last executing test programs: 9m3.509450455s ago: executing program 0 (id=775): mmap$auto(0xfffffffffffffffe, 0x2000b, 0x4000000000e3, 0xebf, 0x401, 0x2) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_fops_bool_file(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/kernel/debug/netdevsim/netdevsim3/ports/1/bpf_xdpdrv_accept\x00', 0x24a44, 0x0) readv$auto(r0, &(0x7f0000001540)={&(0x7f00000001c0)="fced64e2cfebb354d73caa989239267790877d85bd82d5c43dcc2872f79819bdde8b38adaf2a9acd1f54fee22a94672bf7b74e6cbb677d57b42b2efdd67f94aead47973529645337021f3b4b6fab9b5bc4e456ebe395b07d06b19c7dd507ae65a00fb00b597c13639fbbaf76397a78973e39e357ab182693b3a9a3c06ee71a3fba8299998ec8a74d8c1cf9bd951926cd13c188da1d83008b4990d31ed707a817fbc603130e7d", 0x8}, 0x8f) open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x40a420, 0x0) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/usb/usbmon/32u\x00', 0x0, 0x0) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x1, 0x0, 0x28}, 0x54) getsockopt$auto(0x3, 0xd, 0x21c, 0x0, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x28402, 0x0) 9m1.178702696s ago: executing program 0 (id=772): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/004/001\x00', 0xa901, 0x0) poll$auto(&(0x7f0000000380)={r0, 0x5696, 0x1}, 0x80, 0xf) mmap$auto(0x0, 0x5, 0x3, 0x9d2, r0, 0x7ffe) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) futex$auto(0x0, 0xb, 0x5, &(0x7f00000000c0)={0x1, 0x9}, &(0x7f0000000100)=0x6, 0x7ff) splice$auto(0x4, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x6, 0x0) socket(0x2, 0x6, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) fcntl$auto(0xffffffffffffffff, 0x40a, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x4, 0x40009, 0x7f, 0x400000400009b71, 0x7, 0xf) move_pages$auto(0x0, 0x6, 0xffffffffffffffff, 0x0, 0x0, 0xfffffff7) open(&(0x7f0000000000)='./file0\x00', 0x60000, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) mlock2$auto(0x1, 0x8001, 0x0) 9m0.252443177s ago: executing program 0 (id=774): mmap$auto(0x1, 0x5, 0x0, 0x19, 0x2, 0x800007fff) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/ptp/ptp0/n_periodic_outputs\x00', 0x40000, 0x0) r0 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r0, 0x202, 0xa, 0x4, 0x0) memfd_create$auto(&(0x7f0000000000)='!\x00', 0x16) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) socket(0x1d, 0x2, 0x6) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20b02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0xfdffffff, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) 8m59.308695121s ago: executing program 0 (id=781): mmap$auto(0xfffffffffffffffe, 0x2000b, 0x4000000000e3, 0xebf, 0x401, 0x2) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_fops_bool_file(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/kernel/debug/netdevsim/netdevsim3/ports/1/bpf_xdpdrv_accept\x00', 0x24a44, 0x0) readv$auto(r0, &(0x7f0000001540)={&(0x7f00000001c0)="fced64e2cfebb354d73caa989239267790877d85bd82d5c43dcc2872f79819bdde8b38adaf2a9acd1f54fee22a94672bf7b74e6cbb677d57b42b2efdd67f94aead47973529645337021f3b4b6fab9b5bc4e456ebe395b07d06b19c7dd507ae65a00fb00b597c13639fbbaf76397a78973e39e357ab182693b3a9a3c06ee71a3fba8299998ec8a74d8c1cf9bd951926cd13c188da1d83008b4990d31ed707a817fbc603130e7d", 0x8}, 0x8f) open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x40a420, 0x0) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/usb/usbmon/32u\x00', 0x0, 0x0) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x1, 0x0, 0x28}, 0x54) getsockopt$auto(0x3, 0xd, 0x21c, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x28402, 0x0) 8m56.968104724s ago: executing program 0 (id=786): r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_DEL_STATION(r2, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f00000000c0)={0x34, r3, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_HE_CAPABILITY={0x20, 0x10d, "6f46be20118d67c9229d9ccfa2594d3a7be63f9fffc7b6e31f883768"}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x10) sendmsg$auto_NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x88c, r3, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_IE_PROBE_RESP={0x2ae, 0x7f, "95372d195a3597f7e9aba68423dba29b48268aa439c72f6eefe7052ffee08c6d9ad2466f7174b7ed85fccf6e52e54a8475100d841a1896c564048ba3a8db1fd9bcb1f1c0a403d4c46ef40e59f5f7901e866ae2f7662f0b69be248e19dfa2574bf7f84c67866f0f46ee5a1a59459eab9cc12299eab1db367aad9c47f10bc2bbf726e8e6c025a1a097f60fdb26a14f92ff30d83a10c4de6f90a272a3c560f53f8e9bdf80ea4f0be9c6e8aa97856ba7efb7b30dbd3205f8a6c0c2d7e1f538722a53e59337f38302e5c1d9925fcfebbf6ce1d8dc3f13a928a97d17c829d81589da3a7b23ebe2878c6d481388d6de0028b68550b8251ec421924aab0304ae449ee8b71d3d5359ee1c503e5e408587f59f5aeb9c93f1a6df031bc66c14a9c1341a324bb1de8089040d88f37c0ec16f063b7f26955ee15ba6ffdec9c95ebe62b14a3028c57dc684eeefe7e85ea63f7a3d1df5aaf363a0eaef58c980d97ec612c485476d2e1fa96bb6071d1062cd4fb9a1fc074db740baae4db23b3d7bbe558a8b315724152704065cae8b425fe989d91b4c55b7095fd41f6ed0915bd23d51c2b9c8cf82c8d4d05503469b209f3b5304fdd4c3d80c14439f5f5f4b56b73aeb645792739292cb02084e08aea51276307b5a59c03a2fa49e15ab09d50d658c09cf34f318bc8d4212c20e6aba50d555928d53610d282ce3529e08d7fec0345ee127b036b18d90922c01c1f954dec18e3a1a02916ffbd919439e711055e2ebdabfc67b3b34cc1d394385c9e7a5d318c47f84948d453657201c74ac02852289253bd38005793589525f3d4d103aada5a35a484663c307691d9d7c00d97e3d2451f06ba962e38be1207dfa1f8650b32b8003e9ee67209093b9c4e232e6750df867fd4e992e6aa21ffeaf2b23049fc13a4b2ca86fd6b6cc3522ac1f1ef374ef46eb8c31b53a261169fa2078234394ff50e1"}, @NL80211_ATTR_FILS_DISCOVERY={0x14, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x4}, @NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x8}]}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x40}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3c}, @NL80211_ATTR_MESH_CONFIG={0x4e6, 0x23, 0x0, 0x1, [@nested={0x9f, 0xa1, 0x0, 0x1, [@typed={0x8, 0x26, 0x0, 0x0, @u32=0x4}, @generic="efa907accea2aaf29de66bcce44ccea0ee649b4ec532fa67b916b6a284728d2ce4558e100dc7a157d22f744ba9aa86e81c0da95c4cecad7264bd9c429c940d6ec8c0594302a4011a4a99aa60033bfb368bc9eeae70245ee05be6b1a9529fe62f1be145bd778c985118dc7ea9d9e50b044e7f1fd3c75cfe3b4dbcc7d441370420b2d26e1442c8efbbd9f21bb9d7038a19540001"]}, @generic="691ff8addef3a0ff7b4afba79a0f06dbd3958665ca4eaae4197509e50fd1ecc36e7e16f45bcd01b716759615813ea31f122795e7f52faea3d7fb8b06c87b4aac21f8055c20625b27435db93212626fc6e244cb33838992cd5a46f736d39349a874086e046c73ef49ba1d651c551e3c9e9b98167d19c6466cfbbd4b4c2e02f548552157313bdf4232802f9d57133aa80dcc8de71ddecc4d6714f92d26b8d1766438bb7e1bde9d9fa4aa4fbb1f5a5768c33a132ecff0f51b96f4a4ace20b7b00da7ff78b87b472adc31c5b1ab0311d", @typed={0x4, 0xb9}, @generic="3403b73d70542140d06bb962589044a40e66814659d5c549570af28a89efca74dd6317568d5709034ede52613ea76666af730c7a40f441b6a76998e777a8748e43002586f10f2d3236c63af2040496219feeee8200e3c3ed914bcf39784868b3b0177a24e380249a51c2d5aab72acd1b0be76c24aeccf718285c6609d95005d75e0dcdd1fce8bdb0a43655667059162849f8569fb6beb65a453764e99ca163ce95e4c9ec49246ee6003d5438145b9da82ff927b687343e0d77e7ace4513b98bc044f26f4245af41c34892a5ef0de04734281796e283aa590e83971a192c0d853c586b32f215284e5c49ea1724e8c", @nested={0x1e5, 0x6, 0x0, 0x1, [@generic="5e6b214caa98d7c975bff85e518114aab9", @typed={0x8, 0x38, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x41}, @generic="4df52e8a09140e87c31b92898d95cc3c8cc2859c87c24c601d5e1927235d97ed26107410fa8c6bc2aafe6cfd137bb1569a014f033fe3de67c330b9040375bfff5f1101680342a6cbd152286d9a789a53c32f01e22b9b842bdf1902a16cf79372570da4e856e1aaf493329c4b93a2c919403a764146d996c70e4afb83bf6d70bacd7a6bda4583e1bd79b0e279d311bdfcc85b0190a64ac927ff83d7e9906551d5a1dff6b3aa5e9e481b5a78aeedc1777b", @typed={0x8, 0x26, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="77ee5d9d3148e898f0e082e9eda05181476e089d7c18b79888e140fbc2348653a6a3565cddd72a9fe828a4e62cc02174a5a7d82769408596e1e89c35e760a66ec7e374d9770ed183da82ae5c2f01aa8ae49305134bd0053651b128573df4a34f46dec04ce2b3497c4e52927582f911fe2e8f23ff1b538d3de4e76ab9f39293a74e495fad1d067e4d5a7fb289e801ccdde1a5bd225ea93171e856ecb401d66848db0e91a5200e445814602c5aceb518779ae1cf7b8541c97dca69040b453e0c63e5c885490e2dbf7050b83ff446c2d38ef59a5be15c31061324d492a77f85ceabb231364bad4fcf02b8c2b7de7a30fc8a096b6b1a1842365e91f7cce1", @typed={0x8, 0x11e, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x3d}}, @nested={0x4, 0x20}, @nested={0x4, 0xce}]}, @typed={0x14, 0x13e, 0x0, 0x0, @ipv6=@loopback}, @generic="5202d70bc495b726214750a4e5157f1a5a3dc8a839fa344d97a3faca93b648782321abbb00c3712adee2eca1256647b01c49a3e88d7a19bb9eb9aa33345d27075899c68039811bd7de84e71290cb8a5daf7008f9963c09f9f17d89854a0c570bcda8b8720ae0eb6869d9b5e837c73d25e3af", @nested={0x12, 0xa8, 0x0, 0x1, [@nested={0x4, 0x113}, @nested={0x4, 0x133}, @generic="5a487eef424c"]}]}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x1c, 0xcd, "51f6afc61534c06bad09cacb7fae7798c2a861b16930dd11"}, @NL80211_ATTR_VENDOR_DATA={0x99, 0xc5, "2b19c4826286dd35feff9eb663d6d928aa3806583200214338b388e729fcfe662af4295a1475dd604fd5672c6029c98b95f590bb8eef88c3d74019970e41bc16e5106d1c00a82be2a01024c32f258cbe4ff3b3335b33727d02169f21ecced56084b8e83478a4b0e891ebc8ece2628397ca6211c2fd3d47317ac85bfaa33aad4888acdf7e2a3b331d70187b91d5d31d85cbee8559e8"}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4080}, 0x4048000) write$auto(r0, &(0x7f0000000000), 0xef) 8m55.875669882s ago: executing program 0 (id=788): openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x120182, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/driver/rtc\x00', 0x8080, 0x0) lseek$auto(r0, 0x5, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/debug/kvm/mmu_flooded\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x22, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x80044944, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x120182, 0x0) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) (async) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/driver/rtc\x00', 0x8080, 0x0) (async) lseek$auto(r0, 0x5, 0x0) (async) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/debug/kvm/mmu_flooded\x00', 0x2, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0x22, 0x2, 0x2) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x80044944, 0x0) (async) 8m40.651497269s ago: executing program 32 (id=788): openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x120182, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/driver/rtc\x00', 0x8080, 0x0) lseek$auto(r0, 0x5, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/debug/kvm/mmu_flooded\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x22, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x80044944, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x120182, 0x0) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) (async) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/driver/rtc\x00', 0x8080, 0x0) (async) lseek$auto(r0, 0x5, 0x0) (async) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/debug/kvm/mmu_flooded\x00', 0x2, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0x22, 0x2, 0x2) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x80044944, 0x0) (async) 1m20.925597809s ago: executing program 3 (id=2428): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(0x0, 0x0, 0x18) (async) socket(0x2, 0x80002, 0x73) fcntl$auto(0x8000000000000001, 0x26, 0x8) (async) prctl$auto(0x41555856, 0x6, 0x2008, 0x0, 0x0) (async) fcntl$auto(0x8000000000000001, 0x25, 0x8) setreuid$auto(0x3, 0x7) socket(0x22, 0x3, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socket(0x10, 0x80002, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) (async) socket(0x21, 0x80000, 0x3) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x9, 0xd8a, 0xffffffff) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) (rerun: 64) sendmsg$auto_NL80211_CMD_SET_WIPHY(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd693840f03c423aa0000008000300", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x404c050}, 0x80) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="60000100ccd546efefddebc1e5bd8bdf8b0d32ee843fc1a955cb63d5ed9ab6205cb6561609b8c79ce0", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a000100aaaaaaaaaa4300000a000100aaaaaaaaaa19000008000200", @ANYRES32=r2, @ANYBLOB="060006004c120000"], 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000}, 0xc004) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async, rerun: 64) utimensat$auto(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={0xd, 0x6}, 0xfffffff1) (rerun: 64) r6 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r0) sendmsg$auto_TIPC_NL_NET_SET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002f80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fedbdf250f0000000c000780080001000b0088"], 0x20}, 0x1, 0x0, 0x0, 0x815}, 0x8000) 1m20.215835423s ago: executing program 3 (id=2430): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x84000, 0x0) setrlimit$auto(0x5, 0x0) ioctl$auto_RTC_PARAM_GET(r2, 0x40187013, 0x0) socket(0xa, 0x801, 0x84) (fail_nth: 3) 1m19.632111953s ago: executing program 3 (id=2432): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async, rerun: 64) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (rerun: 64) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) lremovexattr$auto(0x0, 0x0) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xffe0}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r1 = socket(0x10, 0x2, 0x0) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3d, 0x4909b6fb, 0x1ffde, 0x7, 0x6, 0x7fffff7fffffffff, 0x7, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x8, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0xffffffffffffffff, 0x0, 0x401, 0x6, 0x70624ce7, 0x0, 0x4, 0xb, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x400000000005b8, 0x100000000c, 0x0, 0x800, 0x0, 0x7, 0x2, 0x5, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x4, 0x0, 0xfffffffffffffffc, 0x2, 0x3fffffffff, 0x0, 0x4, 0xffff]}, 0x202, 0xd) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioperm$auto(0x3, 0xe, 0x2000000000000149) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mbind$auto(0x9, 0x84, 0x4, &(0x7f0000000000), 0x80000000, 0x7f) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) (async, rerun: 32) sendmsg$auto_NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, 0x0, 0x20048800) (async, rerun: 32) unshare$auto(0x40000080) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) (async, rerun: 64) ioprio_set$auto(0x1, 0x0, 0x0) (rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async, rerun: 32) open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) (rerun: 32) 1m5.240742972s ago: executing program 3 (id=2457): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/tracing_on\x00', 0x40001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x80000001, 0x7fffffffffffffff, 0x7fffffffffffffff, 0x561299fe, r0, 0x7) socket(0x15, 0x5, 0x0) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x4, 0x2, 0x0, &(0x7f0000000000)=0x8) sendmsg$auto_NL80211_CMD_STOP_AP(r1, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/029/001\x00', 0xa101, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x51c, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x5393, r5) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) clone$auto(0x7, 0x6, &(0x7f0000000180)=0x7, &(0x7f00000001c0)=0x6, 0x10) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0xa4, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0x87, 0x1a, "f912a2e3421fb8b1ce56e6cc87ca32b222e81322438ea069eb5d5bd588c02ebbcdc759fd908f92ac8392b9afe4351cb90a7605c915522ddb48d2ef788718e2cd328f9cc2ee175e0f723d78ceb9af72cf282e21fc6b6a1bac6c641c6d230544355189c570adf2416b79cfbb7d206daf84d1c8effb83e9ecb5b81ca69aad85fcf3a96657"}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, "f12e87"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x5}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1m3.907458826s ago: executing program 3 (id=2459): r0 = bpf$auto(0xfffffffe, 0x0, 0x6f4) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000002f80), 0xffffffffffffffff) r2 = socket(0x1f, 0x801, 0x100) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r1, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r2], 0x2c}, 0x1, 0x0, 0x0, 0x2004c000}, 0x2404c094) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x8001, 0x0) ioctl$auto(r0, 0xc0046d00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x5, 0xbc64, 0xdf, 0xeb1, r0, 0x8004) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(0x0, 0x0, 0x18) socket(0x2, 0x1, 0x0) ioctl$auto(0x1, 0x8941, 0x8) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) r4 = waitid$auto(0xfffffff8, r0, &(0x7f0000000140)={@siginfo_0_0={0xa81182a, 0xfff, 0x9, @_sigsys={&(0x7f0000000040)="5991c8ffa2decdbe83a9a96b7331678ed524908496d404031273852c55d42505e7ee5fb8a3fb32dc1b625de4229e541a1e6c09727096d448519cb897419dd35807199d9ab894b29b7dab620c62d8cea22b11ce431f64195cdf", 0x8, 0x6}}}, 0x4, &(0x7f00000001c0)={{0x4, 0x5}, {0x8000, 0x10000}, 0x8, 0x7, 0x0, 0x5, 0x2, 0x2, 0x4, 0x7fff, 0x4, 0x2, 0x4, 0x1, 0xc15c, 0xef4a}) r5 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_L2TP_CMD_NOOP(r3, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x181}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4008800}, 0x2404c805) wait4$auto(r5, 0x0, 0x3, 0x0) r6 = getpgid(0xffffffffffffffff) r7 = getuid() setresuid$auto(0x0, r7, 0xee00) rt_tgsigqueueinfo$auto(r4, 0x0, 0x20000ff, &(0x7f0000000280)={@siginfo_0_0={0x0, 0x7, 0xe98, @_kill={r6, r7}}}) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) tkill$auto(0x1, 0x7) r8 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/pf_emulate\x00', 0x80000, 0x0) read$auto_stat_fops_per_vm_kvm_main(r8, 0x0, 0x0) 1m1.968487117s ago: executing program 3 (id=2463): openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) socket(0x28, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x3, 0x0) r0 = socket(0xa, 0x5, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0xd3, 0x5, 0x2, 0x200000000000]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0xd3, 0x5, 0x2, 0x200000000000]}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x207, 0x6) (async) fanotify_init$auto(0x207, 0x6) r1 = open(&(0x7f0000000000)='./file1\x00', 0x10677d, 0x37e5c9853cd1b999) fanotify_mark$auto(0x400000000000, 0x101, 0x8040, r1, 0x0) msgsnd$auto(0x63b, &(0x7f00000000c0)={0x8, 0x5}, 0xff, 0x0) (async) msgsnd$auto(0x63b, &(0x7f00000000c0)={0x8, 