last executing test programs: 53.982476203s ago: executing program 1 (id=1932): socket(0x28, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000300), r1) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001cc0), r1) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="030527bd7000fbdbdf25040000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x40) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000000), 0xe0de}, 0x2) 53.835754665s ago: executing program 1 (id=1933): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/driver/serial\x00', 0x2, 0x0) read$auto_proc_single_file_operations_base(r0, &(0x7f00000000c0)=""/41, 0x11) r1 = getpgid(0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r1, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x5, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) r2 = prctl$auto_PR_MCE_KILL_GET(0x22, 0x2, r1, 0x7fffffff, 0x80) r3 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) r4 = socket(0x22, 0x2, 0x1) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r4) r6 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) copy_file_range$auto(r6, &(0x7f0000000140)=0xffff, r6, &(0x7f0000000180)=0x80, 0x21c1, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r5, 0x2, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x3}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x7ff}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x101}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x4}, @NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4011) fcntl$auto_F_SETOWN_EX(r0, 0xf, r1) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x28, 0x0, 0x21, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x400c854) 53.723223597s ago: executing program 1 (id=1935): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) clone3$auto(&(0x7f0000000240)={0x100000000, 0x980, 0x401, 0x6, 0x2, 0x1, 0xff7fffffffffffff, 0x8, 0xe, 0x9, 0x3}, 0x40) io_uring_setup$auto(0x4, 0x0) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) lchown$auto(&(0x7f0000000000)='.\x00', 0x0, 0x6) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) fchmod$auto(r0, 0x7439) creat$auto(&(0x7f0000000280)=']\\\xe8@!^).\'\x00', 0xcc38) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x7, 0x2688, 0xe, 0x0, 0x7) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x1fe, 0x81) r1 = socket(0x10, 0x2, 0x0) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x0, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x7, 0x6}, 0xfffffffc, 0xbfa, 0x9, 0x10, 0x0, 0x2, 0x8, 0xff, 0x10000, 0x100000001, 0x4}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 53.454100588s ago: executing program 1 (id=1938): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram8\x00', 0x81, 0x0) r1 = semctl$auto(0xc, 0x2, 0x13, 0x4) r2 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC0D0p\x00', 0x940, 0x0) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR32(r2, 0xc0844123, 0x0) ioctl$auto_BLKZEROOUT(r0, 0x127f, 0x0) r3 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x101000, 0x0) getsockopt$auto_SO_REUSEADDR(r3, 0x7, 0x2, &(0x7f0000000100)='/proc/tty/driver/serial\x00', &(0x7f0000000140)=0x2) r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/driver/serial\x00', 0x2, 0x0) read$auto_proc_single_file_operations_base(r4, &(0x7f00000000c0)=""/41, 0x11) prctl$auto(0x7, 0x4, r1, 0x16, 0xffffffffffff0000) 53.33323517s ago: executing program 1 (id=1941): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev6\x00', 0x80000, 0x0) bpf$auto(0x20, &(0x7f00000004c0)=@enable_stats={0x4}, 0x3ff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) write$auto_vhost_net_fops_net(r0, &(0x7f00000009c0)="5cfecd0b9c", 0x5) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x80286f4e, 0x38) ioctl$auto(0x3, 0xae47, 0xffffffffffffffff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}, @NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x60}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) write$auto(0x3, 0x0, 0x3f00) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 52.505553528s ago: executing program 1 (id=1944): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd4/queue/logical_block_size\x00', 0x80040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/53, 0x35) r1 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0) write$auto_lockdown_ops_lockdown(r1, &(0x7f0000000080)="a3c72e71ed506a221381f0538fefa465158fbbeb89451043553ff869189cf3250b65c544ccd3988b29f3cdb20660e616d3daa3e36b174c5661e383221287595a7e873202add9b0f11733de4ec2cd9c5b048058ed89c590d73c2e44d11636cb85ea9cb4180c5d1ab11f731cec20c57489baf87d298ef21b138e83a6a13cfdc39ffcf7c18ae6946c0d58c5026cd804c5d2f1a5348a159fe5e6746038217e838e23a24c5cda52d0af4c570a9983422fb706704f8410113a38fc2decb77fbcbca9e8f3dd2b2ccb939869852e91137af1e79ab833c8b104726d0a00", 0xd9) userfaultfd$auto(0x1) ioctl$auto(0x3, 0xc018aa3f, 0xc) io_uring_setup$auto(0x17c8, &(0x7f0000000040)={0x6, 0x5, 0x5, 0x1, 0x2, 0x1, r0, [0x9, 0x5, 0x5], {0x0, 0x2, 0x6, 0x1, 0x3ca, 0x2, 0x1, 0x4, 0x101}, {0xb34, 0x3, 0x1, 0x9, 0x3, 0x4, 0x3, 0x5, 0x8}}) 52.258620415s ago: executing program 32 (id=1944): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd4/queue/logical_block_size\x00', 0x80040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/53, 0x35) r1 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0) write$auto_lockdown_ops_lockdown(r1, &(0x7f0000000080)="a3c72e71ed506a221381f0538fefa465158fbbeb89451043553ff869189cf3250b65c544ccd3988b29f3cdb20660e616d3daa3e36b174c5661e383221287595a7e873202add9b0f11733de4ec2cd9c5b048058ed89c590d73c2e44d11636cb85ea9cb4180c5d1ab11f731cec20c57489baf87d298ef21b138e83a6a13cfdc39ffcf7c18ae6946c0d58c5026cd804c5d2f1a5348a159fe5e6746038217e838e23a24c5cda52d0af4c570a9983422fb706704f8410113a38fc2decb77fbcbca9e8f3dd2b2ccb939869852e91137af1e79ab833c8b104726d0a00", 0xd9) userfaultfd$auto(0x1) ioctl$auto(0x3, 0xc018aa3f, 0xc) io_uring_setup$auto(0x17c8, &(0x7f0000000040)={0x6, 0x5, 0x5, 0x1, 0x2, 0x1, r0, [0x9, 0x5, 0x5], {0x0, 0x2, 0x6, 0x1, 0x3ca, 0x2, 0x1, 0x4, 0x101}, {0xb34, 0x3, 0x1, 0x9, 0x3, 0x4, 0x3, 0x5, 0x8}}) 51.622478619s ago: executing program 0 (id=1951): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/driver/serial\x00', 0x2, 0x0) read$auto_proc_single_file_operations_base(r0, &(0x7f00000000c0)=""/41, 0x11) r1 = getpgid(0x0) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r1, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x5, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) r2 = prctl$auto_PR_MCE_KILL_GET(0x22, 0x2, r1, 0x7fffffff, 0x80) r3 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) r4 = socket(0x22, 0x2, 0x1) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r4) r6 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) copy_file_range$auto(r6, &(0x7f0000000140)=0xffff, r6, &(0x7f0000000180)=0x80, 0x21c1, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r5, 0x2, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x3}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x7ff}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x101}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x4}, @NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4011) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r7, 0x21, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x400c854) 51.324887038s ago: executing program 0 (id=1953): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="012527bd7000fb0c0eec4c00000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) 51.221331568s ago: executing program 0 (id=1954): openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) unshare$auto(0x40000080) r0 = socket(0x2, 0x3, 0xa) getsockopt$auto(r0, 0x0, 0x26, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x806, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x20342, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x62, 0x0) write$auto(r3, &(0x7f0000000440)='+\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, 0x0) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0x7) unshare$auto(0x2) read$auto(r1, 0x0, 0xb) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/sctp/remaddr\x00', 0x181580, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000034000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) readv$auto(r4, &(0x7f00000000c0)={0x0, 0x1}, 0x2) 50.208681203s ago: executing program 0 (id=1960): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x3, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="1b0026bd7400fddbdf250300000004"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x3, 0x0) 50.041934443s ago: executing program 0 (id=1963): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev6\x00', 0x80000, 0x0) bpf$auto(0x20, &(0x7f00000004c0)=@enable_stats={0x4}, 0x3ff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) write$auto_vhost_net_fops_net(r0, &(0x7f00000009c0)="5cfecd0b9c", 0x5) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x80286f4e, 0x38) ioctl$auto(0x3, 0xae47, 0xffffffffffffffff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}, @NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x60}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) write$auto(0x3, 0x0, 0x3f00) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 48.571927911s ago: executing program 0 (id=1977): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket$nl_generic(0x10, 0x3, 0x10) pwrite64$auto(0xffffffffffffffff, 0x0, 0x2000000fdf0, 0x39) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, 0x0, 0x20000000) socket(0x25, 0xa, 0xfffffffd) rseq$auto(0x0, 0x8000, 0x0, 0x6) geteuid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x800, 0x5, 0xd) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000180)='\xd8\xf3\x8f\\\tS\x82\x00\xb4\v\xdd\xc7\x85\xd8\xdd\x9cz\x86\x90\xd92\xe0)\xefnM:\xcfC\xe8\xbe\x1bi]\xf7\xc8\xcb\xa1q!\xdc\xa3;\xae\x12\x82$\x01\x91\xcal\xc7\xbc\xe5D[5\xdc2\xed\xe37\xcf\x00\xd36\xfa\xe1U6\xa1r\xa1_Y\x9f\xe7\f\x00\xc47\xc5)\x85G\xc0\x11\x1di\xf5?P\xf9\x12(\xf5>m\x19\x8c\xc4\xc3`hy=r\xed2\xacl\xc9\xa8\xc2\xddJ\xef@\xd3b&H\x06\r\x004\"i\xa2\x0f\x15\xc7{\x86>P\xf1[*\xc3\xc4\xde\x05\x85\'\x9c\xae\"7x\xdd\xa4\xcd\x03$\xdd\x03\x86\xc7P\xe4+\xc7', 0xd) madvise$auto(0x4000, 0xffffffffffff0005, 0x9) write$auto(0x3, 0x0, 0xfdef) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_CGROUPSTATS_CMD_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x13, r3, 0x25, 0x70bd25, 0x25dfdbfe, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close_range$auto(r0, r1, 0x6) 48.28733541s ago: executing program 33 (id=1977): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket$nl_generic(0x10, 0x3, 0x10) pwrite64$auto(0xffffffffffffffff, 0x0, 0x2000000fdf0, 0x39) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, 0x0, 0x20000000) socket(0x25, 0xa, 0xfffffffd) rseq$auto(0x0, 0x8000, 0x0, 0x6) geteuid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x800, 0x5, 0xd) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000180)='\xd8\xf3\x8f\\\tS\x82\x00\xb4\v\xdd\xc7\x85\xd8\xdd\x9cz\x86\x90\xd92\xe0)\xefnM:\xcfC\xe8\xbe\x1bi]\xf7\xc8\xcb\xa1q!\xdc\xa3;\xae\x12\x82$\x01\x91\xcal\xc7\xbc\xe5D[5\xdc2\xed\xe37\xcf\x00\xd36\xfa\xe1U6\xa1r\xa1_Y\x9f\xe7\f\x00\xc47\xc5)\x85G\xc0\x11\x1di\xf5?P\xf9\x12(\xf5>m\x19\x8c\xc4\xc3`hy=r\xed2\xacl\xc9\xa8\xc2\xddJ\xef@\xd3b&H\x06\r\x004\"i\xa2\x0f\x15\xc7{\x86>P\xf1[*\xc3\xc4\xde\x05\x85\'\x9c\xae\"7x\xdd\xa4\xcd\x03$\xdd\x03\x86\xc7P\xe4+\xc7', 0xd) madvise$auto(0x4000, 0xffffffffffff0005, 0x9) write$auto(0x3, 0x0, 0xfdef) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_CGROUPSTATS_CMD_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x13, r3, 0x25, 0x70bd25, 0x25dfdbfe, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8, 0x1, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close_range$auto(r0, r1, 0x6) 34.350141591s ago: executing program 5 (id=2114): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0x22240, 0x155) (async) socket(0x2, 0x80802, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) (async) socket(0xa, 0x2, 0x0) r0 = socket(0x2b, 0x1, 0x1) eventfd2$auto(0x2, 0x4) getsockopt$auto(r0, 0x1, 0xe, 0x0, 0x0) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8880) (async) process_vm_readv$auto(0xbd4, &(0x7f0000000040)={0x0}, 0x3ff, 0x0, 0x46, 0x0) (async) socket(0xa, 0x2, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) (async) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x48080) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) (async) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r2) (async) sendmsg$auto_OVS_DP_CMD_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20044010}, 0x0) (async) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002f80)={0x20, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0x4000000b}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x805}, 0x8000) (async) semctl$auto(0x201, 0x2, 0x13, 0x4) (async) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x441, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) fanotify_init$auto(0x65, 0x2) 34.224271156s ago: executing program 5 (id=2119): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_PMK(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="a0000000", @ANYRES16=0x0, @ANYBLOB="000829bd7000fedbdf257b00000004008700060095000700000008004b0001fcffff050074000a000000380055005d48764c66d5bec3d5bc4381dc1cbc6a3732f478a40f3cf43bc13f8137157887815629f0827760a40aa5db37f8114d26b6d5aa6c2f00be0047c8cee8b30b9392316f812b98219b127a7fffbff58f7e46b270c27eaa7ac4c0ed03a89c2da5074d5607d1000800050009000000"], 0xa0}, 0x1, 0x0, 0x0, 0x44840}, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'ipvlan1\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{&(0x7f0000000140), 0x12, &(0x7f0000000280)={0x0, 0x4e}, 0x7, 0x0, 0x3, 0x1}, 0x7}, 0x8, 0x7fff) 34.098815423s ago: executing program 5 (id=2121): socket$nl_generic(0x11, 0x3, 0x10) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x11, 0x0, 0xfb3) 33.878081454s ago: executing program 5 (id=2126): socket$nl_generic(0x11, 0x3, 0x10) socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3) 33.816252533s ago: executing program 5 (id=2127): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) bpf$auto(0x0, &(0x7f0000000380)=@enable_stats={0x2}, 0x6f3) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) 33.758614262s ago: executing program 5 (id=2129): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev6\x00', 0x80000, 0x0) bpf$auto(0x20, &(0x7f00000004c0)=@enable_stats={0x4}, 0x3ff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) write$auto_vhost_net_fops_net(r0, &(0x7f00000009c0)="5cfecd0b9c", 0x5) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x80286f4e, 0x38) ioctl$auto(0x3, 0xae47, 0xffffffffffffffff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}, @NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x60}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) 27.50062799s ago: executing program 2 (id=2192): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1d, 0x2, 0x2, 0x0) r0 = open(0x0, 0x22240, 0x118) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r0, 0x2, 0x2, 0x2) socket(0x2, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd10/queue/iosched/read_expire\x00', 0x1c2b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x8, 0x5, 0x81) io_uring_setup$auto(0x12, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) setsockopt$auto(r0, 0x2, 0x400017, 0x0, 0x82) 27.370330227s ago: executing program 2 (id=2194): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x0) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f3, 0x24) 25.015872503s ago: executing program 2 (id=2203): socket(0x5, 0x5, 0x106) getrandom$auto(0x0, 0x6000000, 0x3) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffff7ffffffffffa, 0x8000) r0 = timerfd_create$auto(0x9, 0x0) semctl$auto(0x1ff, 0x3, 0x13, 0x4) read$auto(r0, 0x0, 0x80) ioctl$auto(0x3, 0x40085400, 0x5) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x20000, 0x0) ioctl$auto_SNDCTL_SEQ_TESTMIDI(r1, 0x40045108, &(0x7f00000000c0)="011458ce7a69fd97352f661883fd05cd68cad96a0537bee65a") r2 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/vkms_config\x00', 0x8000, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x2, 0x88) setsockopt$auto(0x4, 0x88, 0xa, &(0x7f0000000000)='!