6): pid=9598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.992" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 385.793744][ T9621] netlink: 28 bytes leftover after parsing attributes in process `syz.3.997'. [ 388.622716][ T9655] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1008'. [ 389.238581][ T9671] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1014'. [ 389.456397][ T9676] block nbd0: Unsupported socket: shutdown callout must be supported. [ 389.756393][ T9680] block nbd0: Unsupported socket: shutdown callout must be supported. [ 390.896465][ T9698] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1019'. [ 390.931950][ T9691] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1018'. [ 393.168050][ T9714] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 393.561782][ T9720] block nbd0: Unsupported socket: shutdown callout must be supported. [ 393.878209][ T9736] block nbd1: Unsupported socket: shutdown callout must be supported. [ 394.067716][ T9741] raw_sendmsg: syz.0.1033 forgot to set AF_INET. Fix it! [ 397.398916][ T9749] FAULT_INJECTION: forcing a failure. [ 397.398916][ T9749] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 397.412672][ T9749] CPU: 1 UID: 0 PID: 9749 Comm: syz.1.1035 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 397.423423][ T9749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 397.433538][ T9749] Call Trace: [ 397.436870][ T9749] [ 397.439865][ T9749] dump_stack_lvl+0x16c/0x1f0 [ 397.444632][ T9749] should_fail_ex+0x497/0x5b0 [ 397.448856][ T9751] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1036'. [ 397.449361][ T9749] _copy_to_user+0x32/0xd0 [ 397.462788][ T9749] simple_read_from_buffer+0xd0/0x160 [ 397.468234][ T9749] proc_fail_nth_read+0x198/0x270 [ 397.473355][ T9749] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 397.478953][ T9749] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 397.484549][ T9749] vfs_read+0x1df/0xbe0 [ 397.488740][ T9749] ? __fget_files+0x1fc/0x3a0 [ 397.493466][ T9749] ? __pfx___mutex_lock+0x10/0x10 [ 397.498539][ T9749] ? __pfx_vfs_read+0x10/0x10 [ 397.503262][ T9749] ? __fget_files+0x206/0x3a0 [ 397.507985][ T9749] ksys_read+0x12b/0x250 [ 397.512263][ T9749] ? __pfx_ksys_read+0x10/0x10 [ 397.517073][ T9749] do_syscall_64+0xcd/0x250 [ 397.521630][ T9749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.527738][ T9749] RIP: 0033:0x7f474198473c [ 397.532179][ T9749] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 397.551927][ T9749] RSP: 002b:00007f474272e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 397.560376][ T9749] RAX: ffffffffffffffda RBX: 00007f4741b75fa0 RCX: 00007f474198473c [ 397.568385][ T9749] RDX: 000000000000000f RSI: 00007f474272e0a0 RDI: 0000000000000003 [ 397.576401][ T9749] RBP: 00007f474272e090 R08: 0000000000000000 R09: 0000000000000000 [ 397.584435][ T9749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.592445][ T9749] R13: 0000000000000001 R14: 00007f4741b75fa0 R15: 00007ffc8250bda8 [ 397.600489][ T9749] [ 397.603588][ C1] vkms_vblank_simulate: vblank timer overrun [ 397.629191][ T9751] veth0_macvtap: left promiscuous mode [ 397.819509][ T9758] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1039'. [ 397.929232][ T9760] block nbd0: Unsupported socket: shutdown callout must be supported. [ 398.465304][ T9772] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1044'. [ 399.247872][ T9770] block nbd0: Unsupported socket: shutdown callout must be supported. [ 401.602948][ T9790] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1049'. [ 401.956998][ T9800] block nbd0: Unsupported socket: shutdown callout must be supported. [ 402.589488][ T9809] block nbd0: Unsupported socket: shutdown callout must be supported. [ 402.898055][ T9817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1058'. [ 402.910614][ T9817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1058'. [ 403.283393][ T9827] [U] c [ 403.295172][ T9827] [U] υR[^~O [ 403.299329][ T9827] [U] ?/*'/V [ 403.304894][ T9826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1061'. [ 403.331442][ T9830] [U] JzrkU'\Xc [ 403.353923][ T9830] [U] υR[^~O [ 403.358074][ T9830] [U] ?/*'/V [ 403.963487][ T9847] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 405.663706][ T9878] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1076'. [ 406.388033][ T9892] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 406.813848][ T9909] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1089'. [ 406.956178][ T9914] block nbd0: Unsupported socket: shutdown callout must be supported. [ 407.944554][ T9935] netlink: 'syz.2.1095': attribute type 11 has an invalid length. [ 408.388779][ T9943] netlink: 'syz.1.1097': attribute type 4 has an invalid length. [ 408.613828][ T9949] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1100'. [ 408.993980][ T9959] block nbd0: Unsupported socket: shutdown callout must be supported. [ 410.715001][ T9979] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1101'. [ 410.878649][ T9969] can: request_module (can-proto-3) failed. [ 410.890199][ T9970] can: request_module (can-proto-3) failed. [ 411.080791][ T9990] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 411.183273][ T29] audit: type=1326 audit(3722.530:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9989 comm="syz.3.1109" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc79e185d29 code=0x0 [ 411.233930][ T9995] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1048706]. [ 411.378284][ T9997] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1111'. [ 411.707410][T10001] block nbd0: Unsupported socket: shutdown callout must be supported. [ 413.605711][T10035] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1122'. [ 416.478881][T10075] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1136'. [ 416.889172][T10081] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1138'. [ 417.023321][T10085] cgroup: fork rejected by pids controller in /syz1 [ 418.617165][T10255] block nbd0: Unsupported socket: shutdown callout must be supported. [ 422.837274][T10320] mkiss: ax0: crc mode is auto. [ 423.043017][T10098] syz.1.1138 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 423.196082][T10098] CPU: 1 UID: 0 PID: 10098 Comm: syz.1.1138 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 423.206964][T10098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 423.217037][T10098] Call Trace: [ 423.220435][T10098] [ 423.223376][T10098] dump_stack_lvl+0x16c/0x1f0 [ 423.228115][T10098] dump_header+0x101/0x900 [ 423.232560][T10098] oom_kill_process+0x270/0xa60 [ 423.237437][T10098] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 423.243291][T10098] out_of_memory+0x351/0x1700 [ 423.248022][T10098] ? __pfx_out_of_memory+0x10/0x10 [ 423.253189][T10098] ? rcu_read_unlock+0x17/0x60 [ 423.258139][T10098] ? find_held_lock+0x2d/0x110 [ 423.262954][T10098] mem_cgroup_out_of_memory+0x207/0x270 [ 423.268522][T10098] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 423.274625][T10098] ? do_raw_spin_unlock+0x172/0x230 [ 423.279883][T10098] try_charge_memcg+0x54c/0xaf0 [ 423.284788][T10098] ? __pfx_try_charge_memcg+0x10/0x10 [ 423.290191][T10098] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 423.295675][T10098] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 423.301171][T10098] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 423.306766][T10098] __mem_cgroup_charge+0x9b/0x280 [ 423.311853][T10098] shmem_alloc_and_add_folio+0x507/0xc00 [ 423.317523][T10098] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 423.323468][T10098] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 423.329653][T10098] ? shmem_huge_global_enabled+0x176/0x250 [ 423.335504][T10098] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 423.341440][T10098] shmem_get_folio_gfp+0x689/0x1530 [ 423.346681][T10098] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 423.352348][T10098] ? find_held_lock+0x2d/0x110 [ 423.357181][T10098] shmem_write_begin+0x161/0x300 [ 423.362167][T10098] ? __pfx_shmem_write_begin+0x10/0x10 [ 423.367659][T10098] ? timestamp_truncate+0x21f/0x2e0 [ 423.372902][T10098] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 423.379812][T10098] generic_perform_write+0x2ba/0x920 [ 423.385145][T10098] ? __pfx_generic_perform_write+0x10/0x10 [ 423.390991][T10098] ? inode_needs_update_time.part.0+0x191/0x270 [ 423.397285][T10098] shmem_file_write_iter+0x10e/0x140 [ 423.402616][T10098] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 423.408464][T10098] __kernel_write_iter+0x318/0xa80 [ 423.413616][T10098] ? __pfx___kernel_write_iter+0x10/0x10 [ 423.419283][T10098] ? get_dump_page+0x15b/0x230 [ 423.424105][T10098] ? __pfx___might_resched+0x10/0x10 [ 423.429430][T10098] dump_user_range+0x389/0x8c0 [ 423.434266][T10098] ? __pfx_dump_user_range+0x10/0x10 [ 423.439608][T10098] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 423.445801][T10098] ? __pfx_writenote+0x10/0x10 [ 423.450607][T10098] elf_core_dump+0x2787/0x3880 [ 423.455419][T10098] ? __pfx_elf_core_dump+0x10/0x10 [ 423.460567][T10098] ? try_to_wake_up+0x949/0x1490 [ 423.465534][T10098] ? __pfx_lock_release+0x10/0x10 [ 423.470609][T10098] ? rwsem_wake.isra.0+0xbe/0x120 [ 423.475690][T10098] ? rcu_is_watching+0x12/0xc0 [ 423.480496][T10098] ? trace_lock_acquire+0x14e/0x1f0 [ 423.485739][T10098] ? __pfx_sort+0x10/0x10 [ 423.490130][T10098] ? get_signal+0x23f3/0x2610 [ 423.494854][T10098] ? do_coredump+0x2dd5/0x43e0 [ 423.499666][T10098] do_coredump+0x2dd5/0x43e0 [ 423.504316][T10098] ? __pfx_do_coredump+0x10/0x10 [ 423.509295][T10098] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 423.515316][T10098] get_signal+0x23f3/0x2610 [ 423.519870][T10098] ? __pfx_get_signal+0x10/0x10 [ 423.524844][T10098] ? __pfx_force_sig_fault+0x10/0x10 [ 423.530175][T10098] arch_do_signal_or_restart+0x90/0x7e0 [ 423.535772][T10098] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 423.541981][T10098] ? trace_irq_disable.constprop.0+0xea/0x140 [ 423.548090][T10098] irqentry_exit_to_user_mode+0x13f/0x280 [ 423.553866][T10098] asm_exc_invalid_op+0x1a/0x20 [ 423.558759][T10098] RIP: 0033:0x0 [ 423.562247][T10098] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 423.569631][T10098] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 423.575729][T10098] RAX: 0000000000000000 RBX: 00007f4741b76320 RCX: 00007f4741985d29 [ 423.583728][T10098] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b44 [ 423.591728][T10098] RBP: 00007f4741a01aa8 R08: 0000000000000002 R09: 0000000000000000 [ 423.599730][T10098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.607730][T10098] R13: 0000000000000000 R14: 00007f4741b76320 R15: 00007ffc8250bda8 [ 423.615746][T10098] [ 423.700961][T10098] memory: usage 307200kB, limit 307200kB, failcnt 2488 [ 423.708012][T10098] memory+swap: usage 307232kB, limit 9007199254740988kB, failcnt 0 [ 423.715917][T10098] kmem: usage 5996kB, limit 9007199254740988kB, failcnt 0 [ 