last executing test programs: 34.592838199s ago: executing program 1 (id=1157): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/reserved_size\x00', 0x400, 0x0) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x21, 0x2, 0xa) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmmsg$auto(0x6, &(0x7f0000000400)={{0x0, 0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x1, &(0x7f0000000300), 0x20, 0x8000000}, 0xed7138c}, 0x6, 0x0) openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/clk/clk_orphan_summary\x00', 0xe7e59c330265f767, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/222, 0xde) mq_timedsend$auto(r0, &(0x7f0000000240)='/sys/kernel/tracing/tracing_thresh\x00', 0x6, 0x1, &(0x7f0000000280)={0x4, 0x3}) r2 = openat$auto_tracing_thresh_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_thresh\x00', 0x76100, 0x0) write$auto_tracing_thresh_fops_trace(r2, &(0x7f0000000180)="382715943c63b954a160f2039d9f8046acf81b9e66045544d6866b9d1fd93ad7af4697f25ec5754aa818661f7b37f7b8d670c60fde5c2ef28dc5e623357d27fb49816a1bb4361848a57ba3dd1078f8f7783bdb5ebb56f53c897062f67edc6556673f436440d8a6377cda4aaa24adbc07c3f2de4f9532d46435091ddd9c6ca99834ee246a8eca29b26669fdbd5629de588650a892590028eff250", 0x9a) 33.57178715s ago: executing program 1 (id=1164): clone$auto(0x9, 0x5, &(0x7f0000000080)=0x6, &(0x7f00000000c0)=0x4, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b74, 0xffffffffffffffff, 0x28000) mmap$auto(0x0, 0x8, 0x1, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) mmap$auto(0x3, 0x20009, 0x7ffffffb, 0x8000000000000010, 0x401, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x1e, 0xfffffffffffffffd, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140), 0x55) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) r0 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/trace_clock\x00', 0x208240, 0x0) r1 = geteuid() setreuid$auto(r1, 0x0) r2 = openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bdi/8:0/wb_stats\x00', 0x2080, 0x0) read$auto_cgwb_debug_stats_fops_(r2, &(0x7f0000000040)=""/185, 0xb9) geteuid() syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000780)={&(0x7f0000000440)=ANY=[@ANYBLOB="90", @ANYBLOB="02003c51cc77ac04088e92472226bd7000fbdbdf251d00000038003a01a52ecab4d5f231ca0e0f34c6944c37503c9cd3afaec42cee76a0e9106b"], 0x90}, 0x1, 0x0, 0x0, 0x80}, 0x48010) mmap$auto(0x1, 0x2, 0x100007, 0xeb1, r0, 0x1000000008001) getpid() mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 32.430517058s ago: executing program 1 (id=1170): clone$auto(0x9, 0x5, &(0x7f0000000080)=0x6, &(0x7f00000000c0)=0x4, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x8, 0x1, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) mmap$auto(0x3, 0x20009, 0x7ffffffb, 0x8000000000000010, 0x401, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x1e, 0xfffffffffffffffd, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140), 0x55) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/trace_clock\x00', 0x208240, 0x0) r0 = geteuid() setreuid$auto(r0, 0x0) r1 = openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bdi/8:0/wb_stats\x00', 0x2080, 0x0) read$auto_cgwb_debug_stats_fops_(r1, &(0x7f0000000040)=""/185, 0xb9) geteuid() syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000780)={&(0x7f0000000440)=ANY=[@ANYBLOB="90", @ANYBLOB], 0x90}, 0x1, 0x0, 0x0, 0x80}, 0x48010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getpid() mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) 29.264800049s ago: executing program 1 (id=1186): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x8) r0 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0) write$auto_vhci_fops_hci_vhci(r0, &(0x7f00000000c0)="02f6", 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x2, 0x4, 0x8000000000000000, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x12000, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) unshare$auto(0x40000080) madvise$auto(0x0, 0x20200, 0x15) 27.118002279s ago: executing program 1 (id=1194): mmap$auto(0x0, 0x2020009, 0xc, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0xf, 0x2, 0x7, 0x2, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/keys\x00', 0x8340, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000001700)=""/4096, 0x1000) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000200)=""/104, 0x68) write$auto_fake_panic_fops_(r0, &(0x7f0000000000)="5668ac05a772aa84d3d8ebfb76d6c12850babdc3bb7fdef1", 0x18) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x19d0, 0xfffffffffffffffa, 0x8000) madvise$auto(0x4, 0x87, 0x8) r2 = socket(0x25, 0x1, 0x6) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r2, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={0x0}, 0x1, 0x0, 0x0, 0x4005}, 0x44080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000fddbdf25040000000b002e0000000000"], 0x1c}, 0x1, 0x0, 0x0, 0xc805}, 0x4044820) 23.820156143s ago: executing program 1 (id=1213): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async, rerun: 32) r0 = memfd_create$auto(&(0x7f0000000040)='!\xfa\x96\x00u\x94\"k\x8f\xcc\x8b\x12\x8b\xde\xc0\xa9\xf7^h\xab\x8bs\xcfH4\x1d\x1a', 0x7) (rerun: 32) mmap$auto(0x40000000000000, 0x4000a, 0x3, 0x2000009b72, r0, 0x5) (async) mprotect$auto(0x1ffff000, 0x810002, 0x6) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0) (async) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) (async) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) (async) shutdown$auto(0x200000003, 0x2) open(0x0, 0x4242, 0xe1d2b27bdc14aabc) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socket(0x10, 0x2, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async, rerun: 64) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), 0xffffffffffffffff) (rerun: 64) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="638429bd7000fec7df25020000030c00020073797a1f74756e000c000100657468746f6f6c00"], 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x1c054) (async) readv$auto(0x0, 0x0, 0x3) (async) madvise$auto(0x0, 0x2000040080000016, 0xe) (async) madvise$auto(0x2, 0x6, 0xe) (async) fcntl$auto(0xff80000000000000, 0x409, 0x3f) mmap$auto(0x7, 0x25, 0x7, 0x8013, 0x0, 0x8000) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd70000000000500070080000000080009000100000008000a000800000014001f0000000000000000000000ffffac14149b1400200000000000000000000000ffffac1414aa0500140008000000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 8.696437044s ago: executing program 32 (id=1213): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async, rerun: 32) r0 = memfd_create$auto(&(0x7f0000000040)='!\xfa\x96\x00u\x94\"k\x8f\xcc\x8b\x12\x8b\xde\xc0\xa9\xf7^h\xab\x8bs\xcfH4\x1d\x1a', 0x7) (rerun: 32) mmap$auto(0x40000000000000, 0x4000a, 0x3, 0x2000009b72, r0, 0x5) (async) mprotect$auto(0x1ffff000, 0x810002, 0x6) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0) (async) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) (async) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) (async) shutdown$auto(0x200000003, 0x2) open(0x0, 0x4242, 0xe1d2b27bdc14aabc) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socket(0x10, 0x2, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async, rerun: 64) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), 0xffffffffffffffff) (rerun: 64) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="638429bd7000fec7df25020000030c00020073797a1f74756e000c000100657468746f6f6c00"], 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x1c054) (async) readv$auto(0x0, 0x0, 0x3) (async) madvise$auto(0x0, 0x2000040080000016, 0xe) (async) madvise$auto(0x2, 0x6, 0xe) (async) fcntl$auto(0xff80000000000000, 0x409, 0x3f) mmap$auto(0x7, 0x25, 0x7, 0x8013, 0x0, 0x8000) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd70000000000500070080000000080009000100000008000a000800000014001f0000000000000000000000ffffac14149b1400200000000000000000000000ffffac1414aa0500140008000000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 8.333650189s ago: executing program 3 (id=1281): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x40000000084, 0x7c, 0xfffffffffffffffe, 0x0) r0 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r0, @ANYBLOB="01", @ANYRES32], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0xfffff958, 0x5, 0xb, 0x0) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) r1 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x101600, 0x0) read$auto_transactions_fops_(r1, &(0x7f0000000080)=""/24, 0x18) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0xef75) ioperm$auto(0x90d5, 0xc, 0x2) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0x81, 0x0) close_range$auto(0x2, 0x8000, 0x0) r3 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace\x00', 0x10000, 0x0) r4 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/set_event_pid\x00', 0x1, 0x0) sendfile$auto(r4, r3, &(0x7f00000004c0)=0x400, 0x8) write$auto(r3, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r5, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f000000e000)={0x18, r6, 0x1, 0x70bd29, 0x25dfdbde, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x104}, 0x40) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) 7.595238645s ago: executing program 3 (id=1283): mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x162742, 0x0) ioctl$auto(r0, 0x40045108, 0x3) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) socket(0x25, 0x1, 0x3) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x40) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x3, 0x8, 0x0) io_uring_enter$auto(0x3, 0x5, 0x3, 0x3, 0x0, 0x8000000000006) mmap$auto(0x1, 0x400008, 0xdf, 0x9b72, 0x2, 0x8008000000000001) r2 = socket(0xa, 0x5, 0x0) setsockopt$auto(r2, 0x10000000084, 0x4, 0x0, 0x39f) move_pages$auto(0x0, 0x454, 0x0, 0x0, 0x0, 0x0) madvise$auto(0xfffffffffffffffd, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x16, 0x3, 0x3fd6, 0x7, 0x7fffffffb000) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) select$auto(0x7, 0x0, &(0x7f0000000100)={[0x9, 0x5, 0x0, 0xfffffffffffffff6, 0x7, 0xfffffffffffdffff, 0xdffffffffffffff8, 0x2, 0x0, 0x10000005e58296f, 0x1e, 0x7, 0x3, 0x200, 0x1, 0x9]}, 0x0, 0x0) r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/mem\x00', 0x100, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) read$auto_proc_mem_operations_base(r3, &(0x7f0000000000)=""/37, 0x25) 6.669598623s ago: executing program 3 (id=1290): socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) read$auto(0x3, 0x0, 0x80) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x541b, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) 6.587781629s ago: executing program 0 (id=1291): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioperm$auto(0x7, 0x6, 0x2) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x90680, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYRESDEC], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) timer_create$auto(0x4, 0x0, 0x0) socket(0x2a, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x86) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x40) setsockopt$auto(0xffffffffffffffff, 0x4, 0x8001, 0x0, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) gettid() connect$auto(0xffffffffffffffff, 0x0, 0xb) mmap$auto(0x0, 0x5, 0x3, 0x16, 0x3, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0x20200, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = open(&(0x7f0000000200)='./cgroup\x00', 0x400, 0x23) fchdir$auto(r2) mkdir$auto(&(0x7f0000000140)='MAC80211_HWSIM\x00', 0x1) 4.107751339s ago: executing program 0 (id=1300): r0 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/86, 0x56) ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0x38) r2 = fcntl$auto(0x3, 0x400, 0x1) fcntl$auto(r0, 0x8, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyr8\x00', 0x80903, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x2, 0x5, 0x0) ioctl$auto_TIOCMBIC(r2, 0x5417, 0x0) io_uring_setup$auto(0x6, 0x0) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x80045439, 0x38) r3 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x1fe, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x400c855}, 0x40805) sendmsg$auto_L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRESDEC=r2, @ANYBLOB="000028bd7000ffdbdf250000000008"], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x8c1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1700", @ANYBLOB="7f"], 0x1ac}}, 0x40000) sendmsg$auto_NLBL_MGMT_C_REMOVE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYRES16, @ANYBLOB="06002abd700087"], 0x24}, 0x1, 0x0, 0x0, 0x9}, 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) 2.890180639s ago: executing program 3 (id=1302): sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010025bd7000f9dbdf2502"], 0x20}, 0x1, 0x0, 0x0, 0x4008014}, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) r2 = socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(r2, 0x6, 0x12, 0xfffffffffffffffc, 0x0) poll$auto(&(0x7f0000000000)={r0, 0x101, 0x72}, 0x4, 0x1) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, r3, 0x200, 0x1001, 0x8, 0xf, r1, 0x0, 0x80000000}, 0x6f4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r4, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) 2.622987864s ago: executing program 2 (id=1303): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2400, 0x0) r1 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0x9, 0x0, &(0x7f0000000100)={[0xd, 0x200, 0x80000000000000b, 0xc, 0x9, 0xf4, 0x6, 0x1, 0x40009, 0x3, 0x4000000000000000, 0x6, 0x93, 0x8, 0x8, 0x6]}, 0x0, 0x0) pipe2$auto(&(0x7f0000000000)=r1, 0x4) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x1c, r3, 0x301, 0x70bd2c, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x15}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4019}, 0x0) settimeofday$auto(&(0x7f0000000080)={0x5, 0x9}, &(0x7f00000000c0)={0x3, 0x2}) close_range$auto(r2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x1000002, 0x8000) io_uring_setup$auto(0x6, 0x0) mq_open$auto(0x0, 0xde8, 0xb, 0x0) close_range$auto(0x2, 0x8000, 0x486) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) connect$auto(0x3, &(0x7f0000000140), 0x55) symlink$auto(&(0x7f0000000300)='\\\':.