/+:Y\x81\'\x00', 0x80000e) read$auto_drm_debugfs_entry_fops_drm_debugfs(r2, &(0x7f0000000380)=""/4096, 0x1000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xc18, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002900)={0x638, 0x0, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@WGDEVICE_A_PUBLIC_KEY={0x621, 0x4, "1f22f4b15b730dd328c401a7d768af21c2b1d0b0e9f5e5f0d268c91e0fdac979842eedacc6b2c492a2955e7d5f3373e75d3ea50e17908281a235446c5c79fa3097f031a9b0f18c8d4bb25d70b08d7eacfcfbde9bcd7b1459912ac2f68e9312a09521cc5245ea9a54e227b9c3161bce3b0cdfcc7e8c64feb2fcb1c1ff658f2072955aa56279e61494a4ee44b65c2a2165e26d5e4e0a8c2ca20727c01c7034c7df93769b8cbc315376d4ad56c9de75ade4709f4763ba4764536de03e40bb4ea6b9042e4f6283d4170062efa6bde4dbfdb85301f8d3a13e3b663af51b3408f3d82db641836b64a6fc4f6ee7307a80ed06533ad11c83a81701463ddc85c2f2c784f80762a9906d0c3fb3708b07bf48cc2a7d62e64599502ea8cbe3b66f2c82f679ee770e11a6194a34b17b9c51b8ecd0638a9ab76c47a94547637fd4f432a4966694a0eb824f77215d463a606c072bb6d766c93f78ae55d339490687affa1edfe8ea72818b58b0d1fce47236be21596d2bb1e7d873e3a1117a62341d6b6560a875ff0fd18e206ca8de79ba150c5d70633f7083b876501149920a8115399da190959589373e55f3ceec038c0cf81da1a3752b684ca011748410c28e713c8780c49f7dd2bd9137d0465d3561cc4396f71b2ef28619ea63fe53a13f1c126da8c4b155cc27b8e9e54418d88b8bd54406be126e224417ea1e9dc2763a93015abaa076a6b39049411713f91ad097982a7592a86098841656b12a64c00df4f105d568e71e236bfab8ca8e2ecaac7e5f22d0b5994244b44db6ad98cb42c000feaeb82d78d81de93716b416d55aa19f49a0638fe61592e52c1582e66c078a2a8123b1bb9a50f689bdf0d32163a6610d082e8763cd00aa9c4332744e95c2cf4d3c54cdfb23e6b0e0d484399666a41df8929bcb99d48fd23eb4e0a6b1ef2981afff8268d76b94d761b56227429ed6ddbddf85ea2a203c929068d20cd107277d2e4e0386b0b4430a4d359ee6fc0ed9f3e9473453a24fffab5d9f3b1e9bcff959e723cca826178ec34c2b7c634a13e7462d61c8c9d3e617373a8507f37270bbdfb34cf1b53a86f10199dfa3a750f1384ae7eaca382f4e5b1753d7acfc5e784c88b1d5d8e5c4386264c7d479da85416523fd9aaee9b166a0712464cd5a08ca9505a199942bc48ec7f98538b81a54951ab1a830792fa633cb12ef06babfcb171c987e240b932a14df1cf48fbd838f261f771532416b7ee517b2dcce574102ca2e89177d34b17edcbc77b9ade94bbf82463d6c9ff5419e5ead81674c1c2d7fddc924f2edc44061ff6930bdc00457c70e3564e11b06ad1faed25e17da63b7fa7be7dc656cd9a3c9130aae131bc083deceeb9ab4ec6f5df4dc662be2c01840f776710d1054ad95fb174f0f7debbfa8c67949b46ff3803c0c6588117cc37c8eaddd1d695b67ff695a697ba06e79dbfac15e7347ecab6a9359b0b15a4d39f1172b61b4c7bc23714bfdcecb2ed4e50e7d42bbadae54f46bcf01f32ae87eb138772e278082356a43739b0633c72a0d4a1173e05520dbe69f523e32b10b10705756ddcacfaeb202eb1aa64de75b5b301dceb8e6e8b330a89a9d3b8aac64334b40e7e8503313691a07aa539c0883ac9598e570cd76ace9394eea4ac02170c56f5b82160243473c1a5722b9767c96b87e003303da7e696d9250542776914f5dd343eac3ce9960e505cdc1476fa45b1b07ad851aa1dcf5e593f33d71cabda6f246900e18a09d39d608ba6b80db8c46ff67faafa69c946a9fac2046698bea8dc35d927197f0fbf8b3f25c57a7a13de9c6dfeabe2c83bada48e1512a8996fb0c084185ad01e8dca296ef321a479dbafe90eb1fed2604549e0ef176149afd7928cd1003aa4c3c1595d1209d92e78fb77614fb15828a166daee3fd34165ab23e6d4d3101bc822ec0086dcc9bdad830334aeab417a7471615b7987c3b1a6801643a33082c7c46056e9a88088e5ed59eef7338ad25c5294d7331ae1704b910f30e2ce77af0a0af05d217457d65137911b9a7a97e8aaf1731b3eb77b549fe5585896b9d733dcc4a1f72fd8d79257b68069385de1b57d210e346af9227704ba75e2181297249af4f492bf473194571192e427754db924f915fdd09d8cc4959c92d5cf4921c957a8c70c0865864ec8145d2bba84ec8b5597fcc54dc14ba9f7b0579ff54c42a97e53914601f4722851b3d"}]}, 0x638}, 0x1, 0x0, 0x0, 0x20000800}, 0x20040040) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r3) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)={0x4c, r5, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x10000}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000800) setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0xb) 18.094533523s ago: executing program 34 (id=2129): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev6\x00', 0x80000, 0x0) bpf$auto(0x20, &(0x7f00000004c0)=@enable_stats={0x4}, 0x3ff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) write$auto_vhost_net_fops_net(r0, &(0x7f00000009c0)="5cfecd0b9c", 0x5) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x80286f4e, 0x38) ioctl$auto(0x3, 0xae47, 0xffffffffffffffff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}, @NFSD_A_SERVER_SCOPE={0x9, 0x4, 'nfsd\x00'}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x60}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) 18.080098865s ago: executing program 2 (id=2197): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.events.local\x00', 0x103042, 0x0) mmap$auto(0x7, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x4c2801, 0x0) write$auto(r0, 0x0, 0x2) lsm_set_self_attr$auto(0x3, 0xfffffffffffffffc, 0x1f, 0x8000000000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0x3) 17.97382477s ago: executing program 2 (id=2201): socket(0x28, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_THREADS_GET(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000001780)={0x14, 0x0, 0x4, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x44848}, 0x4000000) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000300), r0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001cc0), r0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000002280)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030527bd7000fbdbdf25040000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x40) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000000), 0xe0de}, 0x2) 17.766428853s ago: executing program 2 (id=2204): mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r0, 0x0) clone$auto(0xb, 0x6, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x800fffffffc) 2.72014281s ago: executing program 35 (id=2204): mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r0, 0x0) clone$auto(0xb, 0x6, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x800fffffffc) 2.010977651s ago: executing program 3 (id=2344): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) r0 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2, 0x0) r1 = prctl$auto_PR_GET_SHADOW_STACK_STATUS(0x4a, 0x2, 0xffffffffffffffff, 0x1, 0x6a800000000) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000080), r1) write$auto_uprobe_events_ops_trace_uprobe(r0, &(0x7f0000000000)="706f3a82d9e5cc7c2ceda8d50bfc94be9fe6c22ffaf8493a38", 0x19) 1.898126371s ago: executing program 3 (id=2347): rmdir$auto(&(0x7f0000000040)='.\x00') 1.753097381s ago: executing program 3 (id=2349): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r0, 0x21, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x400c854) 1.752515057s ago: executing program 4 (id=2350): write$auto(0xffffffffffffffff, 0x0, 0x5) r0 = bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96) bpf$auto(0xffffffff, 0x0, 0xb) r1 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0) preadv$auto(r1, &(0x7f0000000100)={&(0x7f0000000200), 0x82}, 0x8, 0xd62a, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose3/statistics/tx_packets\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001100)=""/192, 0xc0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c00040000000000000000", @ANYRES16=r3, @ANYBLOB="810b25bd7000ffdbdf250100000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) sendmsg$auto_NL80211_CMD_NEW_MPATH(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8800010}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000425bd7000fddbdf251700000033016e8008000300e00000014aaaff237f86cb195d10dd2b2dea889d71778fabff84e7999146fb5b6866ecc551ba62b701aed2b1f94b4e38a7fea5945a853dd6bc7d103cc20563a61212fada2196d0e23ee39260c0e7ad91c5730e6e5593500111fe92b15d8ef9a949fdafbb44a39d4a3757078f2e3314bc1ac27ca8ecac8394634b8ba1db9e3a8c59e7e3535657cfec0072ba1ce4857811f32246e20b6c88369d8ef3d38934df7d08e254f47c026c18db7dec8991f308fc1be97b006a766b121bea3657f1155ed400e592210f3ed30caf1cd0920d6f8784ed77bb855109f901537dc8d2646d6146e108d92b3bf706f3e24c3d881f0d92a52e1dd5f8322a55d34be3174ac1e57e225bb0b83871e1fe038210ad08867ad020cad6aebddf2a5f36c67b8139c8a2709f6190a60800fd0001000000000800230101000000"], 0x150}, 0x1, 0x0, 0x0, 0x1b6efac7cd8fe165}, 0x8010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x7, 0x940, 0x1ffde, 0x3, 0x6, 0x3, 0x9, 0x5, 0x2, 0x7, 0xb1, 0x7, 0x2, 0x1, 0x5, 0x7}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4048000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) pkey_free$auto(0xfffffffd) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000540)='/dev/snd/pcmC0D0c\x00', 0x101102, 0x0) 1.7303646s ago: executing program 6 (id=2351): socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x1f, 0x0, 0xfb3) 1.635562377s ago: executing program 6 (id=2352): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x8) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, r2, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_LAST_SEEN_MSECS={0x8}, @BATADV_ATTR_MESH_IFNAME={0x14, 0x4, 'team_slave_0\x00'}, @BATADV_ATTR_TT_VID={0x6, 0x14, 0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4044000) r3 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000001680)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2, 0x0) ppoll$auto(&(0x7f0000000340)={r1, 0x9, 0x1000}, 0x1, &(0x7f0000000380)={0xffffffff, 0x100000000}, &(0x7f00000003c0)={0x8000}, 0x8) write$auto_uprobe_events_ops_trace_uprobe(r3, &(0x7f0000000200)="706f3a82d9", 0x5) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280100009f3a14f22e87647da7a7582bbee2f0b2629d630a17b528fd917a2b50da797967b0eed1184a620b8c17eed128defc843ffb11f6f592203996a7f1f7b25753eb7dd6cb13007dd6af4fce6e0d1a3b7637b4996fe8ef8da759de84002800e2ebc03541ea618a2e71e8a90c50dc9b3e7353a9cda3bc615cb40c2bf3d362fc650bbbc48fcc0326c03123f4824af6001091f6aea8e8592a87dc6d4ffaf51e9c76d88a2453af68418e587488f86e0c4b001ae835ae", @ANYRES16=r0, @ANYBLOB="21002bbd7000fcdbdf254300000008000300", @ANYRES32=r5, @ANYBLOB='\f\x00X\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x400c854) 1.591778203s ago: executing program 3 (id=2353): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0004, 0x19) (async) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) (async) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) mkdir$auto(0x0, 0x8001) (async) mount$auto(0x0, 0x0, 0x0, 0x10001, 0x0) (async) stat$auto(0x0, 0x0) r1 = fsopen$auto(0x0, 0x3) (async, rerun: 64) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) bind$auto(r1, &(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff, @host}, 0x6) (async) ioctl$auto_FS_IOC_FSSETXATTR(r0, 0x401c5820, r0) (async) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) (async) close_range$auto(r1, 0x8, 0x0) 1.546475964s ago: executing program 6 (id=2354): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r0, 0x21, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x400c854) (fail_nth: 2) 1.062626056s ago: executing program 6 (id=2355): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'ipvlan1\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0xa, 0xa) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) landlock_restrict_self$auto(r1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r2, @ANYRES32], 0x18}}, 0x80) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000000000)="72391e58c9c31a5efe039e458866a3656afcbb9cfcc22e995118b5b8972f87079a") sendmmsg$auto(r0, &(0x7f0000000300)={{&(0x7f0000000040)="f74cfe5d77a8f99b7d7d0c4db1d877666c1948ec093d144af6e1d4d0d2d4c1d0482731bee2f153afe66637f189575c", 0xfffffff7, &(0x7f0000000280)={0x0, 0x40}, 0x7, 0x0, 0x4000000003, 0xfffffffe}, 0x3}, 0x73a1c6b8, 0x8) 1.018487946s ago: executing program 6 (id=2356): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x0) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f3, 0x24) 932.580535ms ago: executing program 4 (id=2357): mmap$auto(0xfffffffffffffffd, 0x2000c, 0x4000000000df, 0xeb0, 0x401, 0xffff) write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffffff, 0x0, 0x0) r0 = io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x408, 0x3, 0x10101, 0x6fb3, 0x8a, 0xffffd387, 0xffffffffffffffff, [0x100, 0x7, 0x7f], {0x2, 0x7, 0x3034, 0xc, 0x8f, 0x5, 0x5, 0xfffffff9, 0x6}, {0x4000, 0x2, 0x0, 0xfffff000, 0x0, 0xb89, 0xd5, 0x837, 0x8}}) socket(0x28, 0x1, 0x0) r1 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$auto(r1, 0x0, 0xfdef) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket(0x1e, 0x4, 0x0) recvfrom$auto(r2, 0x0, 0xc, 0xb21, 0x0, 0x0) (async) recvfrom$auto(r2, 0x0, 0xc, 0xb21, 0x0, 0x0) process_madvise$auto_MADV_POPULATE_READ(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000300), 0x8}, 0x5, 0x16, 0x5) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf9779d790fb28"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r3 = socket(0x10, 0x2, 0x4) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) (async) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) (async) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) (async) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/hsr_slave_1/keep_addr_on_down\x00', 0x2002, 0x0) (async) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/hsr_slave_1/keep_addr_on_down\x00', 0x2002, 0x0) sendfile$auto(r4, r4, 0x0, 0x20000007fffe000) ioperm$auto(0x6, 0x10001, 0x0) (async) ioperm$auto(0x6, 0x10001, 0x0) madvise$auto(0xfffffffffffffffe, 0xfffffffffffff801, 0x6) (async) madvise$auto(0xfffffffffffffffe, 0xfffffffffffff801, 