423.723139][T10098] Memory cgroup stats for /syz1: [ 423.723531][T10098] cache 281157632 [ 423.732238][T10098] rss 15458304 [ 423.735615][T10098] rss_huge 0 [ 423.738957][T10098] shmem 281157632 [ 423.742630][T10098] mapped_file 33423360 [ 423.746821][T10098] dirty 0 [ 423.749795][T10098] writeback 0 [ 423.753106][T10098] workingset_refault_anon 14846 [ 423.758088][T10098] workingset_refault_file 31 [ 423.762708][T10098] swap 32768 [ 423.765912][T10098] swapcached 11800576 [ 423.770007][T10098] pgpgin 610253 [ 423.773507][T10098] pgpgout 539555 [ 423.777151][T10098] pgfault 228522 [ 423.780740][T10098] pgmajfault 2900 [ 423.784408][T10098] inactive_anon 2609152 [ 423.788917][T10098] active_anon 305807360 [ 423.793133][T10098] inactive_file 0 [ 423.796885][T10098] active_file 0 [ 423.800371][T10098] unevictable 0 [ 423.803832][T10098] hierarchical_memory_limit 314572800 [ 423.809321][T10098] hierarchical_memsw_limit 9223372036854771712 [ 423.815514][T10098] total_cache 281157632 [ 423.819785][T10098] total_rss 15458304 [ 423.823716][T10098] total_rss_huge 0 [ 423.827532][T10098] total_shmem 281157632 [ 423.831713][T10098] total_mapped_file 33423360 [ 423.836437][T10098] total_dirty 0 [ 423.839928][T10098] total_writeback 0 [ 423.843742][T10098] total_workingset_refault_anon 14846 [ 423.849204][T10098] total_workingset_refault_file 31 [ 423.854344][T10098] total_swap 32768 [ 423.858215][T10098] total_swapcached 11800576 [ 423.862749][T10098] total_pgpgin 610253 [ 423.866832][T10098] total_pgpgout 539555 [ 423.870929][T10098] total_pgfault 228522 [ 423.875036][T10098] total_pgmajfault 2900 [ 423.879302][T10098] total_inactive_anon 2609152 [ 423.884020][T10098] total_active_anon 305807360 [ 423.888995][T10098] total_inactive_file 0 [ 423.893186][T10098] total_active_file 0 [ 423.897298][T10098] total_unevictable 0 [ 423.901314][T10098] anon_cost 0 [ 423.904638][T10098] file_cost 0 [ 423.908065][T10098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1138,pid=10105,uid=0 [ 423.925177][T10098] Memory cgroup out of memory: Killed process 10105 (syz.1.1138) total-vm:131564kB, anon-rss:1220kB, file-rss:23388kB, shmem-rss:32620kB, UID:0 pgtables:192kB oom_score_adj:1000 [ 424.268213][T10322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1146'. [ 426.107840][ T31] oom_reaper: reaped process 10105 (syz.1.1138), now anon-rss:124kB, file-rss:20808kB, shmem-rss:10916kB [ 430.991697][T10350] block nbd0: Unsupported socket: shutdown callout must be supported. [ 435.275684][T10368] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1163'. [ 435.499613][T10371] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1164'. [ 435.810437][T10388] mkiss: ax0: crc mode is auto. [ 436.009391][T10390] block nbd0: Unsupported socket: shutdown callout must be supported. [ 439.767260][T10436] block nbd0: Unsupported socket: shutdown callout must be supported. [ 440.101025][T10449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1192'. [ 440.223412][T10455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.238416][T10455] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 440.266641][T10457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1196'. [ 440.620788][T10468] block nbd0: Unsupported socket: shutdown callout must be supported. [ 441.591530][T10471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1201'. [ 441.757166][T10476] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1203'. [ 444.975186][T10491] block nbd0: Unsupported socket: shutdown callout must be supported. [ 445.609349][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.615724][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.873191][T10498] netlink: 74 bytes leftover after parsing attributes in process `syz.0.1211'. [ 445.915922][T10497] netlink: 130 bytes leftover after parsing attributes in process `syz.0.1211'. [ 446.508776][T10506] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1214'. [ 447.989931][T10524] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1220'. [ 449.177447][T10516] netlink: 'syz.3.1217': attribute type 1 has an invalid length. [ 449.185727][T10516] nbd: error processing sock list [ 449.413933][T10544] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 450.283026][T10556] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1228'. [ 453.401217][ T29] audit: type=1800 audit(3764.750:8): pid=10580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1234" name="features" dev="configfs" ino=31547 res=0 errno=0 [ 453.453530][ T29] audit: type=1800 audit(3764.780:9): pid=10580 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1234" name="dbroot" dev="configfs" ino=31548 res=0 errno=0 [ 454.013044][T10582] FAULT_INJECTION: forcing a failure. [ 454.013044][T10582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 454.042299][T10582] CPU: 1 UID: 0 PID: 10582 Comm: syz.2.1236 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 454.053247][T10582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 454.063378][T10582] Call Trace: [ 454.066706][T10582] [ 454.069680][T10582] dump_stack_lvl+0x16c/0x1f0 [ 454.074528][T10582] should_fail_ex+0x497/0x5b0 [ 454.079323][T10582] _copy_from_user+0x2e/0xd0 [ 454.084008][T10582] split_huge_pages_write+0x21b/0x1f60 [ 454.089546][T10582] ? is_bpf_text_address+0x8a/0x1a0 [ 454.094827][T10582] ? __pfx_lock_release+0x10/0x10 [ 454.099910][T10582] ? trace_lock_acquire+0x14e/0x1f0 [ 454.105169][T10582] ? __pfx_split_huge_pages_write+0x10/0x10 [ 454.111117][T10582] ? __lock_acquire+0xcc5/0x3c40 [ 454.116134][T10582] ? hlock_class+0x4e/0x130 [ 454.120683][T10582] ? mark_lock+0xb5/0xc60 [ 454.125087][T10582] ? __pfx_mark_lock+0x10/0x10 [ 454.129944][T10582] ? __pfx___lock_acquire+0x10/0x10 [ 454.135209][T10582] ? __pfx___lock_acquire+0x10/0x10 [ 454.140461][T10582] ? __pfx_aa_file_perm+0x10/0x10 [ 454.145713][T10582] ? debugfs_file_get+0x21c/0x5c0 [ 454.150783][T10582] ? __pfx_debugfs_file_get+0x10/0x10 [ 454.156197][T10582] ? rcu_is_watching+0x12/0xc0 [ 454.161005][T10582] ? trace_lock_acquire+0x14e/0x1f0 [ 454.166254][T10582] full_proxy_write+0xfb/0x1b0 [ 454.171071][T10582] ? __pfx_full_proxy_write+0x10/0x10 [ 454.176490][T10582] vfs_write+0x24c/0x1150 [ 454.180860][T10582] ? __fget_files+0x1fc/0x3a0 [ 454.185665][T10582] ? __pfx___mutex_lock+0x10/0x10 [ 454.190734][T10582] ? __pfx_vfs_write+0x10/0x10 [ 454.195543][T10582] ? __fget_files+0x206/0x3a0 [ 454.200299][T10582] ksys_write+0x12b/0x250 [ 454.204694][T10582] ? __pfx_ksys_write+0x10/0x10 [ 454.209597][T10582] do_syscall_64+0xcd/0x250 [ 454.214160][T10582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.220099][T10582] RIP: 0033:0x7fcd39585d29 [ 454.224551][T10582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.244288][T10582] RSP: 002b:00007fcd3a2ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 454.252741][T10582] RAX: ffffffffffffffda RBX: 00007fcd39775fa0 RCX: 00007fcd39585d29 [ 454.260779][T10582] RDX: 0000000000000003 RSI: 0000000020000100 RDI: 0000000000000003 [ 454.268792][T10582] RBP: 00007fcd3a2ed090 R08: 0000000000000000 R09: 0000000000000000 [ 454.276797][T10582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.284799][T10582] R13: 0000000000000000 R14: 00007fcd39775fa0 R15: 00007ffd0550b5d8 [ 454.292841][T10582] [ 454.783448][T10603] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 455.632700][T10616] random: crng reseeded on system resumption [ 455.837115][T10620] FAULT_INJECTION: forcing a failure. [ 455.837115][T10620] name failslab, interval 1, probability 0, space 0, times 0 [ 455.876250][T10620] CPU: 1 UID: 0 PID: 10620 Comm: syz.2.1246 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 455.887117][T10620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 455.897245][T10620] Call Trace: [ 455.900571][T10620] [ 455.903546][T10620] dump_stack_lvl+0x16c/0x1f0 [ 455.908300][T10620] should_fail_ex+0x497/0x5b0 [ 455.913070][T10620] ? fs_reclaim_acquire+0xae/0x150 [ 455.918259][T10620] should_failslab+0xc2/0x120 [ 455.923024][T10620] __kmalloc_node_noprof+0xd1/0x520 [ 455.928314][T10620] ? __pfx___mutex_lock+0x10/0x10 [ 455.933425][T10620] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 455.939059][T10620] __kvmalloc_node_noprof+0xad/0x1a0 [ 455.944413][T10620] traverse.part.0.constprop.0+0x392/0x640 [ 455.950263][T10620] ? __pfx_lock_release+0x10/0x10 [ 455.955331][T10620] seq_read_iter+0x934/0x12b0 [ 455.960056][T10620] seq_read+0x39f/0x4e0 [ 455.964248][T10620] ? __pfx_seq_read+0x10/0x10 [ 455.968989][T10620] ? __pfx_seq_read+0x10/0x10 [ 455.973702][T10620] proc_reg_read+0x23d/0x330 [ 455.978343][T10620] ? __pfx_proc_reg_read+0x10/0x10 [ 455.983512][T10620] vfs_read+0x1df/0xbe0 [ 455.987715][T10620] ? __fget_files+0x1fc/0x3a0 [ 455.992452][T10620] ? __pfx_lock_release+0x10/0x10 [ 455.997517][T10620] ? __pfx_vfs_read+0x10/0x10 [ 456.002255][T10620] ? lock_acquire+0x2f/0xb0 [ 456.006793][T10620] ? __fget_files+0x40/0x3a0 [ 456.011428][T10620] ? __fget_files+0x206/0x3a0 [ 456.016150][T10620] __x64_sys_pread64+0x1f6/0x250 [ 456.021136][T10620] ? __pfx___x64_sys_pread64+0x10/0x10 [ 456.026661][T10620] do_syscall_64+0xcd/0x250 [ 456.031354][T10620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.037308][T10620] RIP: 0033:0x7fcd39585d29 [ 456.041772][T10620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.061442][T10620] RSP: 002b:00007fcd3a2ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 456.069900][T10620] RAX: ffffffffffffffda RBX: 00007fcd39775fa0 RCX: 00007fcd39585d29 [ 456.077925][T10620] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 456.085921][T10620] RBP: 00007fcd3a2ed090 R08: 0000000000000000 R09: 0000000000000000 [ 456.093929][T10620] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 456.102235][T10620] R13: 0000000000000000 R14: 00007fcd39775fa0 R15: 00007ffd0550b5d8 [ 456.110341][T10620] [ 456.679491][T10624] block nbd0: Unsupported socket: shutdown callout must be supported. [ 459.513619][T10643] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1254'. [ 459.799036][T10648] netlink: 280 bytes leftover after parsing attributes in process `syz.2.1256'. [ 460.456271][T10654] block nbd0: Unsupported socket: shutdown callout must be supported. [ 461.430652][T10672] block nbd0: Unsupported socket: shutdown callout must be supported. [ 462.659768][T10693] bond0: option mode: unable to set because the bond device is up [ 462.856527][T10699] block nbd0: Unsupported socket: shutdown callout must be supported. [ 463.242816][T10705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1275'. [ 463.288860][T10705] bond0: option mode: unable to set because the bond device is up [ 464.730387][T10738] CIFS: VFS: Invalid SecurityFlags: [ 464.976326][T10745] block nbd0: Unsupported socket: shutdown callout must be supported. [ 465.188983][ T29] audit: type=1800 audit(3776.530:10): pid=10750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1291" name="members" dev="configfs" ino=32223 res=0 errno=0 [ 465.426947][T10755] device-mapper: ioctl: Unable to rename non-existent device, to [ 465.623151][T10760] FAULT_INJECTION: forcing a failure. [ 465.623151][T10760] name failslab, interval 1, probability 0, space 0, times 0 [ 465.650450][T10760] CPU: 1 UID: 0 PID: 10760 Comm: syz.1.1294 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 465.661311][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 465.671430][T10760] Call Trace: [ 465.674765][T10760] [ 465.677747][T10760] dump_stack_lvl+0x16c/0x1f0 [ 465.682496][T10760] should_fail_ex+0x497/0x5b0 [ 465.687250][T10760] ? fs_reclaim_acquire+0xae/0x150 [ 465.692438][T10760] should_failslab+0xc2/0x120 [ 465.697194][T10760] __kmalloc_noprof+0xce/0x4f0 [ 465.702023][T10760] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 465.707711][T10760] ? tomoyo_realpath_from_path+0xbf/0x710 [ 465.713492][T10760] tomoyo_realpath_from_path+0xbf/0x710 [ 465.719082][T10760] ? tomoyo_path_number_perm+0x235/0x5b0 [ 465.724773][T10760] tomoyo_path_number_perm+0x248/0x5b0 [ 465.730280][T10760] ? tomoyo_path_number_perm+0x235/0x5b0 [ 465.735968][T10760] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 465.742037][T10760] ? __pfx_lock_release+0x10/0x10 [ 465.747098][T10760] ? trace_lock_acquire+0x14e/0x1f0 [ 465.752361][T10760] ? lock_acquire+0x2f/0xb0 [ 465.756905][T10760] ? __fget_files+0x40/0x3a0 [ 465.761542][T10760] ? __fget_files+0x206/0x3a0 [ 465.766264][T10760] security_file_ioctl+0x9b/0x240 [ 465.771330][T10760] __x64_sys_ioctl+0xb7/0x200 [ 465.776055][T10760] do_syscall_64+0xcd/0x250 [ 465.780616][T10760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.786566][T10760] RIP: 0033:0x7f4741985d29 [ 465.791020][T10760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.810672][T10760] RSP: 002b:00007f474272e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 465.819159][T10760] RAX: ffffffffffffffda RBX: 00007f4741b75fa0 RCX: 00007f4741985d29 [ 465.827159][T10760] RDX: 00000000200001c0 RSI: fffffff7effffd05 RDI: 0000000000000003 [ 465.835161][T10760] RBP: 00007f474272e090 R08: 0000000000000000 R09: 0000000000000000 [ 465.843162][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.851187][T10760] R13: 0000000000000000 R14: 00007f4741b75fa0 R15: 00007ffc8250bda8 [ 465.859212][T10760] [ 465.998118][T10762] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1295'. [ 466.148697][T10760] ERROR: Out of memory at tomoyo_realpath_from_path. [ 466.168493][T10760] device-mapper: ioctl: Unable to rename non-existent device, to [ 466.937226][T10786] block nbd0: Unsupported socket: shutdown callout must be supported. [ 467.546283][T10805] block nbd0: Unsupported socket: shutdown callout must be supported. [ 468.254550][T10814] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1310'. [ 468.661653][T10826] FAULT_INJECTION: forcing a failure. [ 468.661653][T10826] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 468.695244][T10826] CPU: 1 UID: 0 PID: 10826 Comm: syz.1.1314 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 468.706108][T10826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 468.716215][T10826] Call Trace: [ 468.719529][T10826] [ 468.722499][T10826] dump_stack_lvl+0x16c/0x1f0 [ 468.727238][T10826] should_fail_ex+0x497/0x5b0 [ 468.731983][T10826] _copy_to_iter+0x4a5/0x1400 [ 468.736736][T10826] ? __pfx__copy_to_iter+0x10/0x10 [ 468.741917][T10826] ? __virt_addr_valid+0x1a4/0x590 [ 468.747106][T10826] ? __virt_addr_valid+0x5e/0x590 [ 468.752202][T10826] ? __phys_addr_symbol+0x30/0x80 [ 468.757289][T10826] ? __check_object_size+0x488/0x710 [ 468.762643][T10826] seq_read_iter+0x725/0x12b0 [ 468.767382][T10826] ? __pfx_aa_file_perm+0x10/0x10 [ 468.772466][T10826] seq_read+0x39f/0x4e0 [ 468.776670][T10826] ? __pfx_seq_read+0x10/0x10 [ 468.781421][T10826] ? __pfx_seq_read+0x10/0x10 [ 468.786173][T10826] vfs_read+0x1df/0xbe0 [ 468.790385][T10826] ? __fget_files+0x1fc/0x3a0 [ 468.795127][T10826] ? __pfx_lock_release+0x10/0x10 [ 468.800198][T10826] ? __pfx_vfs_read+0x10/0x10 [ 468.804919][T10826] ? lock_acquire+0x2f/0xb0 [ 468.809453][T10826] ? __fget_files+0x40/0x3a0 [ 468.814081][T10826] ? __fget_files+0x206/0x3a0 [ 468.818806][T10826] __x64_sys_pread64+0x1f6/0x250 [ 468.823783][T10826] ? __pfx___x64_sys_pread64+0x10/0x10 [ 468.829287][T10826] do_syscall_64+0xcd/0x250 [ 468.833856][T10826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.839791][T10826] RIP: 0033:0x7f4741985d29 [ 468.844237][T10826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.863904][T10826] RSP: 002b:00007f474272e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 468.872359][T10826] RAX: ffffffffffffffda RBX: 00007f4741b75fa0 RCX: 00007f4741985d29 [ 468.880372][T10826] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 468.888371][T10826] RBP: 00007f474272e090 R08: 0000000000000000 R09: 0000000000000000 [ 468.897343][T10826] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 468.905340][T10826] R13: 0000000000000000 R14: 00007f4741b75fa0 R15: 00007ffc8250bda8 [ 468.913354][T10826] [ 470.086451][T10845] block nbd0: Unsupported socket: shutdown callout must be supported. [ 473.325825][T10909] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1338'. [ 475.966553][T10940] netlink: zone id is out of range [ 475.971754][T10940] netlink: zone id is out of range [ 476.006241][T10940] netlink: zone id is out of range [ 476.011729][T10940] netlink: get zone limit has 4 unknown bytes [ 477.137892][T10951] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1353'. [ 479.658771][ T29] audit: type=1800 audit(3791.010:11): pid=10964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1356" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 480.679255][T10982] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1362'. [ 480.903688][T10986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1361'. [ 481.728425][T11001] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1367'. [ 484.571346][T11011] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1371'. [ 484.586203][T11011] : renamed from hsr_slave_0 (while UP) [ 484.790573][T11025] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1374'. [ 485.666895][T11044] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 485.735947][T11044] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 486.029631][T11043] erspan0: entered allmulticast mode [ 486.564311][T11062] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 486.851493][T10282] erspan0 (unregistering): left allmulticast mode [ 487.449390][T11076] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1388'. [ 488.961801][T11100] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1396'. [ 489.005212][T11102] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1397'. [ 491.077078][T11147] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1409'. [ 491.546150][T11147] hsr_slave_1 (unregistering): left promiscuous mode [ 491.783187][T11160] capability: warning: `syz.0.1412' uses 32-bit capabilities (legacy support in use) [ 491.979286][T11162] Process accounting resumed [ 494.360748][T11199] FAULT_INJECTION: forcing a failure. [ 494.360748][T11199] name failslab, interval 1, probability 0, space 0, times 0 [ 494.404080][T11199] CPU: 1 UID: 0 PID: 11199 Comm: syz.3.1425 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 494.414950][T11199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 494.425081][T11199] Call Trace: [ 494.428409][T11199] [ 494.431389][T11199] dump_stack_lvl+0x16c/0x1f0 [ 494.436149][T11199] should_fail_ex+0x497/0x5b0 [ 494.440912][T11199] ? fs_reclaim_acquire+0xae/0x150 [ 494.446102][T11199] should_failslab+0xc2/0x120 [ 494.450873][T11199] __kmalloc_noprof+0xce/0x4f0 [ 494.455802][T11199] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 494.461502][T11199] ? tomoyo_realpath_from_path+0xbf/0x710 [ 494.467297][T11199] tomoyo_realpath_from_path+0xbf/0x710 [ 494.472921][T11199] ? tomoyo_path_number_perm+0x235/0x5b0 [ 494.478642][T11199] tomoyo_path_number_perm+0x248/0x5b0 [ 494.484188][T11199] ? tomoyo_path_number_perm+0x235/0x5b0 [ 494.489917][T11199] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 494.496018][T11199] ? __pfx_lock_release+0x10/0x10 [ 494.501107][T11199] ? trace_lock_acquire+0x14e/0x1f0 [ 494.506391][T11199] ? lock_acquire+0x2f/0xb0 [ 494.510941][T11199] ? __fget_files+0x40/0x3a0 [ 494.515582][T11199] ? __fget_files+0x206/0x3a0 [ 494.520307][T11199] security_file_ioctl+0x9b/0x240 [ 494.525373][T11199] __x64_sys_ioctl+0xb7/0x200 [ 494.530087][T11199] do_syscall_64+0xcd/0x250 [ 494.534636][T11199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.540571][T11199] RIP: 0033:0x7fc79e185d29 [ 494.545021][T11199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 494.564674][T11199] RSP: 002b:00007fc79efb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 494.573131][T11199] RAX: ffffffffffffffda RBX: 00007fc79e375fa0 RCX: 00007fc79e185d29 [ 494.581133][T11199] RDX: 0000000000000000 RSI: 00000000c0305710 RDI: 0000000000000003 [ 494.589134][T11199] RBP: 00007fc79efb3090 R08: 0000000000000000 R09: 0000000000000000 [ 494.597134][T11199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.605134][T11199] R13: 0000000000000000 R14: 00007fc79e375fa0 R15: 00007ffee0f7e728 [ 494.613155][T11199] [ 494.846162][T11199] ERROR: Out of memory at tomoyo_realpath_from_path. [ 495.111530][T11203] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 497.954607][T11226] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1433'. [ 500.557880][T11240] block nbd1: Unsupported socket: shutdown callout must be supported. [ 504.221738][ T5850] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 504.300275][T11275] block nbd1: Unsupported socket: shutdown callout must be supported. [ 504.860086][T11280] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 504.868405][T11280] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 504.905387][T11280] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 504.919943][T11280] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 504.934109][T11280] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 504.944671][T11280] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 504.954960][T11280] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 504.965233][T11280] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 506.406317][ T5148] Bluetooth: hci0: command 0x0406 tx timeout [ 506.595291][T11291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1451'. [ 506.604354][T11291] tc_dump_action: action bad kind [ 506.973021][T11309] FAULT_INJECTION: forcing a failure. [ 506.973021][T11309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 506.990249][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 506.998268][ T5148] Bluetooth: hci2: command 0x0406 tx timeout [ 507.004398][ T5148] Bluetooth: hci1: command 0x0406 tx timeout [ 507.022696][T11309] CPU: 0 UID: 0 PID: 11309 Comm: syz.0.1457 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 507.033565][T11309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 