0x5}, 0xff, 0x0) ioperm$auto(0xc5, 0x3, 0xc115) (async) ioperm$auto(0xc5, 0x3, 0xc115) getrusage$auto(0xffffffff, &(0x7f0000000300)={{0x8000000000000000, 0x7fff}, {0xb, 0x200}, 0xffffffffffffffff, 0x8000, 0x4, 0x9, 0x2, 0x3ff, 0x6, 0xb97, 0x3d6, 0x1, 0x5, 0x7, 0x8, 0x8000000000000001}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000180)=0x374d, 0x2) write$auto(r0, &(0x7f0000000100)='@[\x00', 0x9) (async) write$auto(r0, &(0x7f0000000100)='@[\x00', 0x9) 1m1.487683719s ago: executing program 33 (id=2463): openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) socket(0x28, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x3, 0x0) r0 = socket(0xa, 0x5, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0xd3, 0x5, 0x2, 0x200000000000]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0xd3, 0x5, 0x2, 0x200000000000]}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x207, 0x6) (async) fanotify_init$auto(0x207, 0x6) r1 = open(&(0x7f0000000000)='./file1\x00', 0x10677d, 0x37e5c9853cd1b999) fanotify_mark$auto(0x400000000000, 0x101, 0x8040, r1, 0x0) msgsnd$auto(0x63b, &(0x7f00000000c0)={0x8, 0x5}, 0xff, 0x0) (async) msgsnd$auto(0x63b, &(0x7f00000000c0)={0x8, 0x5}, 0xff, 0x0) ioperm$auto(0xc5, 0x3, 0xc115) (async) ioperm$auto(0xc5, 0x3, 0xc115) getrusage$auto(0xffffffff, &(0x7f0000000300)={{0x8000000000000000, 0x7fff}, {0xb, 0x200}, 0xffffffffffffffff, 0x8000, 0x4, 0x9, 0x2, 0x3ff, 0x6, 0xb97, 0x3d6, 0x1, 0x5, 0x7, 0x8, 0x8000000000000001}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000180)=0x374d, 0x2) write$auto(r0, &(0x7f0000000100)='@[\x00', 0x9) (async) write$auto(r0, &(0x7f0000000100)='@[\x00', 0x9) 11.285142401s ago: executing program 4 (id=2572): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/tracing_on\x00', 0x40001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x80000001, 0x7fffffffffffffff, 0x7fffffffffffffff, 0x561299fe, r0, 0x7) socket(0x15, 0x5, 0x0) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x4, 0x2, 0x0, &(0x7f0000000000)=0x8) sendmsg$auto_NL80211_CMD_STOP_AP(r1, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/029/001\x00', 0xa101, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x51c, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x5393, r5) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) clone$auto(0x7, 0x6, &(0x7f0000000180)=0x7, &(0x7f00000001c0)=0x6, 0x10) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0xa4, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0x87, 0x1a, "f912a2e3421fb8b1ce56e6cc87ca32b222e81322438ea069eb5d5bd588c02ebbcdc759fd908f92ac8392b9afe4351cb90a7605c915522ddb48d2ef788718e2cd328f9cc2ee175e0f723d78ceb9af72cf282e21fc6b6a1bac6c641c6d230544355189c570adf2416b79cfbb7d206daf84d1c8effb83e9ecb5b81ca69aad85fcf3a96657"}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, "f12e87"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x5}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 8.88242686s ago: executing program 1 (id=2580): openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0) open$dir(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x349100, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x6, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x23, 0x80805, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/team_slave_0/forwarding\x00', 0xa0000, 0x0) read$auto(r0, &(0x7f0000000100)='batadv\x00', 0xcb) memfd_secret$auto(0x0) socket(0x2, 0x5, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x84, 0x80, 0x0, &(0x7f0000000140)=0x9c8) eventfd$auto(0x7) socket(0x11, 0x80003, 0x300) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) socket(0xa, 0x2, 0x88) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB='\n'], 0x18}, 0x1, 0x0, 0x0, 0x64048001}, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000000) 8.575099239s ago: executing program 4 (id=2582): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/tracing_on\x00', 0x40001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x80000001, 0x7fffffffffffffff, 0x7fffffffffffffff, 0x561299fe, r0, 0x7) socket(0x15, 0x5, 0x0) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x4, 0x2, 0x0, &(0x7f0000000000)=0x8) sendmsg$auto_NL80211_CMD_STOP_AP(r1, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/029/001\x00', 0xa101, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x51c, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x5393, r5) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) clone$auto(0x7, 0x6, &(0x7f0000000180)=0x7, &(0x7f00000001c0)=0x6, 0x10) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0xa4, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0x87, 0x1a, "f912a2e3421fb8b1ce56e6cc87ca32b222e81322438ea069eb5d5bd588c02ebbcdc759fd908f92ac8392b9afe4351cb90a7605c915522ddb48d2ef788718e2cd328f9cc2ee175e0f723d78ceb9af72cf282e21fc6b6a1bac6c641c6d230544355189c570adf2416b79cfbb7d206daf84d1c8effb83e9ecb5b81ca69aad85fcf3a96657"}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, "f12e87"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x5}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 7.968971492s ago: executing program 1 (id=2585): r0 = pidfd_open$auto(0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f00000000c0), r1) capset$auto(&(0x7f0000000100)={0x100, 0x0}, &(0x7f0000000140)={0xf, 0x10, 0x8001}) capget$auto(&(0x7f0000000240)={0x8}, &(0x7f0000000280)={0x80, 0x8000, 0x7}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, 0x0) r5 = getpgid$auto(0x0) sendmsg$auto_TASKSTATS_CMD_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, r2, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@TASKSTATS_CMD_ATTR_TGID={0x8, 0x2, r3}, @TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0x0, 0x4, '\x9f)\x00'}, @TASKSTATS_CMD_ATTR_TGID={0x8, 0x2, r5}, @TASKSTATS_CMD_ATTR_REGISTER_CPUMASK={0x5, 0x3, '\x00'}]}, 0xff13}, 0x1, 0x0, 0x0, 0x40800}, 0x0) shmctl$auto(0x0, 0xb, 0x0) prctl$auto(0x8, 0xfffffffffffffffe, 0x4, 0x3, 0x200) fanotify_init$auto(0x5, 0x2) mlockall$auto(0x7) setreuid$auto(0x3, 0x7) mlock$auto(0xfbe8, 0x5f626901) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) write$auto(r1, &(0x7f0000000000)='\x9f)\x00', 0x1) syncfs$auto(0x4) setns(r0, 0x60020000) set_tid_address$auto(&(0x7f0000000040)=0x3fd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socket(0x1e, 0x1, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10f, 0x8a, 0x0, 0x14) mlock$auto(0x4, 0x0) ioctl$auto(0xc8, 0x400454d0, 0x73) 6.455735688s ago: executing program 1 (id=2586): keyctl$auto(0x15, 0xfffffff9, 0x5, 0x100000004, 0x9) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0xd1, 0x7, 0x7, 0x7ff, 0x9, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x401ffc, 0x0, 0xe, 0x1, 0x400, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x4, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xffffffffffffffff, 0x4, 0x2f, 0x0, 0x0, 0x3006, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x4, 0xfffffffffffffffc, 0x2, 0x8, 0x10000000007, 0xc567, 0x8000000000]}, 0x9, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0x1, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001240)='/proc/self/net/mcfilter6\x00', 0x121080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x6, 0x40000000029, 0x38, 0xfffffffffffffffe, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r2, 0x0) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) rename$auto(&(0x7f0000000740)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', &(0x7f0000000840)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00') read$auto(0x3, 0x0, 0xfffffdef) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000022c0)=""/4099, 0x1003) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd05, &(0x7f00000001c0)) 6.084769449s ago: executing program 1 (id=2588): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x82002, 0x0) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, r1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vivid.0/video4linux/radio11/dev\x00', 0x200002, 0x0) syz_clone(0x2000800, &(0x7f0000000140), 0x0, 0x0, 0x0, &(0x7f0000000340)="9a4e90b1a321b92b2745d69fd4b91473081cf1f0de5e8094e71ae64f57ac7a9e613afef34ae3cb5e6fff32797fa0f79f32b7fe2b3e3dc48d517615f1850b492b4627c7de0e9c3a5c43c9c0d31a77b5d9cd2c19286ccd1be12ed7e59ca2") setresuid$auto(0x0, 0x0, 0xee00) newfstatat$auto(r1, 0x0, &(0x7f0000000540)={0x9, 0x7, 0x9, 0x9, 0xee00, 0xee01, 0x0, 0x3, 0x7, 0x1, 0x24000000000, 0x3a97, 0x2, 0x9, 0x8001, 0xffffffffffffffff, 0x5}, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x42102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f00000007c0)=""/153, 0x99) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x80) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) sendmsg$auto_IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003b00)={&(0x7f0000000600)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x40080}, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) read$auto_snd_ctl_f_ops_control(r3, &(0x7f0000000100), 0x0) ioctl$auto(r0, 0x2203, r0) r4 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci6/force_wakeup\x00', 0x480200, 0x0) read$auto_force_wakeup_fops_hci_vhci(r4, &(0x7f0000000080)=""/19, 0x13) 6.043546438s ago: executing program 5 (id=2589): fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) fcntl$auto(0x3, 0x400, 0x2) 5.57308891s ago: executing program 5 (id=2590): bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x4000008000) socket(0x2, 0x2, 0x1) socketpair$auto(0x1, 0x2, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0xe00000, 0x0) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x9, 0x98, 0x7af, 0x0, 0x4, 0x7fd) socket(0xa, 0x3, 0x73) ioctl$auto(0x3, 0x800005411, 0x38) prctl$auto(0x1000000003b, 0x1, 0x3, 0x3, 0x7) adjtimex$auto(0x0) clone$auto(0x0, 0x200, &(0x7f0000000040)=0x1, &(0x7f0000000080)=0x21d, 0x100000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(0x3, 0x5404, 0x38) (fail_nth: 3) 5.471678414s ago: executing program 4 (id=2591): socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.3/usb4/ep_00/uevent\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000180)='\x00', 0x1) (async) close_range$auto(0x2, 0x8, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae47, 0xffffffffffffffff) 4.755144274s ago: executing program 1 (id=2593): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0x801, 0x100) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x33fe0, r1, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x18, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @typed={0x8, 0x23, 0x0, 0x0, @uid}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880) 4.343501652s ago: executing program 1 (id=2594): unshare$auto(0x40000080) read$auto_tracing_fops_trace(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x6, 0x4000000000df, 0xeb1, 0x400, 0x8000) r0 = socket(0x11, 0xcce96d25324e8a36, 0x300) openat$auto_ht40allow_map_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy8/ht40allow_map\x00', 0x40, 0x0) socket(0x29, 0x5, 0x8) setsockopt$auto(r0, 0x107, 0x2, 0x0, 0x28) 4.167773153s ago: executing program 4 (id=2596): mkdir$auto(&(0x7f0000000300)='./file0\x00', 0xf801) ioperm$auto(0x7, 0x6, 0x2) mmap$auto(0x0, 0x1, 0xe1, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/auth_enable\x00', 0x100, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x100000000, 0x5, 0x1d, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8, 0xae, 0x9, 0x2, 0x7, 0x5, 0x7, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000, 0x0, 0x80000000000, 0x400000000000000, 0x0, 0x8000000000000000, 0x80000000000000, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffbfe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0xfffffffffffffffe, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 4.056642131s ago: executing program 5 (id=2597): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x4000) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0xa8602, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) symlink$auto(&(0x7f0000000080)='\xe6\'\xd4\v{T+\xac', &(0x7f0000000000)='\'--[[\x14+\\\x00') fadvise64$auto(r0, 0x8002, 0x6, 0x1) pread64$auto(r0, &(0x7f0000000040)='\x00', 0x8, 0x0) 3.66269173s ago: executing program 2 (id=2600): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af10, r0) r2 = openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy11/short_retry_limit\x00', 0x0, 0x0) read$auto_short_retry_limit_ops_(r2, &(0x7f00000000c0)=""/29, 0x1d) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r3, 0x0, 0x3ff) close_range$auto(0x2, 0x8000, 0x0) 3.185980165s ago: executing program 5 (id=2601): pselect6$auto(0x4, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x4a, 0x9}, 0x0) setresgid$auto(0x800, 0xee01, 0xffffffffffffffff) setresgid$auto(0x0, 0x0, 0x0) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000011c0)={{&(0x7f0000000080)="7c703f02271ffa6c49fe28cc45a0ace43f2c45b80988470842b641ca38eb67d68a81d7d943e96ab2e54f4527f1be2f68d9bec06ddc8409f37c076b9a7bba034d272c80e5041a8c665a11e8ecef89faf89f25d28ced452f367320edb1a1dd86079661419c2638465ca7dec36a9cf7ead6b2e42939428e640c9921fee88f96dfb73df28a48672b9a37843b9c6917f835c6b1617b81797303f9416fb3aa56c38ef217f671440ccf10928d8ec16052814a2a34e4bb79c1127d765611df42d0bc00ec1c669b0bb9385ff1210054471c9dfe5a3c67e0449b02b1819d6c7ded962dce227a6c94cf10c65b728f90cc989e78395aa949f7efd2c9d6d62686f8a236c3d90810deb98f6f256356563e987e40627deb3c842de8b269ec5e175bc8abca4d3e832f1b5139496b8556e8dc96771fd1ec56f1a75de2749f4d259e079f49a6d3e6ca236c239bbbd2608f70c49f85d30c7f8309d7073695688e86ac7cef6075549a257399cef2d27a3f3d8f5f60c2bc2eb4a306743e3174c55bca02e5324533b8a6b19074902cef26bc3729907a04d3c19f5a6faed548f3c2eef1fd535d7df0ca2ee86f3538ad96df815763a15b956e5a4c6017ab1e41cbf719243101c75ac8ab34f7180dc1a84eccc68313245fbf64357cb188e7b5395403a384e6c6ab0728e104b00a9f67b8cadcf6e86b5aae3b76850b089c13b3e2760ad2891369cec5e49c147ae9435630c95bf0d7fed80228eb3a2e7ba547925d4ff4a6539ffad5ceab047c2f2b064a2899bf4d80c2de5ce12033e3812126c7fdf63198e8ae7bfa8ca7cb7e520c9de63e276fc575e63235c844cd33413c858a6bd7c00096d9f3faaee4d9f8fbf449d92e568fd4d884d54934012138da52b852d77b198381f4d12999ae23053e25dd4d811ade784119470c24036320806f51e26cb0f91a383f942bf6bfd60ec686f093da627f284902e63f4d06ebc2cd0e41c126f2c616f5775152fc73f461e2c25948447a1254c103f46b6451b281e7dc42470337b3d860a5120cef5644edb9a3122f1d65ee3a27bf8330c2005ea8b6118621e02ccdd638571f0405fe047823ff0d57c0b1879c5f18d5ca20462ec6485fa5bd174347d146e8de1ad2e4ec264be140534b96aee5c754f341f26ba95fb9960c4be52b4a40ebec40cbf30eee565deeb5f6d8c452a427797b149804e026289c048cb807fe46ecfcded46b8c1ed5441ff614fa903a1757d572723a1161c4357f22318b9842eeec344d8113823fa568f5a3f19c4201706b5e8b48496a9b7af6e682bfc22068041648b991b3f7ea2d43ec93ec9e3f10888bfdde1afe023e5a189d8d262943f105d5c5f246b5a2a1103567dc3494a03204a555d8140e2b27986857008abc0ad6dc56a6353a9f1df864125c6c6e362af3eb01f11f17e0b0f59e5c68795b22df54df377a1d00218c2e4717eb4a33b8c0ae243ad9b2b4735f4a648fcf1d4f23b8cbabce60e03092cc7b26df56204e0be409cbe56a489e7e08619daf32977aa74e3932cc8efffb69d4705a6959fdc516c22232ac459b7b42781af7f270a2986ce396dbb7914740f935195a106cf2345613f7d544c4fe07bfa5ba997b8cb25463ee368db651aa401d3f8d90f03cca4bca4be5c2b1ca902fa24765c0c68ebda1e8cddae91fe75818f014e9ed8693ccc1e732e6ddeb487d81d5812b2b6ac977fec35f3fa7617ef78dffd8fb3a4e6177bc7cb917ca8aaa0e2647d7da7b62eebab4b0ae23b3f9777f71c2323066bd45a582a49b8317f69eb3593e023d78d3643ed91f30442c2a961c15d6b7bebb244cfb54bda1089de21dba6b070c4ffc5558ad71257fd6a49c8b2caf2867c12d27e81762ca350c8daec3cc4482454d6202229d2385bfbd6a70f87737f4c2f61a41c161b4e0958861f24fbfc1fcc87c266cef7bddf1e4995a8acc4aa07a47f03df600c86249f37ff6f48d5c688727fc62bab6290a779de53dbe22ded1ecaccc057bbbdffdeb11d3fee1aa929dacc79e4726fc88b076158cd1aff196833e919dc3af7b8495653a7102639afbf11dd03b118a8b2085c8e578d2dac91de80ef456704b60dd718ffd76967cd3f1319e609c31ba70930254bfa704ffd72c22a9867c437106df56f6b11e8f1185bfc8dc5dac274d400567a30ca09960af2f6751292f81656750dd1930b8d02909b11b181411d659b1732597afa6dd63d463700da81d8564318d411158837cf974a03bdb500029852772d36ca0126233e4fd6c627aa960be6f90d44e79aabe5b8f0f58e8e9605383bb1c83943475c0dc1050e04e2b0f9312b723339e9f09d3333d81bdffc4ac800c134fec1a159f4e57d4bdef34024edcb8da0435ee8168cba807c05cd94d497c381336864c2444a08de0a6fc711c2208a123c19e73984738164a6dd8fc58888f345113f179fc162994aadbf427362b4b7d7cbf7698bfbbbc96d8d1dc8ec98dd1fcfdb5415fc68b2ce727140f712cf08d6d84bb5e4d3a8259ce9007ce6a0e4742d22fa7c823d19b3d766a9dafdcc54b33bb1a02ed9a89ea8be2dd3005e87d54994adc65143c58d71a4f2196b0f3134f6038d06ef0deaf7a308872fbab47e72480731ee53def350b7df378e5626d0bb7bd6f2aa9176fefb80800e73e3c6ea0f27dc4fd48b00492a5d45578a5e50fa6a585a07e0fda249cd257dd977b57ed9e2864ecc02849b27443a55f60eca925c0f2d3682376192126a24d1124193f34826551fe56fe8af4abebd9c31f3eb41fd0688b3d99c7161cd58637ef4ca2a2c4ed438ef81c01b3820cf2d20561eae71fec967e8ffdb35de5f8f20ab7f013621c2399e501a68737147efd79df74a9bd895bcf098ddcfba05333c46cd77ac4c0d70f731789f6353273d90b324b6513455f07d2f6bd56c50c0295d4fed8725bba8018d6d5bedb9fcad2125cc454ffc63ef93eeda0fa284df411b3ef54ee40523410904409d1cbd2c2b086b37908b494a432c32b96865374dcee0ec51d02b340c2c01a3304fe75924c240f8918b7304e8f659e2258e415db61e0bd62cfdd0693bdfa217dfe3713a3a78acb7a352c410788000a248c96790139a136f13c19ff9bc7fa25ea78fadbf7e2ba3489d6310f907bb9dee323c08f2b4c049e6a4668d377269e8023eb465a1d5c4b929562473f2cf1cdd38155451b50a0528be0260f861ee9accb6ca292dfe9ce72844649df74df48656bff52bf06db76b87d49a680a0d1830ad3d7071cc46348c498d3524d7d7735dcf917153b4b94a8cbba12227cb83d109ee8970748d1483e0919bf68a9b36782f1ac6354527e52378a8ecff39c26dc55078710ea9eaf6aadbb9ce0d77b024fc460011db28e8d2920fd33df82090f83ffb37906fdc52d1b97ae8a4b3b879f631d870c4eee1e01622cd60f9a6bf6e835360cb9376d344a2918bab8d7b2f073b787d04982b6cea504825604fb03a827ec4f70248a98aa7cb7f16fadb3e4b5ff6209d3b1e35aa2a4f367d2723c8abd704bfe1bac5ba821083f2fdfa973c0be0db887cd4305c36a563541f91dea73f9c2971a90f5386e156d64031496313f86fb3043aa9f9ed5c608f90bf514d2586ef8b313cbcabcfea8be90d022a3560cc5bf54f153735e15a0e4db801e4bcfc29ef01f3b23208710313dfe17b5bd8d178366a05dfc34662704fb2e2e36fb247658bd1683a68a9165fbd9b567b68807af6846e365b1d6909ec69a4fbde07f09b75140c327d3d418a7a8c4c09cfa08652ae71d55e2068670c3548a3a1e2d828824ade35ae3355ee10dcabdcb353f33d3ef6abc272f75fa5a3295823f3acba90cc5f243a8c81715535381a168b408097e04b83dcc1e129bbb11eb1e58a6ff34cab697f5c2232306b6e2cf35f117775c8af4ba0bffb09d3e0440bdfc6a20ec427950c652cbb3a84b413dd70efdbf0d745316b5014a9724b482cee817a7063a05d34a3f22c32a68951799b1beebb33f7eea0467fe746df2aeee7c8dd30a946e8ceabfe03de6f371775ea570bd402612b3ad1602cbe2ec0fa575cc2b82dd51a395e49c9ea2504d2969d6f906edcaa1b37d4503ea38057beea6dc516cd74f6de4ff2e884f39c9ee3889ddac6229e21455b3d15634c876a020ebe953f23d6c8b570d2ae1e3252df3ca9e8db8959cc84337ecea32d714664c8f99b3338b1cf556c30f26701547122eb686e4f9e1002ffad7ab8088c8420709c935c8e2e1aac265e7e78c88133b3c80981998803f07b606304b705256fa13492f72f4d5e33162c82611c780dcf0420c6ad5ab398ae61424d8c4f469c47ed99cfc2b0110e2db9054c40977fc3ea250bbbcaf4c2c4b9f0916b3eeea884aa22b96dc4befba3ea425be257c09a874b2fd901a4d560f85cc03e93ee24ca9cd98c5b336773ac8fca6ff3a44fc27a7d999e572e248138b399085f1e7d4d56b98cee5fbecc83f9d0200f8bfb685d5b3fb9e4cd146aba48510fca771113b0cf448a42a1c61969e7e913daa005f25767047530499c0a8fb1b90f1542249e425ae4784832a2731c591b4c3caff3f5c6343efee980dd621feae0d4183abdecbbe8eb6f9acc3054724ab9330bd0f7ae062d2c88b69dadee1dc71a6a147bc6d4c1274a5691e430609ddec0b7925e488b96f1d35b0de48a8107fbf93ae66a1fbfa01323d031fb706c40741bbc921dfcee589e7ac6d46f1b2507e83b14b90985d420d2f390ac1635677c1384ba346094b7da4817e0cc54f9c932dbfef30bb9c1aaf70c3b474629ace1f8e140cefecf02cb73213fb984b6dff78b412d7f9660dae9813dda8243109276417fca3e197bff7ba1f158e5bf94e900361f05beeb3383ea08a3db2700c3e7f342732591a9116fefbfbec312e979c93c03c0f3cd264bcb40d3b783b2940143e3574279e6d42f7b72d81c35098d1ac94fd2bcc7f7e647d7d845f4d7bf56987b3b3736a855caf68ab0c530dc780e8e44ce3f487d4764513c34c37979b3f2b8ac6c835cfae132c9eca982ef699d35ce9e193c27289d4bd5dd173eb47329cfc6ee15b440bdb890429b0216b17794f32d63eeabde841eac4f98b4e6e5229b3760f267a33602e74b07780eaca216a758a597ceff8003f02aa7654bbd0fa7c9156f4c1916811f151f8e2aee2304cb4f680cd6f795818fa2014c5b42021f792d4344899018897ed674d2a162594517ff9dfeeb97491629bacf74aade24369b7b9f1d69a80bda09481add8b44749fff0af00278cd644acfe5d04d0f84ba4c885f7e2cd13ce8938b53c0ca8b9dcb41512209c235c52c1aeb8235f2acc8c9919923693be74d39b2ecc783e1a0353385becc7c6b032583983672ccec0a4b7009cb1f29c4a7beb6285c47f76a43839bc7eeaa0d8eb32c2e3c6c103357583ef46757b1cfe831aa725773654d3fdb934b6db35cba9d38fe009514c5f34e3f56eaf22102613381d62955119fefa3edaee2137dd938e55f103ecd90276311ec4935e708a89b8916359dc047a65e73330c4d906ab5adafe054050fbbf57f3f3ddaf156d50d3ae879276ba14e21c00e2ab3e07ce65d8c5e69917853ae27d00ab6d2355cd5c405c36657aaddc06e1b543c85264c1767c088e69c840add0501dc888240bfd73534ace461aea509ceb4d30882b5f9f60d065e245c8e060321c49ba41cdb95d39442ac487734e648f4fe357e5eba127748c8524c1d6c3f61d80b07cbb8d90eacbf90545e5598a939ef943cdbb9fa432ca488f300ab7fb9e57293b2bb274b2f7a82bb41721a7ea823303fbeda304b3960e4dc992814674a4f69bd15081198231d09e525d87034b8fae", 