\x00', &(0x7f0000000340)='\xfb\x00') readlink$auto(&(0x7f0000000b00)='\xfb\x00', 0x0, 0x800) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) ioctl$auto(r0, 0x4b66, 0xd2b6) 2.539862217s ago: executing program 0 (id=1304): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x401, 0x1) socket(0x26, 0x80805, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm0c/xrun_debug\x00', 0x430a80, 0x0) socket(0x10, 0x2, 0xc) socket(0x28, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r0, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x38, r1, 0x23, 0x70bd27, 0x25dfdbfc, {}, [@MACSEC_ATTR_SA_CONFIG={0x18, 0x3, 0x0, 0x1, [@nested={0x5, 0x1, 0x0, 0x1, [@generic="03"]}, @typed={0xc, 0x4, 0x0, 0x0, @u64=0xfffffffffffffffe}]}, @MACSEC_ATTR_RXSC_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) ioperm$auto(0x7, 0x6, 0x2) keyctl$auto(0x7, 0xffffffffffffffff, 0x0, 0x8, 0x74) shmat$auto(0x0, &(0x7f0000000000)='(\x00', 0xfffffffe) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_to_bond\x00'}) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x261c2, 0xc) fanotify_mark$auto(0x0, 0x105, 0x9, r2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 2.299741338s ago: executing program 0 (id=1305): setsockopt$auto(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000180)='\b+l\xf1\xef\\%\xe9p\xd1\f#\xa2\x80\x1d\x87Q\'F\xd1\xff\xf7/0\n\xd3\xc5\x89\xf6;x\xdd\x8aM\xb4\x8f1\x15\x89l\x9b-w\x8e\xf0\xbf\xca|\xce3c1w\x1c(\x8e\x1f\xa4\xb9\xc7gO\xb0\xee\xa5\x11l\xa2w\xbc\xdf\x9d5\xa2\xc6=\x85`\xde\xbcq\x15\xfa\x9c!m\xc0\xb9B\x1e\x90]\x84\xbe\x0e~a\x02\x8fvm\xf9\t\x9d\xbb4[\x81\f\xbc\xe2S\x93\xe1\x89\xb5\xde\xc2\xcc=D\xc1V\xaa', 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffffffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xffb8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) socket(0x10, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r0) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)={0x20, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_DATA={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8010) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex$auto(0x0, 0x3, 0x8243, 0x0, 0x0, 0x4) r2 = open$dir(0x0, 0x400, 0x108) fanotify_mark$auto(0xffffffffffffffff, 0xc, 0x40, r2, &(0x7f0000000080)='./file0\x00') close_range$auto(0x2, 0x8000, 0x0) msgctl$auto(0x8, 0x9, &(0x7f0000000080)={{0xce0, 0x0, 0xee01, 0x101, 0x2, 0x6, 0xe}, 0x0, 0x0, 0xffff, 0x2, 0x7fffffffffffffff, 0x8, 0x8001, 0x11, 0x6, 0x8}) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) 2.025921538s ago: executing program 3 (id=1306): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x521101, 0x0) pwrite64$auto(r0, &(0x7f0000000180)='/dev/sequencer2\x00', 0xd4, 0x1000) sendfile$auto(0x6, 0x3, 0x0, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000040)=""/192, 0xc0) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r1 = socket(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20004011}, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a1, 0x8) 1.87341104s ago: executing program 2 (id=1307): prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000000), 0x55) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f00000002c0)={0x14, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x80000) write$auto(0x6, 0x0, 0x100000001) ioctl$auto(0x3, 0x8905, 0x38) socket(0x2b, 0x2, 0x1) socket(0xa, 0x3, 0x73) socket(0xa, 0x2, 0x3a) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x582, 0x0) preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x8000000}, 0x3, 0x10000, 0x10) r2 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=r0, 0x1801, @old_map_fd=0x3ff}, 0xa3) 1.523040245s ago: executing program 0 (id=1308): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x22242, 0x155) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x4, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) ioperm$auto(0x7, 0x6, 0x5) r1 = open(&(0x7f00000004c0)='./file0\x00', 0x20000, 0x104) ioctl$auto_I2C_PEC(r1, 0x708, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) pipe$auto(&(0x7f0000000500)=r1) io_uring_setup$auto(0x7e, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x8, 0x0, 0x0, &(0x7f00000000c0)={0x5, 0x8}) r2 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x29, 0x43, &(0x7f0000000040)='!\x00', 0x1ff) epoll_create$auto(0x4) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000000480)={&(0x7f0000000000), 0xc, &(0x7f0000000440)={&(0x7f0000000080)={0x3a0, r3, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x9}, @NL80211_ATTR_WDEV={0xc, 0x99, 0x9}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x7fb}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x7ff}, @NL80211_ATTR_IE_RIC={0x35e, 0xb2, "bc0892da76964784197af0826f3fe847afd040cc25d79b785628be6385140424ec2c12bce67cf160228a2f97cd14108c18dc4d6cb16231882ce6ff5c9c9c79b6598676fee3577d8d112c302146f051d64d1f0c647e43ae1004ac90a6ac1d632f4ceac1d92bdf5bc9137aaad3a890406ae4f77947ef34a95b53e8f9ab3fd28b21a943fff13ec50e007abee96ad534a44e4f53d8f914b32470adad2b48ef6414c15ca0213bd8ad3d9ac7f341059f6450520636193da3d14e69562b24577df2a7b609c4200f0e0cf863ea9825feebf52f6858f5edcc82cdfaff47123ec448e161ca70f14018a23568841295b1a527f195c9c04fe70cf30e8b87d8a8120d66728318fa7cef7dfc6a13f9e88bfb9f4e5283ec765bc596583feb9d848b2b59797026df62245d9bb35657d727732c7be24c1d62f1a8c818ba3ff403fbd74a6806a6905b70cd39d6c45427120660464227a4693ef2d5c9dcb967651e7d97381ebdc89c4dbfbb115bdecefdf346edc1eb19d0afa30628fd55e33d6a95055938f4ab536de7a8263cb238a7210c965d9776db5ad8c4130961e4392e408d2ca483de1e5e2d83d557d726f9c687f1669f6dd7866d58160dd8628fff7d37e8ae05b1e94a18d5857361aaef953a7e8937c5df3a082b6963e71cda3081fb55ab1b5c2f4e5d028fcb97c9c576c8a46bf1272666962f0366f85bf547a531b2dae255f55c9f562511ec066126e9ecbc50f22e6e5bd674f84666afb88edf56c792b4329a746f537f9c4c65330b73fd0c175dda02217494efe239af35bddc11850b9774ab6ad7e5803945141a8093dbfead7c1ba7f9a00a378f23e3d5e699a6b9f16808e29ce49135a4264784b0407300eb7e986d19a85da50f4b1d008837327a47531b045146001ef59cd019e5e3d1d59d8c2035f00508bbdf85c3f693ee146a2f4df396ba33125510314b8907443bb6bc51b95cc6cace70357aa2e1bc556aa8d68b9ef74519f5ea9da401ceb18d6e5a464b6359d859798a83ba7ceda899243e95d17231711e0d944d13a6e70d18f690fbd06a04c704820150df1f6fc2da29ed14199f526f56fb44c5c3987d3120536f4ca1d696fafc04a67818231f9ec9ba3a26a71d52c5d9c81bae502ad0c89ceb4f2a7d4c58995f6582e7f44152008d41f70c5e7019c76a55f6b9522bef4e60117a091e2d255092c87a49f994fb2674a1668686242d"}, @NL80211_ATTR_AP_SETTINGS_FLAGS={0x8, 0x135, 0x7}]}, 0x3a0}, 0x1, 0x0, 0x0, 0x40004}, 0x20000080) epoll_pwait$auto(0x3, 0x0, 0x20002, 0x3, 0x0, 0x8) ioperm$auto(0x6, 0x0, 0xffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8003, 0x0) mbind$auto(0x0, 0x2, 0x1, 0x0, 0x6, 0x2) 963.97542ms ago: executing program 2 (id=1309): socket(0xa, 0x1, 0x84) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x800, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) poll$auto(0x0, 0x800000bb, 0x9) getcwd$auto(&(0x7f0000000000)='\x00', 0x3) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x9) 690.417146ms ago: executing program 2 (id=1310): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x1, 0x9, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, r1) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x5c090) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) open(0x0, 0x149443, 0x0) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg1\x00', 0x82802, 0x0) ioctl$auto(r2, 0x2285, 0x1cfc4b42) r3 = openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/security/tomoyo/profile\x00', 0x183043, 0x0) socket(0x15, 0x80000, 0xffffffff) socket(0xa, 0x5, 0x5) connect$auto(0x3, &(0x7f0000000180)=@generic={0xa}, 0x55) io_cancel$auto(0x7fff, &(0x7f0000000040)={0x1, 0x3, 0x5, 0x2, 0x80, 0xffffffffffffffff, 0x6, 0xbdbc, 0x0, 0x0, 0x2}, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(r3, r4, 0x8) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) 690.239517ms ago: executing program 3 (id=1311): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, r0) r2 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r2, &(0x7f0000000340)=""/179, 0xb3) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) bpf$auto(0x1, &(0x7f00000001c0)=@token_create={0x4, r1}, 0x4) socket(0x11, 0x3, 0x2) r3 = fsopen$auto(&(0x7f0000000000)='.0\a\x00', 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r4) readlinkat$auto(0xffffffffffffff9c, 0x0, 0x0, 0x7fffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r6 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x0) read$auto(r6, 0x0, 0x1) r7 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) write$auto_proc_clear_refs_operations_internal(r7, 0x0, 0xffffff4b) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000640)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_PMK(r4, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)={&(0x7f0000000c40)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010026bd73004edbdf258e00000008000300", @ANYRES32=r8], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x8000) ioctl$auto_TIOCGPTPEER(r3, 0x5441, 0x0) mlockall$auto(0x7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_COMEDI_RANGEINFO(r3, 0x80106408, &(0x7f0000000180)={0x0, &(0x7f0000000080)="cafdd570728aac96bfb2d02d7bd368415c838059a600d835883bd1c504394df47d00a3112667f461c3302207ec5678835ab393b38b2b7dc07b4aad686734f961cb8d65d0c8a0c368bb69e98c36836b8359c4a4a0d8d10c8660441a1b54796432cb4e9e93dd506a0fcc76c66d0a55459cc9853c550a245f673258e956000610e4fe70dd8630a9ff947749db788a971ef893fae7832ebdcea12f5d29cc49991ba80d035f853f1a586cb1db4851e6fd4f832a9ae992f64bc24b6ee74307d9ff01fc676b6909c13f70d051825dfc9d399c8f2db1d0c726b4ae7e191b8a94d7db3d3ad033bb8fb424b08217380b6623d48368256a6ee4437b06ac"}) getsockopt$auto(0x6, 0x107, 0xc, 0x0, 0x0) 256.689661ms ago: executing program 2 (id=1312): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000002e, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000001100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000010c0)={&(0x7f0000000040)={0x34, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_COLOR_CHANGE_COLOR={0x5, 0x130, 0x2}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0x4}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x4}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, 0xfffffff9}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008001}, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f00000027c0), r1) r2 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r1) sendmsg$auto_WG_CMD_SET_DEVICE(r1, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002800)={0x30, r2, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x841}, 0x80) 67.893309ms ago: executing program 2 (id=1313): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rs\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeep\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4) bpf$auto(0x18, &(0x7f0000000040)=@bpf_attr_4={0x7, r0, 0x5, r0}, 0x92) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) socket(0x1c, 0x3, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000001680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000000}, 