507.043677][T11309] Call Trace: [ 507.047007][T11309] [ 507.049981][T11309] dump_stack_lvl+0x16c/0x1f0 [ 507.054742][T11309] should_fail_ex+0x497/0x5b0 [ 507.059507][T11309] _copy_to_iter+0x29b/0x1400 [ 507.064455][T11309] ? trace_lock_acquire+0x14e/0x1f0 [ 507.069757][T11309] ? __pfx__copy_to_iter+0x10/0x10 [ 507.074949][T11309] ? __virt_addr_valid+0x1a4/0x590 [ 507.080139][T11309] ? __virt_addr_valid+0x5e/0x590 [ 507.085235][T11309] ? __phys_addr_symbol+0x30/0x80 [ 507.090331][T11309] ? __check_object_size+0x488/0x710 [ 507.095698][T11309] seq_read_iter+0x725/0x12b0 [ 507.100465][T11309] proc_reg_read_iter+0x21d/0x310 [ 507.105560][T11309] vfs_read+0x87f/0xbe0 [ 507.109793][T11309] ? __pfx_vfs_read+0x10/0x10 [ 507.114537][T11309] ? lock_acquire+0x2f/0xb0 [ 507.119104][T11309] ? __fget_files+0x40/0x3a0 [ 507.123784][T11309] __x64_sys_pread64+0x1f6/0x250 [ 507.128798][T11309] ? __pfx___x64_sys_pread64+0x10/0x10 [ 507.134337][T11309] do_syscall_64+0xcd/0x250 [ 507.138917][T11309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.144879][T11309] RIP: 0033:0x7f062c785d29 [ 507.149352][T11309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.169055][T11309] RSP: 002b:00007f062d5f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 507.177543][T11309] RAX: ffffffffffffffda RBX: 00007f062c975fa0 RCX: 00007f062c785d29 [ 507.185580][T11309] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000003 [ 507.193608][T11309] RBP: 00007f062d5f2090 R08: 0000000000000000 R09: 0000000000000000 [ 507.201636][T11309] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 507.209662][T11309] R13: 0000000000000000 R14: 00007f062c975fa0 R15: 00007ffc6f53b978 [ 507.217714][T11309] [ 507.226538][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.232923][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.291138][T11302] Process accounting resumed [ 507.297065][T11302] kstrtoul() returned -22 for lu_gp_id [ 507.392986][T11301] block nbd1: Unsupported socket: shutdown callout must be supported. [ 508.486132][ T5148] Bluetooth: hci0: command 0x0406 tx timeout [ 509.046264][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 509.052387][ T5850] Bluetooth: hci2: command 0x0406 tx timeout [ 509.059626][ T5148] Bluetooth: hci1: command 0x0406 tx timeout [ 509.823340][T11315] kstrtoul() returned -22 for lu_gp_id [ 510.123763][T11330] kstrtoul() returned -22 for lu_gp_id [ 510.206514][T11339] kstrtoul() returned -22 for lu_gp_id [ 510.636743][T11341] kstrtoul() returned -22 for lu_gp_id [ 510.730740][T11355] kstrtoul() returned -22 for lu_gp_id [ 511.321625][T11357] kstrtoul() returned -22 for lu_gp_id [ 511.389852][T11373] kstrtoul() returned -22 for lu_gp_id [ 511.504172][T11379] FAULT_INJECTION: forcing a failure. [ 511.504172][T11379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 511.517679][T11379] CPU: 1 UID: 0 PID: 11379 Comm: syz.1.1476 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 511.528522][T11379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 511.538621][T11379] Call Trace: [ 511.541933][T11379] [ 511.544901][T11379] dump_stack_lvl+0x16c/0x1f0 [ 511.549610][T11379] should_fail_ex+0x497/0x5b0 [ 511.554374][T11379] _copy_to_user+0x32/0xd0 [ 511.558827][T11379] simple_read_from_buffer+0xd0/0x160 [ 511.564256][T11379] proc_fail_nth_read+0x198/0x270 [ 511.569322][T11379] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 511.574909][T11379] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 511.580506][T11379] vfs_read+0x1df/0xbe0 [ 511.584728][T11379] ? __fget_files+0x1fc/0x3a0 [ 511.589448][T11379] ? __pfx___mutex_lock+0x10/0x10 [ 511.594514][T11379] ? __pfx_vfs_read+0x10/0x10 [ 511.599240][T11379] ? __fget_files+0x206/0x3a0 [ 511.603965][T11379] ksys_read+0x12b/0x250 [ 511.608246][T11379] ? __pfx_ksys_read+0x10/0x10 [ 511.613055][T11379] do_syscall_64+0xcd/0x250 [ 511.617607][T11379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.623544][T11379] RIP: 0033:0x7f474198473c [ 511.627990][T11379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 511.647633][T11379] RSP: 002b:00007f474272e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 511.656088][T11379] RAX: ffffffffffffffda RBX: 00007f4741b75fa0 RCX: 00007f474198473c [ 511.664126][T11379] RDX: 000000000000000f RSI: 00007f474272e0a0 RDI: 000000000000000e [ 511.672131][T11379] RBP: 00007f474272e090 R08: 0000000000000000 R09: 0000000000000000 [ 511.680136][T11379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 511.688138][T11379] R13: 0000000000000000 R14: 00007f4741b75fa0 R15: 00007ffc8250bda8 [ 511.696157][T11379] [ 512.407297][T11375] kstrtoul() returned -22 for lu_gp_id [ 512.490669][T11401] kstrtoul() returned -22 for lu_gp_id [ 512.512157][T11406] FAULT_INJECTION: forcing a failure. [ 512.512157][T11406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 512.532709][T11406] CPU: 0 UID: 0 PID: 11406 Comm: syz.0.1483 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 512.543709][T11406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 512.553832][T11406] Call Trace: [ 512.557202][T11406] [ 512.560192][T11406] dump_stack_lvl+0x16c/0x1f0 [ 512.564950][T11406] should_fail_ex+0x497/0x5b0 [ 512.569709][T11406] _copy_to_iter+0x29b/0x1400 [ 512.574467][T11406] ? trace_lock_acquire+0x14e/0x1f0 [ 512.579750][T11406] ? __pfx__copy_to_iter+0x10/0x10 [ 512.584942][T11406] ? __virt_addr_valid+0x1a4/0x590 [ 512.590131][T11406] ? __virt_addr_valid+0x5e/0x590 [ 512.595232][T11406] ? __phys_addr_symbol+0x30/0x80 [ 512.600326][T11406] ? __check_object_size+0x488/0x710 [ 512.605766][T11406] seq_read_iter+0xd00/0x12b0 [ 512.610522][T11406] proc_reg_read_iter+0x21d/0x310 [ 512.615613][T11406] vfs_read+0x87f/0xbe0 [ 512.619839][T11406] ? __pfx_vfs_read+0x10/0x10 [ 512.624604][T11406] ksys_read+0x12b/0x250 [ 512.628910][T11406] ? __pfx_ksys_read+0x10/0x10 [ 512.633745][T11406] do_syscall_64+0xcd/0x250 [ 512.638320][T11406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.644295][T11406] RIP: 0033:0x7f062c785d29 [ 512.648773][T11406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.668449][T11406] RSP: 002b:00007f062d5f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 512.676936][T11406] RAX: ffffffffffffffda RBX: 00007f062c975fa0 RCX: 00007f062c785d29 [ 512.685047][T11406] RDX: 0000000000000ffb RSI: 0000000020000140 RDI: 0000000000000003 [ 512.693059][T11406] RBP: 00007f062d5f2090 R08: 0000000000000000 R09: 0000000000000000 [ 512.701080][T11406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.709113][T11406] R13: 0000000000000000 R14: 00007f062c975fa0 R15: 00007ffc6f53b978 [ 512.717144][T11406] [ 513.048039][T11407] kstrtoul() returned -22 for lu_gp_id [ 513.186787][T11417] FAULT_INJECTION: forcing a failure. [ 513.186787][T11417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 513.234897][T11417] CPU: 1 UID: 0 PID: 11417 Comm: syz.3.1487 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 513.245768][T11417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 513.255876][T11417] Call Trace: [ 513.259194][T11417] [ 513.262171][T11417] dump_stack_lvl+0x16c/0x1f0 [ 513.267006][T11417] should_fail_ex+0x497/0x5b0 [ 513.271784][T11417] _copy_from_user+0x2e/0xd0 [ 513.276453][T11417] ucma_listen+0x82/0x220 [ 513.280843][T11417] ? __pfx_ucma_listen+0x10/0x10 [ 513.285955][T11417] ? __pfx_ucma_listen+0x10/0x10 [ 513.290949][T11417] ucma_write+0x1f9/0x330 [ 513.295348][T11417] ? __pfx_ucma_write+0x10/0x10 [ 513.300246][T11417] ? bpf_lsm_file_permission+0x9/0x10 [ 513.305665][T11417] ? security_file_permission+0x71/0x210 [ 513.311338][T11417] ? __pfx_ucma_write+0x10/0x10 [ 513.316231][T11417] vfs_write+0x24c/0x1150 [ 513.320601][T11417] ? __pfx_vfs_write+0x10/0x10 [ 513.325398][T11417] ? do_sys_openat2+0xb1/0x1e0 [ 513.330204][T11417] ? __pfx_do_sys_openat2+0x10/0x10 [ 513.335469][T11417] ? fd_install+0x242/0x750 [ 513.340021][T11417] ksys_write+0x207/0x250 [ 513.344383][T11417] ? __pfx_ksys_write+0x10/0x10 [ 513.349275][T11417] do_syscall_64+0xcd/0x250 [ 513.353818][T11417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.359752][T11417] RIP: 0033:0x7fc79e185d29 [ 513.364214][T11417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.383851][T11417] RSP: 002b:00007fc79efb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 513.392304][T11417] RAX: ffffffffffffffda RBX: 00007fc79e375fa0 RCX: 00007fc79e185d29 [ 513.400303][T11417] RDX: 00000000000000c3 RSI: 0000000000000000 RDI: 0000000000000009 [ 513.408297][T11417] RBP: 00007fc79efb3090 R08: 0000000000000000 R09: 0000000000000000 [ 513.416292][T11417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.424285][T11417] R13: 0000000000000000 R14: 00007fc79e375fa0 R15: 00007ffee0f7e728 [ 513.432299][T11417] [ 513.904580][T11417] kstrtoul() returned -22 for lu_gp_id [ 514.027266][T11429] FAULT_INJECTION: forcing a failure. [ 514.027266][T11429] name failslab, interval 1, probability 0, space 0, times 0 [ 514.040349][T11429] CPU: 1 UID: 0 PID: 11429 Comm: syz.1.1490 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 514.051188][T11429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 514.061296][T11429] Call Trace: [ 514.064706][T11429] [ 514.067673][T11429] dump_stack_lvl+0x16c/0x1f0 [ 514.072417][T11429] should_fail_ex+0x497/0x5b0 [ 514.077154][T11429] ? fs_reclaim_acquire+0xae/0x150 [ 514.082329][T11429] should_failslab+0xc2/0x120 [ 514.087080][T11429] __kmalloc_noprof+0xce/0x4f0 [ 514.091915][T11429] ? __pfx___mutex_trylock_common+0x10/0x10 [ 514.097873][T11429] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 514.105239][T11429] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 514.112432][T11429] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 514.117954][T11429] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 514.124062][T11429] ? genl_get_cmd+0x195/0x580 [ 514.128785][T11429] ? bpf_lsm_capable+0x9/0x10 [ 514.133503][T11429] ? security_capable+0x7e/0x260 [ 514.138491][T11429] genl_rcv_msg+0x565/0x800 [ 514.143049][T11429] ? __pfx_genl_rcv_msg+0x10/0x10 [ 514.148115][T11429] ? __pfx_macsec_del_rxsa+0x10/0x10 [ 514.153455][T11429] netlink_rcv_skb+0x165/0x410 [ 514.158256][T11429] ? __pfx_genl_rcv_msg+0x10/0x10 [ 514.163322][T11429] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 514.168654][T11429] ? down_read+0xc9/0x330 [ 514.173024][T11429] ? __pfx_down_read+0x10/0x10 [ 514.177833][T11429] ? netlink_deliver_tap+0x1ae/0xca0 [ 514.183155][T11429] genl_rcv+0x28/0x40 [ 514.187174][T11429] netlink_unicast+0x53c/0x7f0 [ 514.191993][T11429] ? __pfx_netlink_unicast+0x10/0x10 [ 514.197315][T11429] ? __phys_addr_symbol+0x30/0x80 [ 514.202903][T11429] ? __check_object_size+0x488/0x710 [ 514.208242][T11429] netlink_sendmsg+0x8b8/0xd70 [ 514.213050][T11429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.218383][T11429] ____sys_sendmsg+0x9ae/0xb40 [ 514.223184][T11429] ? copy_msghdr_from_user+0x10b/0x160 [ 514.228689][T11429] ? __pfx_____sys_sendmsg+0x10/0x10 [ 514.234026][T11429] ___sys_sendmsg+0x135/0x1e0 [ 514.238753][T11429] ? __pfx____sys_sendmsg+0x10/0x10 [ 514.244018][T11429] ? __pfx_lock_release+0x10/0x10 [ 514.249077][T11429] ? trace_lock_acquire+0x14e/0x1f0 [ 514.254329][T11429] ? __fget_files+0x206/0x3a0 [ 514.259054][T11429] __sys_sendmsg+0x16e/0x220 [ 514.263697][T11429] ? __pfx___sys_sendmsg+0x10/0x10 [ 514.268878][T11429] do_syscall_64+0xcd/0x250 [ 514.273426][T11429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.279360][T11429] RIP: 0033:0x7f4741985d29 [ 514.283889][T11429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.303531][T11429] RSP: 002b:00007f474272e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 514.311981][T11429] RAX: ffffffffffffffda RBX: 00007f4741b75fa0 RCX: 00007f4741985d29 [ 514.319982][T11429] RDX: 0000000000044044 RSI: 0000000020006200 RDI: 0000000000000004 [ 514.327983][T11429] RBP: 00007f474272e090 R08: 0000000000000000 R09: 0000000000000000 [ 514.335982][T11429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 514.343984][T11429] R13: 0000000000000000 R14: 00007f4741b75fa0 R15: 00007ffc8250bda8 [ 514.352001][T11429] [ 516.199633][T11452] mkiss: ax0: crc mode is auto. [ 517.000302][T11431] kstrtoul() returned -22 for lu_gp_id [ 517.796764][T11459] kstrtoul() returned -22 for lu_gp_id [ 517.969530][T11473] FAULT_INJECTION: forcing a failure. [ 517.969530][T11473] name failslab, interval 1, probability 0, space 0, times 0 [ 518.023191][T11473] CPU: 1 UID: 0 PID: 11473 Comm: syz.3.1500 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 518.034044][T11473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 518.044123][T11473] Call Trace: [ 518.047417][T11473] [ 518.050363][T11473] dump_stack_lvl+0x16c/0x1f0 [ 518.055089][T11473] should_fail_ex+0x497/0x5b0 [ 518.059841][T11473] ? fs_reclaim_acquire+0xae/0x150 [ 518.065031][T11473] should_failslab+0xc2/0x120 [ 518.069851][T11473] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 518.075756][T11473] ? __alloc_skb+0x2b3/0x380 [ 518.080435][T11473] __alloc_skb+0x2b3/0x380 [ 518.085007][T11473] ? __pfx___alloc_skb+0x10/0x10 [ 518.090038][T11473] netlink_alloc_large_skb+0x69/0x130 [ 518.095489][T11473] netlink_sendmsg+0x689/0xd70 [ 518.100349][T11473] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.105742][T11473] ____sys_sendmsg+0x9ae/0xb40 [ 518.110583][T11473] ? copy_msghdr_from_user+0x10b/0x160 [ 518.116129][T11473] ? __pfx_____sys_sendmsg+0x10/0x10 [ 518.121486][T11473] ___sys_sendmsg+0x135/0x1e0 [ 518.126225][T11473] ? __pfx____sys_sendmsg+0x10/0x10 [ 518.131533][T11473] ? __pfx_lock_release+0x10/0x10 [ 518.136591][T11473] ? trace_lock_acquire+0x14e/0x1f0 [ 518.141843][T11473] ? __fget_files+0x206/0x3a0 [ 518.146569][T11473] __sys_sendmsg+0x16e/0x220 [ 518.151209][T11473] ? __pfx___sys_sendmsg+0x10/0x10 [ 518.156385][T11473] do_syscall_64+0xcd/0x250 [ 518.160933][T11473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.166869][T11473] RIP: 0033:0x7fc79e185d29 [ 518.171322][T11473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.190982][T11473] RSP: 002b:00007fc79efb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 518.199442][T11473] RAX: ffffffffffffffda RBX: 00007fc79e375fa0 RCX: 00007fc79e185d29 [ 518.207449][T11473] RDX: 0000000004008000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 518.215451][T11473] RBP: 00007fc79efb3090 R08: 0000000000000000 R09: 0000000000000000 [ 518.223551][T11473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 518.231578][T11473] R13: 0000000000000000 R14: 00007fc79e375fa0 R15: 00007ffee0f7e728 [ 518.239591][T11473] [ 519.101258][T11473] kstrtoul() returned -22 for lu_gp_id [ 519.495709][T11493] kstrtoul() returned -22 for lu_gp_id [ 519.932916][T11503] kstrtoul() returned -22 for lu_gp_id [ 520.292710][T11509] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1511'. [ 520.625683][T11511] kstrtoul() returned -22 for lu_gp_id [ 520.815173][T11522] FAULT_INJECTION: forcing a failure. [ 520.815173][T11522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 520.877650][T11522] CPU: 1 UID: 0 PID: 11522 Comm: syz.3.1514 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 520.888515][T11522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 520.898629][T11522] Call Trace: [ 520.901932][T11522] [ 520.904887][T11522] dump_stack_lvl+0x16c/0x1f0 [ 520.909612][T11522] should_fail_ex+0x497/0x5b0 [ 520.914336][T11522] _copy_to_user+0x32/0xd0 [ 520.918800][T11522] simple_read_from_buffer+0xd0/0x160 [ 520.924252][T11522] proc_fail_nth_read+0x198/0x270 [ 520.929331][T11522] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 520.934932][T11522] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 520.940645][T11522] vfs_read+0x1df/0xbe0 [ 520.944840][T11522] ? __fget_files+0x1fc/0x3a0 [ 520.949563][T11522] ? __pfx___mutex_lock+0x10/0x10 [ 520.954644][T11522] ? __pfx_vfs_read+0x10/0x10 [ 520.959367][T11522] ? __fget_files+0x206/0x3a0 [ 520.964092][T11522] ksys_read+0x12b/0x250 [ 520.968381][T11522] ? __pfx_ksys_read+0x10/0x10 [ 520.973194][T11522] do_syscall_64+0xcd/0x250 [ 520.977748][T11522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.983710][T11522] RIP: 0033:0x7fc79e18473c [ 520.988179][T11522] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 521.008083][T11522] RSP: 002b:00007fc79efb3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 521.016620][T11522] RAX: ffffffffffffffda RBX: 00007fc79e375fa0 RCX: 00007fc79e18473c [ 521.024793][T11522] RDX: 000000000000000f RSI: 00007fc79efb30a0 RDI: 0000000000000004 [ 521.032791][T11522] RBP: 00007fc79efb3090 R08: 0000000000000000 R09: 0000000000000000 [ 521.040799][T11522] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 521.049061][T11522] R13: 0000000000000000 R14: 00007fc79e375fa0 R15: 00007ffee0f7e728 [ 521.057077][T11522] [ 521.720793][T11522] kstrtoul() returned -22 for lu_gp_id [ 521.958411][T11456] kstrtoul() returned -22 for lu_gp_id [ 522.018366][T11529] kstrtoul() returned -22 for lu_gp_id [ 522.079600][T11533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1519'. [ 522.178643][T11536] FAULT_INJECTION: forcing a failure. [ 522.178643][T11536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.236440][T11536] CPU: 1 UID: 0 PID: 11536 Comm: syz.3.1520 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 522.247310][T11536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 522.257516][T11536] Call Trace: [ 522.260837][T11536] [ 522.263826][T11536] dump_stack_lvl+0x16c/0x1f0 [ 522.268574][T11536] should_fail_ex+0x497/0x5b0 [ 522.273327][T11536] _copy_from_user+0x2e/0xd0 [ 522.278003][T11536] ucma_reject+0xa4/0x2b0 [ 522.282401][T11536] ? __pfx_ucma_reject+0x10/0x10 [ 522.287500][T11536] ? __might_fault+0xe3/0x190 [ 522.292234][T11536] ? __pfx_ucma_reject+0x10/0x10 [ 522.297207][T11536] ucma_write+0x1f9/0x330 [ 522.301588][T11536] ? __pfx_ucma_write+0x10/0x10 [ 522.306485][T11536] ? bpf_lsm_file_permission+0x9/0x10 [ 522.311926][T11536] ? security_file_permission+0x71/0x210 [ 522.317597][T11536] ? __pfx_ucma_write+0x10/0x10 [ 522.322492][T11536] vfs_write+0x24c/0x1150 [ 522.326857][T11536] ? __fget_files+0x1fc/0x3a0 [ 522.331570][T11536] ? __pfx_lock_release+0x10/0x10 [ 522.336659][T11536] ? __pfx_vfs_write+0x10/0x10 [ 522.341460][T11536] ? lock_acquire+0x2f/0xb0 [ 522.345994][T11536] ? __fget_files+0x40/0x3a0 [ 522.350628][T11536] ? __fget_files+0x206/0x3a0 [ 522.355354][T11536] ksys_write+0x207/0x250 [ 522.359719][T11536] ? __pfx_ksys_write+0x10/0x10 [ 522.364613][T11536] do_syscall_64+0xcd/0x250 [ 522.369159][T11536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.375092][T11536] RIP: 0033:0x7fc79e185d29 [ 522.379533][T11536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.399203][T11536] RSP: 002b:00007fc79efb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 522.407654][T11536] RAX: ffffffffffffffda RBX: 00007fc79e375fa0 RCX: 00007fc79e185d29 [ 522.415675][T11536] RDX: 00000000000000c3 RSI: 0000000000000000 RDI: 000000000000000b [ 522.424019][T11536] RBP: 00007fc79efb3090 R08: 0000000000000000 R09: 0000000000000000 [ 522.432024][T11536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 522.440024][T11536] R13: 0000000000000000 R14: 00007fc79e375fa0 R15: 00007ffee0f7e728 [ 522.448066][T11536] [ 522.514644][T11533] bond0: (slave ): Releasing backup interface [ 523.201128][T11536] kstrtoul() returned -22 for lu_gp_id [ 523.272435][T11548] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1524'. [ 523.536366][T11554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1526'. [ 523.870860][T11559] netlink: 280 bytes leftover after parsing attributes in process `syz.0.1528'. [ 523.989716][T11561] rnbd_client L213: map_device: Parameters missing [ 524.010332][T11561] rnbd_client L213: map_device: Parameters missing [ 525.407390][T11583] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1534'. [ 526.156794][T11596] bridge0: port 3(batadv0) entered blocking state [ 526.163386][T11596] bridge0: port 3(batadv0) entered disabled state [ 526.185192][T11596] batadv0: entered allmulticast mode [ 526.196498][T11596] batadv0: entered promiscuous mode [ 526.202439][T11596] bridge0: port 3(batadv0) entered blocking state [ 526.209139][T11596] bridge0: port 3(batadv0) entered forwarding state [ 526.236464][T10282] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 526.246495][T10282] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 526.260909][T11599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1539'. [ 526.447835][T11602] Process accounting resumed [ 526.653185][T11551] kstrtoul() returned -22 for lu_gp_id [ 527.088214][T11621] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1545'. [ 527.194482][T11624] Process accounting resumed [ 527.351607][T11610] kstrtoul() returned -22 for lu_gp_id [ 527.385967][T11627] bond0: option mode: unable to set because the bond device is up [ 527.695894][T11631] kstrtoul() returned -22 for lu_gp_id [ 529.504244][T11649] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1554'. [ 529.847097][T11656] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1556'. [ 530.259391][T11660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1557'. [ 531.067475][T11638] kstrtoul() returned -22 for lu_gp_id [ 531.236279][T11678] block nbd1: Unsupported socket: shutdown callout must be supported. [ 532.115914][T11680] kstrtoul() returned -22 for lu_gp_id [ 532.363317][T11690] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1567'. [ 532.745133][T11687] kstrtoul() returned -22 for lu_gp_id [ 533.082467][T11698] kstrtoul() returned -22 for lu_gp_id [ 535.014984][T11714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1573'. [ 535.343992][T11697] kstrtoul() returned -22 for lu_gp_id [ 535.865958][T11724] kstrtoul() returned -22 for lu_gp_id [ 536.330689][T11730] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1579'. [ 536.980603][T11735] Process accounting resumed [ 537.034473][T11735] bond0: option mode: unable to set because the bond device is up [ 537.413448][T11726] Process