0x6) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000200)="4fc05adc98fe0382980b121545996217b3de036b5d052a208c14f3acbe57701c80599e82363cf12b5b0adb2ab56e0694e15558f5b482f03f0048fcf16cf1a286498dc4348bf6530793b5831d7dda10e728248a61bfa3da999b0d0e4abecfc4638e2b5160a91525dc7da0f8675db3b3b3d42d704851334e68efacba8ffd756c64dcbd3fab8c616667372bf3cc8f4ace64a592d1ba4420292368af8773b710e2b53cce5c463d3cca9a949c76b5679363b0c5032975f5342275be0cc592a9476be25852f3e3e35c6b0b0552ce6e0606ae396f32100527") close_range$auto(0x2, 0xa, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) 736.136118ms ago: executing program 3 (id=2358): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video18\x00', 0x802, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r1 = socket(0x18, 0x5, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000ffdbdf2506000000140008"], 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x4044000) r4 = socket(0x18, 0x5, 0x1) connect$auto(r4, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) 678.634396ms ago: executing program 4 (id=2359): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x3, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='@', @ANYRES16, @ANYBLOB="1b0026bd7400fddbdf250300000004"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x3, 0x0) 667.679393ms ago: executing program 3 (id=2360): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, r0, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r1 = userfaultfd$auto(0x1) (async) poll$auto(&(0x7f0000003640)={r0, 0x7, 0x6}, 0x6, 0x100000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0xa, 0x5, 0x0) (async) r2 = socket(0x2, 0x3, 0x6) (async) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0xa, 0x5, 0x0) (async) r4 = socket(0x2, 0x3, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto_SO_DEBUG(r4, 0xff, 0x1, 0x0, 0x0) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async, rerun: 64) mincore$auto(0x1000, 0x8001, 0x0) (rerun: 64) open(0x0, 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(r2, 0x401c5820, 0x0) (async) mmap$auto(0x6, 0x8, 0x8000, 0x10, r1, 0xfff) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async, rerun: 64) msync$auto(0x0, 0x2000000005, 0x6) syz_genetlink_get_family_id$auto_thermal(0x0, 0xffffffffffffffff) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0x2000a) (async, rerun: 64) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) move_pages$auto(r5, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x2, 0x11, r3, 0x700) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40181, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/binderfs/binder0\x00', 0xc0981, 0x0) 559.653333ms ago: executing program 4 (id=2361): socket$nl_generic(0x11, 0x3, 0x10) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0x15, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3) 451.830726ms ago: executing program 4 (id=2362): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x1f, 0x0, 0xfb3) (fail_nth: 1) 1.014239ms ago: executing program 4 (id=2363): socket(0x2, 0x1, 0x0) mmap$auto(0x2000000, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyc7/dev\x00', 0x4000, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff) r0 = getpid() process_vm_readv$auto(r0, &(0x7f00000010c0)={0x0, 0x5}, 0x800000001, &(0x7f0000001100)={&(0x7f0000000080), 0x1ffffffff}, 0x4, 0x1000000) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) mmap$auto(0x4000, 0x80000002020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0xb2, 0x12, 0xffb, 0x8000000008015, r1, 0x8000) write$auto(r1, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto(0x0, 0x20499d, 0x9) r2 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x200, 0x0) ioctl$auto_BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, &(0x7f00000000c0)={@inferred=r1, "8c3aabe6e9afbe5768cca4cd7bcb348b656ea864a7e5a81c86fa6a89108f37471d02d69e0d3d7d5ee6af73152ab7560c718e16592dc6d82db11daedf00a59d05c4df000e462b5e6555f5c3f93ed7eeab69086107c0f5b26f1060cef8899c2f6ed7ba5bfd5b1006b8c1aea5db58627ea2b628b6ae64772a4820ffaf483c7f1a72b0162b715403ecae68357fbeffe0ad87a11230227d8153101bde22493eebc57ee405f0da474a664bce2b932bc20e99b7921894a18fff326e7371779a64c17c724fccd8959220aacd733307970aac9db6632cb0286615ef8b6855d91244f05b390f15b00824c827a3023354e019de5b76a1adf43ede1c4630295ec681ad45d8140c9ed9b4a09f6be0777176a25102f2b0466f4b0f9fc8dd86ebc499897679007ed09966471d50e10def35eacae513aa06cf92f6f4a21093fc7728014ef876ab6f7ab6e7dab548179d8e8547990a7e00f13fd015ce4080de0e863883c1869065be452ba98526532074e401c98e94acb227edb6895033cdc34c04082831a3bca46e54d8fcd25d56eb96307b7fe58de0f9f69fa13ce4ca576f38c43a15bc20dbb6c237888fa16ed5ba9fde154521895504c5b688c03344cb61db716b3d664511e8f2e6755754d017f85c45d2686f2774f68bbda8649d7c94909968bf230f5bd34174b048d68499df65742590b92d8de500b16fb3810cd821c60b1925b36dacb0e32a0200c97e3e8de4352dce33eefae8a9025f6ad59cfeba77743f946bd6011abcc5a4ac332e2acaf0eb0bfd6e6be9c781fc7df7ffd154707995e7411fbbbdfbf61abab8a13c793217277cc8bab5a43c6e9c1be01ec1e2677c5c1b05e5060ea6e98d2cebb6fe7dffd846db2b06ff8dba1ccb2cee8f506bcf70a76f4e8bda1eccf3cf2ac354978db12caafb771e53e8f9c815fd6a31299836839cb3df5a7f8a2be6bdd69fb0820f29bdc52d883353940e861fcb988f4f962145caffac0ecfbeb8c3db7f11851b434a83228a174795c9c3b39e1b9d23bbcbfa5f195bf51aa4ef41e7a7a2e91ab9a16943f8cee87d23ef085be386e06a5406ecf0805248daf7185363e5b7608dc8573f6c9536ad50767c4568754296a1587d70fc58a7a56997af765bf9ce38ff68bda887eba7472b75839ed020f254d599431a565840e510b35b440191122e00239a7c137bc83c213999197298c7aff68059c0624086434a67fa7c507b3af494be614d48f3ce91a73708005630fd77fb55c65b86c40a74b57d798d39ec649336ada14ddc5fdc5a1970edc9d2c36221b7f6a821aea3d2fdc516c9936943cbe445e772b0d31221fa7865fe8b1d268dec6df103ed3744fdb14ab9e4f9cccc4b741eb5a3b79529cbc93ba37c70e0b1910962b9e80797882ab248eb526d310877176f8112b6919094dadaa885e8388648decde51010a10832e3a49efea6cb926b1682d929c08cce96986a634c1d181a6e7793d293b81ade017414958765384eea99eb726f76cc422a0f14900ca60219a233d57cfd4d41efaacb568749c5128068c8d96e79a88e7be8f9129d985cf67144933ad84561872da17caacee97c437498902e340d3df5900fba314450a47fafe510919379d8c187883968a951c5c6fbdd30a52620b74691c279df9e44fb8ab7e464658b1d1ae2c4a1fb15d76be4e38d7c035e3128c0492a6c8db26952382f8424eaa5274fee0def170600860be719491144ebebf1dc34136f04b0d77400c5f9bbdac58a85135e057856a3597070400b74e6a0f06a14b193ff490630e51a822e72a84108b79552446fee5965d46ca60f26f961dd0eced5cf90653738ad85c6972bfa6619fa6e8b8b7ba568281b10f8972cf393d61d17daa4f5490add583b0354ec0d55b66dcf90283745b403d2f44da402bcec76e5404610d828ef468fa4a89961d21de05a6929e1c4c3f12bf0fc42add1d25b9118b2f6bedbf1f2261452f1860b3ae8aca50a959d357852e0bbac9d4ee7e5784f3b00c469ceb3afeb4821e5b850b2cae840760f8676d22c3be2468c9ce5e48700073196aa01c335aef0dd7daa3c7383b7f28b01cf6db6f5ade6a2b36a79b9a8067497e2db80bf3d0987621716c00d9ab14677a03f8724812964aded2a8df18766d761723a5f91c691224233a22c2cdd491218b88490c45fcfc44e5e4e12b88fb4b88ba8743fe75357f1f19234fb94ea65cb4612d380da1f1b327a51110c4ab009d090985655b649e499fcc18aa18fad7cdeb49f05573e345c4a89437a6c5b8f676dfe5f240212ed3aeb0b7a9683d0a2fd87864878f47cc6edec5b3713afe4ab46a0e638c07a2e263e480817b02564a4ef4a3391f832ef877a8b4da1dc1ff6ac5822724cc0ac49095e87bdc54081bd62769c7df06e35253bf8b05ba24d8129204391cff2f8808970c598d9b7d0301fbdcd618e5f3727ab911e2b3452163b6ba791f4e81b108a9efb45526652997b0b4c21df361e6a15e9688fce4d5df4466533ba698d0862b967c3c624ef64d18ef37da580b92613367468327605d0b0a68a5e05095b432411432eb208f4d38338b7dfdea2c67ac07b3f6e5f3e0a3aa478e67fdb41005a82d731b2941cf7730debd1d4351c2e9510adf810b954d9073670417f17918f479e4e5d6e1a77cdb8b623ae6346fdc043cf135b77c2a6921ba18fe4aeb1cb5c55d9de2bb47373b2f2620e15fda6b52b72b365e256424e41a043a4b93bc10624d787413cccdfb58fa18dea74ad1928b29a8405614ddc52d461c8fd6d3347b6e28dc897246bcb9d58f404209e097badbab0b6bb72b461c2da8689a28cb1d580584c3a291ad1a6711dba5e5024174d9c8a855189dc7fb6f1f0b4397ef45a8722a3a0ed1ec5d4b0b1b305ada6104e743178147f35e6a3a60db18b4ab616f384d7176427d66b235910f3b00d23294150910a2bb0da06f01554bc5f4d3ce1be547584a2fb7fb948f5c15620fab11398c653e23fe2a6585b1641092201fe7237ac978f68f4a1748933fc887c33624d8a91304913d862ae2d3369d61cca6eb3621cd2a53582b767b368b338c616357a4a79f8dd2fd6b4fe47e7edc4c3ffacbf1fcd364d82c76aafc6f03e10cc41d251351975a52a2fc576991769f80a0ee879dc1b1887d79c96f39b39e8cd6ae4989f6abaceff5b82455e125826d46ca4e8cce5aa62e57b2ae4e2b0fd6ad98bacee467bfb0811507f29b0955df412f9da55fc7d3ac0e94b329b923b0774b73036f7e06af7051312d61259be850c530187d7c754df4323719509a5ab3b7fc581bc6973e45413364e8cd2688a4e8d6309eb78cbbb3638ac1ab64fd64c437ba755db5888039e8b94eeb7e4e84817421f4b6760e5cd01545c45f849691f8005a6dbb0f47b18b865bda29f690aa7ff38cc3822bec05394ed736e241b916035283c5954824d9104e24c66b0c125c6f273eddd3ffdb4558b7a525f0607669263de61d1afd081f53bfccb5d2fc07b681bca46463c835268c7a9bd44798d349010e422ae2dbc4cc0d9dc5b57eaf80eb541cb036efac94750361724d83aaef9d2850b19377bbae6729ad6d599e10d3b24ff3e0a1c2f6529088220e09891bcf5904aec959fe34f0216a5ed5a6d5093e86f8edbd6802da32a2821da93dca9fb7e245bde00582225e142019af4da2c07bd066d16054e24481a4964ac607077a6a40ffb6c48c15a10901857c1bdfda392cf8d3e3330e0d4cfb31026422c810d7db999f9ca48cdf278ae59ff7a68db7adfec0f2c3191f091c6e700efcfc9e5790a8c63b7f3e9d95b4c0011e49e1924492b0ca6b5f1878a953641a207898548e5690a1b884894e88e52967ba96eba34065f637dd46d0062d022082d8cca65c0ffa44aae64a34679a98a0ee49910bc95a727ba67fae600ec1de01e69927f11dd0e51ac76687a921aa37413c0491446fa8d38f5e1c04acf18e33ad9b4a9e8589d0490d42b63100a4cef809a437d274b105d07550cfa43f7a3885c2b1e2e2cc4f703442e21575b46bb18cc0ee5f720351521070dd74a304aa541ee0a8ba5e7151fbe0fb8bb7047a1b23c6bc4165275fcdf9a273b01030d652216578dcad8400cef9836ced701f56366d7b53aaa1639540294663b3ea54ccccfa4b9cd8e9d23ebfde4208a288ef1b34e5a05aa3c13251e56b7e294dbf11afdd4522608364991b9d0741f774f225c4762e31e39df2d9c773d2ccdb1215ea793fc48742097cf05b3b37e707fe3837a48b1574c3ac1934a6d0429094b4ae731db69386adea2d20d7fe1b03888f08f373f556e6a72224cdfe5c19f34179eea5657d21758ca9f3b9b744d02f4ca59c0211c7ee8652f14b07446885d7ff9eff5a95647cf41e961ec3b6cc49d919866f11cf22460d51d05fa8a84aff011f970ed5bca40845f1d44fd1bf96fc31bd993e26467c5602761a5627a80f62dfa33b8f97b64d01766734637320e8e9b90b886ee99ad4871196d32b733ae5d8381a55cb2d776900a02dd5b84a915fefd128a971ca6a5eef586fccf2892fd1805a227f83e9440d797754e0fe8739695fc5bf1904739dc57e5e23e60f8078f5d6244acb582523d1c32962f5f21591e85bae567aaeca6758674f7cd201237e12d926a80ab15156bd9783e4c29915c2fe70fb56c023dd00b36b6387bc341eb31c80cbcdf3ee217c1d58bb00c7aacd127cb2baa4fa0e77e3ee625add3730df5cf7aad66719ec6c184eca1f193bcdf1534452ca72e5d923c23ffd2de258272a9d013ec58f9924cf2080f057e3eaf850c6892009c8862ea80756eb498206659431686a7b9fc99ddb27c4bff39db0a8dba178587012696c804c75350b2aaf16e82436c95f19db2cae53d36a59d379c5f7c2bb1a1b1a3fdb8f9938f5d18e8d57cbabe37050be9d5c7674be6dcff12a1b63eb1bb27be5d9740df467c425b8ca084e55330bd385cf59ead5cf2af72ac17a104f72893311baeabe5b915d16d414598765bb2ebf6240cf7b8761a3f42856b43fe35c54d1c920f9dc863c6de227a604fafb3e7c9a4915e1d3ba55d5dbe6fc455fbbca6e7830b019b2a79a4f4c48f3a17240e5499dcccad487b7a875a4645a278c0a84deb2c4af4190e72db39dbb226064c1a5d4f78f1158f6ea65b69b181f78ff18a814b754988c98c47777a78a18a8f6bce08c7183a72b942528dc67e385b02cd91197b7212bcbbf93165b02f4e8b7ed443740480f01c401f4c97953913972cda47e1fe2e578ecebc0a9d0cc2a23227e32b1bc39b229058823a18ef7b5de6f0752a8253df9ecc3a2e2cab0d3da5741b3735deb65b775713a4b05de3b6a2c3d39373efc075bf4a8e4cf5ce0b1da4644b4f627aa9398dce862176c318afc8c6eeae7459c5768d40b29ca66ca03c11aefd40163b687415d1a3dda0fa3b2d3263d4e644af42bb34d997f9938a409c1f68cce4581eea94398e54d846ac3b2423b19335a9c8390087b854bd01ef7e286657da59ee3ab86bd85f0985e8ea1a8605438336332913bb7b2fe59aa55c94e574c2e3c1ba963d2ab32c9f8b62d22787f34d5cb636f9b217b822f1f729783b99f24551d1473e7fec10d97d40e6d25743eb2da1b31a701c32de8358631f1f76bbbc8640fded3439f7c1a481d6cc101c4a72283f8f762bb84cfe0d10cdf0eeb00fe1b72a06fcd13b4f797b7fb6792ce5e848322f32bdbce0dcf23f5cdbf700108da7114616ff09e15e278930cb829b6b43b904e07601032b4c3645c719b0d3dc01844581ade67a64af4c55a7fe82836bb2dec8ecaffc3ef9c60c55b0ea5ae355c7cdb749281702e8"}) r3 = socket$nl_generic(0x10, 0x3, 0x10) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) mmap$auto(0x9, 0xff, 0x8770, 0x7f, r3, 0x8) madvise$auto(0x108000, 0x800034, 0x200000b) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) r4 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_wakeup\x00', 0x88f42, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001140)=""/257, 0x101) write$auto_force_wakeup_fops_hci_vhci(r4, &(0x7f0000001780)='T', 0x1) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0xffffffffffff7fff) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 0s ago: executing program 6 (id=2364): mmap$auto(0xfffffffffffffffd, 0x20000a, 0x2, 0x40eb1, 0x602, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xdd, 0x8000) r0 = syz_clone(0x100281091, 0x0, 0xffb6, 0x0, 0x0, 0x0) move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2) r1 = socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000000)=@isdn={0x22, 0x8, 0x0, 0x7}, 0x22) ioctl$auto_TIOCSETD2(r1, 0x5423, &(0x7f00000000c0)="d91a80a93ba348349bbb453ad68938d8448cbeb651b4e52eacddeef476a1ec3acd4a5272f97f7882a1042d0eb8d0dfdb0e6affc4043fc1394537c4658f9c26d5d4d4d71e2128c16c6d70b202ae49262048e71ed8d82d832d659fc51b20586d3f1fe0e81449f07a3de40e9500712d2fbc282dba47dc437eb4967e4763bdec83ec15e01373e1524d3524b35d3d11ddfa") r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x80, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x1f, 0x0, 0xfb3) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      / [ 448.535274][T13603] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1841'. [ 449.196863][T13635] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1854'. syzkaller syzkaller login: [ 450.843094][T13686] Process accounting resumed [ 450.868532][T13686] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13686 comm: syz.0.1869) [ 451.152346][T13706] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1876'. [ 451.343796][T13702] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13702 comm: syz.0.1873) [ 451.582383][T13732] i2c i2c-0: delete_device: Can't parse I2C address [ 451.613162][T13732] i2c i2c-0: delete_device: Can't parse I2C address [ 451.635506][T13732] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1884'. [ 451.797939][T13720] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13720 comm: syz.0.1881) [ 452.185409][T13758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1893'. [ 452.319970][T13756] base_sock_release(ffff888032d33000) sk=ffff888031dfb000 [ 452.901987][T13749] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13749 comm: syz.0.1890) [ 453.132674][T13786] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13786 comm: syz.0.1902) [ 453.368709][T13794] tipc: Started in network mode [ 453.373607][T13794] tipc: Node identity ee00, cluster identity 4711 [ 453.452536][T13794] tipc: Node number set to 60928 [ 453.786670][T13713] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13713 comm: syz.0.1873) [ 453.826630][T13792] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13792 comm: syz.0.1905) [ 453.993253][T13810] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13810 