0xa, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="40110000", @ANYRES16=0x0, @ANYBLOB="000429bd0f0000000000000000004b559f6317508c2bee5df3076ed5c11b677dc59a8b6d2bedebdef350741ed64ea31d7bbe70f0267fb64055fe3a2f10b8842b24406a5aed3a345fbb9a9c238e990525dc0909e1fdc6fbb40efb04f60c8432411a66d2566565fc32ff84678fa29ed1d0e35c33ee82ebf4f924d16fb905db7a1957f5c13be3834dc051f7001d85df324fa4cea745af8bb78e8edb3b463abddd5902940bc53af1826e151d7fb78fe353fc84ad71287dcc87f67b8b4543ea36cbbb54524343383e52c9d4d2eca336d11ea9475848fbd970c58de1bc93e646ad218d6a3b95d2ddf8f329c91a95f3fccc89d10610bb7443fef68f1d8a08905a332078be9109d031f5e391d12b7acc5c698765294b795fb6f6e4f24ab167aef782a9af89b97b1624f6e6cd87d6ba5b1cfc7fac520d9e0ffa"], 0xfffffde0}, 0x1, 0x0, 0x0, 0x20040810}, 0x6810) madvise$auto(0x0, 0x2000000080000001, 0x3) prctl$auto(0x0, 0x40000007a, 0x4, 0x100000001, 0x8) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xc, 0x200006, 0x1, 0x11, 0x602, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setgroups$auto(0xe32, &(0x7f0000000040)=0x9) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x20000000000007, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0xdc1, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) ppoll$auto(&(0x7f0000000280)={0xffffffffffffffff, 0x6, 0x9}, 0x9, &(0x7f00000002c0)={0x8000000000000001, 0x8001}, &(0x7f0000000300)={0x7ff}, 0x8) socket(0x10, 0x2, 0x14) 0s ago: executing program 0 (id=1314): r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r0, &(0x7f0000000080)='$\x00', 0xe) keyctl$auto(0x1, 0x5, 0x0, 0x81, 0x6) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.18' (ED25519) to the list of known hosts. [ 65.344098][ T5819] cgroup: Unknown subsys name 'net' [ 65.451753][ T5819] cgroup: Unknown subsys name 'cpuset' [ 65.459978][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.803298][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.453227][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.478479][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.488775][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.509197][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.516823][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.524458][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.548355][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.556895][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.564913][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.572997][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.585535][ T5830] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.592979][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.617855][ T5830] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.626237][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.635117][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.642986][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.651349][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.659271][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.667501][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.675644][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.684267][ T5838] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.698752][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.706442][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.713880][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.889363][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 69.083882][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.094669][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.104116][ T5828] bridge_slave_0: entered allmulticast mode [ 69.112229][ T5828] bridge_slave_0: entered promiscuous mode [ 69.122085][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 69.150862][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.157986][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.165612][ T5828] bridge_slave_1: entered allmulticast mode [ 69.172383][ T5828] bridge_slave_1: entered promiscuous mode [ 69.217637][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 69.226951][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 69.239018][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.266699][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.307365][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.314658][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.321931][ T5836] bridge_slave_0: entered allmulticast mode [ 69.328915][ T5836] bridge_slave_0: entered promiscuous mode [ 69.361374][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.368625][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.375844][ T5836] bridge_slave_1: entered allmulticast mode [ 69.383002][ T5836] bridge_slave_1: entered promiscuous mode [ 69.395686][ T5828] team0: Port device team_slave_0 added [ 69.424644][ T5828] team0: Port device team_slave_1 added [ 69.467721][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.484280][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.491542][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.498800][ T5835] bridge_slave_0: entered allmulticast mode [ 69.505409][ T5835] bridge_slave_0: entered promiscuous mode [ 69.520275][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.527254][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.553580][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.565598][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.575591][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.582913][ T5831] bridge_slave_0: entered allmulticast mode [ 69.592139][ T5831] bridge_slave_0: entered promiscuous mode [ 69.601017][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.610585][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.617749][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.625097][ T5835] bridge_slave_1: entered allmulticast mode [ 69.631696][ T5835] bridge_slave_1: entered promiscuous mode [ 69.640240][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.647197][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.673759][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.685051][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.692449][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.699692][ T5831] bridge_slave_1: entered allmulticast mode [ 69.706227][ T5831] bridge_slave_1: entered promiscuous mode [ 69.747799][ T5836] team0: Port device team_slave_0 added [ 69.765852][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.778984][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.794198][ T5836] team0: Port device team_slave_1 added [ 69.819063][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.851485][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.876645][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.884097][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.910192][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.924291][ T5835] team0: Port device team_slave_0 added [ 69.932734][ T5835] team0: Port device team_slave_1 added [ 69.946571][ T5828] hsr_slave_0: entered promiscuous mode [ 69.952954][ T5828] hsr_slave_1: entered promiscuous mode [ 69.960502][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.967459][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.993917][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.054660][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.062411][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.088819][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.109835][ T5831] team0: Port device team_slave_0 added [ 70.119185][ T5836] hsr_slave_0: entered promiscuous mode [ 70.125353][ T5836] hsr_slave_1: entered promiscuous mode [ 70.132116][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.140069][ T5836] Cannot create hsr debugfs directory [ 70.146055][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.153156][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.179271][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.200569][ T5831] team0: Port device team_slave_1 added [ 70.268600][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.275575][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.301758][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.320658][ T5835] hsr_slave_0: entered promiscuous mode [ 70.326952][ T5835] hsr_slave_1: entered promiscuous mode [ 70.334573][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.342573][ T5835] Cannot create hsr debugfs directory [ 70.352892][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.359922][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.386098][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.503527][ T5831] hsr_slave_0: entered promiscuous mode [ 70.509830][ T5831] hsr_slave_1: entered promiscuous mode [ 70.515846][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.524100][ T5831] Cannot create hsr debugfs directory [ 70.639425][ T5146] Bluetooth: hci0: command tx timeout [ 70.645340][ T5834] Bluetooth: hci1: command tx timeout [ 70.676331][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.686433][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.703672][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.713929][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.773233][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.782875][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.798966][ T5146] Bluetooth: hci3: command tx timeout [ 70.804685][ T5834] Bluetooth: hci2: command tx timeout [ 70.818961][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.837361][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.889260][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.908124][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.936240][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.945916][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.988095][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.002648][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.025995][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.053422][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.060688][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.122961][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.150966][ T3480] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.158223][ T3480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.186125][ T3533] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.193226][ T3533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.234397][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.257712][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.290317][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.312496][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.344052][ T2211] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.351235][ T2211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.360929][ T2211] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.368022][ T2211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.395665][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.405378][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.412545][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.447975][ T2211] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.455169][ T2211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.517452][ T5836] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.528547][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.553862][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.574382][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.581548][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.603976][ T2211] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.611129][ T2211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.699727][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.706230][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.752755][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.841456][ T5828] veth0_vlan: entered promiscuous mode [ 71.863489][ T5828] veth1_vlan: entered promiscuous mode [ 71.947122][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.970064][ T5828] veth0_macvtap: entered promiscuous mode [ 71.998009][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.011015][ T5828] veth1_macvtap: entered promiscuous mode [ 72.027242][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.069580][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.099146][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.119701][ T5835] veth0_vlan: entered promiscuous mode [ 72.132569][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.143131][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.152354][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.162505][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.193581][ T5836] veth0_vlan: entered promiscuous mode [ 72.205493][ T5836] veth1_vlan: entered promiscuous mode [ 72.214735][ T5835] veth1_vlan: entered promiscuous mode [ 72.281531][ T5831] veth0_vlan: entered promiscuous mode [ 72.292813][ T5835] veth0_macvtap: entered promiscuous mode [ 72.319874][ T5835] veth1_macvtap: entered promiscuous mode [ 72.327539][ T5836] veth0_macvtap: entered promiscuous mode [ 72.337268][ T5831] veth1_vlan: entered promiscuous mode [ 72.364082][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.381580][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.396765][ T5836] veth1_macvtap: entered promiscuous mode [ 72.430748][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.441999][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.455127][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.470253][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.480979][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.491631][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.502136][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.512819][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.526563][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.537244][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.552120][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.564039][ T3533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.566294][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.575773][ T3533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.584069][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.601112][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.611896][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.623146][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.640657][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.649916][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.659577][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.668340][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.687479][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.696818][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.706004][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.715076][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.722994][ T5834] Bluetooth: hci1: command tx timeout [ 72.729335][ T5146] Bluetooth: hci0: command tx timeout [ 72.750878][ T5831] veth0_macvtap: entered promiscuous mode [ 72.806101][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 72.807214][ T5831] veth1_macvtap: entered promiscuous mode [ 72.878788][ T5834] Bluetooth: hci2: command tx timeout [ 72.884244][ T5834] Bluetooth: hci3: command tx timeout [ 72.920946][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.943107][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.957007][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.969759][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.983536][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.997242][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.012443][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.057504][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.071609][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.081527][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.092200][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.102193][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.113773][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.131496][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.145150][ T3480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.145593][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.162836][ T3480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.164468][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.179736][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.188649][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.247071][ T2211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.268238][ T2211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.364134][ T3546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.377434][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.388534][ T3546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.394924][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.492873][ T2211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.511254][ T2211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.681393][ T3661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.689875][ T3661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.110046][ T5900] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'. [ 74.800244][ T5834] Bluetooth: hci1: command tx timeout [ 74.806462][ T5834] Bluetooth: hci0: command tx timeout [ 74.958642][ T5834] Bluetooth: hci3: command tx timeout [ 74.964097][ T5834] Bluetooth: hci2: command tx timeout [ 75.217018][ T5919] Dead loop on virtual device ip6_vti0, fix it urgently! [ 75.858861][ T5901] Invalid ELF header magic: != ELF [ 76.418592][ T5925] Zero length message leads to an empty skb [ 76.880430][ T5834] Bluetooth: hci0: command tx timeout [ 76.885971][ T5146] Bluetooth: hci1: command tx timeout [ 77.039437][ T5834] Bluetooth: hci2: command tx timeout [ 77.045458][ T5146] Bluetooth: hci3: command tx timeout [ 77.486519][ T5941] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 77.836658][ T5947] syz.3.14 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 78.385764][ T5956] netlink: 28 bytes leftover after parsing attributes in process `syz.0.16'. [ 78.488089][ T5956] veth0_macvtap: left promiscuous mode [ 78.490466][ T5959] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 78.510677][ T5956] macvtap0: entered allmulticast mode [ 79.355146][ T5965] syz.1.18 uses obsolete (PF_INET,SOCK_PACKET) [ 79.520512][ T5965] mmap: syz.1.18 (5965) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 79.745527][ T5973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.20'. [ 79.754626][ T5973] mac80211_hwsim hwsim5 wlan0: entered promiscuous mode [ 79.762386][ T5973] mac80211_hwsim hwsim5 wlan0: entered allmulticast mode [ 79.947063][ T5974] netlink: 326 bytes leftover after parsing attributes in process `syz.3.19'. [ 81.036608][ T5978] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21'. [ 81.342605][ T5956] syz.0.16 (5956) used greatest stack depth: 21408 bytes left [ 82.153603][ T977] cfg80211: failed to load regulatory.db [ 82.437393][ T5991] zero sized request [ 82.589331][ T5995] random: crng reseeded on system resumption [ 83.336930][ T5993] netlink: 326 bytes leftover after parsing attributes in process `syz.0.23'. [ 83.598544][ T6001] syz.2.27(6001): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 84.044197][ T6008] process 'syz.2.28' launched '/dev/fd/3' with NULL argv: empty string added [ 84.168927][ T6004] warning: `syz.1.25' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 84.849522][ T6019] netlink: 338 bytes leftover after parsing attributes in process `syz.2.31'. [ 85.126443][ T6019] mkiss: ax0: crc mode is auto. [ 86.117823][ T6029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.34'. [ 86.220630][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.319631][ T6029] bridge_slave_0 (unregistering): left allmulticast mode [ 86.360246][ T6029] bridge_slave_0 (unregistering): left promiscuous mode [ 86.391667][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.655837][ T29] audit: type=1800 audit(1735134752.178:2): pid=6092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.49" name="dbroot" dev="configfs" ino=8310 res=0 errno=0 [ 93.552159][ T6151] capability: warning: `syz.2.61' uses 32-bit capabilities (legacy support in use) [ 95.542848][ T6195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.73'. [ 95.552147][ T6195] netlink: 306 bytes leftover after parsing attributes in process `syz.3.73'. [ 96.066674][ T6210] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 96.131631][ T6214] random: crng reseeded on system resumption syzkaller syzkaller login: [ 98.528136][ T6294] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.966269][ T6184] kexec: Could not allocate control_code_buffer [ 99.687184][ T6327] ptrace attach of "./syz-executor exec"[5835] was attempted by "sLd\x0cHg=aLlAOeTE:v-BgWdOR&j\x09N%>vx}RO!Ljs\x0aH\x0c!z*;Ï2k=\x0dmOb\x07]4rtZ1rv4giH!F=]\x0dQ2HvZy<h5:Ue\x0a\x1bǭ#Ѫ]j1@>@ʇ]\x1bz\x07~qs6b/ug*Q'_}(\x5cSyU?@l%֬5?;[X?-^'\x0d\x0dԿ}0Fe'wDɑ؁WR3z sߦh߷9EWc+BkAQzl؏&P'`n\x09R؏҇\x0a2lʵ{\x0dp$`}}|*O3i*Ew+[hCՆL?۠_ 0t^x\x5cN\x0c^J$P6L\x0d.@==@w7~(hT\x0atS)\x22W#\x22]mBd|@\x0aisT4Cγ]}ݶn)A9\x09yFQ3Bj΀H´V\x0b4 O8<tp\x1blJw\x1bᬗJGpƿ~#5zǬ*7MzK#\x09oUXks+,&5x_zD'%F/X-*[(˙1\x0cw)w\x0c+̌ Th'v,\x22\x0bն#@4)/F? [ 99.874666][ T6333] mtrr: base(0x1000000) is not aligned on a size(0x0000) boundary [ 100.280173][ T6340] Process accounting resumed [ 100.986743][ T6354] Invalid ELF header magic: != ELF [ 101.184904][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.99'. [ 103.540340][ T6394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.110'. [ 105.337488][ T6433] netlink: 'syz.1.121': attribute type 5 has an invalid length. [ 105.931234][ T29] audit: type=1807 audit(1735134768.458:3): UNKNOWN=$ res=0 [ 105.942477][ T6462] netlink: 28 bytes leftover after parsing attributes in process `syz.0.127'. [ 105.951748][ T29] audit: type=1802 audit(1735134768.458:4): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.126" res=0 errno=0 [ 105.998987][ T6462] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.006698][ T6462] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.077632][ T6462] bridge0: entered allmulticast mode [ 106.398576][ T6482] Process accounting resumed [ 106.501066][ T29] audit: type=1807 audit(1735134769.028:5): UNKNOWN=$ res=0 [ 106.529657][ T6457] ima: policy update failed [ 106.551259][ T29] audit: type=1802 audit(1735134769.038:6): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.126" res=0 errno=0 [ 106.596164][ T29] audit: type=1802 audit(1735134769.058:7): pid=6457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.126" res=0 errno=0 [ 106.683935][ T6486] netlink: 28 bytes leftover after parsing attributes in process `syz.0.130'. [ 106.785020][ T6459] kexec: Could not allocate control_code_buffer [ 106.932124][ T6495] zero sized request [ 107.258523][ T6502] netlink: 20 bytes leftover after parsing attributes in process `syz.2.135'. [ 107.613835][ T6502] team0 (unregistering): Port device team_slave_0 removed [ 107.649466][ T6502] team0 (unregistering): Port device team_slave_1 removed [ 108.860005][ T29] audit: type=1326 audit(1735134771.388:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6532 comm="syz.1.141" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd916f85d29 code=0x0 [ 109.076816][ T6539] ubi0: attaching mtd0 [ 109.085957][ T6539] ubi0: scanning is finished [ 109.093588][ T6539] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 109.229306][ T6539] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 110.865502][ T6577] netlink: 28 bytes leftover after parsing attributes in process `syz.1.156'. [ 110.892352][ T6577] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.899919][ T6577] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.914053][ T6577] bridge0: entered allmulticast mode [ 111.904898][ T6617] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 112.567939][ T6652] netlink: 326 bytes leftover after parsing attributes in process `syz.3.173'. [ 113.370387][ T6682] netlink: 330 bytes leftover after parsing attributes in process `syz.2.178'. [ 113.450912][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'. [ 113.636243][ T6694] openvswitch: netlink: Missing valid actions attribute. [ 113.936231][ T6712] kernel read not supported for file /#)-\&[} (pid: 6712 comm: syz.2.183) [ 113.957013][ T29] audit: type=1800 audit(1735134776.478:9): pid=6712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.183" name="#)-\&[}" dev="mqueue" ino=10212 res=0 errno=0 [ 114.832694][ T6757] netlink: 'syz.3.192': attribute type 10 has an invalid length. [ 114.848427][ T6757] netlink: 326 bytes leftover after parsing attributes in process `syz.3.192'. [ 115.657134][ T6793] zero sized request [ 116.296018][ T6806] mtrr: base(0x8180000000140201000) is not aligned