accounting paused [ 537.466041][T11744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1583'. [ 541.467510][T11785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1593'. [ 541.644731][T11789] device-mapper: ioctl: Unable to rename non-existent device, to sequencer2 [ 541.764478][T11793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1596'. [ 542.196251][T11801] program syz.2.1597 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 542.222237][T11800] block nbd1: Unsupported socket: shutdown callout must be supported. [ 542.899803][ T29] audit: type=1804 audit(3854.250:12): pid=11809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1600" name="#)-\&[}" dev="mqueue" ino=37626 res=1 errno=0 [ 542.900061][T11809] kernel read not supported for file /#)-\&[} (pid: 11809 comm: syz.3.1600) [ 543.016410][ T29] audit: type=1804 audit(3854.360:13): pid=11811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1600" name="#)-\&[}" dev="mqueue" ino=37626 res=1 errno=0 [ 543.066477][ T29] audit: type=1804 audit(3854.360:14): pid=11811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1600" name="#)-\&[}" dev="mqueue" ino=37626 res=1 errno=0 [ 543.112880][ T29] audit: type=1800 audit(3854.400:15): pid=11809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1600" name="#)-\&[}" dev="mqueue" ino=37626 res=0 errno=0 [ 545.147317][T11833] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1604'. [ 545.515417][T11833] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 545.658549][T11848] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1612'. [ 545.668243][T11846] block nbd1: Unsupported socket: shutdown callout must be supported. [ 547.575168][T11868] binder: 11867:11868 ioctl c0105512 1 returned -22 [ 547.597195][T11868] binder: 11867:11868 ioctl c0306201 9 returned -14 [ 548.524295][T11884] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1622'. [ 550.314104][T11901] : Can't lookup blockdev [ 554.278425][T11924] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1631'. [ 554.416891][T11930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1633'. [ 555.722685][T11937] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1637'. [ 556.893754][T11951] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1641'. [ 557.036717][T11939] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1636'. [ 557.097021][T11939] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 559.303464][T11957] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1643'. [ 561.276134][T11962] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1644'. [ 561.725364][T11969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1646'. [ 561.736108][T11969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1646'. [ 562.211140][T11977] kernel read not supported for file /#)-\&[} (pid: 11977 comm: syz.2.1648) [ 562.221612][ T29] audit: type=1800 audit(3873.580:16): pid=11977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1648" name="#)-\&[}" dev="mqueue" ino=11081 res=0 errno=0 [ 564.928420][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 564.946365][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 564.955431][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 564.967709][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 564.975506][ T5850] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 564.983775][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 565.474823][T11997] chnl_net:caif_netlink_parms(): no params data found [ 566.704102][T11997] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.726426][T11997] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.733762][T11997] bridge_slave_0: entered allmulticast mode [ 566.767488][T11997] bridge_slave_0: entered promiscuous mode [ 566.816964][T11997] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.824134][T11997] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.863442][T11997] bridge_slave_1: entered allmulticast mode [ 566.883643][T11997] bridge_slave_1: entered promiscuous mode [ 567.005267][T11997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 567.029510][T12010] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1654'. [ 567.046757][ T5850] Bluetooth: hci4: command tx timeout [ 567.062178][T11997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 567.182535][T11997] team0: Port device team_slave_0 added [ 567.208026][T11997] team0: Port device team_slave_1 added [ 567.301507][T11997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 567.318769][T11997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 567.396026][T11997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 567.434826][T11997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 567.452642][T11997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 567.522925][T11997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 567.650017][T11997] hsr_slave_0: entered promiscuous mode [ 567.683847][T11997] hsr_slave_1: entered promiscuous mode [ 567.696911][T11997] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 567.704542][T11997] Cannot create hsr debugfs directory [ 567.846911][T11995] Process accounting resumed [ 567.851611][T11995] kstrtoul() returned -22 for lu_gp_id [ 568.491672][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.499870][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.126283][ T5850] Bluetooth: hci4: command tx timeout [ 571.212502][ T5850] Bluetooth: hci4: command tx timeout [ 572.182150][T12026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1659'. [ 572.568772][T11997] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 572.609365][T11997] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 572.676315][T12012] kstrtoul() returned -22 for lu_gp_id [ 572.754736][T11997] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 572.793891][T11997] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 572.860558][T12034] kstrtoul() returned -22 for lu_gp_id [ 572.908890][T12039] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1663'. [ 572.985322][T12040] kstrtoul() returned -22 for lu_gp_id [ 573.036853][T12043] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1665'. [ 573.296205][ T5850] Bluetooth: hci4: command tx timeout [ 573.309086][T12051] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1666'. [ 573.632894][T12042] kstrtoul() returned -22 for lu_gp_id [ 573.806172][T12056] block nbd1: Unsupported socket: shutdown callout must be supported. [ 573.847987][T12061] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1675'. [ 573.972549][T11997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 574.060001][T11997] 8021q: adding VLAN 0 to HW filter on device team0 [ 574.164878][T11997] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 574.225093][T11997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 574.686678][T11997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 575.363782][T11997] veth0_vlan: entered promiscuous mode [ 575.408440][T11997] veth1_vlan: entered promiscuous mode [ 575.494850][T11997] veth0_macvtap: entered promiscuous mode [ 575.528272][T11997] veth1_macvtap: entered promiscuous mode [ 575.582598][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.616186][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.644640][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.682419][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.716145][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.736062][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.745939][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 575.805748][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.835548][T11997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 575.869164][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 575.902107][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 575.945107][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 575.972869][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.002634][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.026327][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.054279][T11997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.077442][T11997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.117481][T11997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 576.137591][T11997] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.176091][T11997] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.184887][T11997] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.232400][T11997] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.508129][T10282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 576.557150][T10282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 576.641696][T12074] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1669'. [ 576.669449][T10303] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.676657][T10303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.737683][T10303] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.744863][T10303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.415401][T10304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.429988][T10304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.683613][T12079] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1671'. [ 580.310923][T12089] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1676'. [ 581.272701][T12061] kstrtoul() returned -22 for lu_gp_id [ 581.637474][T12106] block nbd1: Unsupported socket: shutdown callout must be supported. [ 581.783609][T12103] kstrtoul() returned -22 for lu_gp_id [ 582.415025][T12109] kstrtoul() returned -22 for lu_gp_id [ 584.613707][T12112] kstrtoul() returned -22 for lu_gp_id [ 585.886143][T12129] block nbd1: Unsupported socket: shutdown callout must be supported. [ 586.447176][T12124] kstrtoul() returned -22 for lu_gp_id [ 586.504787][T12138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1687'. [ 586.725050][T12137] kstrtoul() returned -22 for lu_gp_id [ 591.628073][T12147] kstrtoul() returned -22 for lu_gp_id [ 591.966210][T12174] kstrtoul() returned -22 for lu_gp_id [ 592.148117][T12180] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1700'. [ 592.394044][T12178] Process accounting resumed [ 592.865465][T12179] kstrtoul() returned -22 for lu_gp_id [ 593.318391][T12193] block nbd1: Unsupported socket: shutdown callout must be supported. [ 594.127310][T12195] kstrtoul() returned -22 for lu_gp_id [ 594.666597][T12210] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1709'. [ 594.761349][T12200] kstrtoul() returned -22 for lu_gp_id [ 594.856193][T12210] mac80211_hwsim hwsim81 wlan0: entered promiscuous mode [ 594.884522][T12210] mac80211_hwsim hwsim81 wlan0: entered allmulticast mode [ 595.010183][T12213] kstrtoul() returned -22 for lu_gp_id [ 595.616532][T12222] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1713'. [ 596.073728][T12226] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1714'. [ 