comm: syz.0.1909) [ 454.205615][T13812] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13812 comm: syz.0.1910) [ 454.555748][T13819] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13819 comm: syz.0.1913) [ 454.748553][T13834] netlink: 'syz.3.1917': attribute type 4 has an invalid length. [ 454.789617][T13828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1915'. [ 454.954662][T13834] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1917'. [ 454.966392][T13834] IPv6: NLM_F_CREATE should be specified when creating new route [ 455.257891][T13865] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1925'. [ 455.387951][T13871] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1926'. [ 456.107420][T13890] warn_unsupported: 3 callbacks suppressed [ 456.107440][T13890] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13890 comm: syz.0.1930) [ 456.343409][T13902] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13902 comm: syz.0.1934) [ 456.408679][T13900] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1931'. [ 456.450654][T13911] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1936'. [ 456.572818][T13911] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13911 comm: syz.0.1936) [ 456.807716][T13925] Invalid ELF header magic: != ELF [ 457.067200][T13932] svc: failed to register nfsdv3 RPC service (errno 111). [ 457.086451][T13932] svc: failed to register nfsaclv3 RPC service (errno 111). [ 457.548506][T10121] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.594687][T13923] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13923 comm: syz.0.1939) [ 457.639783][T10121] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.730223][T10121] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.793019][T10121] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.991535][T10121] veth1_to_hsr: left allmulticast mode [ 458.006648][T13944] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13944 comm: syz.0.1946) [ 458.017583][T10121] veth1_to_hsr: left promiscuous mode [ 458.037238][T10121] bridge0: port 4(veth1_to_hsr) entered disabled state [ 458.108341][T10121] team0: left allmulticast mode [ 458.113247][T10121] team_slave_0: left allmulticast mode [ 458.142866][T10121] team_slave_1: left allmulticast mode [ 458.163076][T10121] team0: left promiscuous mode [ 458.164527][T13957] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13957 comm: syz.0.1949) [ 458.173166][T10121] team_slave_0: left promiscuous mode [ 458.208504][T10121] team_slave_1: left promiscuous mode [ 458.214107][T10121] bridge0: port 3(team0) entered disabled state [ 458.230210][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 458.240084][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 458.248294][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 458.257966][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 458.266247][ T5831] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 458.273582][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 458.281178][T10121] bridge_slave_1: left allmulticast mode [ 458.295839][T10121] bridge_slave_1: left promiscuous mode [ 458.315339][T10121] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.338063][T10121] bridge_slave_0: left allmulticast mode [ 458.347410][T10121] bridge_slave_0: left promiscuous mode [ 458.353589][T13962] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13962 comm: syz.0.1950) [ 458.371336][T10121] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.555775][T13954] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1948'. [ 458.622835][T13964] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13964 comm: syz.0.1951) [ 458.652190][T10121] ovsóãƒõ9Ûõ: left promiscuous mode [ 458.766058][T13968] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13968 comm: syz.0.1953) [ 459.084880][T13958] chnl_net:caif_netlink_parms(): no params data found [ 459.477186][T13958] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.484291][T13958] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.502728][T13958] bridge_slave_0: entered allmulticast mode [ 459.515125][T13958] bridge_slave_0: entered promiscuous mode [ 459.532591][T13958] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.545159][T13958] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.565171][T13958] bridge_slave_1: entered allmulticast mode [ 459.614176][T13958] bridge_slave_1: entered promiscuous mode [ 459.659097][T13958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 459.696845][T13958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 459.722047][T13998] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1957'. [ 459.743309][T13987] kernel write not supported for file vkms/crtc-0/crc/data (pid: 13987 comm: syz.0.1954) [ 459.883797][T13958] team0: Port device team_slave_0 added [ 459.906546][T14009] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1960'. [ 459.928251][T13958] team0: Port device team_slave_1 added [ 460.007492][T13958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.035630][T13958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.091224][T13958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.142790][T13958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.167171][T13958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.225197][T13958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.354469][ T5831] Bluetooth: hci4: command tx timeout [ 460.370535][T13958] hsr_slave_0: entered promiscuous mode [ 460.394960][T13958] hsr_slave_1: entered promiscuous mode [ 460.416142][T14022] svc: failed to register nfsdv3 RPC service (errno 111). [ 460.424195][T14022] svc: failed to register nfsaclv3 RPC service (errno 111). [ 460.453948][T13958] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 460.496904][T13958] Cannot create hsr debugfs directory [ 460.754920][T10121] hsr_slave_0: left promiscuous mode [ 460.765210][T10121] hsr_slave_1: left promiscuous mode [ 460.784832][T10121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 460.792280][T10121] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 460.833028][T10121] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 460.850853][T10121] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 460.881913][T10121] veth1_macvtap: left promiscuous mode [ 460.899269][T10121] veth0_macvtap: left promiscuous mode [ 460.909418][T10121] veth1_vlan: left promiscuous mode [ 460.924083][T10121] veth0_vlan: left promiscuous mode [ 461.165928][T10121] team0 (unregistering): Port device team_slave_1 removed [ 461.226903][T10121] team0 (unregistering): Port device team_slave_0 removed [ 461.490864][T13958] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 461.553066][T13958] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 461.586418][T13958] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 461.628656][T13958] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 461.796082][T13958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.895943][T14066] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1986'. [ 461.941601][T13958] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.985520][ T7197] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.992619][ T7197] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.019157][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.026278][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.155724][T12346] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 462.169714][T12346] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 462.196639][T12346] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 462.208102][T12346] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 462.219363][T12346] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 462.227603][T12346] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 462.253224][T14076] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1983'. [ 462.424460][ T5837] Bluetooth: hci4: command tx timeout [ 462.496437][T13958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.586397][T14073] chnl_net:caif_netlink_parms(): no params data found [ 462.719127][T14073] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.744567][T14073] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.751804][T14073] bridge_slave_0: entered allmulticast mode [ 462.777196][T14073] bridge_slave_0: entered promiscuous mode [ 462.800429][T14073] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.818536][T14073] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.835756][T14073] bridge_slave_1: entered allmulticast mode [ 462.855861][T14073] bridge_slave_1: entered promiscuous mode [ 462.893782][T14073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.910410][T14073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.966714][T14073] team0: Port device team_slave_0 added [ 462.990155][T14073] team0: Port device team_slave_1 added [ 463.043633][T14073] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.055316][T14073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.081211][ C0] vkms_vblank_simulate: vblank timer overrun [ 463.092207][T14073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.106359][T14073] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.113926][T14073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.141344][T14073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.178716][T13958] veth0_vlan: entered promiscuous mode [ 463.216950][T13958] veth1_vlan: entered promiscuous mode [ 463.227794][T14073] hsr_slave_0: entered promiscuous mode [ 463.233876][T14073] hsr_slave_1: entered promiscuous mode [ 463.254909][T14073] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 463.262489][T14073] Cannot create hsr debugfs directory [ 463.349875][T13958] veth0_macvtap: entered promiscuous mode [ 463.373581][T13958] veth1_macvtap: entered promiscuous mode [ 463.479184][T13958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 463.504491][T13958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.525352][T13958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 463.539321][T14073] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 463.560429][T14073] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 463.578231][T13958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 463.606861][T13958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 463.625468][T13958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 463.632802][T14073] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 463.649224][T14073] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 463.669063][T13958] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.684619][T13958] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.693336][T13958] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.724411][T13958] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.774205][T13958] ieee80211 phy31: Selected rate control algorithm 'minstrel_ht' [ 463.823106][T13914] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.834698][T13958] ieee80211 phy32: Selected rate control algorithm 'minstrel_ht' [ 463.846167][T13914] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.893834][T10121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.915790][T10121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.932884][T14073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 463.973009][T14073] 8021q: adding VLAN 0 to HW filter on device team0 [ 464.008494][T10121] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.015636][T10121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.024275][T10121] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.031415][T10121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 464.265473][ T5837] Bluetooth: hci2: command tx timeout [ 464.386775][T14125] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1991'. [ 464.428543][T14073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.504492][ T5837] Bluetooth: hci4: command tx timeout [ 464.941983][T14073] veth0_vlan: entered promiscuous mode [ 465.065856][T14073] veth1_vlan: entered promiscuous mode [ 465.162909][T14073] veth0_macvtap: entered promiscuous mode [ 465.182118][T14073] veth1_macvtap: entered promiscuous mode [ 465.210733][T14073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.241794][T14073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.262711][T14073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 465.276412][T14073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.290724][T14073] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.330249][T14073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.354489][T14073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.374427][T14073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 465.385494][T14073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 465.396860][T14073] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.426199][T14073] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.437238][T14073] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.449375][T14073] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.459721][T14073] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.623834][T14073] ieee80211 phy33: Selected rate control algorithm 'minstrel_ht' [ 465.645104][T14154] can: request_module (can-proto-5) failed. [ 465.682222][T14073] ieee80211 phy34: Selected rate control algorithm 'minstrel_ht' [ 465.690131][T10121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.699370][T10121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.757600][ T179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.784784][ T179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 466.356663][ T5837] Bluetooth: hci2: command tx timeout [ 466.452589][T14205] usbip-vudc usbip-vudc.0: gadget not bound [ 466.510422][T14207] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2019'. [ 466.584820][ T5837] Bluetooth: hci4: command tx timeout [ 466.824045][ T5837] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 466.824079][ T5837] Bluetooth: hci2: unexpected subevent 0x05 length: 725 > 12 [ 466.868175][T14232] netlink: 246 bytes leftover after parsing attributes in process `syz.3.2022'. [ 467.531903][T14260] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2032'. [ 468.435734][ T5837] Bluetooth: hci2: command tx timeout [ 470.514422][ T5837] Bluetooth: hci2: command tx timeout [ 472.585505][ T5837] Bluetooth: hci2: command tx timeout [ 472.807786][T14445] svc: failed to register nfsdv3 RPC service (errno 111). [ 472.828742][T14445] svc: failed to register nfsaclv3 RPC service (errno 111). [ 472.947790][T14422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2080'. [ 474.550447][T14498] input: ices/platform/vhci_hcd.7/usb24/24-0:1.0/usb24-port8/power/runtime_suspended_time as /devices/virtual/input/input13 [ 474.612937][T14497] svc: failed to register nfsdv3 RPC service (errno 111). [ 474.622555][T14497] svc: failed to register nfsaclv3 RPC service (errno 111). [ 474.994070][T14517] netlink: 326 bytes leftover after parsing attributes in process `syz.5.2105'. [ 475.635236][T14532] svc: failed to register nfsdv3 RPC service (errno 111). [ 475.656667][T14532] svc: failed to register nfsaclv3 RPC service (errno 111). [ 476.688524][T14599] can: request_module (can-proto-0) failed. [ 478.460639][T14648] netlink: 'syz.2.2148': attribute type 15 has an invalid length. [ 478.484765][T14649] netlink: 'syz.2.2148': attribute type 15 has an invalid length. [ 478.546639][T14648] netlink: 'syz.2.2148': attribute type 16 has an invalid length. [ 478.567291][T14649] netlink: 'syz.2.2148': attribute type 16 has an invalid length. [ 478.592032][T14649] netlink: 'syz.2.2148': attribute type 17 has an invalid length. [ 478.701184][T14649] netlink: 'syz.2.2148': attribute type 19 has an invalid length. [ 478.813605][T14649] netlink: 238 bytes leftover after parsing attributes in process `syz.2.2148'. [ 478.837038][T14648] netlink: 'syz.2.2148': attribute type 17 has an invalid length. [ 478.904440][T14648] netlink: 'syz.2.2148': attribute type 19 has an invalid length. [ 479.003816][T14648] netlink: 238 bytes leftover after parsing attributes in process `syz.2.2148'. [ 479.383100][T14683] FAULT_INJECTION: forcing a failure. [ 479.383100][T14683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 479.397469][T14683] CPU: 1 UID: 0 PID: 14683 Comm: syz.4.2156 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 479.397497][T14683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 479.397509][T14683] Call Trace: [ 479.397515][T14683] [ 479.397523][T14683] dump_stack_lvl+0x16c/0x1f0 [ 479.397556][T14683] should_fail_ex+0x50a/0x650 [ 479.397578][T14683] _copy_from_user+0x2e/0xd0 [ 479.397604][T14683] do_tcp_setsockopt+0x1ca/0x2820 [ 479.397627][T14683] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 479.397644][T14683] ? get_pid_task+0x35/0x250 [ 479.397666][T14683] ? lock_release+0x4e2/0x6f0 [ 479.397690][T14683] ? ksys_write+0x12b/0x250 [ 479.397712][T14683] ? aa_sk_perm+0x2f5/0xb20 [ 479.397743][T14683] ? ksys_write+0x191/0x250 [ 479.397763][T14683] ? __pfx_aa_sk_perm+0x10/0x10 [ 479.397794][T14683] ? preempt_count_add+0x76/0x150 [ 479.397818][T14683] tcp_setsockopt+0xe2/0x100 [ 479.397846][T14683] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 479.397871][T14683] do_sock_setsockopt+0x222/0x480 [ 479.397894][T14683] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 479.397916][T14683] ? __fget_files+0x40/0x3a0 [ 479.397936][T14683] ? lock_acquire+0x2f/0xb0 [ 479.397963][T14683] __sys_setsockopt+0x1a0/0x230 [ 479.397993][T14683] __x64_sys_setsockopt+0xbd/0x160 [ 479.398021][T14683] ? trace_irq_enable.constprop.0+0xea/0x140 [ 479.398048][T14683] do_syscall_64+0xcd/0x250 [ 479.398078][T14683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.398106][T14683] RIP: 0033:0x7fa34158cda9 [ 479.398122][T14683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.398141][T14683] RSP: 002b:00007fa34239b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 479.398161][T14683] RAX: ffffffffffffffda RBX: 00007fa3417a5fa0 RCX: 00007fa34158cda9 [ 479.398176][T14683] RDX: 0000000000000017 RSI: 0000000000000006 RDI: 0000000000000003 [ 479.398189][T14683] RBP: 00007fa34239b090 R08: 0000000000000fb3 R09: 0000000000000000 [ 479.398200][T14683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.398212][T14683] R13: 0000000000000000 R14: 00007fa3417a5fa0 R15: 00007ffd6efe33b8 [ 479.398231][T14683] [ 480.551790][T14712] Unable to find swap-space signature [ 481.478300][T14760] sysfs_service_op_store: Client not running :-5: [ 482.590573][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 482.598033][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 482.605346][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 482.612912][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 482.620538][ T5831] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 482.627797][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 482.890910][T14792] chnl_net:caif_netlink_parms(): no params data found [ 483.040113][T14792] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.065131][T14792] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.072342][T14792] bridge_slave_0: entered allmulticast mode [ 483.095289][T14792] bridge_slave_0: entered promiscuous mode [ 483.107078][T14792] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.114624][T14792] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.121801][T14792] bridge_slave_1: entered allmulticast mode [ 483.145273][T14792] bridge_slave_1: entered promiscuous mode [ 483.200815][T14792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.217439][T14792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.271611][T14792] team0: Port device team_slave_0 added [ 483.295267][T14792] team0: Port device team_slave_1 added [ 483.346220][T14792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.362207][T14792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.412084][T14792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.434439][T14792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.441643][T14792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.500236][T14792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.592046][T14792] hsr_slave_0: entered promiscuous mode [ 483.615553][T14792] hsr_slave_1: entered promiscuous mode [ 483.621556][T14792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.644385][T14792] Cannot create hsr debugfs directory [ 483.760613][T14792] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.816260][T14792] netdevsim netdevsim3 netdevsim2 (unregistering): left allmulticast mode [ 483.835583][T14792] netdevsim netdevsim3 netdevsim2 (unregistering): left promiscuous mode [ 483.844102][T14792] bridge0: port 3(netdevsim2) entered disabled state [ 483.868266][T14792] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.937068][T14792] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.999882][T14792] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.114243][T14792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 484.136777][T14792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 484.157367][T14792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 484.173086][T14792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 484.293255][T14792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.338978][T14792] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.359293][T11583] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.366443][T11583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.385392][T11583] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.392490][T11583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 484.527599][T14792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.560573][T14792] veth0_vlan: entered promiscuous mode [ 484.570883][T14792] veth1_vlan: entered promiscuous mode [ 484.591546][T14792] veth0_macvtap: entered promiscuous mode [ 484.600636][T14792] veth1_macvtap: entered promiscuous mode [ 484.613856][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.626611][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.637809][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.649959][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.660397][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.673879][ T5831] Bluetooth: hci5: command tx timeout [ 484.680995][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.693048][T14792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.717475][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.728392][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.738606][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.749444][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.759724][T14792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.770727][T14792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.781807][T14792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.792591][T14792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.802757][T14792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.813519][T14792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.823250][T14792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.858718][T14792] ieee80211 phy35: Selected rate control algorithm 'minstrel_ht' [ 484.882884][ T179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.894063][T14792] ieee80211 phy36: Selected rate control algorithm 'minstrel_ht' [ 484.902763][ T179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.928111][T11583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.936829][T11583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.744499][ T5831] Bluetooth: hci5: command tx timeout [ 488.824441][ T5831] Bluetooth: hci5: command tx timeout [ 490.905004][ T5831] Bluetooth: hci5: command tx timeout [ 492.148986][T14836] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2199'. [ 492.158422][T14836] bridge_slave_1: left allmulticast mode [ 492.166258][T14836] bridge_slave_1: left promiscuous mode [ 492.171991][T14836] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.206073][T14836] bridge_slave_0: left allmulticast mode [ 492.214412][T14836] bridge_slave_0: left promiscuous mode [ 492.245056][T14836] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.299590][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 492.308230][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 492.317323][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 492.325127][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 492.332521][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 492.342212][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 492.680486][T14845] chnl_net:caif_netlink_parms(): no params data found [ 492.820385][T14845] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.840165][T14845] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.847607][T14845] bridge_slave_0: entered allmulticast mode [ 492.856804][T14845] bridge_slave_0: entered promiscuous mode [ 492.864520][T14845] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.872225][T14845] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.879694][T14845] bridge_slave_1: entered allmulticast mode [ 492.886629][T14845] bridge_slave_1: entered promiscuous mode [ 492.915432][T14845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 492.949005][T14845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 492.990765][T14845] team0: Port device team_slave_0 added [ 493.008609][T14845] team0: Port device team_slave_1 added [ 493.094070][T14845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 493.111341][T14845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 493.137884][T14845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 493.162254][T14845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 493.173159][T14845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 493.200360][T14845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 493.271275][T14845] hsr_slave_0: entered promiscuous mode [ 493.279739][T14845] hsr_slave_1: entered promiscuous mode [ 493.286764][T14845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 493.302429][T14845] Cannot create hsr debugfs directory [ 493.519635][T14845] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 493.537192][T14845] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 493.569418][T14845] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 493.620728][T14845] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 493.806904][T14845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 493.832539][T14845] 8021q: adding VLAN 0 to HW filter on device team0 [ 493.856260][ T7184] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.863384][ T7184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.898591][ T7184] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.905752][ T7184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.154583][T14845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 494.424685][ T5837] Bluetooth: hci1: command tx timeout [ 494.458499][T14845] veth0_vlan: entered promiscuous mode [ 494.478632][T14845] veth1_vlan: entered promiscuous mode [ 494.529492][T14845] veth0_macvtap: entered promiscuous mode [ 494.541406][T14845] veth1_macvtap: entered promiscuous mode [ 494.559244][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.572228][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.583123][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.596505][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.606789][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.620414][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.632915][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 494.643734][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.671672][T14845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 494.685708][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.696991][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.709477][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.741571][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.756983][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.767791][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.779537][T14845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 494.790319][T14845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 494.803872][T14845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 494.833522][T14845] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.857148][T14845] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.884116][T14845] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.898696][T14845] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 494.941799][T14845] ieee80211 phy37: Selected rate control algorithm 'minstrel_ht' [ 494.970377][T10121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 494.978658][T10121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.991206][T14845] ieee80211 phy38: Selected rate control algorithm 'minstrel_ht' [ 495.018312][T10121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 495.028657][T10121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 495.123264][T14929] Unable to find swap-space signature [ 495.503413][T14932] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2224'. [ 495.515773][T14932] bridge_slave_1: left allmulticast mode [ 495.521536][T14932] bridge_slave_1: left promiscuous mode [ 495.532063][T14932] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.542729][T14932] bridge_slave_0: left allmulticast mode [ 495.565879][T14932] bridge_slave_0: left promiscuous mode [ 