on a size(0x140202000) boundary [ 116.457775][ T6816] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 119.721057][ T6899] erspan0: entered allmulticast mode [ 129.031288][ T7114] Process accounting resumed [ 129.071902][ T7108] rnbd_client L213: map_device: Parameters missing [ 130.342241][ T7156] netlink: 12 bytes leftover after parsing attributes in process `syz.0.288'. [ 133.133006][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.140250][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.478000][ T7244] netlink: 12 bytes leftover after parsing attributes in process `syz.1.303'. [ 133.518366][ T7244] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 134.175695][ T7275] : Can't lookup blockdev [ 134.744253][ T7296] ======================================================= [ 134.744253][ T7296] WARNING: The mand mount option has been deprecated and [ 134.744253][ T7296] and is ignored by this kernel. Remove the mand [ 134.744253][ T7296] option from the mount to silence this warning. [ 134.744253][ T7296] ======================================================= [ 136.062134][ T7326] netlink: 'syz.1.323': attribute type 17 has an invalid length. [ 136.100357][ T7326] netlink: 326 bytes leftover after parsing attributes in process `syz.1.323'. [ 136.126500][ T7328] tc_dump_action: action bad kind [ 137.502828][ T7366] zero sized request [ 138.037832][ T7385] netlink: 334 bytes leftover after parsing attributes in process `syz.0.335'. [ 138.107074][ T7386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.334'. [ 141.399010][ T7463] mtrr: base(0x700000000000000000) is not aligned on a size(0x0000) boundary [ 142.505329][ T7495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.365'. [ 142.622916][ T7497] netlink: 28 bytes leftover after parsing attributes in process `syz.0.365'. [ 143.202462][ T7509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.366'. [ 143.840660][ T7522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.369'. [ 143.883974][ T7522] unsupported nlmsg_type 40 [ 145.123767][ T7542] erspan0: entered allmulticast mode [ 147.026157][ T7572] zero sized request [ 147.155604][ T7575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.383'. [ 148.038601][ T7597] erspan0: entered allmulticast mode [ 149.816357][ T7636] netlink: 334 bytes leftover after parsing attributes in process `syz.0.400'. [ 150.224576][ T7645] netlink: 330 bytes leftover after parsing attributes in process `syz.0.402'. [ 150.309539][ T7647] netlink: 330 bytes leftover after parsing attributes in process `syz.0.402'. [ 150.538731][ T7654] netlink: zone id is out of range [ 150.555161][ T7654] netlink: zone id is out of range [ 150.566841][ T7654] netlink: zone id is out of range [ 150.577664][ T7654] netlink: zone id is out of range [ 150.583486][ T7654] netlink: zone id is out of range [ 150.592592][ T7654] netlink: zone id is out of range [ 150.606340][ T7654] netlink: zone id is out of range [ 150.616165][ T7654] netlink: zone id is out of range [ 150.624081][ T7654] netlink: zone id is out of range [ 150.652881][ T7654] netlink: zone id is out of range [ 151.280556][ T7680] CIFS: VFS: Invalid SecurityFlags: [ 151.669503][ T7687] mtrr: base(0x3d65736162203a30000) is not aligned on a size(0x63307830000) boundary [ 152.274221][ T7699] netlink: 16 bytes leftover after parsing attributes in process `syz.1.415'. [ 152.372880][ T7703] netlink: 16 bytes leftover after parsing attributes in process `syz.1.415'. [ 152.837564][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.2.419'. [ 152.989358][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.2.419'. [ 153.392991][ T7727] netlink: 12 bytes leftover after parsing attributes in process `syz.1.421'. [ 153.553311][ T7725] HfR: entered promiscuous mode [ 153.633148][ T7727] HfR: left promiscuous mode [ 156.119455][ T7790] zero sized request [ 156.281534][ T7792] raw_sendmsg: syz.0.437 forgot to set AF_INET. Fix it! [ 157.585414][ T7829] netlink: 8 bytes leftover after parsing attributes in process `syz.2.444'. [ 158.033212][ T7839] zero sized request [ 159.037458][ T7858] bridge0: port 3(ipvlan1) entered blocking state [ 159.079697][ T7858] bridge0: port 3(ipvlan1) entered disabled state [ 159.086352][ T7858] ipvlan1: entered allmulticast mode [ 159.138382][ T7858] veth0_vlan: entered allmulticast mode [ 159.175880][ T7858] ipvlan1: left allmulticast mode [ 159.229510][ T7858] veth0_vlan: left allmulticast mode [ 162.103381][ T7898] sctp: [Deprecated]: syz.3.463 (pid 7898) Use of struct sctp_assoc_value in delayed_ack socket option. [ 162.103381][ T7898] Use struct sctp_sack_info instead [ 162.555706][ T7910] netlink: 'syz.3.465': attribute type 1 has an invalid length. [ 162.623844][ T7913] zero sized request [ 162.822366][ T7918] netlink: 28 bytes leftover after parsing attributes in process `syz.3.467'. [ 162.909762][ T7919] Invalid ELF header magic: != ELF [ 164.016868][ T7920] netlink: 28 bytes leftover after parsing attributes in process `syz.2.468'. [ 165.768196][ T7964] netlink: 334 bytes leftover after parsing attributes in process `syz.1.479'. [ 165.793190][ T7959] Process accounting resumed [ 168.735421][ T8001] netlink: 'syz.1.486': attribute type 1 has an invalid length. [ 168.838199][ T8002] netlink: 12 bytes leftover after parsing attributes in process `syz.3.485'. [ 169.910860][ T8013] netlink: 342 bytes leftover after parsing attributes in process `syz.1.489'. [ 170.052038][ T8015] netlink: 342 bytes leftover after parsing attributes in process `syz.1.489'. [ 172.860529][ T8049] netlink: 12 bytes leftover after parsing attributes in process `syz.1.503'. [ 182.260480][ T8182] netlink: 28 bytes leftover after parsing attributes in process `syz.3.515'. [ 182.318870][ T8182] vcan0: entered promiscuous mode [ 182.722840][ T29] audit: type=1800 audit(1735134845.238:10): pid=8192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.518" name="dbroot" dev="configfs" ino=17140 res=0 errno=0 [ 182.901465][ T8203] net_ratelimit: 29 callbacks suppressed [ 182.901488][ T8203] openvswitch: netlink: Multiple metadata blocks provided [ 184.524107][ T8224] bond0: option packets_per_slave: invalid value ( Xnp) [ 184.604214][ T8224] bond0: option packets_per_slave: allowed values 0 - 65535 [ 184.763468][ T8226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.528'. [ 185.873734][ T8263] openvswitch: netlink: Multiple metadata blocks provided [ 189.012526][ T8330] Process accounting resumed [ 190.202945][ T8368] netlink: zone id is out of range [ 190.208336][ T8368] netlink: zone id is out of range [ 190.213480][ T8368] netlink: zone id is out of range [ 190.248495][ T8368] netlink: zone id is out of range [ 190.253710][ T8368] netlink: zone id is out of range [ 190.264828][ T8368] netlink: zone id is out of range [ 190.288398][ T8368] netlink: zone id is out of range [ 190.297951][ T8368] netlink: zone id is out of range [ 190.319127][ T8368] netlink: zone id is out of range [ 190.324288][ T8368] netlink: zone id is out of range [ 190.820603][ T8379] netlink: 130 bytes leftover after parsing attributes in process `syz.3.564'. [ 191.378532][ T8392] ubi0: attaching mtd0 [ 191.389615][ T8392] ubi0: scanning is finished [ 191.424312][ T8392] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 191.520969][ T8347] Bluetooth: hci0: command 0x0406 tx timeout [ 191.528591][ T8347] Bluetooth: hci1: command 0x0406 tx timeout [ 191.534642][ T8347] Bluetooth: hci3: command 0x0406 tx timeout [ 191.541007][ T8347] Bluetooth: hci2: command 0x0406 tx timeout [ 191.685344][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.2.569'. [ 191.713232][ T8392] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 192.464981][ T8425] netlink: 246 bytes leftover after parsing attributes in process `syz.3.572'. [ 192.641159][ T8431] netlink: 244 bytes leftover after parsing attributes in process `syz.3.574'. [ 192.704663][ T8432] netlink: 244 bytes leftover after parsing attributes in process `syz.3.574'. [ 193.466190][ T8449] binder: 8448:8449 ioctl 40044900 800000000000003 returned -22 [ 195.972178][ T8491] cgroup: fork rejected by pids controller in /syz1 [ 199.158478][ T8569] netlink: 32 bytes leftover after parsing attributes in process `syz.0.597'. [ 204.899617][ T8659] netlink: 'syz.2.618': attribute type 1 has an invalid length. [ 204.948558][ T8662] netlink: 'syz.2.618': attribute type 1 has an invalid length. [ 205.579189][ T8671] netlink: 28 bytes leftover after parsing attributes in process `syz.0.620'. [ 205.679008][ T8671] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.742121][ T8671] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.816076][ T8680] netlink: 8 bytes leftover after parsing attributes in process `syz.1.621'. [ 205.856118][ T8680] netlink: 4387 bytes leftover after parsing attributes in process `syz.1.621'. [ 206.119740][ T8671] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 206.127171][ T8671] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.321924][ T8683] Invalid ELF header magic: != ELF [ 207.502673][ T8694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.624'. [ 208.265475][ T8701] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 208.425493][ T8740] lo: entered allmulticast mode [ 208.540369][ T8742] lo: left allmulticast mode [ 208.644411][ T8741] netlink: 334 bytes leftover after parsing attributes in process `syz.1.638'. [ 209.867704][ T8769] binder: 8768:8769 ioctl 40044900 800000000000003 returned -22 [ 210.088408][ T8772] netlink: 334 bytes leftover after parsing attributes in process `syz.3.648'. [ 210.556292][ T8783] netlink: 338 bytes leftover after parsing attributes in process `syz.0.650'. [ 210.779639][ T8793] FAULT_INJECTION: forcing a failure. [ 210.779639][ T8793] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 210.813850][ T8793] CPU: 0 UID: 0 PID: 8793 Comm: syz.0.653 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 210.824496][ T8793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 210.834589][ T8793] Call Trace: [ 210.837894][ T8793] [ 210.840846][ T8793] dump_stack_lvl+0x16c/0x1f0 [ 210.845560][ T8793] should_fail_ex+0x497/0x5b0 [ 210.850274][ T8793] _copy_from_user+0x2e/0xd0 [ 210.854903][ T8793] copy_msghdr_from_user+0x99/0x160 [ 210.860142][ T8793] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 210.865986][ T8793] ? __lock_acquire+0xcc5/0x3c40 [ 210.870967][ T8793] ___sys_sendmsg+0xff/0x1e0 [ 210.875591][ T8793] ? __pfx____sys_sendmsg+0x10/0x10 [ 210.880815][ T8793] ? trace_lock_acquire+0x14e/0x1f0 [ 210.886040][ T8793] __sys_sendmmsg+0x201/0x420 [ 210.890727][ T8793] ? __pfx___sys_sendmmsg+0x10/0x10 [ 210.895940][ T8793] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 210.901940][ T8793] ? fput+0x67/0x440 [ 210.905846][ T8793] ? ksys_write+0x1ba/0x250 [ 210.910352][ T8793] ? __pfx_ksys_write+0x10/0x10 [ 210.915215][ T8793] __x64_sys_sendmmsg+0x9c/0x100 [ 210.920163][ T8793] ? lockdep_hardirqs_on+0x7c/0x110 [ 210.925388][ T8793] do_syscall_64+0xcd/0x250 [ 210.929899][ T8793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.935800][ T8793] RIP: 0033:0x7fb40df85d29 [ 210.940227][ T8793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.959836][ T8793] RSP: 002b:00007fb40ecf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 210.968255][ T8793] RAX: ffffffffffffffda RBX: 00007fb40e175fa0 RCX: 00007fb40df85d29 [ 210.976236][ T8793] RDX: 0000000000000007 RSI: 0000000020000200 RDI: 0000000000000003 [ 210.984216][ T8793] RBP: 00007fb40ecf7090 R08: 0000000000000000 R09: 0000000000000000 [ 210.992186][ T8793] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 211.000163][ T8793] R13: 0000000000000000 R14: 00007fb40e175fa0 R15: 00007ffe6b39b8e8 [ 211.008152][ T8793] [ 211.011277][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.178889][ T8800] [U] [ 212.181969][ T8800] [U] [ 212.184698][ T8800] [U] [ 212.187423][ T8800] [U] [ 212.190146][ T8800] [U] [ 212.238527][ T8800] [U] [ 212.241288][ T8800] [U] [ 212.244012][ T8800] [U] [ 212.246734][ T8800] [U] [ 212.272969][ T8803] [U] [ 213.024461][ T8849] FAULT_INJECTION: forcing a failure. [ 213.024461][ T8849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.060178][ T8849] CPU: 1 UID: 0 PID: 8849 Comm: syz.3.664 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 213.070833][ T8849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 213.080914][ T8849] Call Trace: [ 213.084214][ T8849] [ 213.087170][ T8849] dump_stack_lvl+0x16c/0x1f0 [ 213.091885][ T8849] should_fail_ex+0x497/0x5b0 [ 213.096603][ T8849] _copy_from_user+0x2e/0xd0 [ 213.101232][ T8849] ____sys_sendmsg+0x56e/0xb40 [ 213.106030][ T8849] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.111343][ T8849] ? __lock_acquire+0xcc5/0x3c40 [ 213.116321][ T8849] ___sys_sendmsg+0x135/0x1e0 [ 213.121042][ T8849] ? __pfx____sys_sendmsg+0x10/0x10 [ 213.126294][ T8849] ? trace_lock_acquire+0x14e/0x1f0 [ 213.131552][ T8849] __sys_sendmmsg+0x201/0x420 [ 213.136270][ T8849] ? __pfx___sys_sendmmsg+0x10/0x10 [ 213.141512][ T8849] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 213.147537][ T8849] ? fput+0x67/0x440 [ 213.151470][ T8849] ? ksys_write+0x1ba/0x250 [ 213.155999][ T8849] ? __pfx_ksys_write+0x10/0x10 [ 213.160884][ T8849] __x64_sys_sendmmsg+0x9c/0x100 [ 213.165857][ T8849] ? lockdep_hardirqs_on+0x7c/0x110 [ 213.171085][ T8849] do_syscall_64+0xcd/0x250 [ 213.175622][ T8849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.181548][ T8849] RIP: 0033:0x7fe064d85d29 [ 213.185982][ T8849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.205621][ T8849] RSP: 002b:00007fe065b95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 213.214072][ T8849] RAX: ffffffffffffffda RBX: 00007fe064f75fa0 RCX: 00007fe064d85d29 [ 213.222074][ T8849] RDX: 0000000000000007 RSI: 0000000020000200 RDI: 0000000000000003 [ 213.230076][ T8849] RBP: 00007fe065b95090 R08: 0000000000000000 R09: 0000000000000000 [ 213.238072][ T8849] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 213.246071][ T8849] R13: 0000000000000000 R14: 00007fe064f75fa0 R15: 00007ffdcf44e048 [ 213.254084][ T8849] [ 213.556196][ T8856] netlink: 28 bytes leftover after parsing attributes in process `syz.1.667'. [ 213.838568][ T8856] hsr_slave_1 (unregistering): left promiscuous mode [ 214.780928][ T8889] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'. [ 215.042689][ T8894] net_ratelimit: 91 callbacks suppressed [ 215.042710][ T8894] openvswitch: netlink: nsh attr 252 is out of range max 3 [ 217.012022][ T8945] netlink: 28 bytes leftover after parsing attributes in process `syz.3.690'. [ 217.118856][ T8945] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 217.126019][ T8945] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 218.577665][ T8977] FAULT_INJECTION: forcing a failure. [ 218.577665][ T8977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.640500][ T8977] CPU: 0 UID: 0 PID: 8977 Comm: syz.1.697 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 218.651148][ T8977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 218.661235][ T8977] Call Trace: [ 218.664527][ T8977] [ 218.667472][ T8977] dump_stack_lvl+0x16c/0x1f0 [ 218.672180][ T8977] should_fail_ex+0x497/0x5b0 [ 218.676902][ T8977] _copy_from_iter+0x4a5/0x1400 [ 218.681794][ T8977] ? __pfx__copy_from_iter+0x10/0x10 [ 218.687200][ T8977] ? __virt_addr_valid+0x1a4/0x590 [ 218.692342][ T8977] ? __virt_addr_valid+0x5e/0x590 [ 218.697396][ T8977] ? __phys_addr_symbol+0x30/0x80 [ 218.702454][ T8977] ? __check_object_size+0x488/0x710 [ 218.707779][ T8977] netlink_sendmsg+0x813/0xd70 [ 218.712572][ T8977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.717879][ T8977] ? __might_fault+0xe3/0x190 [ 218.722598][ T8977] ____sys_sendmsg+0x9ae/0xb40 [ 218.727389][ T8977] ? __pfx_____sys_sendmsg+0x10/0x10 [ 218.732695][ T8977] ? __lock_acquire+0xcc5/0x3c40 [ 218.737665][ T8977] ___sys_sendmsg+0x135/0x1e0 [ 218.742372][ T8977] ? __pfx____sys_sendmsg+0x10/0x10 [ 218.747614][ T8977] ? trace_lock_acquire+0x14e/0x1f0 [ 218.752864][ T8977] __sys_sendmmsg+0x201/0x420 [ 218.757577][ T8977] ? __pfx___sys_sendmmsg+0x10/0x10 [ 218.762820][ T8977] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 218.768839][ T8977] ? fput+0x67/0x440 [ 218.772763][ T8977] ? ksys_write+0x1ba/0x250 [ 218.777288][ T8977] ? __pfx_ksys_write+0x10/0x10 [ 218.782169][ T8977] __x64_sys_sendmmsg+0x9c/0x100 [ 218.787137][ T8977] ? lockdep_hardirqs_on+0x7c/0x110 [ 218.792367][ T8977] do_syscall_64+0xcd/0x250 [ 218.796900][ T8977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.802822][ T8977] RIP: 0033:0x7fd916f85d29 [ 218.807257][ T8977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.826892][ T8977] RSP: 002b:00007fd917d1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 218.835336][ T8977] RAX: ffffffffffffffda RBX: 00007fd917175fa0 RCX: 00007fd916f85d29 [ 218.843331][ T8977] RDX: 0000000000000007 RSI: 0000000020000200 RDI: 0000000000000003 [ 218.851327][ T8977] RBP: 00007fd917d1f090 R08: 0000000000000000 R09: 0000000000000000 [ 218.859321][ T8977] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 218.867311][ T8977] R13: 0000000000000000 R14: 00007fd917175fa0 R15: 00007ffd9b3100e8 [ 218.875316][ T8977] [ 219.941155][ T8965] kafs: addr_prefs: Invalid Command [ 220.036721][ T9001] netlink: 28 bytes leftover after parsing attributes in process `syz.3.704'. [ 220.591111][ T9021] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 221.420631][ T9056] Line length is too long: Should be less than 4094 [ 222.418169][ T9084] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 222.849889][ T9103] netlink: 28 bytes leftover after parsing attributes in process `syz.1.721'. [ 223.166972][ T9091] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 225.032788][ T9149] Invalid ELF header magic: != ELF [ 225.498909][ T9157] netlink: 32 bytes leftover after parsing attributes in process `syz.2.732'. [ 225.602897][ T9160] netlink: 32 bytes leftover after parsing attributes in process `syz.2.732'. [ 226.726772][ T9152] netlink: 28 bytes leftover after parsing attributes in process `syz.0.729'. [ 226.972906][ T9152] geneve1: entered allmulticast mode [ 228.089799][ T9185] FAULT_INJECTION: forcing a failure. [ 228.089799][ T9185] name failslab, interval 1, probability 0, space 0, times 0 [ 228.189017][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.0.736 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 228.199662][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 228.209752][ T9185] Call Trace: [ 228.213055][ T9185] [ 228.216007][ T9185] dump_stack_lvl+0x16c/0x1f0 [ 228.220723][ T9185] should_fail_ex+0x497/0x5b0 [ 228.225436][ T9185] ? fs_reclaim_acquire+0xae/0x150 [ 228.230579][ T9185] should_failslab+0xc2/0x120 [ 228.235293][ T9185] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 228.241141][ T9185] ? __alloc_skb+0x2b3/0x380 [ 228.245771][ T9185] __alloc_skb+0x2b3/0x380 [ 228.250222][ T9185] ? __pfx___alloc_skb+0x10/0x10 [ 228.255207][ T9185] netlink_alloc_large_skb+0x69/0x130 [ 228.260611][ T9185] netlink_sendmsg+0x689/0xd70 [ 228.265410][ T9185] ? __pfx_netlink_sendmsg+0x10/0x10 [ 228.270740][ T9185] ____sys_sendmsg+0x9ae/0xb40 [ 228.275524][ T9185] ? copy_msghdr_from_user+0x10b/0x160 [ 228.281014][ T9185] ? __pfx_____sys_sendmsg+0x10/0x10 [ 228.286326][ T9185] ? __lock_acquire+0xcc5/0x3c40 [ 228.291284][ T9185] ? hlock_class+0x4e/0x130 [ 228.295801][ T9185] ? __lock_acquire+0x15a9/0x3c40 [ 228.300834][ T9185] ___sys_sendmsg+0x135/0x1e0 [ 228.305528][ T9185] ? __pfx____sys_sendmsg+0x10/0x10 [ 228.310822][ T9185] ? __pfx___lock_acquire+0x10/0x10 [ 228.316051][ T9185] ? __pfx___might_resched+0x10/0x10 [ 228.321360][ T9185] ? __might_fault+0xe3/0x190 [ 228.326080][ T9185] __sys_sendmmsg+0x201/0x420 [ 228.330782][ T9185] ? __pfx___sys_sendmmsg+0x10/0x10 [ 228.336006][ T9185] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 228.342008][ T9185] ? fput+0x67/0x440 [ 228.345920][ T9185] ? ksys_write+0x1ba/0x250 [ 228.350432][ T9185] ? __pfx_ksys_write+0x10/0x10 [ 228.355296][ T9185] __x64_sys_sendmmsg+0x9c/0x100 [ 228.360248][ T9185] ? lockdep_hardirqs_on+0x7c/0x110 [ 228.365451][ T9185] do_syscall_64+0xcd/0x250 [ 228.369965][ T9185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.375875][ T9185] RIP: 0033:0x7fb40df85d29 [ 228.380296][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.399914][ T9185] RSP: 002b:00007fb40ecf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 228.408335][ T9185] RAX: ffffffffffffffda RBX: 00007fb40e175fa0 RCX: 00007fb40df85d29 [ 228.416309][ T9185] RDX: 0000000000000007 RSI: 0000000020000200 RDI: 0000000000000003 [ 228.424279][ T9185] RBP: 00007fb40ecf7090 R08: 0000000000000000 R09: 0000000000000000 [ 228.432249][ T9185] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 228.440219][ T9185] R13: 0000000000000000 R14: 00007fb40e175fa0 R15: 00007ffe6b39b8e8 [ 228.448202][ T9185] [ 229.929588][ T9209] netlink: 'syz.3.740': attribute type 10 has an invalid length. [ 231.648228][ T9259] bond0: option arp_validate: invalid value () [ 232.341070][ T9279] netlink: 28 bytes leftover after parsing attributes in process `syz.1.755'. [ 232.418566][ T9279] macsec0: entered allmulticast mode [ 232.442171][ T9279] veth1_macvtap: entered allmulticast mode [ 235.035099][ T9288] < [ 237.422546][ T9373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.775'. [ 239.819969][ T9394] netlink: 'syz.3.782': attribute type 4 has an invalid length. [ 239.833393][ T9394] netlink: 'syz.3.782': attribute type 4 has an invalid length. [ 240.460691][ T9412] netlink: 34956 bytes leftover after parsing attributes in process `syz.1.788'. [ 240.498340][ T9412] netlink: 148 bytes leftover after parsing attributes in process `syz.1.788'. [ 247.507463][ T9540] netlink: 28 bytes leftover after parsing attributes in process `syz.1.822'. [ 247.573792][ T9552] netlink: 28 bytes leftover after parsing attributes in process `syz.1.822'. [ 250.221612][ T9595] netlink: 4 bytes leftover after parsing attributes in process `syz.3.834'. [ 250.335600][ T9598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.835'. [ 250.368413][ T9598] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 250.376565][ T9598] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 251.089005][ T9604] netlink: 330 bytes leftover after parsing attributes in process `syz.0.837'. [ 251.148133][ T9237] syz.0.744 (9237) used greatest stack depth: 19824 bytes left [ 251.592515][ T9618] netlink: 28 bytes leftover after parsing attributes in process `syz.0.839'. [ 253.458523][ T9640] FAULT_INJECTION: forcing a failure. [ 253.458523][ T9640] name failslab, interval 1, probability 0, space 0, times 0 [ 253.532755][ T9640] CPU: 0 UID: 0 PID: 9640 Comm: syz.0.845 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 253.543451][ T9640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 253.553538][ T9640] Call Trace: [ 253.556845][ T9640] [ 253.559816][ T9640] dump_stack_lvl+0x16c/0x1f0 [ 253.564542][ T9640] should_fail_ex+0x497/0x5b0 [ 253.569254][ T9640] ? fs_reclaim_acquire+0xae/0x150 [ 253.574400][ T9640] should_failslab+0xc2/0x120 [ 253.579122][ T9640] __kmalloc_node_noprof+0xd1/0x520 [ 253.584359][ T9640] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 253.589860][ T9640] ? __pfx_lock_release+0x10/0x10 [ 253.594921][ T9640] __kvmalloc_node_noprof+0xad/0x1a0 [ 253.600252][ T9640] seq_read_iter+0x82a/0x12b0 [ 253.604979][ T9640] seq_read+0x39f/0x4e0 [ 253.609166][ T9640] ? __pfx_seq_read+0x10/0x10 [ 253.613900][ T9640] full_proxy_read+0xfb/0x1b0 [ 253.618615][ T9640] ? __pfx_full_proxy_read+0x10/0x10 [ 253.623936][ T9640] vfs_read+0x1df/0xbe0 [ 253.628125][ T9640] ? __fget_files+0x1fc/0x3a0 [ 253.632834][ T9640] ? __pfx___mutex_lock+0x10/0x10 [ 253.637891][ T9640] ? __pfx_vfs_read+0x10/0x10 [ 253.642608][ T9640] ? __fget_files+0x206/0x3a0 [ 253.647327][ T9640] ksys_read+0x12b/0x250 [ 253.651600][ T9640] ? __pfx_ksys_read+0x10/0x10 [ 253.656408][ T9640] do_syscall_64+0xcd/0x250 [ 253.660951][ T9640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.666884][ T9640] RIP: 0033:0x7fb40df85d29 [ 253.671324][ T9640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.690965][ T9640] RSP: 002b:00007fb40ecd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 253.699422][ T9640] RAX: ffffffffffffffda RBX: 00007fb40e176080 RCX: 00007fb40df85d29 [ 253.707423][ T9640] RDX: 00000000000000b9 RSI: 0000000020000040 RDI: 0000000000000005 [ 253.715420][ T9640] RBP: 00007fb40ecd6090 R08: 0000000000000000 R09: 0000000000000000 [ 253.723417][ T9640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.731410][ T9640] R13: 0000000000000000 R14: 00007fb40e176080 R15: 00007ffe6b39b8e8 [ 253.739427][ T9640] [ 257.783173][ T9698] netlink: 28 bytes leftover after parsing attributes in process `syz.2.861'. [ 260.111459][ T9380] syz.0.776 (9380) used greatest stack depth: 19328 bytes left [ 260.678405][ T9114] syz.0.719 (9114) used greatest stack depth: 18608 bytes left [ 261.852971][ T9755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.875'. [ 262.731901][ T9757] netlink: 266 bytes leftover after parsing attributes in process `syz.3.875'. [ 262.794969][ T9765] netlink: 'syz.2.874': attribute type 3 has an invalid length. [ 