0x6, &(0x7f0000001140)={&(0x7f0000001080)="f80a5f1b11e96ac75e12bd8a1185bd76091e551d27d29bed2e14fbb7f28af844e6729a2425cc65d837c3b8a61b0b0ca2a8c9bc5a4a4c2c84c481a31548c78fbc82a9ec71505ffbffa6158c3119903182dbe8ec61cc78b3ae93f581963844c043e79ad9255e7aeddfb05809fe984ce053cc71ca1fd1d931fec933ccaab871bff3f320b9479f33e571b0b10250aa23f1749519fee3ce5fcec880475fe0d51e38571932", 0x1}, 0x5, &(0x7f0000001180)="5559e165621fa57f775877ca5865c3058d809acc20911c290689f0a2ca3c196067292aad16a3fe94", 0x5, 0x80000000}, 0x10}, 0x81, 0x8d20, &(0x7f0000001200)={0x4819, 0xfffffffffffffff8}) setgroups$auto(0xe32, &(0x7f0000000040)=0x9) 2.813606916s ago: executing program 2 (id=2602): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00', @ANYRES16=r2, @ANYBLOB="01002abd"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) r4 = fcntl$getown(r0, 0x9) sendmsg$auto_OVS_DP_CMD_DEL(r1, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) mmap$auto(0x0, 0x80003, 0xffd, 0x8000000008012, 0x3, 0x0) 2.612115845s ago: executing program 2 (id=2603): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/tracing_on\x00', 0x40001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x80000001, 0x7fffffffffffffff, 0x7fffffffffffffff, 0x561299fe, r0, 0x7) socket(0x15, 0x5, 0x0) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x4, 0x2, 0x0, &(0x7f0000000000)=0x8) sendmsg$auto_NL80211_CMD_STOP_AP(r1, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/029/001\x00', 0xa101, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x51c, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x5393, r5) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) clone$auto(0x7, 0x6, &(0x7f0000000180)=0x7, &(0x7f00000001c0)=0x6, 0x10) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0xa4, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0x87, 0x1a, "f912a2e3421fb8b1ce56e6cc87ca32b222e81322438ea069eb5d5bd588c02ebbcdc759fd908f92ac8392b9afe4351cb90a7605c915522ddb48d2ef788718e2cd328f9cc2ee175e0f723d78ceb9af72cf282e21fc6b6a1bac6c641c6d230544355189c570adf2416b79cfbb7d206daf84d1c8effb83e9ecb5b81ca69aad85fcf3a96657"}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, "f12e87"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x5}, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.710345816s ago: executing program 5 (id=2604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) prctl$auto(0x28, 0x0, 0x4, 0x5, 0x2) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_l2cap_debugfs_fops_(r0, &(0x7f0000000240)=""/177, 0xb1) timer_create$auto(0x2, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x4, 0x4}, {0x0, 0x83}}, 0x0) ioctl$auto_def_blk_fops_fs(0xffffffffffffffff, 0x2201, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) rt_sigprocmask$auto(0x80000001, &(0x7f0000000040)={0xfffffffffffffff7}, &(0x7f0000000080)={0x8}, 0x8) 1.148075339s ago: executing program 4 (id=2605): mprotect$auto(0x1ffff000, 0x8000000000000001, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) r0 = gettid() rt_sigqueueinfo$auto(r0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setresuid$auto(0x0, 0x8, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/015/001\x00', 0x10000, 0x0) r1 = mq_open$auto(0x0, 0x3ff, 0x7, &(0x7f0000000140)={0x1, 0x100000000, 0xa509, 0x4}) r2 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r2) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x200, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x40000002c55, 0x0) r5 = socket(0xa, 0x5, 0x0) getsockopt$auto(r5, 0x84, 0x7f, 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\b\x00\x00', @ANYRES16=r3, @ANYBLOB="00012bbd7000fddbdf252800000005003e000800000031004801a289c1c1f3026f75a4d3a66a76f9f65578159c8a96f55e156e69b5114d651d9ec494"], 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x1d0, r3, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_DYN_ACK={0x4}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_BSSID={0xf4, 0xf5, "5170ef814d8e3748fe672e05b0c86168c7c411588b4af83cf028162979b9fd2c4b1d61403ddcbfca7d5eda1a348e5d94200377b8f98b61c872d3a63b3f27c7fd45fad3391f39a55fb90a889a6b45c7307c57689e717e73088dbd697867333ea60a43527697edcc661897c6808cd173f2bebedaa9e6a4a07b81646c98f5f2c620ff73213498712a15cc3071c0b0b46959dcaa89245c23d42bfa2f2e07595d7d6e08e09a46fd7c1d52666a54eefa77898a89da575259c1e4d610dcca07cefb918dadcdd968e1c08af890bd0c78106671c94fc4b583065dcd386d67cbb4ddf952a9c3034590866504b9972992a189abdba6"}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x8000}, @NL80211_ATTR_SCHED_SCAN_MATCH={0xb4, 0x84, 0x0, 0x1, [@typed={0xae, 0x3a, 0x0, 0x0, @binary="39b8c5f044648af41c7d07fb518483fda6713929b1185dbdadb2ca875daa3122664ab4d70e1114108f3c8987d5d94abdc9340bdf2534a1a5a58306b6a9342983b33989e4b8ba0b9c97589b9b7adaec699d7dd88c23412db64d2f1dd9a89821478f58c4d9ef771c79947c4eb145e6fcaacab9264b832160bb1af71145b42890f136f787025393f9e386b67e4c24b4aa60368fd1b1a6515d0e38e92c6325ee7868d57457820007e85bdb7a"}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.081802273s ago: executing program 2 (id=2606): ioctl$auto(0x3, 0x4004af61, 0x38) 815.83352ms ago: executing program 2 (id=2607): open(0x0, 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) fcntl$auto(0x3, 0x400, 0x2) 477.137296ms ago: executing program 2 (id=2608): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = socket(0xa, 0x2, 0x88) sendmsg$auto_TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x20000800) (async) sendmsg$auto_TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x20000800) sendmsg$auto_MACSEC_CMD_GET_TXSC(r1, 0x0, 0x14001000) read$auto(r0, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket(0x2, 0x1, 0x106) (async) socket(0x2, 0x1, 0x106) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0x20682, 0x0) (async) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0x20682, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x1e, 0x805, 0x0) rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0) (async) rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0) sysfs$auto(0x2, 0x1a, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) fsopen$auto(0x0, 0x1) (async) fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x3, &(0x7f0000000000)='4\x93f\x06\x04\x00\x00', &(0x7f0000000040), 0x7f) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd1/queue/max_sectors_kb\x00', 0x88240, 0x0) socket(0x22, 0x3, 0x0) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) (async) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) socket(0x1f, 0x1, 0x0) (async) socket(0x1f, 0x1, 0x0) socket(0x11, 0x80004, 0x2) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x541c, r5) 384.250987ms ago: executing program 4 (id=2609): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) unshare$auto(0x40000080) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x2602, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x500, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci1/force_suspend\x00', 0x40800, 0x0) read$auto_force_suspend_fops_hci_vhci(r2, 0x0, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptmx\x00', 0x189000, 0x0) read$auto_dev_fops_plock(r3, &(0x7f0000000240)=""/192, 0xc0) ioctl$auto_TIOCSTI2(r3, 0x5412, 0x0) ioctl$auto_VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r1, 0x0, 0x3ff) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r4, 0x5404, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010029bd7000fadbdf250600000008000300", @ANYRES32=r7], 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000084) sendmsg$auto_NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x18, r5, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) socket(0x2, 0x80002, 0x73) prctl$auto(0x41555856, 0x6, 0x2008, 0x0, 0x0) fcntl$auto(0x8000000000000001, 0x25, 0x8) r8 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0) pread64$auto(r8, 0x0, 0x8100000001, 0x700) close_range$auto(0x2, 0x8000, 0x0) 0s ago: executing program 5 (id=2610): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000800)='./file0\x00', 0x183242, 0x154) madvise$auto(0x1, 0x1, 0xffffffdf) fcntl$auto(0x3, 0x400, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x10eb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(r1, 0x40045568, 0x5) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r2, 0x4004510f, 0xffffffffffffffff) read$auto(r0, 0x0, 0x20) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/mtdblock0/sched/read0_fifo_list\x00', 0x0, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r3, &(0x7f0000000040)=""/124, 0x7c) setrlimit$auto(0x5, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) kernel console output (not intermixed with test programs): -mapper: ioctl: only supply one of name or uuid, cmd(12) [ 652.669925][T13921] binder: 13920:13921 ioctl 40046205 9 returned -22 [ 653.869884][T13946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2035'. [ 653.935393][T13946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2035'. syzkaller syzkaller login: [ 654.802683][T13959] FAULT_INJECTION: forcing a failure. [ 654.802683][T13959] name failslab, interval 1, probability 0, space 0, times 0 [ 654.846847][T13959] CPU: 1 UID: 0 PID: 13959 Comm: syz.1.2036 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 654.857705][T13959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 654.867796][T13959] Call Trace: [ 654.871097][T13959] [ 654.874064][T13959] dump_stack_lvl+0x16c/0x1f0 [ 654.878798][T13959] should_fail_ex+0x497/0x5b0 [ 654.883519][T13959] ? fs_reclaim_acquire+0xae/0x150 [ 654.888669][T13959] should_failslab+0xc2/0x120 [ 654.893391][T13959] __kmalloc_noprof+0xce/0x4f0 [ 654.898227][T13959] ? xfrm_hash_alloc+0xd1/0x100 [ 654.903115][T13959] xfrm_hash_alloc+0xd1/0x100 [ 654.907833][T13959] xfrm_state_init+0x160/0x630 [ 654.912650][T13959] ? __pfx_xfrm_net_init+0x10/0x10 [ 654.917798][T13959] xfrm_net_init+0x211/0xcb0 [ 654.922429][T13959] ? __pfx_xfrm_net_init+0x10/0x10 [ 654.927569][T13959] ops_init+0x1df/0x5f0 [ 654.931767][T13959] setup_net+0x21f/0x860 [ 654.936056][T13959] ? __pfx_setup_net+0x10/0x10 [ 654.940860][T13959] ? down_read_killable+0xcc/0x380 [ 654.946035][T13959] ? __pfx_down_read_killable+0x10/0x10 [ 654.951626][T13959] ? debug_mutex_init+0x37/0x70 [ 654.956538][T13959] copy_net_ns+0x2b4/0x6c0 [ 654.960983][T13959] create_new_namespaces+0x3ea/0xad0 [ 654.966313][T13959] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 654.971990][T13959] ksys_unshare+0x45d/0xa40 [ 654.976626][T13959] ? __pfx_ksys_unshare+0x10/0x10 [ 654.981688][T13959] ? xfd_validate_state+0x5d/0x180 [ 654.986847][T13959] __x64_sys_unshare+0x31/0x40 [ 654.991652][T13959] do_syscall_64+0xcd/0x250 [ 654.996233][T13959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.002171][T13959] RIP: 0033:0x7f2acc585d29 [ 655.006621][T13959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 655.026272][T13959] RSP: 002b:00007f2acd413038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 655.034723][T13959] RAX: ffffffffffffffda RBX: 00007f2acc776080 RCX: 00007f2acc585d29 [ 655.042808][T13959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 655.050897][T13959] RBP: 00007f2acc601b08 R08: 0000000000000000 R09: 0000000000000000 [ 655.058896][T13959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 655.066892][T13959] R13: 0000000000000000 R14: 00007f2acc776080 R15: 00007ffe4d35c5b8 [ 655.074912][T13959] [ 655.845319][T13977] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2045'. [ 655.991736][T13973] ima: policy update failed [ 656.067888][ T29] audit: type=1802 audit(4294967562.537:12): pid=13973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2043" res=0 errno=0 syzkaller syzkaller login: [ 657.924712][T14014] FAULT_INJECTION: forcing a failure. [ 657.924712][T14014] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 657.992009][T14014] CPU: 0 UID: 0 PID: 14014 Comm: syz.4.2055 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 658.002866][T14014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 658.012987][T14014] Call Trace: [ 658.016307][T14014] [ 658.019274][T14014] dump_stack_lvl+0x16c/0x1f0 [ 658.024055][T14014] should_fail_ex+0x497/0x5b0 [ 658.028807][T14014] _copy_to_user+0x32/0xd0 [ 658.033294][T14014] simple_read_from_buffer+0xd0/0x160 [ 658.038726][T14014] proc_fail_nth_read+0x198/0x270 [ 658.043826][T14014] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.049539][T14014] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 658.055168][T14014] vfs_read+0x1df/0xbe0 [ 658.059385][T14014] ? __fget_files+0x1fc/0x3a0 [ 658.064125][T14014] ? __pfx___mutex_lock+0x10/0x10 [ 658.069220][T14014] ? __pfx_vfs_read+0x10/0x10 [ 658.073963][T14014] ? __fget_files+0x206/0x3a0 [ 658.078710][T14014] ksys_read+0x12b/0x250 [ 658.083011][T14014] ? __pfx_ksys_read+0x10/0x10 [ 658.087848][T14014] do_syscall_64+0xcd/0x250 [ 658.092416][T14014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.098376][T14014] RIP: 0033:0x7f016b78473c [ 658.102838][T14014] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 658.122503][T14014] RSP: 002b:00007f016c62f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 658.130981][T14014] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b78473c [ 658.139009][T14014] RDX: 000000000000000f RSI: 00007f016c62f0a0 RDI: 0000000000000004 [ 658.147027][T14014] RBP: 00007f016c62f090 R08: 0000000000000000 R09: 0000000000000000 [ 658.155049][T14014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.163068][T14014] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 658.171117][T14014] [ 658.500693][T14014] ima: policy update failed [ 658.538623][ T29] audit: type=1802 audit(4294967297.310:13): pid=14014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2055" res=0 errno=0 [ 659.986408][T14044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2061'. syzkaller syzkaller login: [ 660.614162][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 660.622685][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 660.804077][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 660.947525][T14054] FAULT_INJECTION: forcing a failure. [ 660.947525][T14054] name failslab, interval 1, probability 0, space 0, times 0 [ 661.089121][T14054] CPU: 1 UID: 0 PID: 14054 Comm: syz.4.2064 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 661.100062][T14054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 661.110165][T14054] Call Trace: [ 661.113468][T14054] [ 661.116426][T14054] dump_stack_lvl+0x16c/0x1f0 [ 661.121155][T14054] should_fail_ex+0x497/0x5b0 [ 661.125876][T14054] ? fs_reclaim_acquire+0xae/0x150 [ 661.131029][T14054] should_failslab+0xc2/0x120 [ 661.135767][T14054] __kmalloc_noprof+0xce/0x4f0 [ 661.140571][T14054] ? xfrm_hash_alloc+0xd1/0x100 [ 661.145462][T14054] xfrm_hash_alloc+0xd1/0x100 [ 661.150175][T14054] xfrm_state_init+0x160/0x630 [ 661.155004][T14054] ? __pfx_xfrm_net_init+0x10/0x10 [ 661.160151][T14054] xfrm_net_init+0x211/0xcb0 [ 661.164779][T14054] ? __pfx_xfrm_net_init+0x10/0x10 [ 661.169921][T14054] ops_init+0x1df/0x5f0 [ 661.174129][T14054] setup_net+0x21f/0x860 [ 661.178419][T14054] ? __pfx_setup_net+0x10/0x10 [ 661.183232][T14054] ? down_read_killable+0xcc/0x380 [ 661.188391][T14054] ? __pfx_down_read_killable+0x10/0x10 [ 661.193984][T14054] ? debug_mutex_init+0x37/0x70 [ 661.198879][T14054] copy_net_ns+0x2b4/0x6c0 [ 661.203328][T14054] create_new_namespaces+0x3ea/0xad0 [ 661.208657][T14054] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 661.214342][T14054] ksys_unshare+0x45d/0xa40 [ 661.218892][T14054] ? __pfx_ksys_unshare+0x10/0x10 [ 661.223957][T14054] ? xfd_validate_state+0x5d/0x180 [ 661.229112][T14054] __x64_sys_unshare+0x31/0x40 [ 661.233921][T14054] do_syscall_64+0xcd/0x250 [ 661.238468][T14054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.244399][T14054] RIP: 0033:0x7f016b785d29 [ 