495.571613][T14932] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.280491][T14957] FAULT_INJECTION: forcing a failure. [ 496.280491][T14957] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 496.296278][T14957] CPU: 0 UID: 0 PID: 14957 Comm: syz.4.2235 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 496.296313][T14957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 496.296328][T14957] Call Trace: [ 496.296335][T14957] [ 496.296343][T14957] dump_stack_lvl+0x16c/0x1f0 [ 496.296379][T14957] should_fail_ex+0x50a/0x650 [ 496.296406][T14957] ? __pfx___might_resched+0x10/0x10 [ 496.296438][T14957] should_fail_alloc_page+0xe7/0x130 [ 496.296467][T14957] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 496.296506][T14957] ? rcu_is_watching+0x12/0xc0 [ 496.296542][T14957] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 496.296571][T14957] ? rcu_is_watching+0x12/0xc0 [ 496.296603][T14957] ? trace_irq_enable.constprop.0+0xea/0x140 [ 496.296634][T14957] ? finish_task_switch.isra.0+0x217/0xcc0 [ 496.296661][T14957] ? __switch_to+0x749/0x1190 [ 496.296685][T14957] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 496.296713][T14957] ? cpu_clock_sample_group+0x44b/0x800 [ 496.296746][T14957] ? cpu_clock_sample_group+0x44b/0x800 [ 496.296781][T14957] ? __pfx___schedule+0x10/0x10 [ 496.296810][T14957] ? lock_release+0x4e2/0x6f0 [ 496.296835][T14957] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 496.296865][T14957] ? policy_nodemask+0xea/0x4e0 [ 496.296893][T14957] alloc_pages_mpol+0x1fc/0x540 [ 496.296921][T14957] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 496.296948][T14957] ? schedule+0xf1/0x350 [ 496.296975][T14957] ? futex_wait_queue+0x101/0x1f0 [ 496.297004][T14957] folio_alloc_mpol_noprof+0x36/0x2f0 [ 496.297035][T14957] vma_alloc_folio_noprof+0xee/0x1b0 [ 496.297066][T14957] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 496.297098][T14957] ? trace_lock_acquire+0x14e/0x1f0 [ 496.297119][T14957] ? rcu_is_watching+0x12/0xc0 [ 496.297153][T14957] do_pte_missing+0x202f/0x3e10 [ 496.297181][T14957] __handle_mm_fault+0x1166/0x2c60 [ 496.297208][T14957] ? lock_vma_under_rcu+0x6b9/0x980 [ 496.297240][T14957] ? __pfx___handle_mm_fault+0x10/0x10 [ 496.297268][T14957] ? __pfx_down_read_trylock+0x10/0x10 [ 496.297310][T14957] handle_mm_fault+0x3fa/0xaa0 [ 496.297339][T14957] do_user_addr_fault+0x60d/0x13f0 [ 496.297371][T14957] exc_page_fault+0x5c/0xc0 [ 496.297401][T14957] asm_exc_page_fault+0x26/0x30 [ 496.297432][T14957] RIP: 0033:0x7fa341458b7b [ 496.297449][T14957] Code: 00 00 00 48 8d 3d 9d 33 19 00 48 89 c1 31 c0 e8 0b 44 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d d1 33 19 00 48 89 34 24 48 8b 14 24 48 8b [ 496.297470][T14957] RSP: 002b:00007fa342399fb0 EFLAGS: 00010202 [ 496.297489][T14957] RAX: 0000000000000000 RBX: 00007fa3417a5fa0 RCX: 0000000000000000 [ 496.297503][T14957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 496.297516][T14957] RBP: 00007fa34160e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 496.297528][T14957] R10: 0000000020000040 R11: 0000000000000000 R12: 0000000000000000 [ 496.297540][T14957] R13: 0000000000000000 R14: 00007fa3417a5fa0 R15: 00007ffd6efe33b8 [ 496.297558][T14957] [ 496.297589][T14957] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 496.586757][ T5837] Bluetooth: hci1: command tx timeout [ 498.199927][T15014] Unable to find swap-space signature [ 498.312660][T15012] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2250'. [ 498.323411][T15012] bridge_slave_1: left allmulticast mode [ 498.330201][T15012] bridge_slave_1: left promiscuous mode [ 498.336451][T15012] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.348912][T15012] bridge_slave_0: left allmulticast mode [ 498.354683][T15012] bridge_slave_0: left promiscuous mode [ 498.360482][T15012] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.663524][T15025] FAULT_INJECTION: forcing a failure. [ 498.663524][T15025] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 498.674433][ T5837] Bluetooth: hci1: command tx timeout [ 498.678801][T15025] CPU: 0 UID: 0 PID: 15025 Comm: syz.3.2256 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 498.678835][T15025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 498.678849][T15025] Call Trace: [ 498.678857][T15025] [ 498.678865][T15025] dump_stack_lvl+0x16c/0x1f0 [ 498.678905][T15025] should_fail_ex+0x50a/0x650 [ 498.678931][T15025] ? __pfx___might_resched+0x10/0x10 [ 498.678961][T15025] should_fail_alloc_page+0xe7/0x130 [ 498.678991][T15025] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 498.679029][T15025] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 498.679057][T15025] ? rcu_is_watching+0x12/0xc0 [ 498.679089][T15025] ? lock_release+0x4e2/0x6f0 [ 498.679114][T15025] ? rcu_is_watching+0x12/0xc0 [ 498.679144][T15025] ? page_ext_put+0x3e/0xd0 [ 498.679168][T15025] ? __pfx_lock_release+0x10/0x10 [ 498.679194][T15025] ? page_ext_get+0x34/0x310 [ 498.679218][T15025] ? lock_acquire+0x2f/0xb0 [ 498.679242][T15025] ? page_ext_get+0x34/0x310 [ 498.679265][T15025] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 498.679300][T15025] ? page_ext_put+0x48/0xd0 [ 498.679323][T15025] ? page_table_check_set.part.0+0x3b8/0x550 [ 498.679352][T15025] ? xas_move_index+0xb0/0x110 [ 498.679387][T15025] ? xas_find+0x306/0x890 [ 498.679408][T15025] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 498.679440][T15025] ? policy_nodemask+0xea/0x4e0 [ 498.679468][T15025] alloc_pages_mpol+0x1fc/0x540 [ 498.679495][T15025] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 498.679526][T15025] folio_alloc_mpol_noprof+0x36/0x2f0 [ 498.679558][T15025] vma_alloc_folio_noprof+0xee/0x1b0 [ 498.679588][T15025] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 498.679624][T15025] do_wp_page+0x1f2c/0x4560 [ 498.679648][T15025] ? ___pte_offset_map+0x42/0x540 [ 498.679679][T15025] ? __pfx_do_wp_page+0x10/0x10 [ 498.679698][T15025] ? rcu_is_watching+0x12/0xc0 [ 498.679731][T15025] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 498.679762][T15025] ? lock_acquire+0x2f/0xb0 [ 498.679790][T15025] ? __handle_mm_fault+0xf22/0x2c60 [ 498.679817][T15025] __handle_mm_fault+0x1c7c/0x2c60 [ 498.679845][T15025] ? lock_vma_under_rcu+0x6b9/0x980 [ 498.679868][T15025] ? __pfx___handle_mm_fault+0x10/0x10 [ 498.679894][T15025] ? __pfx_down_read_trylock+0x10/0x10 [ 498.679936][T15025] handle_mm_fault+0x3fa/0xaa0 [ 498.679963][T15025] do_user_addr_fault+0x60d/0x13f0 [ 498.679994][T15025] exc_page_fault+0x5c/0xc0 [ 498.680025][T15025] asm_exc_page_fault+0x26/0x30 [ 498.680054][T15025] RIP: 0033:0x7fa111d46905 [ 498.680072][T15025] Code: 0f 1f 44 00 00 8b 57 18 64 8b 04 25 d0 02 00 00 39 c2 0f 84 0d 01 00 00 41 54 55 53 83 7f 30 02 48 89 fb 74 28 b8 08 00 00 00 0f c1 03 83 c0 08 85 c0 0f 88 fc 00 00 00 a8 01 75 78 31 d2 5b [ 498.680093][T15025] RSP: 002b:00007fa112b81de0 EFLAGS: 00010293 [ 498.680113][T15025] RAX: 0000000000000008 RBX: 00007fa112ad7d60 RCX: 0000000000000000 [ 498.680128][T15025] RDX: 0000000000000000 RSI: 00007fa111e4bbf0 RDI: 00007fa112ad7d60 [ 498.680143][T15025] RBP: 00007fa112b81f00 R08: 0000000000000000 R09: 0000000000000005 [ 498.680158][T15025] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa111e4ae80 [ 498.680174][T15025] R13: 0000000000000058 R14: 00007fa111f7c440 R15: 0000000000000000 [ 498.680195][T15025] [ 498.680265][T15025] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 499.435203][T15040] FAULT_INJECTION: forcing a failure. [ 499.435203][T15040] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 499.467645][T15040] CPU: 1 UID: 0 PID: 15040 Comm: syz.6.2262 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 499.467677][T15040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 499.467690][T15040] Call Trace: [ 499.467697][T15040] [ 499.467705][T15040] dump_stack_lvl+0x16c/0x1f0 [ 499.467741][T15040] should_fail_ex+0x50a/0x650 [ 499.467768][T15040] _copy_from_user+0x2e/0xd0 [ 499.467797][T15040] copy_msghdr_from_user+0x99/0x160 [ 499.467820][T15040] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 499.467843][T15040] ? _kstrtoull+0x146/0x200 [ 499.467862][T15040] ? __pfx__kstrtoull+0x10/0x10 [ 499.467879][T15040] ? lock_release+0x4e2/0x6f0 [ 499.467905][T15040] ___sys_sendmsg+0xff/0x1e0 [ 499.467926][T15040] ? __pfx____sys_sendmsg+0x10/0x10 [ 499.467945][T15040] ? __pfx_kstrtouint+0x10/0x10 [ 499.467970][T15040] ? trace_lock_acquire+0x14e/0x1f0 [ 499.467997][T15040] __sys_sendmmsg+0x201/0x420 [ 499.468017][T15040] ? __pfx___sys_sendmmsg+0x10/0x10 [ 499.468041][T15040] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 499.468077][T15040] ? fput+0x67/0x440 [ 499.468102][T15040] ? ksys_write+0x1ba/0x250 [ 499.468119][T15040] ? __pfx_ksys_write+0x10/0x10 [ 499.468141][T15040] __x64_sys_sendmmsg+0x9c/0x100 [ 499.468162][T15040] do_syscall_64+0xcd/0x250 [ 499.468203][T15040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.468233][T15040] RIP: 0033:0x7f40de98cda9 [ 499.468249][T15040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.468269][T15040] RSP: 002b:00007f40df843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 499.468289][T15040] RAX: ffffffffffffffda RBX: 00007f40deba5fa0 RCX: 00007f40de98cda9 [ 499.468304][T15040] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 499.468316][T15040] RBP: 00007f40df843090 R08: 0000000000000000 R09: 0000000000000000 [ 499.468327][T15040] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000001 [ 499.468340][T15040] R13: 0000000000000000 R14: 00007f40deba5fa0 R15: 00007ffd59010b78 [ 499.468360][T15040] [ 500.325337][T15062] FAULT_INJECTION: forcing a failure. [ 500.325337][T15062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 500.366259][T15062] CPU: 1 UID: 0 PID: 15062 Comm: syz.6.2272 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 500.366293][T15062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 500.366307][T15062] Call Trace: [ 500.366314][T15062] [ 500.366322][T15062] dump_stack_lvl+0x16c/0x1f0 [ 500.366357][T15062] should_fail_ex+0x50a/0x650 [ 500.366384][T15062] _copy_from_user+0x2e/0xd0 [ 500.366413][T15062] move_addr_to_kernel+0x68/0x160 [ 500.366442][T15062] __copy_msghdr+0x386/0x470 [ 500.366463][T15062] copy_msghdr_from_user+0xc2/0x160 [ 500.366484][T15062] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 500.366508][T15062] ? _kstrtoull+0x146/0x200 [ 500.366527][T15062] ? __pfx__kstrtoull+0x10/0x10 [ 500.366547][T15062] ? lock_release+0x4e2/0x6f0 [ 500.366574][T15062] ___sys_sendmsg+0xff/0x1e0 [ 500.366596][T15062] ? __pfx____sys_sendmsg+0x10/0x10 [ 500.366617][T15062] ? __pfx_kstrtouint+0x10/0x10 [ 500.366642][T15062] ? trace_lock_acquire+0x14e/0x1f0 [ 500.366671][T15062] __sys_sendmmsg+0x201/0x420 [ 500.366693][T15062] ? __pfx___sys_sendmmsg+0x10/0x10 [ 500.366720][T15062] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 500.366757][T15062] ? fput+0x67/0x440 [ 500.366783][T15062] ? ksys_write+0x1ba/0x250 [ 500.366803][T15062] ? __pfx_ksys_write+0x10/0x10 [ 500.366827][T15062] __x64_sys_sendmmsg+0x9c/0x100 [ 500.366849][T15062] do_syscall_64+0xcd/0x250 [ 500.366881][T15062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.366911][T15062] RIP: 0033:0x7f40de98cda9 [ 500.366927][T15062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.366949][T15062] RSP: 002b:00007f40df843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 500.366971][T15062] RAX: ffffffffffffffda RBX: 00007f40deba5fa0 RCX: 00007f40de98cda9 [ 500.366986][T15062] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 500.366999][T15062] RBP: 00007f40df843090 R08: 0000000000000000 R09: 0000000000000000 [ 500.367013][T15062] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000001 [ 500.367025][T15062] R13: 0000000000000000 R14: 00007f40deba5fa0 R15: 00007ffd59010b78 [ 500.367046][T15062] [ 500.750218][ T5837] Bluetooth: hci1: command tx timeout [ 500.836449][T15077] : renamed from gre0 (while UP) [ 501.744307][T15099] FAULT_INJECTION: forcing a failure. [ 501.744307][T15099] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 501.773203][T15099] CPU: 1 UID: 0 PID: 15099 Comm: syz.6.2282 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 501.773236][T15099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 501.773249][T15099] Call Trace: [ 501.773256][T15099] [ 501.773264][T15099] dump_stack_lvl+0x16c/0x1f0 [ 501.773301][T15099] should_fail_ex+0x50a/0x650 [ 501.773328][T15099] _copy_from_user+0x2e/0xd0 [ 501.773356][T15099] ____sys_sendmsg+0x56e/0xb40 [ 501.773385][T15099] ? __pfx_____sys_sendmsg+0x10/0x10 [ 501.773413][T15099] ? _kstrtoull+0x146/0x200 [ 501.773432][T15099] ? __pfx__kstrtoull+0x10/0x10 [ 501.773451][T15099] ? lock_release+0x4e2/0x6f0 [ 501.773478][T15099] ___sys_sendmsg+0x135/0x1e0 [ 501.773500][T15099] ? __pfx____sys_sendmsg+0x10/0x10 [ 501.773520][T15099] ? __pfx_kstrtouint+0x10/0x10 [ 501.773545][T15099] ? trace_lock_acquire+0x14e/0x1f0 [ 501.773574][T15099] __sys_sendmmsg+0x201/0x420 [ 501.773597][T15099] ? __pfx___sys_sendmmsg+0x10/0x10 [ 501.773623][T15099] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 501.773660][T15099] ? fput+0x67/0x440 [ 501.773686][T15099] ? ksys_write+0x1ba/0x250 [ 501.773706][T15099] ? __pfx_ksys_write+0x10/0x10 [ 501.773729][T15099] __x64_sys_sendmmsg+0x9c/0x100 [ 501.773751][T15099] do_syscall_64+0xcd/0x250 [ 501.773784][T15099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.773814][T15099] RIP: 0033:0x7f40de98cda9 [ 501.773832][T15099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.773852][T15099] RSP: 002b:00007f40df843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 501.773874][T15099] RAX: ffffffffffffffda RBX: 00007f40deba5fa0 RCX: 00007f40de98cda9 [ 501.773890][T15099] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 501.773903][T15099] RBP: 00007f40df843090 R08: 0000000000000000 R09: 0000000000000000 [ 501.773916][T15099] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000001 [ 501.773930][T15099] R13: 0000000000000000 R14: 00007f40deba5fa0 R15: 00007ffd59010b78 [ 501.773950][T15099] [ 502.285449][T15107] ptrace attach of "./syz-executor exec"[14845] was attempted by ""[15107] [ 502.558865][T15127] FAULT_INJECTION: forcing a failure. [ 502.558865][T15127] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 502.577960][T15127] CPU: 0 UID: 0 PID: 15127 Comm: syz.4.2293 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 502.577990][T15127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 502.578002][T15127] Call Trace: [ 502.578008][T15127] [ 502.578015][T15127] dump_stack_lvl+0x16c/0x1f0 [ 502.578048][T15127] should_fail_ex+0x50a/0x650 [ 502.578069][T15127] ? __pfx___might_resched+0x10/0x10 [ 502.578097][T15127] should_fail_alloc_page+0xe7/0x130 [ 502.578124][T15127] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 502.578157][T15127] ? lock_release+0x4e2/0x6f0 [ 502.578182][T15127] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 