596.219056][T12217] kstrtoul() returned -22 for lu_gp_id [ 598.107052][T12240] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1718'. [ 598.920114][T12246] Process accounting resumed [ 599.740941][T10298] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 600.975621][T12228] Process accounting paused [ 601.605503][T12264] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 601.963588][T12269] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1726'. [ 602.802094][T12279] Process accounting resumed [ 603.053735][T12288] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1733'. [ 605.475243][T12301] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1736'. [ 605.750160][T12306] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 606.151369][T12315] netlink: 'syz.2.1739': attribute type 1 has an invalid length. [ 606.180593][T12315] nbd: error processing sock list [ 606.529821][ T29] audit: type=1800 audit(3917.880:17): pid=12318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1738" name="features" dev="configfs" ino=40455 res=0 errno=0 [ 606.609573][ T29] audit: type=1800 audit(3917.960:18): pid=12318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1738" name="dbroot" dev="configfs" ino=40456 res=0 errno=0 [ 607.378602][T12332] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1740'. [ 611.104726][T12354] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 611.188021][T12366] random: crng reseeded on system resumption [ 611.748034][T12375] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1751'. [ 612.036120][ T29] audit: type=1800 audit(3923.370:19): pid=12377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1750" name="features" dev="configfs" ino=41083 res=0 errno=0 [ 612.164357][ T29] audit: type=1800 audit(3923.370:20): pid=12377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1750" name="dbroot" dev="configfs" ino=41084 res=0 errno=0 [ 615.630565][T12399] netlink: 'syz.1.1755': attribute type 1 has an invalid length. [ 615.646407][T12399] nbd: error processing sock list [ 617.222367][T12407] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1765'. [ 618.217277][T12421] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1760'. [ 619.902475][T12437] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1764'. [ 625.929490][T12460] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 627.665736][T12468] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1771'. [ 629.150600][T12492] random: crng reseeded on system resumption [ 629.648372][T12501] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1782'. [ 629.929396][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.935784][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.932860][T10303] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 634.168381][T12543] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1793'. [ 634.257731][T12548] random: crng reseeded on system resumption [ 635.646838][T12567] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1798'. [ 635.670451][T12566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1797'. [ 635.831167][T12572] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1800'. [ 635.882087][T12566] bond0: option mode: unable to set because the bond device is up [ 639.782140][T10282] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 645.047284][T12608] random: crng reseeded on system resumption [ 646.174462][T12612] random: crng reseeded on system resumption [ 646.376351][T12619] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1810'. [ 646.596266][T12624] nbd: must specify at least one socket [ 647.101629][T12630] kfence: disabled [ 649.544619][T12661] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1818'. [ 651.584117][T12682] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1824'. [ 657.026289][T12746] nbd: must specify at least one socket [ 658.158366][T12758] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1844'. [ 660.878361][T12777] sp0: Synchronizing with TNC [ 664.615852][T12785] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 664.657860][T12787] random: crng reseeded on system resumption [ 666.447423][T12809] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1858'. [ 666.471394][T12809] : renamed from hsr_slave_0 (while UP) [ 671.575537][T12846] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1869'. [ 671.602877][T12846] : renamed from hsr_slave_0 (while UP) [ 672.319891][T12859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1866'. [ 672.516977][T12857] erspan0: entered allmulticast mode [ 673.585018][T12876] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1875'. [ 674.535055][T12882] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1878'. [ 676.331621][T12891] random: crng reseeded on system resumption [ 677.397711][T12904] random: crng reseeded on system resumption [ 679.381503][T12932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1888'. [ 682.061855][T12947] random: crng reseeded on system resumption [ 684.366266][T12956] blktrace: Concurrent blktraces are not allowed on sg0 [ 684.923710][T12965] [U] JzrkU'\Xfȏ9H߰O(BhLg*)J%6 [ 686.497283][T12982] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1898'. [ 686.732929][T12987] block nbd2: Unsupported socket: shutdown callout must be supported. [ 688.332599][T12978] Bluetooth: hci4: command 0x0406 tx timeout [ 691.376944][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.383316][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.678791][T12997] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 695.437242][T12978] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 695.456785][T12978] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 695.465021][T12978] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 695.473771][T12978] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 695.484007][T12978] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 695.491547][T12978] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 696.507315][T12999] chnl_net:caif_netlink_parms(): no params data found [ 696.687154][T13022] random: crng reseeded on system resumption [ 697.526295][T12978] Bluetooth: hci5: command tx timeout [ 698.696204][T13037] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 699.157681][T12999] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.164873][T12999] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.256269][T12999] bridge_slave_0: entered allmulticast mode [ 699.263618][T12999] bridge_slave_0: entered promiscuous mode [ 699.289121][T12999] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.311909][T13050] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1919'. [ 699.326496][T12999] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.333807][T12999] bridge_slave_1: entered allmulticast mode [ 699.367770][T12999] bridge_slave_1: entered promiscuous mode [ 699.606036][T12978] Bluetooth: hci5: command tx timeout [ 699.720187][T12999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 699.766171][T12999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 700.017887][T12999] team0: Port device team_slave_0 added [ 700.050875][T12999] team0: Port device team_slave_1 added [ 700.487783][T13063] random: crng reseeded on system resumption [ 701.086611][T12999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 701.109444][T12999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.135400][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.183884][T12999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 701.634422][T12999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.652197][T12999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.678222][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.702000][T12978] Bluetooth: hci5: command tx timeout [ 701.736145][T12999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 702.218003][T13074] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 703.785981][T12978] Bluetooth: hci5: command tx timeout [ 705.927274][T12999] hsr_slave_0: entered promiscuous mode [ 705.957278][T12999] hsr_slave_1: entered promiscuous mode [ 705.986050][T12999] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 705.993697][T12999] Cannot create hsr debugfs directory [ 706.489272][T12999] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 706.925828][T12999] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 708.329783][T13117] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 709.421604][T12999] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 709.454811][T12999] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 709.838918][T12999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 709.909225][T12999] 8021q: adding VLAN 0 to HW filter on device team0 [ 710.057617][T10289] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.064815][T10289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 710.110690][T10289] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.117931][T10289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 710.666202][T12999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 711.373937][T12999] veth0_vlan: entered promiscuous mode [ 711.438232][T12999] veth1_vlan: entered promiscuous mode [ 711.528967][T12999] veth0_macvtap: entered promiscuous mode [ 711.557650][T12999] veth1_macvtap: entered promiscuous mode [ 711.615183][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.656512][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.686132][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.726029][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.753915][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.794368][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.834741][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.876222][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.912499][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.945261][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.977492][T12999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 712.028126][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.063598][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.096045][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.126379][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.154319][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.185961][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.195871][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.251264][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.286159][T12999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 712.326522][T12999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 712.347039][T12999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 712.398876][T12999] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.431225][T12999] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.458874][T12999] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.496910][T12999] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 