661.248843][T14054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.268495][T14054] RSP: 002b:00007f016c60e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 661.276945][T14054] RAX: ffffffffffffffda RBX: 00007f016b976080 RCX: 00007f016b785d29 [ 661.284949][T14054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 661.292945][T14054] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 661.300937][T14054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.308929][T14054] R13: 0000000000000000 R14: 00007f016b976080 R15: 00007ffe49fa5ae8 [ 661.316949][T14054] [ 663.094109][T14083] FAULT_INJECTION: forcing a failure. [ 663.094109][T14083] name failslab, interval 1, probability 0, space 0, times 0 [ 663.128405][T14083] CPU: 1 UID: 0 PID: 14083 Comm: syz.4.2072 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 663.139257][T14083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 663.149364][T14083] Call Trace: [ 663.152686][T14083] [ 663.155656][T14083] dump_stack_lvl+0x16c/0x1f0 [ 663.160448][T14083] should_fail_ex+0x497/0x5b0 [ 663.165200][T14083] ? fs_reclaim_acquire+0xae/0x150 [ 663.170373][T14083] should_failslab+0xc2/0x120 [ 663.175126][T14083] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 663.180574][T14083] ? lockdep_init_map_type+0x16d/0x7d0 [ 663.186090][T14083] ? security_inode_alloc+0x3b/0x2b0 [ 663.191453][T14083] security_inode_alloc+0x3b/0x2b0 [ 663.196663][T14083] inode_init_always_gfp+0xce4/0x1030 [ 663.202078][T14083] alloc_inode+0x82/0x230 [ 663.206445][T14083] sock_alloc+0x40/0x280 [ 663.210804][T14083] __sock_create+0xc1/0x8d0 [ 663.215342][T14083] __sys_socket+0x14f/0x260 [ 663.219870][T14083] ? __pfx___sys_socket+0x10/0x10 [ 663.225007][T14083] ? ksys_write+0x1ba/0x250 [ 663.229543][T14083] ? __pfx_ksys_write+0x10/0x10 [ 663.234430][T14083] __x64_sys_socket+0x72/0xb0 [ 663.239140][T14083] ? lockdep_hardirqs_on+0x7c/0x110 [ 663.244372][T14083] do_syscall_64+0xcd/0x250 [ 663.248915][T14083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.254843][T14083] RIP: 0033:0x7f016b785d29 [ 663.259282][T14083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 663.279011][T14083] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 663.287449][T14083] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 663.295443][T14083] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 663.303438][T14083] RBP: 00007f016c62f090 R08: 0000000000000000 R09: 0000000000000000 [ 663.311435][T14083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 663.319446][T14083] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 663.327463][T14083] [ 663.364448][T14083] socket: no more sockets syzkaller syzkaller login: [ 664.124292][T14108] FAULT_INJECTION: forcing a failure. [ 664.124292][T14108] name failslab, interval 1, probability 0, space 0, times 0 [ 664.151324][T14108] CPU: 0 UID: 0 PID: 14108 Comm: syz.2.2080 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 664.162184][T14108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 664.172297][T14108] Call Trace: [ 664.175653][T14108] [ 664.178633][T14108] dump_stack_lvl+0x16c/0x1f0 [ 664.183398][T14108] should_fail_ex+0x497/0x5b0 [ 664.188145][T14108] ? fs_reclaim_acquire+0xae/0x150 [ 664.193336][T14108] should_failslab+0xc2/0x120 [ 664.198087][T14108] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 664.203532][T14108] ? lock_acquire+0x2f/0xb0 [ 664.208080][T14108] ? __proc_create+0xa4/0x8b0 [ 664.212801][T14108] ? __proc_create+0x2c3/0x8b0 [ 664.217614][T14108] __proc_create+0x2c3/0x8b0 [ 664.222242][T14108] ? __pfx___proc_create+0x10/0x10 [ 664.227411][T14108] ? __pfx_lock_release+0x10/0x10 [ 664.232477][T14108] proc_create_reg+0x7d/0x180 [ 664.237201][T14108] proc_create_net_data+0x8f/0x1b0 [ 664.242351][T14108] ? __pfx_proc_create_net_data+0x10/0x10 [ 664.248119][T14108] ? __pfx_netlink_net_init+0x10/0x10 [ 664.253564][T14108] netlink_net_init+0x50/0x70 [ 664.258289][T14108] ops_init+0x1df/0x5f0 [ 664.262491][T14108] setup_net+0x21f/0x860 [ 664.266799][T14108] ? __pfx_setup_net+0x10/0x10 [ 664.271605][T14108] ? down_read_killable+0xcc/0x380 [ 664.276764][T14108] ? __pfx_down_read_killable+0x10/0x10 [ 664.282357][T14108] ? debug_mutex_init+0x37/0x70 [ 664.287254][T14108] copy_net_ns+0x2b4/0x6c0 [ 664.291709][T14108] create_new_namespaces+0x3ea/0xad0 [ 664.297068][T14108] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 664.302748][T14108] ksys_unshare+0x45d/0xa40 [ 664.307313][T14108] ? __pfx_ksys_unshare+0x10/0x10 [ 664.312475][T14108] ? xfd_validate_state+0x5d/0x180 [ 664.317630][T14108] __x64_sys_unshare+0x31/0x40 [ 664.322433][T14108] do_syscall_64+0xcd/0x250 [ 664.326981][T14108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.332914][T14108] RIP: 0033:0x7f7a22b85d29 [ 664.337354][T14108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.356997][T14108] RSP: 002b:00007f7a239e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 664.365444][T14108] RAX: ffffffffffffffda RBX: 00007f7a22d75fa0 RCX: 00007f7a22b85d29 [ 664.373441][T14108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 664.381450][T14108] RBP: 00007f7a22c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 664.389455][T14108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.397503][T14108] R13: 0000000000000000 R14: 00007f7a22d75fa0 R15: 00007ffcd1d750d8 [ 664.405519][T14108] syzkaller syzkaller login: [ 666.434980][T14167] FAULT_INJECTION: forcing a failure. [ 666.434980][T14167] name failslab, interval 1, probability 0, space 0, times 0 [ 666.527518][T14167] CPU: 1 UID: 0 PID: 14167 Comm: syz.2.2095 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 666.538374][T14167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 666.548483][T14167] Call Trace: [ 666.551802][T14167] [ 666.554776][T14167] dump_stack_lvl+0x16c/0x1f0 [ 666.559514][T14167] should_fail_ex+0x497/0x5b0 [ 666.564236][T14167] ? fs_reclaim_acquire+0xae/0x150 [ 666.569387][T14167] should_failslab+0xc2/0x120 [ 666.574111][T14167] __kmalloc_node_track_caller_noprof+0xcf/0x520 [ 666.580489][T14167] ? nvmf_parse_options+0x3c0/0x1ee0 [ 666.585826][T14167] kstrdup+0x42/0xb0 [ 666.589758][T14167] nvmf_parse_options+0x3c0/0x1ee0 [ 666.594915][T14167] ? __pfx_nvmf_dev_write+0x10/0x10 [ 666.600245][T14167] ? __pfx_nvmf_parse_options+0x10/0x10 [ 666.605822][T14167] ? __kasan_kmalloc+0xaa/0xb0 [ 666.610713][T14167] ? nvmf_dev_write+0x15e/0xc40 [ 666.615593][T14167] ? vfs_write+0x24c/0x1150 [ 666.620116][T14167] ? do_syscall_64+0xcd/0x250 [ 666.624868][T14167] ? kasan_save_track+0x14/0x30 [ 666.629761][T14167] nvmf_dev_write+0x183/0xc40 [ 666.634495][T14167] ? rw_verify_area+0xd0/0x700 [ 666.639299][T14167] ? __pfx_nvmf_dev_write+0x10/0x10 [ 666.644538][T14167] vfs_write+0x24c/0x1150 [ 666.648903][T14167] ? __fget_files+0x1fc/0x3a0 [ 666.653610][T14167] ? __pfx_lock_release+0x10/0x10 [ 666.658663][T14167] ? __pfx_vfs_write+0x10/0x10 [ 666.663461][T14167] ? lock_acquire+0x2f/0xb0 [ 666.667989][T14167] ? __fget_files+0x40/0x3a0 [ 666.672614][T14167] ? __fget_files+0x206/0x3a0 [ 666.677364][T14167] ksys_write+0x12b/0x250 [ 666.681731][T14167] ? __pfx_ksys_write+0x10/0x10 [ 666.686623][T14167] do_syscall_64+0xcd/0x250 [ 666.691164][T14167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.697099][T14167] RIP: 0033:0x7f7a22b85d29 [ 666.701541][T14167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.721214][T14167] RSP: 002b:00007f7a239e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 666.729673][T14167] RAX: ffffffffffffffda RBX: 00007f7a22d75fa0 RCX: 00007f7a22b85d29 [ 666.737671][T14167] RDX: 0000000000000001 RSI: 0000000020001500 RDI: 0000000000000003 [ 666.745680][T14167] RBP: 00007f7a239e6090 R08: 0000000000000000 R09: 0000000000000000 [ 666.753685][T14167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.761688][T14167] R13: 0000000000000000 R14: 00007f7a22d75fa0 R15: 00007ffcd1d750d8 [ 666.769712][T14167] [ 666.772864][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.045085][T14172] ima: policy update failed [ 667.060079][ T29] audit: type=1802 audit(4294967305.820:14): pid=14172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2099" res=0 errno=0 [ 667.307949][T14176] FAULT_INJECTION: forcing a failure. [ 667.307949][T14176] name failslab, interval 1, probability 0, space 0, times 0 [ 667.341023][T14176] CPU: 0 UID: 0 PID: 14176 Comm: syz.4.2100 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 667.351886][T14176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 667.362010][T14176] Call Trace: [ 667.365337][T14176] [ 667.368395][T14176] dump_stack_lvl+0x16c/0x1f0 [ 667.373152][T14176] should_fail_ex+0x497/0x5b0 [ 667.377899][T14176] ? fs_reclaim_acquire+0xae/0x150 [ 667.383080][T14176] should_failslab+0xc2/0x120 [ 667.387832][T14176] __kmalloc_noprof+0xce/0x4f0 [ 667.392662][T14176] ? xfrm_state_init+0x378/0x630 [ 667.397668][T14176] ? xfrm_hash_alloc+0xd1/0x100 [ 667.402561][T14176] ? __pfx_xfrm_net_init+0x10/0x10 [ 667.407708][T14176] xfrm_hash_alloc+0xd1/0x100 [ 667.412411][T14176] xfrm_net_init+0x245/0xcb0 [ 667.417036][T14176] ? __pfx_xfrm_net_init+0x10/0x10 [ 667.422196][T14176] ops_init+0x1df/0x5f0 [ 667.426406][T14176] setup_net+0x21f/0x860 [ 667.430694][T14176] ? __pfx_setup_net+0x10/0x10 [ 667.435496][T14176] ? down_read_killable+0xcc/0x380 [ 667.440666][T14176] ? __pfx_down_read_killable+0x10/0x10 [ 667.446259][T14176] ? debug_mutex_init+0x37/0x70 [ 667.451168][T14176] copy_net_ns+0x2b4/0x6c0 [ 667.455630][T14176] create_new_namespaces+0x3ea/0xad0 [ 667.460956][T14176] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 667.466631][T14176] ksys_unshare+0x45d/0xa40 [ 667.471171][T14176] ? __pfx_ksys_unshare+0x10/0x10 [ 667.476226][T14176] ? xfd_validate_state+0x5d/0x180 [ 667.481378][T14176] __x64_sys_unshare+0x31/0x40 [ 667.486186][T14176] do_syscall_64+0xcd/0x250 [ 667.490801][T14176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.496738][T14176] RIP: 0033:0x7f016b785d29 [ 667.501180][T14176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.520824][T14176] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 667.529275][T14176] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 667.537286][T14176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 667.545284][T14176] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 667.553313][T14176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.561317][T14176] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 667.569344][T14176] syzkaller syzkaller login: [ 669.149740][T14224] FAULT_INJECTION: forcing a failure. [ 669.149740][T14224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 669.149813][T14224] CPU: 0 UID: 0 PID: 14224 Comm: syz.2.2111 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 669.149855][T14224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 669.149876][T14224] Call Trace: [ 669.149888][T14224] [ 669.149902][T14224] dump_stack_lvl+0x16c/0x1f0 [ 669.149951][T14224] should_fail_ex+0x497/0x5b0 [ 669.150003][T14224] _copy_to_user+0x32/0xd0 [ 669.150055][T14224] simple_read_from_buffer+0xd0/0x160 [ 669.150108][T14224] proc_fail_nth_read+0x198/0x270 [ 669.150163][T14224] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 669.150220][T14224] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 669.150270][T14224] vfs_read+0x1df/0xbe0 [ 669.150310][T14224] ? __fget_files+0x1fc/0x3a0 [ 669.150361][T14224] ? __pfx___mutex_lock+0x10/0x10 [ 669.150407][T14224] ? __pfx_vfs_read+0x10/0x10 [ 669.150456][T14224] ? __fget_files+0x206/0x3a0 [ 669.150509][T14224] ksys_read+0x12b/0x250 [ 669.150547][T14224] ? __pfx_ksys_read+0x10/0x10 [ 669.150595][T14224] do_syscall_64+0xcd/0x250 [ 669.150643][T14224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.150688][T14224] RIP: 0033:0x7f7a22b8473c [ 669.150713][T14224] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 669.150746][T14224] RSP: 002b:00007f7a239e6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 669.150780][T14224] RAX: ffffffffffffffda RBX: 00007f7a22d75fa0 RCX: 00007f7a22b8473c [ 669.150804][T14224] RDX: 000000000000000f RSI: 00007f7a239e60a0 RDI: 0000000000000004 [ 669.150827][T14224] RBP: 00007f7a239e6090 R08: 0000000000000000 R09: 0000000000000000 [ 669.150850][T14224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 669.150872][T14224] R13: 0000000000000000 R14: 00007f7a22d75fa0 R15: 00007ffcd1d750d8 [ 669.150916][T14224] syzkaller syzkaller login: [ 672.383433][T14266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2122'. [ 672.718863][T14268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2123'. [ 672.765368][T14268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2123'. [ 673.469181][T14282] FAULT_INJECTION: forcing a failure. [ 673.469181][T14282] name failslab, interval 1, probability 0, space 0, times 0 [ 673.583891][T14282] CPU: 0 UID: 0 PID: 14282 Comm: syz.4.2127 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 673.594771][T14282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 673.604895][T14282] Call Trace: [ 673.608219][T14282] [ 673.611195][T14282] dump_stack_lvl+0x16c/0x1f0 [ 673.615957][T14282] should_fail_ex+0x497/0x5b0 [ 673.620712][T14282] ? fs_reclaim_acquire+0xae/0x150 [ 673.625899][T14282] should_failslab+0xc2/0x120 [ 673.630751][T14282] __kmalloc_noprof+0xce/0x4f0 [ 673.635602][T14282] ? xfrm_hash_alloc+0xd1/0x100 [ 673.640601][T14282] xfrm_hash_alloc+0xd1/0x100 [ 673.645345][T14282] xfrm_state_init+0x160/0x630 [ 673.650195][T14282] ? __pfx_xfrm_net_init+0x10/0x10 [ 673.655371][T14282] xfrm_net_init+0x211/0xcb0 [ 673.660045][T14282] ? __pfx_xfrm_net_init+0x10/0x10 [ 673.665223][T14282] ops_init+0x1df/0x5f0 [ 673.669462][T14282] setup_net+0x21f/0x860 [ 673.673785][T14282] ? __pfx_setup_net+0x10/0x10 [ 673.678624][T14282] ? down_read_killable+0xcc/0x380 [ 673.683809][T14282] ? __pfx_down_read_killable+0x10/0x10 [ 673.689432][T14282] ? debug_mutex_init+0x37/0x70 [ 673.694369][T14282] copy_net_ns+0x2b4/0x6c0 [ 673.698938][T14282] create_new_namespaces+0x3ea/0xad0 [ 673.704400][T14282] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 673.710110][T14282] ksys_unshare+0x45d/0xa40 [ 673.714692][T14282] ? __pfx_ksys_unshare+0x10/0x10 [ 673.719795][T14282] ? xfd_validate_state+0x5d/0x180 [ 673.724984][T14282] __x64_sys_unshare+0x31/0x40 [ 673.729817][T14282] do_syscall_64+0xcd/0x250 [ 673.734398][T14282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.740364][T14282] RIP: 0033:0x7f016b785d29 [ 673.744829][T14282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.764502][T14282] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 673.772980][T14282] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 673.781009][T14282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 673.789044][T14282] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 673.797078][T14282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 673.805108][T14282] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 673.813164][T14282] [ 673.816275][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.172997][T14300] FAULT_INJECTION: forcing a failure. [ 675.172997][T14300] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 675.186829][T14300] CPU: 1 UID: 0 PID: 14300 Comm: syz.2.2133 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 675.197756][T14300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 675.207911][T14300] Call Trace: [ 675.211226][T14300] [ 675.214217][T14300] dump_stack_lvl+0x16c/0x1f0 [ 675.218965][T14300] should_fail_ex+0x497/0x5b0 [ 675.223711][T14300] ? fs_reclaim_acquire+0xae/0x150 [ 675.228905][T14300] should_fail_alloc_page+0xe7/0x130 [ 675.234527][T14300] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 675.240756][T14300] __alloc_pages_noprof+0x190/0x25b0 [ 675.246128][T14300] ? __pfx_mark_lock+0x10/0x10 [ 675.250976][T14300] ? __pfx___lock_acquire+0x10/0x10 [ 675.256250][T14300] ? mark_lock+0xb5/0xc60 [ 675.260657][T14300] ? hlock_class+0x4e/0x130 [ 675.265228][T14300] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 675.271008][T14300] ? find_held_lock+0x2d/0x110 [ 675.275866][T14300] ? hlock_class+0x4e/0x130 [ 675.280414][T14300] ? __lock_acquire+0xcc5/0x3c40 [ 675.285388][T14300] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 675.291318][T14300] ? policy_nodemask+0xea/0x4e0 [ 675.296219][T14300] alloc_pages_mpol_noprof+0x2c8/0x620 [ 675.301715][T14300] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 675.307730][T14300] ? find_held_lock+0x2d/0x110 [ 675.312539][T14300] folio_alloc_mpol_noprof+0x36/0xd0 [ 675.317862][T14300] shmem_alloc_folio+0x135/0x160 [ 675.322853][T14300] shmem_alloc_and_add_folio+0x48b/0xc00 [ 675.328534][T14300] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 675.334774][T14300] ? shmem_allowable_huge_orders+0xd0/0x410 [ 675.340727][T14300] shmem_get_folio_gfp+0x689/0x1530 [ 675.345966][T14300] ? mark_lock+0xb5/0xc60 [ 675.350346][T14300] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 675.356018][T14300] ? __pfx_mark_lock+0x10/0x10 [ 675.360882][T14300] shmem_fault+0x200/0xae0 [ 675.365432][T14300] ? __pfx_shmem_fault+0x10/0x10 [ 675.370403][T14300] ? __pfx_lock_release+0x10/0x10 [ 675.375461][T14300] ? __mod_memcg_lruvec_state+0x53c/0x750 [ 675.381277][T14300] ? __pfx_filemap_map_pages+0x10/0x10 [ 675.386775][T14300] ? mark_held_locks+0x9f/0xe0 [ 675.391589][T14300] ? pte_alloc_one+0x2a3/0x390 [ 675.396390][T14300] ? __pfx_filemap_map_pages+0x10/0x10 [ 675.401889][T14300] __do_fault+0x10a/0x490 [ 675.406251][T14300] ? __pfx_filemap_map_pages+0x10/0x10 [ 675.411743][T14300] do_pte_missing+0x1a8/0x3e00 [ 675.416556][T14300] __handle_mm_fault+0x103c/0x2a40 [ 675.421715][T14300] ? __pfx___handle_mm_fault+0x10/0x10 [ 675.427214][T14300] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 675.432900][T14300] ? find_vma+0xc0/0x140 [ 675.437174][T14300] ? __pfx_find_vma+0x10/0x10 [ 675.441893][T14300] handle_mm_fault+0x3fa/0xaa0 [ 675.446702][T14300] do_user_addr_fault+0x7a3/0x13f0 [ 675.451851][T14300] exc_page_fault+0x5c/0xc0 [ 675.456400][T14300] asm_exc_page_fault+0x26/0x30 [ 675.461290][T14300] RIP: 0010:rep_movs_alternative+0x15/0x70 [ 675.467127][T14300] Code: cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 [ 675.486782][T14300] RSP: 0018:ffffc9000c777950 EFLAGS: 00050202 [ 675.492893][T14300] RAX: 0000000000000073 RBX: 0000000000000000 RCX: 0000000000000001 [ 675.500893][T14300] RDX: ffffed1004eab001 RSI: ffff888027558000 RDI: 0000000000000000 [ 675.508894][T14300] RBP: ffffc9000c777d80 R08: 0000000000000000 R09: ffffed1004eab000 [ 675.516896][T14300] R10: ffff888027558000 R11: 0000000000000002 R12: 0000000000000001 [ 675.524904][T14300] R13: ffff888027558000 R14: 0000000000000000 R15: 0000000000000001 [ 675.532920][T14300] _copy_to_iter+0x52f/0x1400 [ 675.537651][T14300] ? __pfx__copy_to_iter+0x10/0x10 [ 675.542803][T14300] ? __virt_addr_valid+0x1a4/0x590 [ 675.547953][T14300] ? __virt_addr_valid+0x5e/0x590 [ 675.553106][T14300] ? __phys_addr_symbol+0x30/0x80 [ 675.558177][T14300] ? __check_object_size+0x488/0x710 [ 675.563517][T14300] seq_read_iter+0xd00/0x12b0 [ 675.568236][T14300] kernfs_fop_read_iter+0x414/0x580 [ 675.573469][T14300] ? copy_iovec_from_user+0x138/0x170 [ 675.578891][T14300] do_iter_readv_writev+0x614/0x7f0 [ 675.584122][T14300] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 675.589893][T14300] vfs_readv+0x4cf/0x890 [ 675.594167][T14300] ? fdget_pos+0x267/0x390 [ 675.598627][T14300] ? __pfx_vfs_readv+0x10/0x10 [ 675.603416][T14300] ? __mutex_lock+0x1cc/0xa60 [ 675.608151][T14300] ? find_held_lock+0x2d/0x110 [ 675.612957][T14300] ? __pfx___mutex_lock+0x10/0x10 [ 675.618035][T14300] ? trace_lock_acquire+0x14e/0x1f0 [ 675.623301][T14300] ? __fget_files+0x206/0x3a0 [ 675.628032][T14300] ? do_readv+0x133/0x340 [ 675.632403][T14300] do_readv+0x133/0x340 [ 675.636609][T14300] ? __pfx_do_readv+0x10/0x10 [ 675.641339][T14300] do_syscall_64+0xcd/0x250 [ 675.645893][T14300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.651828][T14300] RIP: 0033:0x7f7a22b85d29 [ 675.656399][T14300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.676048][T14300] RSP: 002b:00007f7a239e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 675.684522][T14300] RAX: ffffffffffffffda RBX: 00007f7a22d75fa0 RCX: 00007f7a22b85d29 [ 675.692525][T14300] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000003 [ 675.700529][T14300] RBP: 00007f7a239e6090 R08: 0000000000000000 R09: 0000000000000000 [ 675.708614][T14300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 675.716611][T14300] R13: 0000000000000000 R14: 00007f7a22d75fa0 R15: 00007ffcd1d750d8 [ 675.724627][T14300] [ 676.183835][T14310] FAULT_INJECTION: forcing a failure. [ 676.183835][T14310] name failslab, interval 1, probability 0, space 0, times 0 [ 676.196721][T14310] CPU: 0 UID: 0 PID: 14310 Comm: syz.2.2138 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 676.207552][T14310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 676.217792][T14310] Call Trace: [ 676.221119][T14310] [ 676.224098][T14310] dump_stack_lvl+0x16c/0x1f0 [ 676.228856][T14310] should_fail_ex+0x497/0x5b0 [ 676.233610][T14310] ? fs_reclaim_acquire+0xae/0x150 [ 676.238801][T14310] should_failslab+0xc2/0x120 [ 676.243560][T14310] __kmalloc_noprof+0xce/0x4f0 [ 676.248394][T14310] ? xfrm_hash_alloc+0xd1/0x100 [ 676.253292][T14310] ? __pfx_xfrm_net_init+0x10/0x10 [ 676.258461][T14310] xfrm_hash_alloc+0xd1/0x100 [ 676.263197][T14310] xfrm_state_init+0xde/0x630 [ 676.267980][T14310] ? __pfx_xfrm_net_init+0x10/0x10 [ 676.273150][T14310] xfrm_net_init+0x211/0xcb0 [ 676.277803][T14310] ? __pfx_xfrm_net_init+0x10/0x10 [ 676.282967][T14310] ops_init+0x1df/0x5f0 [ 676.287200][T14310] setup_net+0x21f/0x860 [ 676.291528][T14310] ? __pfx_setup_net+0x10/0x10 [ 676.296365][T14310] ? down_read_killable+0xcc/0x380 [ 676.301554][T14310] ? __pfx_down_read_killable+0x10/0x10 [ 676.307162][T14310] ? debug_mutex_init+0x37/0x70 [ 676.312058][T14310] copy_net_ns+0x2b4/0x6c0 [ 676.316514][T14310] create_new_namespaces+0x3ea/0xad0 [ 676.321843][T14310] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 676.327514][T14310] ksys_unshare+0x45d/0xa40 [ 676.332170][T14310] ? __pfx_ksys_unshare+0x10/0x10 [ 676.337234][T14310] ? xfd_validate_state+0x5d/0x180 [ 676.342384][T14310] __x64_sys_unshare+0x31/0x40 [ 676.347186][T14310] do_syscall_64+0xcd/0x250 [ 676.351738][T14310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.357849][T14310] RIP: 0033:0x7f7a22b85d29 [ 676.362286][T14310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.382023][T14310] RSP: 002b:00007f7a239e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 676.390483][T14310] RAX: ffffffffffffffda RBX: 00007f7a22d75fa0 RCX: 00007f7a22b85d29 [ 676.398484][T14310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 676.406489][T14310] RBP: 00007f7a22c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 676.414572][T14310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.422582][T14310] R13: 0000000000000000 R14: 00007f7a22d75fa0 R15: 00007ffcd1d750d8 [ 676.430605][T14310] [ 682.987312][T14409] FAULT_INJECTION: forcing a failure. [ 682.987312][T14409] name failslab, interval 1, probability 0, space 0, times 0 [ 683.014983][T14409] CPU: 0 UID: 0 PID: 14409 Comm: syz.2.2163 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 683.025861][T14409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 683.036010][T14409] Call Trace: [ 683.039349][T14409] [ 683.042336][T14409] dump_stack_lvl+0x16c/0x1f0 [ 683.047105][T14409] should_fail_ex+0x497/0x5b0 [ 683.051856][T14409] ? fs_reclaim_acquire+0xae/0x150 [ 683.057052][T14409] should_failslab+0xc2/0x120 [ 683.061811][T14409] __kmalloc_noprof+0xce/0x4f0 [ 683.066659][T14409] ? xfrm_state_init+0x378/0x630 [ 683.071678][T14409] ? xfrm_hash_alloc+0xd1/0x100 [ 683.076590][T14409] ? __pfx_xfrm_net_init+0x10/0x10 [ 683.081763][T14409] xfrm_hash_alloc+0xd1/0x100 [ 683.086502][T14409] xfrm_net_init+0x245/0xcb0 [ 683.091172][T14409] ? __pfx_xfrm_net_init+0x10/0x10 [ 683.096343][T14409] ops_init+0x1df/0x5f0 [ 683.100583][T14409] setup_net+0x21f/0x860 [ 683.104913][T14409] ? __pfx_setup_net+0x10/0x10 [ 683.109761][T14409] ? down_read_killable+0xcc/0x380 [ 683.114961][T14409] ? __pfx_down_read_killable+0x10/0x10 [ 683.120598][T14409] ? debug_mutex_init+0x37/0x70 [ 683.125527][T14409] copy_net_ns+0x2b4/0x6c0 [ 683.130008][T14409] create_new_namespaces+0x3ea/0xad0 [ 683.135371][T14409] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 683.141085][T14409] ksys_unshare+0x45d/0xa40 [ 683.145675][T14409] ? __pfx_ksys_unshare+0x10/0x10 [ 683.150768][T14409] ? xfd_validate_state+0x5d/0x180 [ 683.155927][T14409] __x64_sys_unshare+0x31/0x40 [ 683.160746][T14409] do_syscall_64+0xcd/0x250 [ 683.165300][T14409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.171237][T14409] RIP: 0033:0x7f7a22b85d29 [ 683.175681][T14409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 683.195344][T14409] RSP: 002b:00007f7a239c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 683.203792][T14409] RAX: ffffffffffffffda RBX: 00007f7a22d76080 RCX: 00007f7a22b85d29 [ 683.211791][T14409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 683.219872][T14409] RBP: 00007f7a22c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 683.227866][T14409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 683.235868][T14409] R13: 0000000000000000 R14: 00007f7a22d76080 R15: 00007ffcd1d750d8 [ 683.243979][T14409] syzkaller syzkaller login: [ 685.677822][T14441] FAULT_INJECTION: forcing a failure. [ 685.677822][T14441] name failslab, interval 1, probability 0, space 0, times 0 [ 685.711627][T14441] CPU: 0 UID: 0 PID: 14441 Comm: syz.3.2175 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 685.722490][T14441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 685.732792][T14441] Call Trace: [ 685.736116][T14441] [ 685.739094][T14441] dump_stack_lvl+0x16c/0x1f0 [ 685.743848][T14441] should_fail_ex+0x497/0x5b0 [ 685.748592][T14441] ? fs_reclaim_acquire+0xae/0x150 [ 685.753772][T14441] should_failslab+0xc2/0x120 [ 685.758526][T14441] __kmalloc_noprof+0xce/0x4f0 [ 685.763358][T14441] ? xfrm_state_init+0x378/0x630 [ 685.768372][T14441] ? xfrm_hash_alloc+0xd1/0x100 [ 685.773280][T14441] ? __pfx_xfrm_net_init+0x10/0x10 [ 685.778450][T14441] xfrm_hash_alloc+0xd1/0x100 [ 685.783186][T14441] xfrm_net_init+0x245/0xcb0 [ 685.787841][T14441] ? __pfx_xfrm_net_init+0x10/0x10 [ 685.793015][T14441] ops_init+0x1df/0x5f0 [ 685.797248][T14441] setup_net+0x21f/0x860 [ 685.801558][T14441] ? __pfx_setup_net+0x10/0x10 [ 685.806388][T14441] ? down_read_killable+0xcc/0x380 [ 685.811568][T14441] ? __pfx_down_read_killable+0x10/0x10 [ 685.817232][T14441] ? debug_mutex_init+0x37/0x70 [ 685.822152][T14441] copy_net_ns+0x2b4/0x6c0 [ 685.826629][T14441] create_new_namespaces+0x3ea/0xad0 [ 685.831986][T14441] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 685.837685][T14441] ksys_unshare+0x45d/0xa40 [ 685.842274][T14441] ? __pfx_ksys_unshare+0x10/0x10 [ 685.847350][T14441] ? xfd_validate_state+0x5d/0x180 [ 685.852616][T14441] __x64_sys_unshare+0x31/0x40 [ 685.857477][T14441] do_syscall_64+0xcd/0x250 [ 685.862042][T14441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.867994][T14441] RIP: 0033:0x7f9fff985d29 [ 685.872453][T14441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.892115][T14441] RSP: 002b:00007fa000816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 685.900624][T14441] RAX: ffffffffffffffda RBX: 00007f9fffb76080 RCX: 00007f9fff985d29 [ 685.908657][T14441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 685.916683][T14441] RBP: 00007f9fffa01b08 R08: 0000000000000000 R09: 0000000000000000 [ 685.924704][T14441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.932730][T14441] R13: 0000000000000000 R14: 00007f9fffb76080 R15: 00007fff2d276d88 [ 685.940790][T14441] syzkaller syzkaller login: [ 687.628741][T14473] FAULT_INJECTION: forcing a failure. [ 687.628741][T14473] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 687.672542][T14473] CPU: 0 UID: 0 PID: 14473 Comm: syz.1.2184 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 687.683407][T14473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 687.693513][T14473] Call Trace: [ 687.696835][T14473] [ 687.699814][T14473] dump_stack_lvl+0x16c/0x1f0 [ 687.704564][T14473] should_fail_ex+0x497/0x5b0 [ 687.709348][T14473] ? fs_reclaim_acquire+0xae/0x150 [ 687.714537][T14473] should_fail_alloc_page+0xe7/0x130 [ 687.719915][T14473] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 687.726132][T14473] ? __pfx_mark_lock+0x10/0x10 [ 687.730967][T14473] __alloc_pages_noprof+0x190/0x25b0 [ 687.736363][T14473] ? mark_lock+0xb5/0xc60 [ 687.740810][T14473] ? __pfx_mark_lock+0x10/0x10 [ 687.746086][T14473] ? lock_acquire.part.0+0x11b/0x380 [ 687.751433][T14473] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 687.757227][T14473] ? hlock_class+0x4e/0x130 [ 687.761799][T14473] ? mark_lock+0xb5/0xc60 [ 687.766223][T14473] ? hlock_class+0x4e/0x130 [ 687.770793][T14473] ? __lock_acquire+0xcc5/0x3c40 [ 687.775816][T14473] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 687.781763][T14473] ? policy_nodemask+0xea/0x4e0 [ 687.786666][T14473] alloc_pages_mpol_noprof+0x2c8/0x620 [ 687.792157][T14473] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 687.798178][T14473] ? find_held_lock+0x2d/0x110 [ 687.802993][T14473] folio_alloc_mpol_noprof+0x36/0xd0 [ 687.808311][T14473] shmem_alloc_folio+0x135/0x160 [ 687.813292][T14473] shmem_alloc_and_add_folio+0x48b/0xc00 [ 687.818962][T14473] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 687.825143][T14473] ? shmem_allowable_huge_orders+0xd0/0x410 [ 687.831074][T14473] shmem_get_folio_gfp+0x689/0x1530 [ 687.836315][T14473] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 687.841995][T14473] shmem_fault+0x200/0xae0 [ 687.846454][T14473] ? __pfx_shmem_fault+0x10/0x10 [ 687.851458][T14473] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 687.857131][T14473] ? rcu_is_watching+0x12/0xc0 [ 687.861942][T14473] ? __pfx_filemap_map_pages+0x10/0x10 [ 687.867438][T14473] __do_fault+0x10a/0x490 [ 687.871799][T14473] ? __pfx_filemap_map_pages+0x10/0x10 [ 687.877288][T14473] do_pte_missing+0x1a8/0x3e00 [ 687.882102][T14473] __handle_mm_fault+0x103c/0x2a40 [ 687.887779][T14473] ? find_held_lock+0x2d/0x110 [ 687.892582][T14473] ? __pfx___handle_mm_fault+0x10/0x10 [ 687.898095][T14473] ? follow_page_pte+0x3c3/0x1b20 [ 687.903153][T14473] ? __pfx_lock_release+0x10/0x10 [ 687.908219][T14473] ? follow_page_pte+0x3f7/0x1b20 [ 687.913279][T14473] handle_mm_fault+0x3fa/0xaa0 [ 687.918086][T14473] __get_user_pages+0x8d9/0x3b50 [ 687.923074][T14473] ? __pfx___get_user_pages+0x10/0x10 [ 687.928502][T14473] ? down_read_killable+0xcc/0x380 [ 687.933670][T14473] ? __pfx_down_read_killable+0x10/0x10 [ 687.939275][T14473] __gup_longterm_locked+0x211/0x1870 [ 687.944702][T14473] ? __pfx___gup_longterm_locked+0x10/0x10 [ 687.950552][T14473] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 687.956219][T14473] ? rwsem_read_trylock+0x12d/0x250 [ 687.961455][T14473] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 687.967040][T14473] ? process_vm_rw_core.constprop.0+0x3ff/0x9c0 [ 687.973334][T14473] pin_user_pages_remote+0xee/0x150 [ 687.978576][T14473] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 687.984421][T14473] ? down_read+0xc9/0x330 [ 687.988805][T14473] process_vm_rw_core.constprop.0+0x42b/0x9c0 [ 687.994939][T14473] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 688.001614][T14473] process_vm_rw+0x301/0x360 [ 688.006247][T14473] ? __pfx_process_vm_rw+0x10/0x10 [ 688.011400][T14473] ? __pfx_futex_wake+0x10/0x10 [ 688.016310][T14473] ? xfd_validate_state+0x5d/0x180 [ 688.021446][T14473] ? rcu_is_watching+0x12/0xc0 [ 688.026268][T14473] __x64_sys_process_vm_writev+0xe2/0x1c0 [ 688.032036][T14473] ? do_syscall_64+0x91/0x250 [ 688.036751][T14473] ? lockdep_hardirqs_on+0x7c/0x110 [ 688.041986][T14473] do_syscall_64+0xcd/0x250 [ 688.046539][T14473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.052475][T14473] RIP: 0033:0x7f2acc585d29 [ 688.056927][T14473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.076823][T14473] RSP: 002b:00007f2acd434038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 688.085267][T14473] RAX: ffffffffffffffda RBX: 00007f2acc775fa0 RCX: 00007f2acc585d29 [ 688.093264][T14473] RDX: 0000000000000003 RSI: 0000000020002980 RDI: 00000000000006f4 [ 688.101259][T14473] RBP: 00007f2acc601b08 R08: 0000000000000004 R09: 0000000000000000 [ 688.109252][T14473] R10: 0000000020002a40 R11: 0000000000000246 R12: 0000000000000000 [ 688.117245][T14473] R13: 0000000000000000 R14: 00007f2acc775fa0 R15: 00007ffe4d35c5b8 [ 688.125278][T14473] [ 688.128461][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.583570][T14510] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2194'. [ 691.178850][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.185397][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 694.246436][T14572] FAULT_INJECTION: forcing a failure. [ 694.246436][T14572] name failslab, interval 1, probability 0, space 0, times 0 [ 694.278903][T14576] aoe: invalid device specification [ 694.295709][T14572] CPU: 0 UID: 0 PID: 14572 Comm: syz.4.2212 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 694.306593][T14572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 694.316723][T14572] Call Trace: [ 694.320053][T14572] [ 694.323051][T14572] dump_stack_lvl+0x16c/0x1f0 [ 694.327811][T14572] should_fail_ex+0x497/0x5b0 [ 694.332569][T14572] ? fs_reclaim_acquire+0xae/0x150 [ 694.337770][T14572] should_failslab+0xc2/0x120 [ 694.342547][T14572] __kmalloc_noprof+0xce/0x4f0 [ 694.347425][T14572] ? xfrm_hash_alloc+0xd1/0x100 [ 694.352349][T14572] xfrm_hash_alloc+0xd1/0x100 [ 694.357116][T14572] xfrm_state_init+0x11f/0x630 [ 694.361976][T14572] ? __pfx_xfrm_net_init+0x10/0x10 [ 694.367161][T14572] xfrm_net_init+0x211/0xcb0 [ 694.371825][T14572] ? __pfx_xfrm_net_init+0x10/0x10 [ 694.377006][T14572] ops_init+0x1df/0x5f0 [ 694.381250][T14572] setup_net+0x21f/0x860 [ 694.385592][T14572] ? __pfx_setup_net+0x10/0x10 [ 694.390441][T14572] ? down_read_killable+0xcc/0x380 [ 694.395639][T14572] ? __pfx_down_read_killable+0x10/0x10 [ 694.401280][T14572] ? debug_mutex_init+0x37/0x70 [ 694.406214][T14572] copy_net_ns+0x2b4/0x6c0 [ 694.410707][T14572] create_new_namespaces+0x3ea/0xad0 [ 694.416082][T14572] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 694.421785][T14572] ksys_unshare+0x45d/0xa40 [ 694.426366][T14572] ? __pfx_ksys_unshare+0x10/0x10 [ 694.431470][T14572] ? xfd_validate_state+0x5d/0x180 [ 694.436670][T14572] __x64_sys_unshare+0x31/0x40 [ 694.441522][T14572] do_syscall_64+0xcd/0x250 [ 694.446110][T14572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.452085][T14572] RIP: 0033:0x7f016b785d29 [ 694.456563][T14572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.476242][T14572] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 694.484738][T14572] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 694.492771][T14572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 694.500804][T14572] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 694.508841][T14572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 694.516877][T14572] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 694.525028][T14572] syzkaller syzkaller login: [ 698.768358][T14652] FAULT_INJECTION: forcing a failure. [ 698.768358][T14652] name failslab, interval 1, probability 0, space 0, times 0 [ 698.820690][T14652] CPU: 1 UID: 0 PID: 14652 Comm: syz.2.2226 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 698.831543][T14652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 698.841871][T14652] Call Trace: [ 698.845198][T14652] [ 698.848171][T14652] dump_stack_lvl+0x16c/0x1f0 [ 698.852932][T14652] should_fail_ex+0x497/0x5b0 [ 698.857687][T14652] should_failslab+0xc2/0x120 [ 698.862468][T14652] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 698.867918][T14652] ? skb_clone+0x190/0x3f0 [ 698.872411][T14652] skb_clone+0x190/0x3f0 [ 698.876743][T14652] netlink_deliver_tap+0xafd/0xca0 [ 698.881925][T14652] netlink_unicast+0x5e1/0x7f0 [ 698.886770][T14652] ? __pfx_netlink_unicast+0x10/0x10 [ 698.892117][T14652] ? __phys_addr_symbol+0x30/0x80 [ 698.897201][T14652] ? __check_object_size+0x488/0x710 [ 698.902564][T14652] netlink_sendmsg+0x8b8/0xd70 [ 698.907434][T14652] ? __pfx_netlink_sendmsg+0x10/0x10 [ 698.912790][T14652] ____sys_sendmsg+0x9ae/0xb40 [ 698.917614][T14652] ? copy_msghdr_from_user+0x10b/0x160 [ 698.923146][T14652] ? __pfx_____sys_sendmsg+0x10/0x10 [ 698.928513][T14652] ___sys_sendmsg+0x135/0x1e0 [ 698.933265][T14652] ? __pfx____sys_sendmsg+0x10/0x10 [ 698.938751][T14652] ? __pfx_lock_release+0x10/0x10 [ 698.943824][T14652] ? trace_lock_acquire+0x14e/0x1f0 [ 698.949117][T14652] ? __fget_files+0x206/0x3a0 [ 698.953869][T14652] __sys_sendmsg+0x16e/0x220 [ 698.958890][T14652] ? __pfx___sys_sendmsg+0x10/0x10 [ 698.964102][T14652] do_syscall_64+0xcd/0x250 [ 698.968674][T14652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.974632][T14652] RIP: 0033:0x7f7a22b85d29 [ 698.979094][T14652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 698.998774][T14652] RSP: 002b:00007f7a239e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 699.007258][T14652] RAX: ffffffffffffffda RBX: 00007f7a22d75fa0 RCX: 00007f7a22b85d29 [ 699.015348][T14652] RDX: 0000000004040810 RSI: 0000000020000240 RDI: 0000000000000003 [ 699.023408][T14652] RBP: 00007f7a239e6090 R08: 0000000000000000 R09: 0000000000000000 [ 699.031442][T14652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 699.039472][T14652] R13: 0000000000000000 R14: 00007f7a22d75fa0 R15: 00007ffcd1d750d8 [ 699.047527][T14652] [ 699.513979][T14657] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2229'. [ 699.893467][T14671] [U] [ 699.896271][T14671] [U] [ 699.899028][T14671] [U] [ 699.901784][T14671] [U] syzkaller syzkaller login: [ 699.932279][T14671] [U] [ 699.935069][T14671] [U] [ 699.937830][T14671] [U] [ 699.940584][T14671] [U] [ 700.041678][T14671] [U] [ 700.053934][T14671] [U] BòÚÝy¾š?