502.578208][T15127] ? is_bpf_text_address+0x30/0x1a0 [ 502.578231][T15127] ? lock_acquire+0x2f/0xb0 [ 502.578254][T15127] ? is_bpf_text_address+0x30/0x1a0 [ 502.578276][T15127] ? bpf_ksym_find+0x124/0x1c0 [ 502.578304][T15127] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 502.578337][T15127] ? is_bpf_text_address+0x94/0x1a0 [ 502.578360][T15127] ? kernel_text_address+0x8d/0x100 [ 502.578385][T15127] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 502.578411][T15127] ? arch_stack_walk+0xa7/0x100 [ 502.578447][T15127] ? stack_trace_save+0x95/0xd0 [ 502.578482][T15127] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 502.578510][T15127] ? policy_nodemask+0xea/0x4e0 [ 502.578537][T15127] alloc_pages_mpol+0x1fc/0x540 [ 502.578563][T15127] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 502.578592][T15127] alloc_pages_noprof+0x131/0x390 [ 502.578618][T15127] pte_alloc_one+0x20/0x390 [ 502.578647][T15127] do_pte_missing+0x1aff/0x3e10 [ 502.578680][T15127] ? __pfx_lock_release+0x10/0x10 [ 502.578707][T15127] __handle_mm_fault+0x1166/0x2c60 [ 502.578735][T15127] ? __pfx___handle_mm_fault+0x10/0x10 [ 502.578765][T15127] ? find_vma+0xc0/0x140 [ 502.578794][T15127] ? __pfx_find_vma+0x10/0x10 [ 502.578826][T15127] handle_mm_fault+0x3fa/0xaa0 [ 502.578855][T15127] do_user_addr_fault+0x7a3/0x13f0 [ 502.578884][T15127] exc_page_fault+0x5c/0xc0 [ 502.578912][T15127] asm_exc_page_fault+0x26/0x30 [ 502.578940][T15127] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 502.578966][T15127] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 502.578987][T15127] RSP: 0018:ffffc900041af9e0 EFLAGS: 00050206 [ 502.579005][T15127] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000003 [ 502.579018][T15127] RDX: fffff52000835f4c RSI: 0000000000000000 RDI: ffffc900041afa58 [ 502.579032][T15127] RBP: 0000000000000003 R08: 0000000000000001 R09: fffff52000835f4b [ 502.579045][T15127] R10: ffffc900041afa5a R11: 0000000000000000 R12: 0000000000000000 [ 502.579058][T15127] R13: ffffc900041afa58 R14: 1ffff92000835f45 R15: ffffc900041afd80 [ 502.579079][T15127] _copy_from_user+0x98/0xd0 [ 502.579107][T15127] ____sys_sendmsg+0x56e/0xb40 [ 502.579135][T15127] ? __pfx_____sys_sendmsg+0x10/0x10 [ 502.579163][T15127] ? _kstrtoull+0x146/0x200 [ 502.579182][T15127] ? __pfx__kstrtoull+0x10/0x10 [ 502.579201][T15127] ? lock_release+0x4e2/0x6f0 [ 502.579226][T15127] ___sys_sendmsg+0x135/0x1e0 [ 502.579248][T15127] ? __pfx____sys_sendmsg+0x10/0x10 [ 502.579267][T15127] ? __pfx_kstrtouint+0x10/0x10 [ 502.579292][T15127] ? trace_lock_acquire+0x14e/0x1f0 [ 502.579321][T15127] __sys_sendmmsg+0x201/0x420 [ 502.579344][T15127] ? __pfx___sys_sendmmsg+0x10/0x10 [ 502.579369][T15127] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 502.579405][T15127] ? fput+0x67/0x440 [ 502.579430][T15127] ? ksys_write+0x1ba/0x250 [ 502.579451][T15127] ? __pfx_ksys_write+0x10/0x10 [ 502.579474][T15127] __x64_sys_sendmmsg+0x9c/0x100 [ 502.579496][T15127] do_syscall_64+0xcd/0x250 [ 502.579527][T15127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.579555][T15127] RIP: 0033:0x7fa34158cda9 [ 502.579571][T15127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.579591][T15127] RSP: 002b:00007fa34239b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 502.579610][T15127] RAX: ffffffffffffffda RBX: 00007fa3417a5fa0 RCX: 00007fa34158cda9 [ 502.579624][T15127] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 502.579636][T15127] RBP: 00007fa34239b090 R08: 0000000000000000 R09: 0000000000000000 [ 502.579648][T15127] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000001 [ 502.579666][T15127] R13: 0000000000000000 R14: 00007fa3417a5fa0 R15: 00007ffd6efe33b8 [ 502.579686][T15127] [ 503.747066][T15149] FAULT_INJECTION: forcing a failure. [ 503.747066][T15149] name failslab, interval 1, probability 0, space 0, times 0 [ 503.765148][ T29] audit: type=1326 audit(8277292081.700:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15150 comm="syz.3.2303" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa111d8cda9 code=0x0 [ 503.786921][T15149] CPU: 1 UID: 0 PID: 15149 Comm: syz.6.2302 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 503.786951][T15149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 503.786964][T15149] Call Trace: [ 503.786971][T15149] [ 503.786979][T15149] dump_stack_lvl+0x16c/0x1f0 [ 503.787016][T15149] should_fail_ex+0x50a/0x650 [ 503.787041][T15149] ? fs_reclaim_acquire+0xae/0x150 [ 503.787074][T15149] should_failslab+0xc2/0x120 [ 503.787100][T15149] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 503.787126][T15149] ? ptlock_alloc+0x1f/0x70 [ 503.787151][T15149] ptlock_alloc+0x1f/0x70 [ 503.787174][T15149] pte_alloc_one+0x74/0x390 [ 503.787204][T15149] do_pte_missing+0x1aff/0x3e10 [ 503.787228][T15149] ? __pfx_lock_release+0x10/0x10 [ 503.787256][T15149] __handle_mm_fault+0x1166/0x2c60 [ 503.787284][T15149] ? __pfx___handle_mm_fault+0x10/0x10 [ 503.787316][T15149] ? find_vma+0xc0/0x140 [ 503.787345][T15149] ? __pfx_find_vma+0x10/0x10 [ 503.787377][T15149] handle_mm_fault+0x3fa/0xaa0 [ 503.787403][T15149] do_user_addr_fault+0x7a3/0x13f0 [ 503.787432][T15149] exc_page_fault+0x5c/0xc0 [ 503.787461][T15149] asm_exc_page_fault+0x26/0x30 [ 503.787490][T15149] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 503.787517][T15149] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 503.787538][T15149] RSP: 0018:ffffc9000407f9e0 EFLAGS: 00050206 [ 503.787557][T15149] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000003 [ 503.787570][T15149] RDX: fffff5200080ff4c RSI: 0000000000000000 RDI: ffffc9000407fa58 [ 503.787585][T15149] RBP: 0000000000000003 R08: 0000000000000001 R09: fffff5200080ff4b [ 503.787598][T15149] R10: ffffc9000407fa5a R11: 0000000000000000 R12: 0000000000000000 [ 503.787611][T15149] R13: ffffc9000407fa58 R14: 1ffff9200080ff45 R15: ffffc9000407fd80 [ 503.787633][T15149] _copy_from_user+0x98/0xd0 [ 503.787662][T15149] ____sys_sendmsg+0x56e/0xb40 [ 503.787692][T15149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 503.787720][T15149] ? _kstrtoull+0x146/0x200 [ 503.787740][T15149] ? __pfx__kstrtoull+0x10/0x10 [ 503.787759][T15149] ? lock_release+0x4e2/0x6f0 [ 503.787792][T15149] ___sys_sendmsg+0x135/0x1e0 [ 503.787814][T15149] ? __pfx____sys_sendmsg+0x10/0x10 [ 503.787835][T15149] ? __pfx_kstrtouint+0x10/0x10 [ 503.787860][T15149] ? trace_lock_acquire+0x14e/0x1f0 [ 503.787889][T15149] __sys_sendmmsg+0x201/0x420 [ 503.787912][T15149] ? __pfx___sys_sendmmsg+0x10/0x10 [ 503.787937][T15149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 503.787974][T15149] ? fput+0x67/0x440 [ 503.788000][T15149] ? ksys_write+0x1ba/0x250 [ 503.788021][T15149] ? __pfx_ksys_write+0x10/0x10 [ 503.788043][T15149] __x64_sys_sendmmsg+0x9c/0x100 [ 503.788066][T15149] do_syscall_64+0xcd/0x250 [ 503.788097][T15149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.788126][T15149] RIP: 0033:0x7f40de98cda9 [ 503.788142][T15149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.788164][T15149] RSP: 002b:00007f40df843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 503.788184][T15149] RAX: ffffffffffffffda RBX: 00007f40deba5fa0 RCX: 00007f40de98cda9 [ 503.788199][T15149] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 503.788212][T15149] RBP: 00007f40df843090 R08: 0000000000000000 R09: 0000000000000000 [ 503.788226][T15149] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000001 [ 503.788239][T15149] R13: 0000000000000000 R14: 00007f40deba5fa0 R15: 00007ffd59010b78 [ 503.788259][T15149] [ 505.518125][T15223] Unable to find swap-space signature [ 506.102496][T15237] Process accounting resumed [ 506.689485][T15252] FAULT_INJECTION: forcing a failure. [ 506.689485][T15252] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 506.716259][T15252] CPU: 1 UID: 0 PID: 15252 Comm: syz.6.2328 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 506.716292][T15252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 506.716306][T15252] Call Trace: [ 506.716313][T15252] [ 506.716322][T15252] dump_stack_lvl+0x16c/0x1f0 [ 506.716360][T15252] should_fail_ex+0x50a/0x650 [ 506.716388][T15252] _copy_to_user+0x32/0xd0 [ 506.716416][T15252] __x64_sys_getitimer+0x1ae/0x200 [ 506.716440][T15252] ? __pfx___x64_sys_getitimer+0x10/0x10 [ 506.716467][T15252] ? rcu_is_watching+0x12/0xc0 [ 506.716499][T15252] ? rcu_is_watching+0x12/0xc0 [ 506.716533][T15252] do_syscall_64+0xcd/0x250 [ 506.716564][T15252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.716593][T15252] RIP: 0033:0x7f40de98cda9 [ 506.716610][T15252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.716630][T15252] RSP: 002b:00007f40df843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000024 [ 506.716652][T15252] RAX: ffffffffffffffda RBX: 00007f40deba5fa0 RCX: 00007f40de98cda9 [ 506.716666][T15252] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000001 [ 506.716680][T15252] RBP: 00007f40dea0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 506.716695][T15252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.716708][T15252] R13: 0000000000000000 R14: 00007f40deba5fa0 R15: 00007ffd59010b78 [ 506.716728][T15252] [ 506.756167][T15255] Unable to find swap-space signature [ 507.329368][T15278] FAULT_INJECTION: forcing a failure. [ 507.329368][T15278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 507.354441][T15278] CPU: 1 UID: 0 PID: 15278 Comm: syz.3.2339 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 507.354478][T15278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 507.354491][T15278] Call Trace: [ 507.354498][T15278] [ 507.354506][T15278] dump_stack_lvl+0x16c/0x1f0 [ 507.354542][T15278] should_fail_ex+0x50a/0x650 [ 507.354569][T15278] _copy_from_user+0x2e/0xd0 [ 507.354597][T15278] copy_msghdr_from_user+0x99/0x160 [ 507.354620][T15278] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 507.354643][T15278] ? rcu_is_watching+0x12/0xc0 [ 507.354674][T15278] ? lock_release+0x4e2/0x6f0 [ 507.354697][T15278] ? get_pid_task+0xfc/0x250 [ 507.354720][T15278] ___sys_sendmsg+0xff/0x1e0 [ 507.354740][T15278] ? get_pid_task+0x35/0x250 [ 507.354760][T15278] ? __pfx____sys_sendmsg+0x10/0x10 [ 507.354779][T15278] ? lock_release+0x4e2/0x6f0 [ 507.354805][T15278] ? __pfx_lock_release+0x10/0x10 [ 507.354827][T15278] ? trace_lock_acquire+0x14e/0x1f0 [ 507.354855][T15278] ? __fget_files+0x206/0x3a0 [ 507.354879][T15278] __sys_sendmsg+0x16e/0x220 [ 507.354900][T15278] ? __pfx___sys_sendmsg+0x10/0x10 [ 507.354926][T15278] ? rcu_is_watching+0x12/0xc0 [ 507.354955][T15278] ? rcu_is_watching+0x12/0xc0 [ 507.354986][T15278] do_syscall_64+0xcd/0x250 [ 507.355018][T15278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.355048][T15278] RIP: 0033:0x7fa111d8cda9 [ 507.355065][T15278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.355087][T15278] RSP: 002b:00007fa112b83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 507.355108][T15278] RAX: ffffffffffffffda RBX: 00007fa111fa5fa0 RCX: 00007fa111d8cda9 [ 507.355123][T15278] RDX: 000000000400c854 RSI: 0000000020000300 RDI: 0000000000000003 [ 507.355137][T15278] RBP: 00007fa112b83090 R08: 0000000000000000 R09: 0000000000000000 [ 507.355151][T15278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 507.355164][T15278] R13: 0000000000000000 R14: 00007fa111fa5fa0 R15: 00007ffda5f0ae98 [ 507.355185][T15278] [ 507.682172][ T5837] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 507.691058][ T5837] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 507.700401][ T5837] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 507.721041][ T5837] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 507.728874][ T5837] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 507.736493][ T5837] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 508.058203][T15279] chnl_net:caif_netlink_parms(): no params data found [ 508.297690][T15279] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.321465][T15279] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.338450][T15279] bridge_slave_0: entered allmulticast mode [ 508.359112][T15279] bridge_slave_0: entered promiscuous mode [ 508.379373][T15279] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.402268][T15279] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.437654][T15279] bridge_slave_1: entered allmulticast mode [ 508.444742][T15279] bridge_slave_1: entered promiscuous mode [ 508.498203][T15320] FAULT_INJECTION: forcing a failure. [ 508.498203][T15320] name failslab, interval 1, probability 0, space 0, times 0 [ 508.519044][T15279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.540866][T15279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.584408][T15320] CPU: 1 UID: 0 PID: 15320 Comm: syz.6.2354 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 508.584437][T15320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 508.584448][T15320] Call Trace: [ 508.584455][T15320] [ 508.584462][T15320] dump_stack_lvl+0x16c/0x1f0 [ 508.584497][T15320] should_fail_ex+0x50a/0x650 [ 508.584522][T15320] ? fs_reclaim_acquire+0xae/0x150 [ 508.584555][T15320] should_failslab+0xc2/0x120 [ 508.584581][T15320] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 508.584606][T15320] ? __alloc_skb+0x2b3/0x380 [ 508.584639][T15320] __alloc_skb+0x2b3/0x380 [ 508.584669][T15320] ? __pfx___alloc_skb+0x10/0x10 [ 508.584699][T15320] ? lock_acquire+0x2f/0xb0 [ 508.584726][T15320] netlink_alloc_large_skb+0x69/0x130 [ 508.584757][T15320] netlink_sendmsg+0x689/0xd70 [ 508.584785][T15320] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.584817][T15320] ____sys_sendmsg+0x9ae/0xb40 [ 508.584843][T15320] ? copy_msghdr_from_user+0x10b/0x160 [ 508.584865][T15320] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.584895][T15320] ? rcu_is_watching+0x12/0xc0 [ 508.584926][T15320] ? lock_release+0x4e2/0x6f0 [ 508.584949][T15320] ? get_pid_task+0xfc/0x250 [ 508.584973][T15320] ___sys_sendmsg+0x135/0x1e0 [ 508.584993][T15320] ? get_pid_task+0x35/0x250 [ 508.585014][T15320] ? __pfx____sys_sendmsg+0x10/0x10 [ 508.585035][T15320] ? lock_release+0x4e2/0x6f0 [ 508.585063][T15320] ? __pfx_lock_release+0x10/0x10 [ 508.585086][T15320] ? trace_lock_acquire+0x14e/0x1f0 [ 508.585110][T15320] ? __fget_files+0x206/0x3a0 [ 508.585136][T15320] __sys_sendmsg+0x16e/0x220 [ 508.585157][T15320] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.585183][T15320] ? rcu_is_watching+0x12/0xc0 [ 508.585213][T15320] ? rcu_is_watching+0x12/0xc0 [ 508.585245][T15320] do_syscall_64+0xcd/0x250 [ 508.585278][T15320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.585308][T15320] RIP: 0033:0x7f40de98cda9 [ 508.585325][T15320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.585354][T15320] RSP: 002b:00007f40df843038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.585373][T15320] RAX: ffffffffffffffda RBX: 00007f40deba5fa0 RCX: 00007f40de98cda9 [ 508.585388][T15320] RDX: 000000000400c854 RSI: 0000000020000300 RDI: 