712.724547][T10304] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.732787][T10304] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.740666][T10304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.748628][T10304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.505019][T13143] random: crng reseeded on system resumption [ 715.006313][T13142] mkiss: ax0: crc mode is auto. [ 719.878751][T13165] netlink: 'syz.3.1944': attribute type 1 has an invalid length. [ 719.909222][T13165] nbd: error processing sock list [ 720.216596][T13173] ================================================================== [ 720.224728][T13173] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350 [ 720.232690][T13173] Read of size 8 at addr ffff88814e079000 by task syz.4.1946/13173 [ 720.240632][T13173] [ 720.242986][T13173] CPU: 1 UID: 0 PID: 13173 Comm: syz.4.1946 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 720.253801][T13173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 720.263906][T13173] Call Trace: [ 720.267219][T13173] [ 720.270191][T13173] dump_stack_lvl+0x116/0x1f0 [ 720.274940][T13173] print_report+0xc3/0x620 [ 720.279430][T13173] ? __virt_addr_valid+0x5e/0x590 [ 720.284552][T13173] ? __phys_addr+0xc6/0x150 [ 720.289151][T13173] kasan_report+0xd9/0x110 [ 720.293640][T13173] ? force_devcd_write+0x31f/0x350 [ 720.298814][T13173] ? force_devcd_write+0x31f/0x350 [ 720.303994][T13173] force_devcd_write+0x31f/0x350 [ 720.308995][T13173] ? __pfx_force_devcd_write+0x10/0x10 [ 720.314517][T13173] ? debugfs_file_get+0x21c/0x5c0 [ 720.319606][T13173] ? __pfx_debugfs_file_get+0x10/0x10 [ 720.325056][T13173] ? rcu_is_watching+0x12/0xc0 [ 720.329889][T13173] ? trace_lock_acquire+0x14e/0x1f0 [ 720.335166][T13173] full_proxy_write+0xfb/0x1b0 [ 720.340005][T13173] ? __pfx_full_proxy_write+0x10/0x10 [ 720.345451][T13173] vfs_write+0x24c/0x1150 [ 720.349846][T13173] ? __pfx_vfs_write+0x10/0x10 [ 720.354677][T13173] ? do_futex+0x123/0x350 [ 720.359078][T13173] ? __pfx_do_futex+0x10/0x10 [ 720.363832][T13173] ? do_fcntl+0x1ec/0x15b0 [ 720.368319][T13173] ? __x64_sys_futex+0x1e1/0x4c0 [ 720.373327][T13173] ? __x64_sys_futex+0x1ea/0x4c0 [ 720.378350][T13173] ksys_write+0x12b/0x250 [ 720.382745][T13173] ? __pfx_ksys_write+0x10/0x10 [ 720.387675][T13173] do_syscall_64+0xcd/0x250 [ 720.392251][T13173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.398216][T13173] RIP: 0033:0x7f4c21185d29 [ 720.402685][T13173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.422352][T13173] RSP: 002b:00007f4c21f65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 720.430850][T13173] RAX: ffffffffffffffda RBX: 00007f4c21375fa0 RCX: 00007f4c21185d29 [ 720.438879][T13173] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 720.446909][T13173] RBP: 00007f4c21201aa8 R08: 0000000000000000 R09: 0000000000000000 [ 720.454931][T13173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 720.462953][T13173] R13: 0000000000000000 R14: 00007f4c21375fa0 R15: 00007ffcea6755a8 [ 720.470979][T13173] [ 720.474032][T13173] [ 720.476383][T13173] Allocated by task 13158: [ 720.480840][T13173] kasan_save_stack+0x33/0x60 [ 720.485583][T13173] kasan_save_track+0x14/0x30 [ 720.490338][T13173] __kasan_kmalloc+0xaa/0xb0 [ 720.494986][T13173] __kmalloc_noprof+0x21a/0x4f0 [ 720.499895][T13173] ieee802_11_parse_elems_full+0xe6/0x1630 [ 720.505754][T13173] ieee80211_inform_bss+0xf1/0x10f0 [ 720.511009][T13173] cfg80211_inform_single_bss_data+0x8b1/0x1e40 [ 720.517308][T13173] cfg80211_inform_bss_data+0x254/0x3e40 [ 720.523000][T13173] cfg80211_inform_bss_frame_data+0x252/0x8a0 [ 720.529129][T13173] ieee80211_bss_info_update+0x311/0xab0 [ 720.534822][T13173] ieee80211_scan_rx+0x474/0xac0 [ 720.539815][T13173] ieee80211_rx_list+0x1bac/0x2990 [ 720.544986][T13173] ieee80211_rx_napi+0xdd/0x400 [ 720.549892][T13173] ieee80211_handle_queued_frames+0xd5/0x130 [ 720.555928][T13173] tasklet_action_common+0x251/0x3f0 [ 720.561267][T13173] handle_softirqs+0x213/0x8f0 [ 720.566076][T13173] __irq_exit_rcu+0x109/0x170 [ 720.570797][T13173] irq_exit_rcu+0x9/0x30 [ 720.575095][T13173] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 720.580785][T13173] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 720.586827][T13173] [ 720.589175][T13173] Freed by task 13158: [ 720.593275][T13173] kasan_save_stack+0x33/0x60 [ 720.598021][T13173] kasan_save_track+0x14/0x30 [ 720.602766][T13173] kasan_save_free_info+0x3b/0x60 [ 720.607853][T13173] __kasan_slab_free+0x51/0x70 [ 720.612686][T13173] kfree+0x14f/0x4b0 [ 720.616637][T13173] ieee80211_inform_bss+0xa36/0x10f0 [ 720.621983][T13173] cfg80211_inform_single_bss_data+0x8b1/0x1e40 [ 720.628289][T13173] cfg80211_inform_bss_data+0x254/0x3e40 [ 720.633978][T13173] cfg80211_inform_bss_frame_data+0x252/0x8a0 [ 720.640113][T13173] ieee80211_bss_info_update+0x311/0xab0 [ 720.645817][T13173] ieee80211_scan_rx+0x474/0xac0 [ 720.650819][T13173] ieee80211_rx_list+0x1bac/0x2990 [ 720.656004][T13173] ieee80211_rx_napi+0xdd/0x400 [ 720.660925][T13173] ieee80211_handle_queued_frames+0xd5/0x130 [ 720.666974][T13173] tasklet_action_common+0x251/0x3f0 [ 720.672326][T13173] handle_softirqs+0x213/0x8f0 [ 720.677136][T13173] __irq_exit_rcu+0x109/0x170 [ 720.681851][T13173] irq_exit_rcu+0x9/0x30 [ 720.686127][T13173] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 720.691790][T13173] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 720.697809][T13173] [ 720.700145][T13173] The buggy address belongs to the object at ffff88814e079000 [ 720.700145][T13173] which belongs to the cache kmalloc-1k of size 1024 [ 720.714215][T13173] The buggy address is located 0 bytes inside of [ 720.714215][T13173] freed 1024-byte region [ffff88814e079000, ffff88814e079400) [ 720.727950][T13173] [ 720.730284][T13173] The buggy address belongs to the physical page: [ 720.736716][T13173] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14e078 [ 720.745586][T13173] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 720.754112][T13173] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 720.761762][T13173] page_type: f5(slab) [ 720.765775][T13173] raw: 057ff00000000040 ffff88801ac41dc0 ffffea0000a2f600 dead000000000002 [ 720.774382][T13173] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 720.782993][T13173] head: 057ff00000000040 ffff88801ac41dc0 ffffea0000a2f600 dead000000000002 [ 720.791692][T13173] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 720.800389][T13173] head: 057ff00000000003 ffffea0005381e01 ffffffffffffffff 0000000000000000 [ 720.809083][T13173] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 720.817766][T13173] page dumped because: kasan: bad access detected [ 720.824285][T13173] page_owner tracks the page as allocated [ 720.830009][T13173] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 30242598175, free_ts 0 [ 720.849778][T13173] post_alloc_hook+0x2d1/0x350 [ 720.854580][T13173] get_page_from_freelist+0xfce/0x2f80 [ 720.860077][T13173] __alloc_pages_noprof+0x223/0x25b0 [ 720.865393][T13173] alloc_pages_mpol_noprof+0x2c9/0x610 [ 720.870906][T13173] new_slab+0x2c9/0x410 [ 720.875268][T13173] ___slab_alloc+0xce2/0x1650 [ 720.879990][T13173] __slab_alloc.constprop.0+0x56/0xb0 [ 720.885410][T13173] __kmalloc_node_track_caller_noprof+0x2ee/0x520 [ 720.891868][T13173] krealloc_noprof+0x157/0x360 [ 720.896670][T13173] add_sysfs_param+0xcb/0x930 [ 720.901376][T13173] param_sysfs_builtin_init+0x253/0x3c0 [ 720.906970][T13173] do_one_initcall+0x128/0x630 [ 720.911770][T13173] kernel_init_freeable+0x58f/0x8b0 [ 720.917002][T13173] kernel_init+0x1c/0x2b0 [ 720.921367][T13173] ret_from_fork+0x45/0x80 [ 720.925811][T13173] ret_from_fork_asm+0x1a/0x30 [ 720.930616][T13173] page_owner free stack trace missing [ 720.935995][T13173] [ 720.938328][T13173] Memory state around the buggy address: [ 720.943973][T13173] ffff88814e078f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 720.952065][T13173] ffff88814e078f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 720.960153][T13173] >ffff88814e079000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 720.968229][T13173] ^ [ 720.972308][T13173] ffff88814e079080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 720.980393][T13173] ffff88814e079100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 720.988471][T13173] ================================================================== [ 721.002022][T13173] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 721.009303][T13173] CPU: 0 UID: 0 PID: 13173 Comm: syz.4.1946 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0 [ 721.020124][T13173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 721.030231][T13173] Call Trace: [ 721.033543][T13173] [ 721.036505][T13173] dump_stack_lvl+0x3d/0x1f0 [ 721.041160][T13173] panic+0x71d/0x800 [ 721.045118][T13173] ? __pfx_panic+0x10/0x10 [ 721.049603][T13173] ? preempt_schedule_thunk+0x1a/0x30 [ 721.055029][T13173] ? preempt_schedule_common+0x44/0xc0 [ 721.060558][T13173] check_panic_on_warn+0xab/0xb0 [ 721.065572][T13173] end_report+0x117/0x180 [ 721.069964][T13173] kasan_report+0xe9/0x110 [ 721.074440][T13173] ? force_devcd_write+0x31f/0x350 [ 721.079623][T13173] ? force_devcd_write+0x31f/0x350 [ 721.084798][T13173] force_devcd_write+0x31f/0x350 [ 721.089788][T13173] ? __pfx_force_devcd_write+0x10/0x10 [ 721.095303][T13173] ? debugfs_file_get+0x21c/0x5c0 [ 721.100392][T13173] ? __pfx_debugfs_file_get+0x10/0x10 [ 721.105820][T13173] ? rcu_is_watching+0x12/0xc0 [ 721.110642][T13173] ? trace_lock_acquire+0x14e/0x1f0 [ 721.115902][T13173] full_proxy_write+0xfb/0x1b0 [ 721.120721][T13173] ? __pfx_full_proxy_write+0x10/0x10 [ 721.126130][T13173] vfs_write+0x24c/0x1150 [ 721.130495][T13173] ? __pfx_vfs_write+0x10/0x10 [ 721.135287][T13173] ? do_futex+0x123/0x350 [ 721.139658][T13173] ? __pfx_do_futex+0x10/0x10 [ 721.144379][T13173] ? do_fcntl+0x1ec/0x15b0 [ 721.148838][T13173] ? __x64_sys_futex+0x1e1/0x4c0 [ 721.153822][T13173] ? __x64_sys_futex+0x1ea/0x4c0 [ 721.158803][T13173] ksys_write+0x12b/0x250 [ 721.163166][T13173] ? __pfx_ksys_write+0x10/0x10 [ 721.168051][T13173] do_syscall_64+0xcd/0x250 [ 721.172595][T13173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.178545][T13173] RIP: 0033:0x7f4c21185d29 [ 721.182984][T13173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.202624][T13173] RSP: 002b:00007f4c21f65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 721.211068][T13173] RAX: ffffffffffffffda RBX: 00007f4c21375fa0 RCX: 00007f4c21185d29 [ 721.219061][T13173] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 721.227059][T13173] RBP: 00007f4c21201aa8 R08: 0000000000000000 R09: 0000000000000000 [ 721.235051][T13173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.243047][T13173] R13: 0000000000000000 R14: 00007f4c21375fa0 R15: 00007ffcea6755a8 [ 721.251053][T13173] [ 721.254391][T13173] Kernel Offset: disabled [ 721.258729][T13173] Rebooting in 86400 seconds..