œÞ€º–÷²[K±ÅÑ‘>¬ÕëTÿ/uê2"ºg5xºRsZa§¸¥ýã…óº„çÜ¢Ÿ¨[,íJ¡ÆÝ×›(RüD;óÑæÉá*Èä@5©b\ø¤ý—{¼w6 [ 700.104724][T14671] [U] ÃÊàˆ1ÏMÑò˜·õiL‚Þ¡ÊÃ7ï¹¢Š«øaêsàÔpµrÇ:÷î_1¾¬ÌÖ%kÄ?„‹5ƒomצ­–Ñ´½XÙ•%Zù²ŒI°1‘*JíÈç’ñCuÕH«ÿI-N¾]LM>Ö0B6i ) 8+$:ॕE7ᜌ<ýí8V¿5â­¦=ä8ãô*¢.I Ì$•n¼Ø1fž’|Úµ‚hàV9¬ñ÷=l]êÖŽ­ïÎm&¼ ÐÐÛËòE›Í [ 700.182678][T14671] [U] C» \S/UE wí6ÈB s J®ÃÓ/ÃUÍú‡‰zô-x!Ìç´Ûé‡þ8¼ø!s7ƒ·ñ·ç)ì™Øji~µõ>Hš:z/‹Ï [ 700.224317][T14671] [U] ©¥xL¸“qþ¿Y\Kµ ±K:bxC¹_¹ª(ØV¿©¬ÓË&ÎûýnlÈLhG,Åæå†÷Õ›/` [ 700.267956][T14671] [U] ê "øžñ ]Z9¯ ±ÖV²Cöéõ‘Ž_Jë'Éq4·ùtZs©—Lï:œH7GºLvÛõnHùŽ [ 700.298853][T14671] [U] Vu¢pºÇ1ÅÓ·Jª\‰:À÷WUl¼P$nÚÞäÀ#G [R½êýL¦Y1U Â’ [ 700.349800][T14671] [U] §Ù¸6»—x†WsÝ+3ö9†>ÎÁyCÐ,c«¼su¸ÙkFÚòËUªÅ«3”í.‡´Î§&šÁ(¶Ø’²æ7Ø–&ÐDU¾ C¾vý8ƒ£L3á0ðªýù·yáb¥W×~6#ÍÊ%¿pgô'þoFmïŠØ8P´†¯=wã"ÌEP•h¨¹õÜL¢–™¹Ë@4_tÐs žmŸQÌJ­Kü‹LK EÙè›4˜tÉÜZ׌¼Òè¼àâEZÃwµ,”çwÆ‘‡Ë 4_Åý.£ñƒmZïX@öOÀM; »;C©OØNè¼çyahô„Äc×®ƒC×Óø_¦ÓùÉÉeb!#<Ãû¤U<“käÿV"Óo:¦f÷7„œöx@¤³¬sNm¢”ÄzúÊèÆ€S`¡*Ö•ÈA&Îx¤lÝAî‡Jô¸qµ¢u°Nld«1ãÉKÞZ%¦Àƒ‹aìÌTùßg¾4 [ 700.471083][T14671] [U] †§<|ÏU¢ðÍù xµ=1ºPÄ WA$±GßI„¿ô`äŠÈñµÅäPûvAútؤ·³pÅ9«ûµLŠ®¢Ùâ ÿg1x=c²–ø¿œ(üųÉp·‘; [ 700.514035][T14671] [U] ÁÎ%œÑ!q¸°#PÐ1'ÛRÚ_JtJ3{§Q ï-¸2)P^øxáû.™pÑ#ÆäòôÌ“‘KÝÅí†0à+áýeœÁèö@}òŸÔO§mÝÝ|hÆw§ŽÍo.Y3XâkDD³AÕSò¨Ë“p‘™Ü\J‘“Aï8U›^ÛþѱÀP× [ 700.587386][T14671] [U] ­¢ÀT+4yzŠît7&ü³DÅжg=R¦ªÍþ2/ÙÛ®~UûNÿ9â§fš¦ [ 700.594943][T14671] [U] ˜:*˜Ný˜©¦?D5Ežè=Ô¦Ô¶2>Ûçr"›WÝ|¶ÔúQá4ûíÔ?Ï%Lõ„lPyxc˜V0äI…-oS»àýEõg_*tIQï¸EÙ–M˜Š›½‹t0“V–ƒ]'²Íó3‰Ê”­Ÿi)!¢`ˆ9+ì®ö¶ÂÞ‹ñÑ»b'¥½€¦yK;\oW‘“Ñ Æœ [ 700.709315][T14671] [U] X1ã¯jôSÿÉÇRi&aUv¢”zݬo:ÜÜÑûƒœ¬(°$©ò´­„ý÷ªË [ 700.743920][T14671] [U] ep(Ü¥žâ”°GÐgéXDùqâ~ŽÎ‚ˆmcþe+î6D.ìm˜»ÿÊk¼|­y¤1‹[×ÔÙòÜG¼97pz3öêŽlÌî£#r¶Ú¬“á~$…ºŠf8ªªcfœÒÆÈŒ†’`ýËs‹îgˆ…¤›6MeyÚ [ 700.803999][T14671] [U] ˜ÒŒYrÑÃ-‡Ò•¹; J¸&µLŒ7úÊYþ3Ã,mSX¡ [ 702.359094][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 702.365619][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login: [ 703.037020][T14708] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2243'. [ 703.184774][T14713] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2244'. [ 703.535295][T14717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2246'. [ 703.630147][T14717] lo: entered promiscuous mode [ 703.652092][T14717] lo: entered allmulticast mode [ 705.701663][T14746] FAULT_INJECTION: forcing a failure. [ 705.701663][T14746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 705.751141][T14746] CPU: 0 UID: 0 PID: 14746 Comm: syz.3.2251 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 705.762093][T14746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 705.772201][T14746] Call Trace: [ 705.775498][T14746] [ 705.778455][T14746] dump_stack_lvl+0x16c/0x1f0 [ 705.783180][T14746] should_fail_ex+0x497/0x5b0 [ 705.787898][T14746] ? fs_reclaim_acquire+0xae/0x150 [ 705.793043][T14746] should_fail_alloc_page+0xe7/0x130 [ 705.798376][T14746] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 705.804570][T14746] ? mark_lock+0xb5/0xc60 [ 705.808949][T14746] __alloc_pages_noprof+0x190/0x25b0 [ 705.814276][T14746] ? __pfx_mark_lock+0x10/0x10 [ 705.819092][T14746] ? hlock_class+0x4e/0x130 [ 705.823633][T14746] ? __lock_acquire+0xcc5/0x3c40 [ 705.828602][T14746] ? hlock_class+0x4e/0x130 [ 705.833138][T14746] ? __lock_acquire+0xcc5/0x3c40 [ 705.838104][T14746] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 705.843863][T14746] ? hlock_class+0x4e/0x130 [ 705.848399][T14746] ? mark_lock+0xb5/0xc60 [ 705.852773][T14746] ? hlock_class+0x4e/0x130 [ 705.857311][T14746] ? __lock_acquire+0xcc5/0x3c40 [ 705.862296][T14746] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 705.868237][T14746] ? policy_nodemask+0xea/0x4e0 [ 705.873131][T14746] alloc_pages_mpol_noprof+0x2c8/0x620 [ 705.878624][T14746] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 705.884646][T14746] pte_alloc_one+0x20/0x390 [ 705.889181][T14746] __pte_alloc+0x6e/0x3b0 [ 705.893541][T14746] ? __pfx___pte_alloc+0x10/0x10 [ 705.898515][T14746] do_pte_missing+0x2810/0x3e00 [ 705.903411][T14746] ? mt_find+0x82d/0xa20 [ 705.907841][T14746] ? __pfx_lock_release+0x10/0x10 [ 705.913121][T14746] __handle_mm_fault+0x103c/0x2a40 [ 705.918306][T14746] ? __pfx___handle_mm_fault+0x10/0x10 [ 705.923902][T14746] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 705.929589][T14746] ? find_vma+0xc0/0x140 [ 705.933865][T14746] ? __pfx_find_vma+0x10/0x10 [ 705.938755][T14746] handle_mm_fault+0x3fa/0xaa0 [ 705.943567][T14746] do_user_addr_fault+0x7a3/0x13f0 [ 705.948742][T14746] exc_page_fault+0x5c/0xc0 [ 705.953292][T14746] asm_exc_page_fault+0x26/0x30 [ 705.958205][T14746] RIP: 0010:__get_user_4+0x1a/0x30 [ 705.963357][T14746] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 ba 00 f0 ff ff ff 7f 00 00 48 39 c2 48 19 d2 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 [ 705.983097][T14746] RSP: 0018:ffffc9000c777c48 EFLAGS: 00050202 [ 705.989198][T14746] RAX: 0000000000000004 RBX: 000000004008af10 RCX: ffffc9000c777bb0 [ 705.997282][T14746] RDX: 0000000000000000 RSI: ffffffff8892a9f0 RDI: ffffffff8bb17300 [ 706.005540][T14746] RBP: ffff888069af0000 R08: 0000000000000000 R09: fffffbfff2039efa [ 706.013534][T14746] R10: ffffffff901cf7d7 R11: 0000000000000001 R12: 000000004008af10 [ 706.021527][T14746] R13: 1ffff920018eef8d R14: dffffc0000000000 R15: 0000000000000004 [ 706.029535][T14746] ? vhost_vring_ioctl+0xc0/0x1390 [ 706.034700][T14746] vhost_vring_ioctl+0xc8/0x1390 [ 706.039677][T14746] ? __pfx_vhost_vring_ioctl+0x10/0x10 [ 706.045177][T14746] ? vhost_dev_ioctl+0x131/0xe20 [ 706.050156][T14746] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 706.055494][T14746] vhost_net_ioctl+0xe8a/0x16e0 [ 706.060383][T14746] ? __pfx_lock_release+0x10/0x10 [ 706.065435][T14746] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 706.070760][T14746] ? __fget_files+0x206/0x3a0 [ 706.075478][T14746] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 706.080800][T14746] __x64_sys_ioctl+0x190/0x200 [ 706.085596][T14746] do_syscall_64+0xcd/0x250 [ 706.090141][T14746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.096075][T14746] RIP: 0033:0x7f9fff985d29 [ 706.100514][T14746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.120158][T14746] RSP: 002b:00007fa000837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 706.128603][T14746] RAX: ffffffffffffffda RBX: 00007f9fffb75fa0 RCX: 00007f9fff985d29 [ 706.136619][T14746] RDX: 0000000000000004 RSI: 000000004008af10 RDI: 0000000000000005 [ 706.144617][T14746] RBP: 00007fa000837090 R08: 0000000000000000 R09: 0000000000000000 [ 706.152609][T14746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 706.160602][T14746] R13: 0000000000000000 R14: 00007f9fffb75fa0 R15: 00007fff2d276d88 [ 706.168613][T14746] [ 706.208652][T14749] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 708.160969][T14776] delete_channel: no stack [ 708.325616][T14769] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2256'. [ 708.455830][T14769] vxcan1: entered promiscuous mode [ 710.253219][T14794] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[14794] [ 710.947963][T14827] netlink: 252 bytes leftover after parsing attributes in process `syz.3.2271'. syzkaller syzkaller login: [ 712.498530][T14847] ICMPv6: process `syz.4.2277' is using deprecated sysctl (syscall) net.ipv6.neigh.erspan0.retrans_time - use net.ipv6.neigh.erspan0.retrans_time_ms instead [ 714.545575][T14870] FAULT_INJECTION: forcing a failure. [ 714.545575][T14870] name failslab, interval 1, probability 0, space 0, times 0 syzkaller syzkaller login: [ 714.603855][T14870] CPU: 1 UID: 0 PID: 14870 Comm: syz.4.2286 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 714.614737][T14870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 714.624861][T14870] Call Trace: [ 714.628161][T14870] [ 714.631114][T14870] dump_stack_lvl+0x16c/0x1f0 [ 714.635839][T14870] should_fail_ex+0x497/0x5b0 [ 714.640559][T14870] ? fs_reclaim_acquire+0xae/0x150 [ 714.645716][T14870] should_failslab+0xc2/0x120 [ 714.650442][T14870] __kmalloc_noprof+0xce/0x4f0 [ 714.655250][T14870] ? xfrm_state_init+0x378/0x630 [ 714.660233][T14870] ? xfrm_hash_alloc+0xd1/0x100 [ 714.665113][T14870] ? __pfx_xfrm_net_init+0x10/0x10 [ 714.670260][T14870] xfrm_hash_alloc+0xd1/0x100 [ 714.674978][T14870] xfrm_net_init+0x245/0xcb0 [ 714.679610][T14870] ? __pfx_xfrm_net_init+0x10/0x10 [ 714.684758][T14870] ops_init+0x1df/0x5f0 [ 714.688967][T14870] setup_net+0x21f/0x860 [ 714.693256][T14870] ? __pfx_setup_net+0x10/0x10 [ 714.698063][T14870] ? down_read_killable+0xcc/0x380 [ 714.703219][T14870] ? __pfx_down_read_killable+0x10/0x10 [ 714.708813][T14870] ? debug_mutex_init+0x37/0x70 [ 714.713716][T14870] copy_net_ns+0x2b4/0x6c0 [ 714.718180][T14870] create_new_namespaces+0x3ea/0xad0 [ 714.723510][T14870] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 714.729184][T14870] ksys_unshare+0x45d/0xa40 [ 714.733736][T14870] ? __pfx_ksys_unshare+0x10/0x10 [ 714.738835][T14870] ? xfd_validate_state+0x5d/0x180 [ 714.743991][T14870] __x64_sys_unshare+0x31/0x40 [ 714.748794][T14870] do_syscall_64+0xcd/0x250 [ 714.753340][T14870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.759296][T14870] RIP: 0033:0x7f016b785d29 [ 714.763745][T14870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 714.783418][T14870] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 714.791872][T14870] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 714.799879][T14870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 714.807882][T14870] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 714.815880][T14870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 714.823878][T14870] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 714.831893][T14870] [ 717.188126][T12666] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 717.200568][T12666] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 717.214840][T12666] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 717.224583][T12666] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 717.235351][T12666] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 717.254243][T12666] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 718.065621][T14911] FAULT_INJECTION: forcing a failure. [ 718.065621][T14911] name failslab, interval 1, probability 0, space 0, times 0 [ 718.149607][T14911] CPU: 0 UID: 0 PID: 14911 Comm: syz.3.2294 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 718.160475][T14911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 718.170680][T14911] Call Trace: [ 718.174007][T14911] [ 718.176989][T14911] dump_stack_lvl+0x16c/0x1f0 [ 718.181741][T14911] should_fail_ex+0x497/0x5b0 [ 718.186519][T14911] ? fs_reclaim_acquire+0xae/0x150 [ 718.191791][T14911] should_failslab+0xc2/0x120 [ 718.196551][T14911] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 718.201998][T14911] ? getname_flags.part.0+0x4c/0x550 [ 718.207379][T14911] ? lock_acquire.part.0+0x11b/0x380 [ 718.212741][T14911] getname_flags.part.0+0x4c/0x550 [ 718.217945][T14911] getname+0x8d/0xe0 [ 718.221911][T14911] do_sys_openat2+0x104/0x1e0 [ 718.226669][T14911] ? __pfx_do_sys_openat2+0x10/0x10 [ 718.232046][T14911] __x64_sys_openat+0x175/0x210 [ 718.236981][T14911] ? __pfx___x64_sys_openat+0x10/0x10 [ 718.242451][T14911] do_syscall_64+0xcd/0x250 [ 718.247029][T14911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 718.252989][T14911] RIP: 0033:0x7f9fff985d29 [ 718.257442][T14911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 718.277100][T14911] RSP: 002b:00007fa000816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 718.285553][T14911] RAX: ffffffffffffffda RBX: 00007f9fffb76080 RCX: 00007f9fff985d29 [ 718.293551][T14911] RDX: 00000000001a1842 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 718.301552][T14911] RBP: 00007f9fffa01b08 R08: 0000000000000000 R09: 0000000000000000 [ 718.309552][T14911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 718.317565][T14911] R13: 0000000000000000 R14: 00007f9fffb76080 R15: 00007fff2d276d88 [ 718.325588][T14911] [ 719.118277][T14903] chnl_net:caif_netlink_parms(): no params data found [ 719.336143][ T5142] Bluetooth: hci5: command tx timeout [ 719.715687][T14903] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.734179][T14903] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.743984][T14903] bridge_slave_0: entered allmulticast mode [ 719.752199][T14903] bridge_slave_0: entered promiscuous mode [ 719.788186][T14903] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.804176][T14903] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.811447][T14903] bridge_slave_1: entered allmulticast mode [ 719.827477][T14903] bridge_slave_1: entered promiscuous mode [ 720.040337][T14903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.062697][T14903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.208487][T14903] team0: Port device team_slave_0 added [ 720.231948][T14903] team0: Port device team_slave_1 added [ 720.335495][T14903] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 720.349565][T14903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 720.400114][T14903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 720.604634][T14903] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 720.612531][T14903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 720.703892][T14903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.057184][T14903] hsr_slave_0: entered promiscuous mode [ 721.089044][T14903] hsr_slave_1: entered promiscuous mode [ 721.132560][T14903] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.152319][T14903] Cannot create hsr debugfs directory [ 721.414076][ T5142] Bluetooth: hci5: command tx timeout [ 721.878235][T14971] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2309'. [ 722.040450][T14903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 722.082036][T14903] 8021q: adding VLAN 0 to HW filter on device team0 [ 722.107401][ T7872] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.114681][ T7872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 722.154569][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.161750][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 722.277743][T14903] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 722.668572][T14903] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.201482][T14903] veth0_vlan: entered promiscuous mode [ 723.298858][T14903] veth1_vlan: entered promiscuous mode [ 723.494553][ T5142] Bluetooth: hci5: command tx timeout [ 723.639818][T14903] veth0_macvtap: entered promiscuous mode [ 723.657693][T14903] veth1_macvtap: entered promiscuous mode [ 723.700609][T14903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.722112][T14903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.749540][T14903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.783771][T14903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.854681][T14903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.883230][T14903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.923088][T14903] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.947225][T14903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.979314][T14903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.005675][T14903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.033824][T14903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.058659][T14903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.084107][T14903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.125086][T14903] batman_adv: batadv0: Interface activated: batadv_slave_1 syzkaller syzkaller login: [ 724.607456][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.667082][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 724.817818][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 724.865666][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 725.481890][T15019] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2319'. [ 725.574904][ T5142] Bluetooth: hci5: command tx timeout [ 726.294751][T12666] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 726.333862][T12666] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 726.355142][T15029] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 726.366091][T12666] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 726.380957][T12666] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 726.388925][T12666] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 726.396660][T12666] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 726.530906][T15029] svc: failed to register nfsdv3 RPC service (errno 111). [ 726.584547][T15029] svc: failed to register nfsaclv3 RPC service (errno 111). [ 727.247813][T15028] chnl_net:caif_netlink_parms(): no params data found [ 727.914698][T15028] bridge0: port 1(bridge_slave_0) entered blocking state [ 727.921872][T15028] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.944302][T15041] FAULT_INJECTION: forcing a failure. [ 727.944302][T15041] name failslab, interval 1, probability 0, space 0, times 0 [ 727.963930][T15041] CPU: 1 UID: 0 PID: 15041 Comm: syz.2.2325 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 727.963997][T15028] bridge_slave_0: entered allmulticast mode [ 