0000000000000003 [ 508.585401][T15320] RBP: 00007f40df843090 R08: 0000000000000000 R09: 0000000000000000 [ 508.585415][T15320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.585428][T15320] R13: 0000000000000000 R14: 00007f40deba5fa0 R15: 00007ffd59010b78 [ 508.585448][T15320] [ 508.878168][T15279] team0: Port device team_slave_0 added [ 508.888503][T15279] team0: Port device team_slave_1 added [ 509.106899][T15279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.113880][T15279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.168720][T15279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.181592][T15279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.215339][T15279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.256378][T15279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.318654][T15279] hsr_slave_0: entered promiscuous mode [ 509.331490][T15279] hsr_slave_1: entered promiscuous mode [ 509.340088][T15279] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.348274][T15279] Cannot create hsr debugfs directory [ 509.566408][T15279] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 509.576597][T15279] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 509.587414][T15279] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 509.599522][T15355] FAULT_INJECTION: forcing a failure. [ 509.599522][T15355] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 509.625871][T15279] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 509.638472][T15355] CPU: 1 UID: 0 PID: 15355 Comm: syz.4.2362 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 509.638503][T15355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 509.638517][T15355] Call Trace: [ 509.638524][T15355] [ 509.638532][T15355] dump_stack_lvl+0x16c/0x1f0 [ 509.638567][T15355] should_fail_ex+0x50a/0x650 [ 509.638594][T15355] strncpy_from_user+0x3b/0x2d0 [ 509.638618][T15355] do_tcp_setsockopt+0x54b/0x2820 [ 509.638640][T15355] ? lock_release+0x4e2/0x6f0 [ 509.638664][T15355] ? get_pid_task+0xfc/0x250 [ 509.638687][T15355] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 509.638707][T15355] ? get_pid_task+0x35/0x250 [ 509.638730][T15355] ? lock_release+0x4e2/0x6f0 [ 509.638752][T15355] ? ksys_write+0x12b/0x250 [ 509.638775][T15355] ? ksys_write+0x191/0x250 [ 509.638797][T15355] ? __pfx_aa_sk_perm+0x10/0x10 [ 509.638828][T15355] ? preempt_count_add+0x76/0x150 [ 509.638854][T15355] tcp_setsockopt+0xe2/0x100 [ 509.638875][T15355] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 509.638903][T15355] do_sock_setsockopt+0x222/0x480 [ 509.638927][T15355] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 509.638951][T15355] ? __fget_files+0x40/0x3a0 [ 509.638974][T15355] ? lock_acquire+0x2f/0xb0 [ 509.639004][T15355] __sys_setsockopt+0x1a0/0x230 [ 509.639037][T15355] __x64_sys_setsockopt+0xbd/0x160 [ 509.639076][T15355] ? trace_irq_enable.constprop.0+0xea/0x140 [ 509.639104][T15355] do_syscall_64+0xcd/0x250 [ 509.639137][T15355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.639167][T15355] RIP: 0033:0x7fa34158cda9 [ 509.639184][T15355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.639205][T15355] RSP: 002b:00007fa34239b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 509.639226][T15355] RAX: ffffffffffffffda RBX: 00007fa3417a5fa0 RCX: 00007fa34158cda9 [ 509.639241][T15355] RDX: 000000000000001f RSI: 0000000000000006 RDI: 0000000000000003 [ 509.639254][T15355] RBP: 00007fa34239b090 R08: 0000000000000fb3 R09: 0000000000000000 [ 509.639267][T15355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.639280][T15355] R13: 0000000000000000 R14: 00007fa3417a5fa0 R15: 00007ffd6efe33b8 [ 509.639300][T15355] [ 509.817215][T12346] Bluetooth: hci6: command tx timeout [ 510.090566][T15279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.129379][T15361] ================================================================== [ 510.137498][T15361] BUG: KASAN: slab-use-after-free in force_wakeup_write+0x14d/0x170 [ 510.145516][T15361] Read of size 1 at addr ffff88814d360231 by task syz.4.2363/15361 [ 510.153430][T15361] [ 510.155768][T15361] CPU: 1 UID: 0 PID: 15361 Comm: syz.4.2363 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 510.155800][T15361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 510.155815][T15361] Call Trace: [ 510.155823][T15361] [ 510.155832][T15361] dump_stack_lvl+0x116/0x1f0 [ 510.155872][T15361] print_report+0xc3/0x620 [ 510.155900][T15361] ? __virt_addr_valid+0x5e/0x590 [ 510.155929][T15361] ? __phys_addr+0xc6/0x150 [ 510.155966][T15361] kasan_report+0xd9/0x110 [ 510.155994][T15361] ? force_wakeup_write+0x14d/0x170 [ 510.156021][T15361] ? force_wakeup_write+0x14d/0x170 [ 510.156049][T15361] force_wakeup_write+0x14d/0x170 [ 510.156075][T15361] ? __pfx_force_wakeup_write+0x10/0x10 [ 510.156099][T15361] ? rcu_watching_snap_stopped_since+0x61/0x110 [ 510.156135][T15361] ? trace_lock_acquire+0x14e/0x1f0 [ 510.156159][T15361] full_proxy_write+0x13c/0x200 [ 510.156194][T15361] ? __pfx_full_proxy_write+0x10/0x10 [ 510.156228][T15361] vfs_write+0x24c/0x1150 [ 510.156251][T15361] ? __fget_files+0x1fc/0x3a0 [ 510.156275][T15361] ? __pfx___mutex_lock+0x10/0x10 [ 510.156307][T15361] ? __pfx_vfs_write+0x10/0x10 [ 510.156330][T15361] ? __fget_files+0x206/0x3a0 [ 510.156353][T15361] ksys_write+0x12b/0x250 [ 510.156374][T15361] ? __pfx_ksys_write+0x10/0x10 [ 510.156394][T15361] ? rcu_is_watching+0x12/0xc0 [ 510.156424][T15361] ? rcu_is_watching+0x12/0xc0 [ 510.156454][T15361] do_syscall_64+0xcd/0x250 [ 510.156487][T15361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.156516][T15361] RIP: 0033:0x7fa34158cda9 [ 510.156534][T15361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.156557][T15361] RSP: 002b:00007fa34239b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 510.156581][T15361] RAX: ffffffffffffffda RBX: 00007fa3417a5fa0 RCX: 00007fa34158cda9 [ 510.156598][T15361] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000006 [ 510.156614][T15361] RBP: 00007fa34160e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 510.156629][T15361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 510.156643][T15361] R13: 0000000000000000 R14: 00007fa3417a5fa0 R15: 00007ffd6efe33b8 [ 510.156662][T15361] [ 510.156670][T15361] [ 510.378971][T15361] Allocated by task 15279: [ 510.383394][T15361] kasan_save_stack+0x33/0x60 [ 510.388098][T15361] kasan_save_track+0x14/0x30 [ 510.392797][T15361] __kasan_kmalloc+0xaa/0xb0 [ 510.397402][T15361] __kmalloc_node_track_caller_noprof+0x21d/0x520 [ 510.403837][T15361] kmalloc_reserve+0xef/0x2c0 [ 510.408545][T15361] __alloc_skb+0x164/0x380 [ 510.412980][T15361] inet6_rt_notify+0xc7/0x260 [ 510.417673][T15361] fib6_add+0x251d/0x4b20 [ 510.422027][T15361] ip6_ins_rt+0xb6/0x110 [ 510.426284][T15361] __ipv6_ifa_notify+0x9d8/0xc30 [ 510.431249][T15361] add_addr+0x245/0x350 [ 510.435428][T15361] add_v4_addrs+0x71a/0xa00 [ 510.439952][T15361] addrconf_init_auto_addrs+0x18a/0x820 [ 510.445524][T15361] addrconf_notify+0xe91/0x19c0 [ 510.450389][T15361] notifier_call_chain+0xb7/0x410 [ 510.455443][T15361] call_netdevice_notifiers_info+0xbe/0x140 [ 510.461354][T15361] __dev_notify_flags+0x12d/0x2e0 [ 510.466400][T15361] dev_change_flags+0x10c/0x160 [ 510.471272][T15361] do_setlink.constprop.0+0x17b9/0x3f20 [ 510.476839][T15361] rtnl_newlink+0x131c/0x1d70 [ 510.481542][T15361] rtnetlink_rcv_msg+0x95b/0xea0 [ 510.486505][T15361] netlink_rcv_skb+0x165/0x410 [ 510.491287][T15361] netlink_unicast+0x53c/0x7f0 [ 510.496072][T15361] netlink_sendmsg+0x8b8/0xd70 [ 510.500857][T15361] __sys_sendto+0x488/0x4f0 [ 510.505388][T15361] __x64_sys_sendto+0xe0/0x1c0 [ 510.510179][T15361] do_syscall_64+0xcd/0x250 [ 510.514718][T15361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.520633][T15361] [ 510.522963][T15361] Freed by task 15279: [ 510.527037][T15361] kasan_save_stack+0x33/0x60 [ 510.531734][T15361] kasan_save_track+0x14/0x30 [ 510.536430][T15361] kasan_save_free_info+0x3b/0x60 [ 510.541477][T15361] __kasan_slab_free+0x51/0x70 [ 510.546256][T15361] kfree+0x2c4/0x4d0 [ 510.550163][T15361] skb_free_head+0x108/0x1d0 [ 510.554778][T15361] skb_release_data+0x560/0x730 [ 510.559641][T15361] consume_skb+0xbf/0x100 [ 510.563984][T15361] netlink_broadcast_filtered+0x3d5/0xef0 [ 510.569726][T15361] nlmsg_notify+0x9e/0x220 [ 510.574168][T15361] inet6_rt_notify+0x19b/0x260 [ 510.578967][T15361] fib6_add+0x251d/0x4b20 [ 510.583321][T15361] ip6_ins_rt+0xb6/0x110 [ 510.587584][T15361] __ipv6_ifa_notify+0x9d8/0xc30 [ 510.592548][T15361] add_addr+0x245/0x350 [ 510.596729][T15361] add_v4_addrs+0x71a/0xa00 [ 510.601255][T15361] addrconf_init_auto_addrs+0x18a/0x820 [ 510.606825][T15361] addrconf_notify+0xe91/0x19c0 [ 510.611697][T15361] notifier_call_chain+0xb7/0x410 [ 510.616749][T15361] call_netdevice_notifiers_info+0xbe/0x140 [ 510.622665][T15361] __dev_notify_flags+0x12d/0x2e0 [ 510.627712][T15361] dev_change_flags+0x10c/0x160 [ 510.632592][T15361] do_setlink.constprop.0+0x17b9/0x3f20 [ 510.638184][T15361] rtnl_newlink+0x131c/0x1d70 [ 510.642905][T15361] rtnetlink_rcv_msg+0x95b/0xea0 [ 510.647865][T15361] netlink_rcv_skb+0x165/0x410 [ 510.652651][T15361] netlink_unicast+0x53c/0x7f0 [ 510.657438][T15361] netlink_sendmsg+0x8b8/0xd70 [ 510.662224][T15361] __sys_sendto+0x488/0x4f0 [ 510.666753][T15361] __x64_sys_sendto+0xe0/0x1c0 [ 510.671541][T15361] do_syscall_64+0xcd/0x250 [ 510.676071][T15361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.681985][T15361] [ 510.684313][T15361] The buggy address belongs to the object at ffff88814d360000 [ 510.684313][T15361] which belongs to the cache kmalloc-1k of size 1024 [ 510.698378][T15361] The buggy address is located 561 bytes inside of [ 510.698378][T15361] freed 1024-byte region [ffff88814d360000, ffff88814d360400) [ 510.712289][T15361] [ 510.714625][T15361] The buggy address belongs to the physical page: [ 510.721051][T15361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14d360 [ 510.729908][T15361] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 510.738418][T15361] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 510.746066][T15361] page_type: f5(slab) [ 510.750065][T15361] raw: 057ff00000000040 ffff88801b041dc0 ffffea000506ba00 dead000000000002 [ 510.758664][T15361] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 510.767274][T15361] head: 057ff00000000040 ffff88801b041dc0 ffffea000506ba00 dead000000000002 [ 510.775970][T15361] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 510.784666][T15361] head: 057ff00000000003 ffffea000534d801 ffffffffffffffff 0000000000000000 [ 510.793449][T15361] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 510.802133][T15361] page dumped because: kasan: bad access detected [ 510.808569][T15361] page_owner tracks the page as allocated [ 510.814294][T15361] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19655205238, free_ts 0 [ 510.834023][T15361] post_alloc_hook+0x181/0x1b0 [ 510.838816][T15361] get_page_from_freelist+0xfce/0x2f80 [ 510.844430][T15361] __alloc_frozen_pages_noprof+0x221/0x2470 [ 510.850342][T15361] alloc_pages_mpol+0x1fc/0x540 [ 510.855220][T15361] new_slab+0x23d/0x330 [ 510.859390][T15361] ___slab_alloc+0xbfa/0x1600 [ 510.864081][T15361] __slab_alloc.constprop.0+0x56/0xb0 [ 510.869468][T15361] __kmalloc_noprof+0x2de/0x4f0 [ 510.874336][T15361] net_alloc_generic+0x1e/0x70 [ 510.879108][T15361] ops_init+0x31a/0x5f0 [ 510.883280][T15361] register_pernet_operations+0x3a1/0x6f0 [ 510.889015][T15361] register_pernet_device+0x29/0x80 [ 510.894232][T15361] ip6gre_init+0x22/0x140 [ 510.898585][T15361] do_one_initcall+0x128/0x630 [ 510.903365][T15361] kernel_init_freeable+0x58f/0x8b0 [ 510.908594][T15361] kernel_init+0x1c/0x2b0 [ 510.912940][T15361] page_owner free stack trace missing [ 510.918309][T15361] [ 510.920637][T15361] Memory state around the buggy address: [ 510.926269][T15361] ffff88814d360100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.934344][T15361] ffff88814d360180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.942412][T15361] >ffff88814d360200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.950482][T15361] ^ [ 510.956118][T15361] ffff88814d360280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.964186][T15361] ffff88814d360300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 510.972256][T15361] ================================================================== [ 510.990519][T15361] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 510.997744][T15361] CPU: 1 UID: 0 PID: 15361 Comm: syz.4.2363 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 511.008154][T15361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 511.018202][T15361] Call Trace: [ 511.021471][T15361] [ 511.024395][T15361] dump_stack_lvl+0x3d/0x1f0 [ 511.028995][T15361] panic+0x71d/0x800 [ 511.033005][T15361] ? __pfx_panic+0x10/0x10 [ 511.037432][T15361] ? rcu_is_watching+0x12/0xc0 [ 511.042214][T15361] ? preempt_schedule_thunk+0x1a/0x30 [ 511.047607][T15361] ? preempt_schedule_common+0x44/0xc0 [ 511.053083][T15361] check_panic_on_warn+0xab/0xb0 [ 511.058024][T15361] end_report+0x117/0x180 [ 511.062365][T15361] kasan_report+0xe9/0x110 [ 511.066785][T15361] ? force_wakeup_write+0x14d/0x170 [ 511.071995][T15361] ? force_wakeup_write+0x14d/0x170 [ 511.077197][T15361] force_wakeup_write+0x14d/0x170 [ 511.082223][T15361] ? __pfx_force_wakeup_write+0x10/0x10 [ 511.087764][T15361] ? rcu_watching_snap_stopped_since+0x61/0x110 [ 511.094016][T15361] ? trace_lock_acquire+0x14e/0x1f0 [ 511.099215][T15361] full_proxy_write+0x13c/0x200 [ 511.104337][T15361] ? __pfx_full_proxy_write+0x10/0x10 [ 511.109724][T15361] vfs_write+0x24c/0x1150 [ 511.114074][T15361] ? __fget_files+0x1fc/0x3a0 [ 511.118758][T15361] ? __pfx___mutex_lock+0x10/0x10 [ 511.123793][T15361] ? __pfx_vfs_write+0x10/0x10 [ 511.128570][T15361] ? __fget_files+0x206/0x3a0 [ 511.133253][T15361] ksys_write+0x12b/0x250 [ 511.137578][T15361] ? __pfx_ksys_write+0x10/0x10 [ 511.142425][T15361] ? rcu_is_watching+0x12/0xc0 [ 511.147192][T15361] ? rcu_is_watching+0x12/0xc0 [ 511.152003][T15361] do_syscall_64+0xcd/0x250 [ 511.156534][T15361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.162439][T15361] RIP: 0033:0x7fa34158cda9 [ 511.166851][T15361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 511.186457][T15361] RSP: 002b:00007fa34239b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 511.194870][T15361] RAX: ffffffffffffffda RBX: 00007fa3417a5fa0 RCX: 00007fa34158cda9 [ 511.202841][T15361] RDX: 0000000000000001 RSI: 0000000020001780 RDI: 0000000000000006 [ 511.210811][T15361] RBP: 00007fa34160e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 511.218787][T15361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.226773][T15361] R13: 0000000000000000 R14: 00007fa3417a5fa0 R15: 00007ffd6efe33b8 [ 511.235091][T15361] [ 511.238232][T15361] Kernel Offset: disabled [ 511.242545][T15361] Rebooting in 86400 seconds..