262.863746][ T9769] netlink: 20 bytes leftover after parsing attributes in process `syz.1.877'. [ 262.880778][ T9769] binder: 9768:9769 ioctl c0105512 1 returned -22 [ 266.096335][ T9804] delete_channel: no stack [ 266.561782][ T9825] netlink: 342 bytes leftover after parsing attributes in process `syz.0.890'. [ 267.135767][ T9827] : entered promiscuous mode [ 268.604178][ T9857] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 268.882887][ T9864] netlink: 334 bytes leftover after parsing attributes in process `syz.0.897'. [ 271.943792][ T29] audit: type=1800 audit(8277292091.570:11): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.909" name="dbroot" dev="configfs" ino=25010 res=0 errno=0 [ 272.911124][ T9928] svc: failed to register nfsdv3 RPC service (errno 111). [ 272.934445][ T9928] svc: failed to register nfsaclv3 RPC service (errno 111). [ 273.324770][ T9947] netlink: 334 bytes leftover after parsing attributes in process `syz.2.916'. [ 273.712364][ T9952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.917'. [ 273.779792][ T9952] netlink: 10 bytes leftover after parsing attributes in process `syz.3.917'. [ 273.782086][ T9958] vivid-013: ================= START STATUS ================= [ 273.839709][ T9958] vivid-013: Generate PTS: true [ 273.846320][ T9952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.917'. [ 273.908394][ T9958] vivid-013: Generate SCR: true [ 273.948615][ T9958] tpg source WxH: 640x360 (Y'CbCr) [ 273.953785][ T9958] tpg field: 1 [ 273.957177][ T9958] tpg crop: 640x360@0x0 [ 274.073950][ T9958] tpg compose: 640x360@0x0 [ 274.129060][ T9958] tpg colorspace: 8 [ 274.140597][ T9958] tpg transfer function: 0/0 [ 274.158433][ T9958] tpg Y'CbCr encoding: 0/0 [ 274.166292][ T9958] tpg quantization: 0/0 [ 274.175771][ T9958] tpg RGB range: 0/2 [ 274.184846][ T9958] vivid-013: ================== END STATUS ================== [ 275.527550][ T9962] kexec: Could not allocate control_code_buffer [ 276.998234][T10016] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 276.998234][T10016] M' is too long [ 277.038562][T10016] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 277.038562][T10016] W ' is too long [ 277.113988][T10019] ptrace attach of "./syz-executor exec"[5836] was attempted by "<.AM1\x0b^­U\x07~W{;_>1/$hA>^Ti{.k\x0bʻ( @2\x226t\x0aFc΍ݸێlGsMOqQ'd2ZÏ\x0a6A _n%iE4۵ (SC\x0aKl\x22!34֬|OBXG[Z)h]W1CSwzAJvu-;iھ\x0dF1Pfk21<z2?woOMTtƹeML>Lqx_\x220f,v,3`J͈./4J9򘨡rPp7@+@ݠ>Rd'|\x1bjK@j} s\x0dDKj\x226`<[9]^|`MOL}dF*i‹?Sy&4/QɺD 7$ع'K켭;>Ul\x5c袨ۢPӗ,VBdgPdm}E=CH9J\x072]'1)0oBLɾ\x22E>ѭO4ܪ)` !#K?vk\x09׿$#e=D?ʴ(oGp\x0a3Rܞzq$eGM2ұzB_,5%h FFP+Rbt)z͐Ʈ7xLlGM6rl\x0bpWp\x0abPFjdDT\x0bqj%!~3~!ƌ5e;+&_^?\x0arnդaX)XYߨi [ 279.581935][T10081] Process accounting resumed [ 279.672960][ C1] vkms_vblank_simulate: vblank timer overrun [ 279.778855][T10086] aoe: copy from user failed [ 279.783633][T10086] aoe: could not set interface list: too many interfaces [ 280.448136][T10095] netlink: 28 bytes leftover after parsing attributes in process `syz.3.949'. [ 280.468352][T10097] Process accounting resumed [ 280.517326][T10100] vivid-013: ================= START STATUS ================= [ 280.548358][T10100] vivid-013: Generate PTS: true [ 280.567208][T10100] vivid-013: Generate SCR: true [ 280.579149][T10100] tpg source WxH: 640x360 (Y'CbCr) [ 280.605021][T10100] tpg field: 1 [ 280.618325][T10100] tpg crop: 640x360@0x0 [ 280.622528][T10100] tpg compose: 640x360@0x0 [ 280.657340][T10100] tpg colorspace: 8 [ 280.668471][T10100] tpg transfer function: 0/0 [ 280.673096][T10100] tpg Y'CbCr encoding: 0/0 [ 280.714369][T10098] netlink: 342 bytes leftover after parsing attributes in process `syz.1.948'. [ 280.718605][T10100] tpg quantization: 0/0 [ 280.758495][T10100] tpg RGB range: 0/2 [ 280.762441][T10100] vivid-013: ================== END STATUS ================== [ 283.237674][T10150] netlink: 4 bytes leftover after parsing attributes in process `syz.1.961'. [ 283.299334][T10152] netlink: 338 bytes leftover after parsing attributes in process `syz.3.962'. [ 283.745985][T10158] QAT: failed to copy from user cfg_data. [ 284.475012][T10165] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 284.566824][T10165] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 285.290658][T10174] Invalid ELF header magic: != ELF [ 285.322276][T10179] netlink: 350 bytes leftover after parsing attributes in process `syz.1.970'. [ 285.344559][T10179] mmap: syz.1.970 (10179): VmData 37470208 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 285.739312][T10187] netlink: 20 bytes leftover after parsing attributes in process `syz.1.973'. [ 287.406600][T10210] kAFS: bad VL server IP address [ 288.026150][T10238] openvswitch: netlink: IP tunnel dst address not specified [ 289.202359][T10264] binder: 10263:10264 ioctl 40044900 800000000000003 returned -22 [ 289.756020][T10274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.989'. [ 290.074493][ T29] audit: type=1800 audit(8277292109.710:12): pid=10296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.994" name="version" dev="configfs" ino=26690 res=0 errno=0 [ 291.707092][T10350] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1004'. [ 292.429039][T10374] [U] [ 292.431808][T10374] [U] [ 292.434541][T10374] [U] [ 292.437268][T10374] [U] [ 292.478790][T10374] [U] [ 292.481554][T10374] [U] [ 292.484287][T10374] [U] [ 292.487011][T10374] [U] [ 292.535030][T10379] [U] [ 294.222272][T10408] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1022'. [ 294.580946][T10418] Process accounting resumed [ 294.653025][T10408] team0: Port device team_slave_0 removed [ 295.342378][T10432] netlink: 'syz.3.1028': attribute type 29 has an invalid length. [ 295.364569][T10432] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1028'. [ 295.415163][T10442] netlink: 'syz.3.1028': attribute type 29 has an invalid length. [ 295.455593][T10417] Process accounting resumed [ 295.464506][T10442] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1028'. [ 296.393103][T10458] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 297.070565][T10476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1036'. [ 297.334400][T10499] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1041'. [ 297.586287][T10499] bond0: (slave bond_slave_0): Releasing backup interface [ 297.837540][T10508] can0: slcan on ptm0. [ 298.089208][T10507] can0 (unregistered): slcan off ptm0. [ 299.329677][T10542] mkiss: ax0: crc mode is auto. [ 301.818021][T10599] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1056'. [ 301.949984][T10599] bridge_slave_1: left allmulticast mode [ 301.955681][T10599] bridge_slave_1: left promiscuous mode [ 302.001737][T10599] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.093190][T10599] bridge_slave_0: left allmulticast mode [ 302.124038][T10599] bridge_slave_0: left promiscuous mode [ 302.157814][T10599] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.465551][T10609] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1062'. [ 305.517405][T10676] netlink: 'syz.0.1078': attribute type 1 has an invalid length. [ 309.876582][T10709] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 310.251784][T10736] netlink: 'syz.3.1089': attribute type 8 has an invalid length. [ 310.962584][T10745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1090'. [ 312.009266][T10773] delete_channel: no stack [ 312.009311][T10771] HSR: entered promiscuous mode [ 312.900608][T10779] could not allocate digest TFM handle [ 313.219697][T10813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1104'. [ 313.741537][T10827] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1108'. [ 313.789173][T10827] RDS: rds_bind could not find a transport for 86a4:131b:e300:1000::, load rds_tcp or rds_rdma? [ 314.414195][T10829] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1109'. [ 314.449037][T10851] netlink: 'syz.1.1114': attribute type 21 has an invalid length. [ 314.457119][T10851] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1114'. [ 315.187288][T10877] kafs: addr_prefs: Invalid Command [ 317.444266][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.450792][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.104243][T10935] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1138'. [ 318.850942][T10955] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 319.282845][T10958] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1144'. [ 321.139791][T11000] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1149'. [ 321.365289][T11001] zram: Added device: zram1 [ 321.505519][T11000] vcan0: entered promiscuous mode [ 324.980080][T11036] HfR: entered promiscuous mode [ 324.998761][T11035] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1163'. [ 325.068958][T11033] device-mapper: ioctl: Unable to rename non-existent device, to [ 325.976845][T11063] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 326.074346][T11063] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1167'. [ 326.374624][T11051] Process accounting paused [ 326.549118][T11079] netlink: 'syz.0.1174': attribute type 11 has an invalid length. [ 327.009378][T11091] Process accounting resumed [ 327.162260][T11100] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1179'. [ 327.370108][T11094] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1175'. [ 328.867518][T11128] netlink: 4707 bytes leftover after parsing attributes in process `syz.2.1184'. [ 329.745875][T11158] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1191'. [ 329.948331][T11158] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1191'. [ 330.382131][T11165] program syz.3.1189 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 332.301968][ T29] audit: type=1800 audit(8277292151.940:13): pid=11212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1197" name="features" dev="configfs" ino=29394 res=0 errno=0 [ 332.470164][T11199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1194'. [ 333.896598][T11244] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1207'. [ 334.053230][T11253] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1207'. [ 335.858406][ T5830] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 335.866033][ T5830] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 336.886459][T11337] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1222'. [ 337.842858][ T29] audit: type=1400 audit(8277292157.480:14): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=11361 comm="syz.2.1227" [ 339.090440][T11391] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1233'. [ 340.105637][T11391] team0 (unregistering): Port device team_slave_1 removed syzkaller syzkaller login: [ 343.412663][T11458] can: request_module (can-proto-0) failed. [ 344.661139][T11487] netlink: 'syz.0.1255': attribute type 1 has an invalid length. [ 344.745568][ T29] audit: type=1800 audit(8277292164.370:15): pid=11489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1254" name="lu_gp_id" dev="configfs" ino=31334 res=0 errno=0 [ 345.258021][T11503] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1259'. [ 345.323320][T11503] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 345.876492][T11527] Process accounting resumed [ 349.091817][T11594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1275'. [ 350.359262][T11609] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1281'. [ 350.432152][T11611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1281'. [ 350.854778][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 350.868198][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 350.876763][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 350.896353][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 350.904167][ T5838] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 350.913952][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 351.029144][T11623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1284'. [ 351.549055][T11638] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1286'. [ 351.574541][T11620] chnl_net:caif_netlink_parms(): no params data found [ 352.009748][T11620] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.038581][T11620] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.045841][T11620] bridge_slave_0: entered allmulticast mode [ 352.079643][T11620] bridge_slave_0: entered promiscuous mode [ 352.099563][T11620] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.117300][T11620] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.138604][T11620] bridge_slave_1: entered allmulticast mode [ 352.159905][T11620] bridge_slave_1: entered promiscuous mode [ 