727.974741][T15041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 727.974777][T15041] Call Trace: [ 727.974789][T15041] [ 727.974804][T15041] dump_stack_lvl+0x16c/0x1f0 [ 727.974856][T15041] should_fail_ex+0x497/0x5b0 [ 727.974899][T15041] ? fs_reclaim_acquire+0xae/0x150 [ 727.974943][T15041] should_failslab+0xc2/0x120 [ 727.974996][T15041] __kmalloc_noprof+0xce/0x4f0 [ 728.021131][T15041] ? xfrm_hash_alloc+0xd1/0x100 [ 728.026037][T15041] xfrm_hash_alloc+0xd1/0x100 [ 728.030754][T15041] xfrm_state_init+0x11f/0x630 [ 728.035572][T15041] ? __pfx_xfrm_net_init+0x10/0x10 [ 728.040740][T15041] xfrm_net_init+0x211/0xcb0 [ 728.045399][T15041] ? __pfx_xfrm_net_init+0x10/0x10 [ 728.050589][T15041] ops_init+0x1df/0x5f0 [ 728.054815][T15041] setup_net+0x21f/0x860 [ 728.059118][T15041] ? __pfx_setup_net+0x10/0x10 [ 728.063940][T15041] ? down_read_killable+0xcc/0x380 [ 728.069117][T15041] ? __pfx_down_read_killable+0x10/0x10 [ 728.074717][T15041] ? debug_mutex_init+0x37/0x70 [ 728.079614][T15041] copy_net_ns+0x2b4/0x6c0 [ 728.084081][T15041] create_new_namespaces+0x3ea/0xad0 [ 728.089421][T15041] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 728.095098][T15041] ksys_unshare+0x45d/0xa40 [ 728.099645][T15041] ? __pfx_ksys_unshare+0x10/0x10 [ 728.104739][T15041] ? xfd_validate_state+0x5d/0x180 [ 728.109894][T15041] __x64_sys_unshare+0x31/0x40 [ 728.114710][T15041] do_syscall_64+0xcd/0x250 [ 728.119265][T15041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.125211][T15041] RIP: 0033:0x7f505f785d29 [ 728.129657][T15041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 728.149310][T15041] RSP: 002b:00007f50606a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 728.157761][T15041] RAX: ffffffffffffffda RBX: 00007f505f975fa0 RCX: 00007f505f785d29 [ 728.165765][T15041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 728.173767][T15041] RBP: 00007f505f801b08 R08: 0000000000000000 R09: 0000000000000000 [ 728.181765][T15041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.189767][T15041] R13: 0000000000000000 R14: 00007f505f975fa0 R15: 00007fffb05532d8 [ 728.197787][T15041] [ 728.202223][T15028] bridge_slave_0: entered promiscuous mode [ 728.210406][T15028] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.217897][T15028] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.225819][T15028] bridge_slave_1: entered allmulticast mode [ 728.233090][T15028] bridge_slave_1: entered promiscuous mode [ 728.405465][T15028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 728.448448][T15028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.464422][ T5142] Bluetooth: hci3: command tx timeout [ 728.623410][T15028] team0: Port device team_slave_0 added [ 728.663651][T15028] team0: Port device team_slave_1 added [ 728.758408][T15028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 728.774867][T15028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.810529][T15028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 728.823606][T15028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 728.830864][T15028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.857234][T15028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 729.019340][T15028] hsr_slave_0: entered promiscuous mode [ 729.031329][T15028] hsr_slave_1: entered promiscuous mode [ 729.039188][T15028] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 729.052473][T15028] Cannot create hsr debugfs directory [ 729.319894][T15062] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2330'. [ 729.457360][T15064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2331'. [ 729.590454][T15028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 729.625661][T15028] 8021q: adding VLAN 0 to HW filter on device team0 [ 729.648770][ T7856] bridge0: port 1(bridge_slave_0) entered blocking state [ 729.656024][ T7856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 729.716394][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 729.723661][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 730.230752][T15028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 730.240758][T15070] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 730.423447][T15070] CIFS mount error: No usable UNC path provided in device string! [ 730.423447][T15070] [ 730.494714][T15070] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 730.534567][ T5142] Bluetooth: hci3: command tx timeout [ 730.775759][T15028] veth0_vlan: entered promiscuous mode syzkaller syzkaller login: [ 730.827290][T15028] veth1_vlan: entered promiscuous mode [ 730.913972][T15028] veth0_macvtap: entered promiscuous mode [ 730.943334][T15028] veth1_macvtap: entered promiscuous mode [ 730.996481][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.024577][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.053604][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.074473][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.104276][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.122896][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.153973][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 731.173843][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.205251][T15028] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 731.242513][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.274130][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.299580][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.313748][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.323923][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.354851][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.384016][T15028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 731.421391][T15028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 731.453097][T15028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 731.769399][T15110] FAULT_INJECTION: forcing a failure. [ 731.769399][T15110] name failslab, interval 1, probability 0, space 0, times 0 [ 731.796038][T15110] CPU: 1 UID: 0 PID: 15110 Comm: syz.4.2340 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 731.806899][T15110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 731.817022][T15110] Call Trace: [ 731.820341][T15110] [ 731.823307][T15110] dump_stack_lvl+0x16c/0x1f0 [ 731.828058][T15110] should_fail_ex+0x497/0x5b0 [ 731.832804][T15110] ? fs_reclaim_acquire+0xae/0x150 [ 731.837974][T15110] should_failslab+0xc2/0x120 [ 731.842725][T15110] __kmalloc_noprof+0xce/0x4f0 [ 731.847545][T15110] ? xfrm_hash_alloc+0xd1/0x100 [ 731.852450][T15110] ? __pfx_xfrm_net_init+0x10/0x10 [ 731.857619][T15110] xfrm_hash_alloc+0xd1/0x100 [ 731.862328][T15110] xfrm_state_init+0x96/0x630 [ 731.867063][T15110] ? __pfx_xfrm_net_init+0x10/0x10 [ 731.872210][T15110] xfrm_net_init+0x211/0xcb0 [ 731.876844][T15110] ? __pfx_xfrm_net_init+0x10/0x10 [ 731.881987][T15110] ops_init+0x1df/0x5f0 [ 731.886201][T15110] setup_net+0x21f/0x860 [ 731.890490][T15110] ? __pfx_setup_net+0x10/0x10 [ 731.895299][T15110] ? down_read_killable+0xcc/0x380 [ 731.900453][T15110] ? __pfx_down_read_killable+0x10/0x10 [ 731.906045][T15110] ? debug_mutex_init+0x37/0x70 [ 731.910955][T15110] copy_net_ns+0x2b4/0x6c0 [ 731.915410][T15110] create_new_namespaces+0x3ea/0xad0 [ 731.920756][T15110] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 731.926430][T15110] ksys_unshare+0x45d/0xa40 [ 731.930966][T15110] ? __pfx_ksys_unshare+0x10/0x10 [ 731.936037][T15110] ? xfd_validate_state+0x5d/0x180 [ 731.941200][T15110] __x64_sys_unshare+0x31/0x40 [ 731.946018][T15110] do_syscall_64+0xcd/0x250 [ 731.950564][T15110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.956496][T15110] RIP: 0033:0x7f016b785d29 [ 731.960939][T15110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.980599][T15110] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 731.989055][T15110] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 731.997069][T15110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 732.005070][T15110] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 732.013070][T15110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 732.021075][T15110] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 732.029098][T15110] [ 732.039352][T15101] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 732.046037][T15101] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 732.100761][T15101] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 732.108285][T15101] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 732.141221][T15101] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 732.284302][T15101] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 732.304890][T15101] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 732.332558][T15101] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 732.500326][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 732.520975][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 732.597959][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 732.613906][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 732.764147][T15121] openvswitch: netlink: nsh attr 1 has unexpected len 14 expected 8 [ 733.494358][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 734.135713][ T5142] Bluetooth: hci5: command 0x0c1a tx timeout [ 734.136251][T12666] Bluetooth: hci4: command 0x0406 tx timeout [ 734.294147][T12666] Bluetooth: hci3: command 0x0419 tx timeout syzkaller syzkaller login: [ 734.743936][T15145] FAULT_INJECTION: forcing a failure. [ 734.743936][T15145] name failslab, interval 1, probability 0, space 0, times 0 [ 734.756818][T15145] CPU: 1 UID: 0 PID: 15145 Comm: syz.3.2350 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 734.767671][T15145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 734.777792][T15145] Call Trace: [ 734.781116][T15145] [ 734.784091][T15145] dump_stack_lvl+0x16c/0x1f0 [ 734.788835][T15145] should_fail_ex+0x497/0x5b0 [ 734.793605][T15145] ? fs_reclaim_acquire+0xae/0x150 [ 734.798793][T15145] should_failslab+0xc2/0x120 [ 734.803549][T15145] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 734.808999][T15145] ? lock_acquire+0x2f/0xb0 [ 734.813562][T15145] ? __proc_create+0xa4/0x8b0 [ 734.818352][T15145] ? __proc_create+0x2c3/0x8b0 [ 734.823197][T15145] __proc_create+0x2c3/0x8b0 [ 734.827942][T15145] ? __pfx___proc_create+0x10/0x10 [ 734.833101][T15145] ? proc_register+0x9e/0x5f0 [ 734.837858][T15145] ? _raw_write_unlock+0x28/0x50 [ 734.842843][T15145] proc_create_reg+0x7d/0x180 [ 734.847569][T15145] ? __pfx_rt_acct_proc_show+0x10/0x10 [ 734.853146][T15145] proc_create_single_data+0x87/0x130 [ 734.858736][T15145] ? __pfx_proc_create_single_data+0x10/0x10 [ 734.864775][T15145] ? __pfx_nl_fib_input+0x10/0x10 [ 734.869870][T15145] ? __pfx_ip_rt_do_proc_init+0x10/0x10 [ 734.875482][T15145] ip_rt_do_proc_init+0xf4/0x1b0 [ 734.880478][T15145] ops_init+0x1df/0x5f0 [ 734.884693][T15145] setup_net+0x21f/0x860 [ 734.889014][T15145] ? __pfx_setup_net+0x10/0x10 [ 734.893824][T15145] ? down_read_killable+0xcc/0x380 [ 734.898983][T15145] ? __pfx_down_read_killable+0x10/0x10 [ 734.904581][T15145] ? debug_mutex_init+0x37/0x70 [ 734.909562][T15145] copy_net_ns+0x2b4/0x6c0 [ 734.914016][T15145] create_new_namespaces+0x3ea/0xad0 [ 734.919344][T15145] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 734.925024][T15145] ksys_unshare+0x45d/0xa40 [ 734.929576][T15145] ? __pfx_ksys_unshare+0x10/0x10 [ 734.934648][T15145] ? xfd_validate_state+0x5d/0x180 [ 734.939901][T15145] __x64_sys_unshare+0x31/0x40 [ 734.944721][T15145] do_syscall_64+0xcd/0x250 [ 734.949281][T15145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 734.955226][T15145] RIP: 0033:0x7f879a985d29 [ 734.959669][T15145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 734.979324][T15145] RSP: 002b:00007f879b702038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 734.987791][T15145] RAX: ffffffffffffffda RBX: 00007f879ab75fa0 RCX: 00007f879a985d29 [ 734.995801][T15145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 735.003808][T15145] RBP: 00007f879aa01b08 R08: 0000000000000000 R09: 0000000000000000 [ 735.011810][T15145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 735.019832][T15145] R13: 0000000000000000 R14: 00007f879ab75fa0 R15: 00007ffce470abe8 [ 735.027855][T15145] [ 735.350234][T15132] kexec: Could not allocate control_code_buffer [ 736.220749][T12666] Bluetooth: hci5: command 0x0c1a tx timeout [ 736.383774][T12666] Bluetooth: hci3: command 0x0419 tx timeout [ 737.377880][T15171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2355'. [ 737.499085][T15176] zram: Added device: zram1 [ 737.949520][T15183] openvswitch: netlink: IPv4 tunnel dst address is zero [ 738.293900][T12666] Bluetooth: hci5: command 0x0c1a tx timeout [ 738.460246][T12666] Bluetooth: hci3: command 0x0419 tx timeout [ 738.496157][T15199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2365'. [ 738.566053][T15199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2365'. [ 739.148990][T15213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2369'. [ 739.236593][T15213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2369'. [ 740.593874][ T5142] Bluetooth: hci3: command 0x0419 tx timeout [ 742.591539][T15250] netlink: zone id is out of range syzkaller syzkaller login: [ 743.805442][T15259] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 743.818032][T15259] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 743.843991][T15259] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 743.901582][T15259] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 744.301044][T15273] Process accounting resumed [ 745.333942][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 745.740155][T15284] FAULT_INJECTION: forcing a failure. [ 745.740155][T15284] name failslab, interval 1, probability 0, space 0, times 0 [ 745.818049][T15284] CPU: 0 UID: 0 PID: 15284 Comm: syz.2.2388 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 745.828892][T15284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 745.839000][T15284] Call Trace: [ 745.842313][T15284] [ 745.845279][T15284] dump_stack_lvl+0x16c/0x1f0 [ 745.850021][T15284] should_fail_ex+0x497/0x5b0 [ 745.854756][T15284] ? fs_reclaim_acquire+0xae/0x150 [ 745.859965][T15284] should_failslab+0xc2/0x120 [ 745.864712][T15284] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 745.870152][T15284] ? lock_acquire+0x2f/0xb0 [ 745.874712][T15284] ? __proc_create+0xa4/0x8b0 [ 745.879450][T15284] ? __proc_create+0x2c3/0x8b0 [ 745.884284][T15284] __proc_create+0x2c3/0x8b0 [ 745.888945][T15284] ? __pfx___proc_create+0x10/0x10 [ 745.894135][T15284] _proc_mkdir+0xbb/0x200 [ 745.898524][T15284] ? __pfx__proc_mkdir+0x10/0x10 [ 745.903516][T15284] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 745.908970][T15284] ? kmem_cache_alloc_noprof+0x21b/0x3b0 [ 745.914682][T15284] proc_net_ns_init+0x265/0x410 [ 745.919599][T15284] ? __pfx_proc_net_ns_init+0x10/0x10 [ 745.925026][T15284] ops_init+0x1df/0x5f0 [ 745.929245][T15284] setup_net+0x21f/0x860 [ 745.933530][T15284] ? __pfx_setup_net+0x10/0x10 [ 745.938332][T15284] ? down_read_killable+0xcc/0x380 [ 745.943484][T15284] ? __pfx_down_read_killable+0x10/0x10 [ 745.949079][T15284] ? debug_mutex_init+0x37/0x70 [ 745.953990][T15284] copy_net_ns+0x2b4/0x6c0 [ 745.958438][T15284] create_new_namespaces+0x3ea/0xad0 [ 745.963782][T15284] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 745.969454][T15284] ksys_unshare+0x45d/0xa40 [ 745.973998][T15284] ? __pfx_ksys_unshare+0x10/0x10 [ 745.979235][T15284] ? ksys_write+0x1ba/0x250 [ 745.983788][T15284] __x64_sys_unshare+0x31/0x40 [ 745.988602][T15284] do_syscall_64+0xcd/0x250 [ 745.993150][T15284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.999083][T15284] RIP: 0033:0x7f505f785d29 [ 746.003522][T15284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.023271][T15284] RSP: 002b:00007f50606a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 746.031725][T15284] RAX: ffffffffffffffda RBX: 00007f505f975fa0 RCX: 00007f505f785d29 [ 746.039727][T15284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 746.047749][T15284] RBP: 00007f50606a5090 R08: 0000000000000000 R09: 0000000000000000 [ 746.055743][T15284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.063738][T15284] R13: 0000000000000000 R14: 00007f505f975fa0 R15: 00007fffb05532d8 [ 746.071754][T15284] [ 746.079870][ T5142] Bluetooth: hci5: command 0x0c1a tx timeout [ 746.086421][ T5142] Bluetooth: hci4: command 0x0406 tx timeout [ 746.092490][ T5142] Bluetooth: hci3: command 0x0419 tx timeout [ 746.520572][T15288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2389'. [ 747.537453][T15307] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2394'. [ 747.574219][T15307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.581916][T15307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.649250][T15307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.673528][T15307] batman_adv: batadv0: Removing interface: batadv_slave_1 syzkaller syzkaller login: [ 749.360440][T15344] FAULT_INJECTION: forcing a failure. [ 749.360440][T15344] name failslab, interval 1, probability 0, space 0, times 0 [ 749.403837][T15344] CPU: 0 UID: 0 PID: 15344 Comm: syz.4.2402 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 749.414720][T15344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 749.424827][T15344] Call Trace: [ 749.428227][T15344] [ 749.431199][T15344] dump_stack_lvl+0x16c/0x1f0 [ 749.435942][T15344] should_fail_ex+0x497/0x5b0 [ 749.440689][T15344] ? fs_reclaim_acquire+0xae/0x150 [ 749.445953][T15344] should_failslab+0xc2/0x120 [ 749.450706][T15344] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 749.456150][T15344] ? ptlock_alloc+0x1f/0x70 [ 749.460722][T15344] ptlock_alloc+0x1f/0x70 [ 749.465143][T15344] pte_alloc_one+0x74/0x390 [ 749.469708][T15344] do_pte_missing+0x1ae7/0x3e00 [ 749.474641][T15344] __handle_mm_fault+0x103c/0x2a40 [ 749.479835][T15344] ? __pfx___handle_mm_fault+0x10/0x10 [ 749.485362][T15344] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 749.491078][T15344] ? find_vma+0xc0/0x140 [ 749.495377][T15344] ? __pfx_find_vma+0x10/0x10 [ 749.500150][T15344] handle_mm_fault+0x3fa/0xaa0 [ 749.504993][T15344] do_user_addr_fault+0x7a3/0x13f0 [ 749.510167][T15344] exc_page_fault+0x5c/0xc0 [ 749.514731][T15344] asm_exc_page_fault+0x26/0x30 [ 749.519648][T15344] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 