352.252504][T11620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 352.350295][T11620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.801525][T11620] team0: Port device team_slave_0 added [ 352.863721][T11620] team0: Port device team_slave_1 added [ 352.963201][ T5838] Bluetooth: hci4: command tx timeout [ 353.127834][T11678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1297'. [ 353.262117][T11620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 353.299115][T11620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.378429][T11620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 353.473944][T11620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 353.491888][T11620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.578482][T11620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 354.128603][T11620] hsr_slave_0: entered promiscuous mode [ 354.172656][T11620] hsr_slave_1: entered promiscuous mode [ 354.237515][T11620] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 354.258422][T11620] Cannot create hsr debugfs directory [ 355.038433][ T5838] Bluetooth: hci4: command tx timeout [ 355.105435][T11620] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 355.321545][T11620] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 355.452696][T11620] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 355.517162][T11620] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 356.071539][T11620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 356.155965][T11620] 8021q: adding VLAN 0 to HW filter on device team0 [ 356.256830][ T6737] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.264003][ T6737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 356.302930][ T6737] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.310103][ T6737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.423941][T11620] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 357.129074][ T5838] Bluetooth: hci4: command tx timeout [ 357.628192][T11620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 358.346586][T11754] ================================================================== [ 358.354695][T11754] BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350 [ 358.362616][T11754] Read of size 8 at addr ffff88801baec800 by task syz.0.1314/11754 [ 358.370526][T11754] [ 358.372862][T11754] CPU: 0 UID: 0 PID: 11754 Comm: syz.0.1314 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 358.383647][T11754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 358.393718][T11754] Call Trace: [ 358.397009][T11754] [ 358.399957][T11754] dump_stack_lvl+0x116/0x1f0 [ 358.404682][T11754] print_report+0xc3/0x620 [ 358.409134][T11754] ? __virt_addr_valid+0x5e/0x590 [ 358.414195][T11754] ? __phys_addr+0xc6/0x150 [ 358.418732][T11754] kasan_report+0xd9/0x110 [ 358.423185][T11754] ? force_devcd_write+0x31f/0x350 [ 358.428332][T11754] ? force_devcd_write+0x31f/0x350 [ 358.433475][T11754] force_devcd_write+0x31f/0x350 [ 358.438437][T11754] ? __pfx_force_devcd_write+0x10/0x10 [ 358.443920][T11754] ? debugfs_file_get+0x21c/0x5c0 [ 358.448971][T11754] ? __pfx_debugfs_file_get+0x10/0x10 [ 358.454370][T11754] ? rcu_is_watching+0x12/0xc0 [ 358.459336][T11754] ? trace_lock_acquire+0x14e/0x1f0 [ 358.464566][T11754] full_proxy_write+0xfb/0x1b0 [ 358.469359][T11754] ? __pfx_full_proxy_write+0x10/0x10 [ 358.474758][T11754] vfs_write+0x24c/0x1150 [ 358.479116][T11754] ? __fget_files+0x1fc/0x3a0 [ 358.483816][T11754] ? __pfx___mutex_lock+0x10/0x10 [ 358.488870][T11754] ? __pfx_vfs_write+0x10/0x10 [ 358.493662][T11754] ? __fget_files+0x206/0x3a0 [ 358.498373][T11754] ksys_write+0x12b/0x250 [ 358.502727][T11754] ? __pfx_ksys_write+0x10/0x10 [ 358.507617][T11754] do_syscall_64+0xcd/0x250 [ 358.512155][T11754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.518085][T11754] RIP: 0033:0x7fb40df85d29 [ 358.522516][T11754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.542149][T11754] RSP: 002b:00007fb40ecf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 358.550595][T11754] RAX: ffffffffffffffda RBX: 00007fb40e175fa0 RCX: 00007fb40df85d29 [ 358.558589][T11754] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 358.566576][T11754] RBP: 00007fb40e001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 358.574568][T11754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.582557][T11754] R13: 0000000000000000 R14: 00007fb40e175fa0 R15: 00007ffe6b39b8e8 [ 358.590554][T11754] [ 358.593585][T11754] [ 358.595926][T11754] Allocated by task 5828: [ 358.600257][T11754] kasan_save_stack+0x33/0x60 [ 358.604957][T11754] kasan_save_track+0x14/0x30 [ 358.609656][T11754] __kasan_kmalloc+0xaa/0xb0 [ 358.614273][T11754] vhci_open+0x4c/0x430 [ 358.618440][T11754] misc_open+0x35a/0x420 [ 358.622704][T11754] chrdev_open+0x237/0x6a0 [ 358.627148][T11754] do_dentry_open+0xf59/0x1ea0 [ 358.628726][T11620] veth0_vlan: entered promiscuous mode [ 358.631924][T11754] vfs_open+0x82/0x3f0 [ 358.641446][T11754] path_openat+0x1e6a/0x2d60 [ 358.646060][T11754] do_filp_open+0x20c/0x470 [ 358.650619][T11754] do_sys_openat2+0x17a/0x1e0 [ 358.655320][T11754] __x64_sys_openat+0x175/0x210 [ 358.660196][T11754] do_syscall_64+0xcd/0x250 [ 358.663257][T11620] veth1_vlan: entered promiscuous mode [ 358.664706][T11754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.676067][T11754] [ 358.678399][T11754] Freed by task 11285: [ 358.682473][T11754] kasan_save_stack+0x33/0x60 [ 358.687184][T11754] kasan_save_track+0x14/0x30 [ 358.691885][T11754] kasan_save_free_info+0x3b/0x60 [ 358.696931][T11754] __kasan_slab_free+0x51/0x70 [ 358.701725][T11754] kfree+0x14f/0x4b0 [ 358.704666][T11620] veth0_macvtap: entered promiscuous mode [ 358.705623][T11754] vhci_release+0xbb/0xf0 [ 358.715662][T11754] __fput+0x3f8/0xb60 [ 358.719669][T11754] task_work_run+0x14e/0x250 [ 358.722705][T11620] veth1_macvtap: entered promiscuous mode [ 358.724270][T11754] do_exit+0xad8/0x2d70 [ 358.734140][T11754] do_group_exit+0xd3/0x2a0 [ 358.738678][T11754] get_signal+0x2576/0x2610 [ 358.743200][T11754] arch_do_signal_or_restart+0x90/0x7e0 [ 358.748771][T11754] syscall_exit_to_user_mode+0x150/0x2a0 [ 358.754425][T11754] do_syscall_64+0xda/0x250 [ 358.758954][T11754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.764873][T11754] [ 358.767207][T11754] The buggy address belongs to the object at ffff88801baec800 [ 358.767207][T11754] which belongs to the cache kmalloc-1k of size 1024 [ 358.770021][T11620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 358.781254][T11754] The buggy address is located 0 bytes inside of [ 358.781254][T11754] freed 1024-byte region [ffff88801baec800, ffff88801baecc00) [ 358.781280][T11754] [ 358.781285][T11754] The buggy address belongs to the physical page: [ 358.781300][T11754] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bae8 [ 358.813322][T11620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.814132][T11754] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 358.833080][T11620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 358.841124][T11754] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 358.841153][T11754] page_type: f5(slab) [ 358.841174][T11754] raw: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001 [ 358.841197][T11754] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 358.868319][T11620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.872076][T11754] head: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001 [ 358.872101][T11754] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 358.888327][T11620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 358.890437][T11754] head: 00fff00000000003 ffffea00006eba01 ffffffffffffffff 0000000000000000 [ 358.908322][T11620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.918121][T11754] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 358.918141][T11754] page dumped because: kasan: bad access detected [ 358.918160][T11754] page_owner tracks the page as allocated [ 358.918167][T11754] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 0, tgid 0 (swapper/0), ts 2046407670, free_ts 0 [ 358.949195][T11620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 358.951651][T11754] post_alloc_hook+0x2d1/0x350 [ 358.973104][T11620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 358.975283][T11754] get_page_from_freelist+0xfce/0x2f80 [ 358.988322][T11620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.997591][T11754] __alloc_pages_noprof+0x223/0x25b0 [ 358.997628][T11754] new_slab+0xca/0x410 [ 359.022386][T11754] ___slab_alloc+0xce2/0x1650 [ 359.027131][T11754] __slab_alloc.constprop.0+0x56/0xb0 [ 359.032523][T11754] __kmalloc_cache_node_noprof+0xfb/0x3f0 [ 359.038266][T11754] alloc_desc+0x5e/0x930 [ 359.038333][T11620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.042506][T11754] early_irq_init+0x206/0x350 [ 359.042537][T11754] start_kernel+0x206/0x4d0 [ 359.062123][T11754] x86_64_start_reservations+0x18/0x30 [ 359.063688][T11620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.067590][T11754] x86_64_start_kernel+0xb2/0xc0 [ 359.067620][T11754] common_startup_64+0x13e/0x148 [ 359.087276][T11754] page_owner free stack trace missing [ 359.088255][T11620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.092722][T11754] [ 359.092730][T11754] Memory state around the buggy address: [ 359.111086][T11754] ffff88801baec700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 359.118330][T11620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.119147][T11754] ffff88801baec780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 359.136890][T11620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 359.136960][T11754] >ffff88801baec800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 359.152231][T11754] ^ [ 359.156310][T11754] ffff88801baec880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 359.160463][T11620] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.164367][T11754] ffff88801baec900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 359.181089][T11754] ================================================================== [ 359.183277][T11620] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 359.248463][T11754] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 359.255785][T11754] CPU: 0 UID: 0 PID: 11754 Comm: syz.0.1314 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 [ 359.266568][T11754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 359.276639][T11754] Call Trace: [ 359.279940][T11754] [ 359.282879][T11754] dump_stack_lvl+0x3d/0x1f0 [ 359.287495][T11754] panic+0x71d/0x800 [ 359.291419][T11754] ? __pfx_panic+0x10/0x10 [ 359.295861][T11754] ? preempt_schedule_thunk+0x1a/0x30 [ 359.301253][T11754] ? preempt_schedule_common+0x44/0xc0 [ 359.306744][T11754] check_panic_on_warn+0xab/0xb0 [ 359.311716][T11754] end_report+0x117/0x180 [ 359.316086][T11754] kasan_report+0xe9/0x110 [ 359.320532][T11754] ? force_devcd_write+0x31f/0x350 [ 359.325663][T11754] ? force_devcd_write+0x31f/0x350 [ 359.330806][T11754] force_devcd_write+0x31f/0x350 [ 359.335762][T11754] ? __pfx_force_devcd_write+0x10/0x10 [ 359.341243][T11754] ? debugfs_file_get+0x21c/0x5c0 [ 359.346292][T11754] ? __pfx_debugfs_file_get+0x10/0x10 [ 359.351713][T11754] ? rcu_is_watching+0x12/0xc0 [ 359.356501][T11754] ? trace_lock_acquire+0x14e/0x1f0 [ 359.361726][T11754] full_proxy_write+0xfb/0x1b0 [ 359.366509][T11754] ? __pfx_full_proxy_write+0x10/0x10 [ 359.371885][T11754] vfs_write+0x24c/0x1150 [ 359.376225][T11754] ? __fget_files+0x1fc/0x3a0 [ 359.380902][T11754] ? __pfx___mutex_lock+0x10/0x10 [ 359.385927][T11754] ? __pfx_vfs_write+0x10/0x10 [ 359.390694][T11754] ? __fget_files+0x206/0x3a0 [ 359.395371][T11754] ksys_write+0x12b/0x250 [ 359.399703][T11754] ? __pfx_ksys_write+0x10/0x10 [ 359.404553][T11754] do_syscall_64+0xcd/0x250 [ 359.409060][T11754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.414962][T11754] RIP: 0033:0x7fb40df85d29 [ 359.419372][T11754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.438978][T11754] RSP: 002b:00007fb40ecf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 359.447391][T11754] RAX: ffffffffffffffda RBX: 00007fb40e175fa0 RCX: 00007fb40df85d29 [ 359.455362][T11754] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 359.463331][T11754] RBP: 00007fb40e001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 359.471296][T11754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 359.479263][T11754] R13: 0000000000000000 R14: 00007fb40e175fa0 R15: 00007ffe6b39b8e8 [ 359.487237][T11754] [ 359.490539][T11754] Kernel Offset: disabled [ 359.494857][T11754] Rebooting in 86400 seconds..