749.525609][T15344] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 749.545279][T15344] RSP: 0018:ffffc9000c337d30 EFLAGS: 00050206 [ 749.551400][T15344] RAX: 0000000000000001 RBX: 0000000000000c36 RCX: 0000000000001000 [ 749.559418][T15344] RDX: 0000000000000000 RSI: 0000000000000c36 RDI: ffff8880799d0000 [ 749.567439][T15344] RBP: 0000000000001000 R08: 0000000000000001 R09: ffffed100f33a1ff [ 749.575462][T15344] R10: ffff8880799d0fff R11: 0000000000000000 R12: 0000000000000000 [ 749.583481][T15344] R13: ffff8880799d0000 R14: 0000000000001000 R15: ffff888024ba4000 [ 749.591527][T15344] _copy_from_user+0x9a/0xd0 [ 749.596195][T15344] ? __pfx_drm_set_client_name+0x10/0x10 [ 749.601885][T15344] drm_ioctl+0x4fc/0xba0 [ 749.606209][T15344] ? __pfx_drm_ioctl+0x10/0x10 [ 749.611021][T15344] ? __pfx_lock_release+0x10/0x10 [ 749.616096][T15344] ? trace_lock_acquire+0x14e/0x1f0 [ 749.621384][T15344] ? __pfx_drm_ioctl+0x10/0x10 [ 749.626211][T15344] __x64_sys_ioctl+0x190/0x200 [ 749.631032][T15344] do_syscall_64+0xcd/0x250 [ 749.635624][T15344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.641603][T15344] RIP: 0033:0x7f016b785d29 [ 749.646087][T15344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 749.665931][T15344] RSP: 002b:00007f016c62f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 749.674409][T15344] RAX: ffffffffffffffda RBX: 00007f016b975fa0 RCX: 00007f016b785d29 [ 749.682519][T15344] RDX: 0000000000000c36 RSI: 00000000d00064d1 RDI: 0000000000000005 [ 749.690552][T15344] RBP: 00007f016c62f090 R08: 0000000000000000 R09: 0000000000000000 [ 749.698594][T15344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 749.706720][T15344] R13: 0000000000000000 R14: 00007f016b975fa0 R15: 00007ffe49fa5ae8 [ 749.714766][T15344] [ 751.476568][T15376] netlink: 'syz.1.2411': attribute type 1 has an invalid length. [ 752.624159][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.630532][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 756.731039][T15432] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2426'. [ 757.224366][T15438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2428'. [ 757.710009][T15445] FAULT_INJECTION: forcing a failure. [ 757.710009][T15445] name failslab, interval 1, probability 0, space 0, times 0 [ 757.769243][T15445] CPU: 0 UID: 0 PID: 15445 Comm: syz.3.2430 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 757.780103][T15445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 757.790220][T15445] Call Trace: [ 757.793537][T15445] [ 757.796507][T15445] dump_stack_lvl+0x16c/0x1f0 [ 757.801250][T15445] should_fail_ex+0x497/0x5b0 [ 757.806077][T15445] ? fs_reclaim_acquire+0xae/0x150 [ 757.811251][T15445] should_failslab+0xc2/0x120 [ 757.816003][T15445] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 757.821443][T15445] ? sk_prot_alloc+0x60/0x2a0 [ 757.826187][T15445] sk_prot_alloc+0x60/0x2a0 [ 757.830759][T15445] sk_alloc+0x36/0xb90 [ 757.834901][T15445] inet6_create+0x380/0x1320 [ 757.839558][T15445] ? inet6_create+0x5d/0x1320 [ 757.844299][T15445] __sock_create+0x335/0x8d0 [ 757.848959][T15445] __sys_socket+0x14f/0x260 [ 757.853518][T15445] ? __pfx___sys_socket+0x10/0x10 [ 757.858603][T15445] ? ksys_write+0x1ba/0x250 [ 757.863175][T15445] ? __pfx_ksys_write+0x10/0x10 [ 757.868103][T15445] __x64_sys_socket+0x72/0xb0 [ 757.872849][T15445] ? lockdep_hardirqs_on+0x7c/0x110 [ 757.878165][T15445] do_syscall_64+0xcd/0x250 [ 757.882750][T15445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.888721][T15445] RIP: 0033:0x7f879a985d29 [ 757.893190][T15445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.912861][T15445] RSP: 002b:00007f879b702038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 757.921347][T15445] RAX: ffffffffffffffda RBX: 00007f879ab75fa0 RCX: 00007f879a985d29 [ 757.929373][T15445] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 757.937396][T15445] RBP: 00007f879b702090 R08: 0000000000000000 R09: 0000000000000000 [ 757.945427][T15445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 757.953445][T15445] R13: 0000000000000000 R14: 00007f879ab75fa0 R15: 00007ffce470abe8 [ 757.961484][T15445] [ 757.964675][ C0] vkms_vblank_simulate: vblank timer overrun [ 758.460974][T15460] FAULT_INJECTION: forcing a failure. [ 758.460974][T15460] name fail_futex, interval 1, probability 0, space 0, times 0 [ 758.474477][T15460] CPU: 1 UID: 0 PID: 15460 Comm: syz.2.2433 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 758.485315][T15460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 758.495440][T15460] Call Trace: [ 758.498758][T15460] [ 758.501730][T15460] dump_stack_lvl+0x16c/0x1f0 [ 758.506477][T15460] should_fail_ex+0x497/0x5b0 [ 758.511230][T15460] get_futex_key+0x4a3/0x1000 [ 758.515980][T15460] ? __pfx_lock_release+0x10/0x10 [ 758.521065][T15460] ? __pfx_get_futex_key+0x10/0x10 [ 758.526253][T15460] ? dl_scaled_delta_exec+0xdd/0x2e0 [ 758.531611][T15460] ? find_held_lock+0x2d/0x110 [ 758.536455][T15460] futex_wait_setup+0x72/0x290 [ 758.541278][T15460] ? __pfx_lock_release+0x10/0x10 [ 758.546375][T15460] __futex_wait+0x267/0x3c0 [ 758.550944][T15460] ? __pfx___futex_wait+0x10/0x10 [ 758.556028][T15460] ? try_to_wake_up+0x158/0x1490 [ 758.561025][T15460] ? __pfx_futex_wake_mark+0x10/0x10 [ 758.566379][T15460] futex_wait+0xe9/0x380 [ 758.570659][T15460] ? __pfx_futex_wait+0x10/0x10 [ 758.575548][T15460] ? vfs_write+0x306/0x1150 [ 758.580099][T15460] do_futex+0x22b/0x350 [ 758.584303][T15460] ? __pfx_do_futex+0x10/0x10 [ 758.589034][T15460] __x64_sys_futex+0x1e1/0x4c0 [ 758.593844][T15460] ? fput+0x67/0x440 [ 758.597798][T15460] ? __pfx___x64_sys_futex+0x10/0x10 [ 758.603158][T15460] ? ksys_write+0x1ba/0x250 [ 758.607703][T15460] ? __pfx_ksys_write+0x10/0x10 [ 758.612595][T15460] do_syscall_64+0xcd/0x250 [ 758.617167][T15460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.623117][T15460] RIP: 0033:0x7f505f785d29 [ 758.627565][T15460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 758.647336][T15460] RSP: 002b:00007f50606a50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 758.655793][T15460] RAX: ffffffffffffffda RBX: 00007f505f975fa8 RCX: 00007f505f785d29 [ 758.663881][T15460] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f505f975fa8 [ 758.671886][T15460] RBP: 00007f505f975fa0 R08: 0000000000000000 R09: 0000000000000000 [ 758.679912][T15460] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f505f975fac [ 758.687929][T15460] R13: 0000000000000000 R14: 00007fffb05531f0 R15: 00007fffb05532d8 [ 758.696166][T15460] [ 760.534049][T15466] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2432'. [ 760.722145][T15466] veth1_macvtap: entered allmulticast mode syzkaller syzkaller login: [ 771.811963][T15567] FAULT_INJECTION: forcing a failure. [ 771.811963][T15567] name failslab, interval 1, probability 0, space 0, times 0 [ 772.043372][T15567] CPU: 1 UID: 0 PID: 15567 Comm: syz.2.2454 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 772.054245][T15567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 772.064365][T15567] Call Trace: [ 772.067696][T15567] [ 772.070674][T15567] dump_stack_lvl+0x16c/0x1f0 [ 772.075438][T15567] should_fail_ex+0x497/0x5b0 [ 772.080189][T15567] ? fs_reclaim_acquire+0xae/0x150 [ 772.085376][T15567] should_failslab+0xc2/0x120 [ 772.090126][T15567] __kmalloc_noprof+0xce/0x4f0 [ 772.094965][T15567] ? xfrm_hash_alloc+0xd1/0x100 [ 772.099885][T15567] xfrm_hash_alloc+0xd1/0x100 [ 772.104622][T15567] xfrm_state_init+0x160/0x630 [ 772.109471][T15567] ? __pfx_xfrm_net_init+0x10/0x10 [ 772.114646][T15567] xfrm_net_init+0x211/0xcb0 [ 772.119307][T15567] ? __pfx_xfrm_net_init+0x10/0x10 [ 772.124483][T15567] ops_init+0x1df/0x5f0 [ 772.128731][T15567] setup_net+0x21f/0x860 [ 772.133051][T15567] ? __pfx_setup_net+0x10/0x10 [ 772.137890][T15567] ? down_read_killable+0xcc/0x380 [ 772.143080][T15567] ? __pfx_down_read_killable+0x10/0x10 [ 772.148727][T15567] ? debug_mutex_init+0x37/0x70 [ 772.153656][T15567] copy_net_ns+0x2b4/0x6c0 [ 772.158137][T15567] create_new_namespaces+0x3ea/0xad0 [ 772.163498][T15567] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 772.169201][T15567] ksys_unshare+0x45d/0xa40 [ 772.173776][T15567] ? __pfx_ksys_unshare+0x10/0x10 [ 772.178879][T15567] ? xfd_validate_state+0x5d/0x180 [ 772.184065][T15567] __x64_sys_unshare+0x31/0x40 [ 772.188904][T15567] do_syscall_64+0xcd/0x250 [ 772.193484][T15567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.199454][T15567] RIP: 0033:0x7f505f785d29 [ 772.203927][T15567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 772.223600][T15567] RSP: 002b:00007f5060684038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 772.232071][T15567] RAX: ffffffffffffffda RBX: 00007f505f976080 RCX: 00007f505f785d29 [ 772.240092][T15567] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 772.248111][T15567] RBP: 00007f505f801b08 R08: 0000000000000000 R09: 0000000000000000 [ 772.256134][T15567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.264175][T15567] R13: 0000000000000000 R14: 00007f505f976080 R15: 00007fffb05532d8 [ 772.272222][T15567]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               syzkaller syzkaller login: [ 829.329014][ T29] audit: type=1804 audit(4294967480.099:17): pid=16062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2583" name="/newroot/sys/kernel/tracing/tracing_on" dev="tracefs" ino=1254 res=1 errno=0 [ 829.484967][T16060] netlink: 252 bytes leftover after parsing attributes in process `syz.5.2581'. [ 829.485347][T16059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2580'. [ 829.562086][T16060] netlink: 252 bytes leftover after parsing attributes in process `syz.5.2581'. [ 829.806281][T16065] FAULT_INJECTION: forcing a failure. [ 829.806281][T16065] name failslab, interval 1, probability 0, space 0, times 0 [ 829.861141][T16065] CPU: 0 UID: 0 PID: 16065 Comm: syz.2.2584 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 829.873131][T16065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 829.884535][T16065] Call Trace: [ 829.888190][T16065] [ 829.891463][T16065] dump_stack_lvl+0x16c/0x1f0 [ 829.896682][T16065] should_fail_ex+0x497/0x5b0 [ 829.901890][T16065] ? fs_reclaim_acquire+0xae/0x150 [ 829.907576][T16065] should_failslab+0xc2/0x120 [ 829.912779][T16065] __kmalloc_noprof+0xce/0x4f0 [ 829.918060][T16065] ? xfrm_hash_alloc+0xd1/0x100 [ 829.923422][T16065] ? __pfx_xfrm_net_init+0x10/0x10 [ 829.929072][T16065] xfrm_hash_alloc+0xd1/0x100 [ 829.934240][T16065] xfrm_state_init+0xde/0x630 [ 829.939437][T16065] ? __pfx_xfrm_net_init+0x10/0x10 [ 829.945080][T16065] xfrm_net_init+0x211/0xcb0 [ 829.950163][T16065] ? __pfx_xfrm_net_init+0x10/0x10 [ 829.955817][T16065] ops_init+0x1df/0x5f0 [ 829.960435][T16065] setup_net+0x21f/0x860 [ 829.965144][T16065] ? __pfx_setup_net+0x10/0x10 [ 829.970424][T16065] ? down_read_killable+0xcc/0x380 [ 829.976117][T16065] ? __pfx_down_read_killable+0x10/0x10 [ 829.982262][T16065] ? debug_mutex_init+0x37/0x70 [ 829.987639][T16065] copy_net_ns+0x2b4/0x6c0 [ 829.992526][T16065] create_new_namespaces+0x3ea/0xad0 [ 829.998377][T16065] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 830.004607][T16065] ksys_unshare+0x45d/0xa40 [ 830.009598][T16065] ? __pfx_ksys_unshare+0x10/0x10 [ 830.015160][T16065] ? xfd_validate_state+0x5d/0x180 [ 830.020816][T16065] __x64_sys_unshare+0x31/0x40 [ 830.026087][T16065] do_syscall_64+0xcd/0x250 [ 830.031076][T16065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.037590][T16065] RIP: 0033:0x7f505f785d29 [ 830.042462][T16065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 830.064066][T16065] RSP: 002b:00007f50606a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 830.073358][T16065] RAX: ffffffffffffffda RBX: 00007f505f975fa0 RCX: 00007f505f785d29 [ 830.082150][T16065] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 830.090937][T16065] RBP: 00007f505f801b08 R08: 0000000000000000 R09: 0000000000000000 [ 830.099724][T16065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 830.108515][T16065] R13: 0000000000000000 R14: 00007f505f975fa0 R15: 00007fffb05532d8 [ 830.117326][T16065] [ 832.909477][T16095] FAULT_INJECTION: forcing a failure. [ 832.909477][T16095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 833.061670][T16095] CPU: 0 UID: 0 PID: 16095 Comm: syz.5.2590 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 833.073583][T16095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 833.084690][T16095] Call Trace: [ 833.088335][T16095] [ 833.091592][T16095] dump_stack_lvl+0x16c/0x1f0 [ 833.096805][T16095] should_fail_ex+0x497/0x5b0 [ 833.102020][T16095] _copy_from_user+0x2e/0xd0 [ 833.107136][T16095] user_termios_to_kernel_termios_1+0x21/0x30 [ 833.113864][T16095] set_termios+0x3a5/0x7f0 [ 833.118777][T16095] ? __pfx___lock_acquire+0x10/0x10 [ 833.124638][T16095] ? __mutex_lock+0x1cc/0xa60 [ 833.129845][T16095] ? __pfx_set_termios+0x10/0x10 [ 833.135345][T16095] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 833.141689][T16095] ? rcu_is_watching+0x12/0xc0 [ 833.146998][T16095] tty_mode_ioctl+0x549/0xd20 [ 833.152220][T16095] ? lock_acquire+0x2f/0xb0 [ 833.157222][T16095] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 833.163017][T16095] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 833.169858][T16095] ? __pfx_n_tty_ioctl+0x10/0x10 [ 833.175366][T16095] n_tty_ioctl_helper+0x4b/0x2b0 [ 833.180826][T16095] n_tty_ioctl+0x7f/0x370 [ 833.185661][T16095] ? __pfx_uart_ioctl+0x10/0x10 [ 833.191029][T16095] ? __pfx_n_tty_ioctl+0x10/0x10 [ 833.196496][T16095] tty_ioctl+0x6ee/0x1640 [ 833.201288][T16095] ? __pfx_tty_ioctl+0x10/0x10 [ 833.206565][T16095] ? __pfx_lock_release+0x10/0x10 [ 833.212108][T16095] ? trace_lock_acquire+0x14e/0x1f0 [ 833.217872][T16095] ? __fget_files+0x206/0x3a0 [ 833.223047][T16095] ? __pfx_tty_ioctl+0x10/0x10 [ 833.228324][T16095] __x64_sys_ioctl+0x190/0x200 [ 833.233591][T16095] do_syscall_64+0xcd/0x250 [ 833.238583][T16095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 833.245097][T16095] RIP: 0033:0x7fca98585d29 [ 833.249973][T16095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 833.271572][T16095] RSP: 002b:00007fca9943a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 833.280850][T16095] RAX: ffffffffffffffda RBX: 00007fca98776080 RCX: 00007fca98585d29 [ 833.289634][T16095] RDX: 0000000000000038 RSI: 0000000000005404 RDI: 0000000000000003 [ 833.298442][T16095] RBP: 00007fca9943a090 R08: 0000000000000000 R09: 0000000000000000 [ 833.307224][T16095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 833.316011][T16095] R13: 0000000000000000 R14: 00007fca98776080 R15: 00007ffdd3297728 [ 833.324816][T16095] [ 833.874223][T16108] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2596'. [ 834.423158][T16108] bridge0: port 1(bridge_slave_0) entered disabled state [ 834.666670][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 834.678187][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 834.688287][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 834.698655][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 834.707744][ T5851] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 834.716302][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 835.225268][T16108] bridge_slave_0 (unregistering): left allmulticast mode [ 835.270118][T16108] bridge_slave_0 (unregistering): left promiscuous mode [ 835.352848][T16108] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.656132][T14958] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 836.793837][ T5142] Bluetooth: hci3: command tx timeout [ 837.506546][T16120] chnl_net:caif_netlink_parms(): no params data found [ 837.816870][T16158] ================================================================== [ 837.825803][T16158] BUG: KASAN: slab-use-after-free in force_suspend_read+0x12e/0x150 [ 837.834638][T16158] Read of size 1 at addr ffff888056b9ba30 by task syz.4.2609/16158 [ 837.843362][T16158] [ 837.845943][T16158] CPU: 0 UID: 0 PID: 16158 Comm: syz.4.2609 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 837.857841][T16158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 837.868946][T16158] Call Trace: [ 837.872599][T16158] [ 837.875863][T16158] dump_stack_lvl+0x116/0x1f0 [ 837.881071][T16158] print_report+0xc3/0x620 [ 837.885994][T16158] ? __virt_addr_valid+0x5e/0x590 [ 837.891600][T16158] ? __phys_addr+0xc6/0x150 [ 837.896624][T16158] kasan_report+0xd9/0x110 [ 837.901568][T16158] ? force_suspend_read+0x12e/0x150 [ 837.907341][T16158] ? force_suspend_read+0x12e/0x150 [ 837.913117][T16158] force_suspend_read+0x12e/0x150 [ 837.918696][T16158] ? __pfx_force_suspend_read+0x10/0x10 [ 837.924855][T16158] full_proxy_read+0xfd/0x1b0 [ 837.930064][T16158] ? __pfx_full_proxy_read+0x10/0x10 [ 837.935934][T16158] vfs_read+0x1df/0xbe0 [ 837.940570][T16158] ? __fget_files+0x1fc/0x3a0 [ 837.945780][T16158] ? __pfx___mutex_lock+0x10/0x10 [ 837.951365][T16158] ? __pfx_vfs_read+0x10/0x10 [ 837.956574][T16158] ? __fget_files+0x206/0x3a0 [ 837.961774][T16158] ksys_read+0x12b/0x250 [ 837.966494][T16158] ? __pfx_ksys_read+0x10/0x10 [ 837.971808][T16158] do_syscall_64+0xcd/0x250 [ 837.976819][T16158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.983361][T16158] RIP: 0033:0x7f016b785d29 [ 837.988255][T16158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 838.009880][T16158] RSP: 002b:00007f016c60e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 838.019183][T16158] RAX: ffffffffffffffda RBX: 00007f016b976080 RCX: 00007f016b785d29 [ 838.027993][T16158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 838.036802][T16158] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 838.045621][T16158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 838.054441][T16158] R13: 0000000000000000 R14: 00007f016b976080 R15: 00007ffe49fa5ae8 [ 838.063266][T16158] [ 838.066627][T16158] [ 838.069213][T16158] Allocated by task 15805: [ 838.074096][T16158] kasan_save_stack+0x33/0x60 [ 838.079294][T16158] kasan_save_track+0x14/0x30 [ 838.084495][T16158] __kasan_kmalloc+0xaa/0xb0 [ 838.089643][T16158] __kmalloc_noprof+0x21a/0x4f0 [ 838.095033][T16158] ieee802_11_parse_elems_full+0xe6/0x1630 [ 838.101480][T16158] ieee80211_inform_bss+0xf1/0x10f0 [ 838.107253][T16158] cfg80211_inform_single_bss_data+0x8b1/0x1e40 [ 838.114171][T16158] cfg80211_inform_bss_data+0x254/0x3e40 [ 838.120417][T16158] cfg80211_inform_bss_frame_data+0x252/0x8a0 [ 838.127139][T16158] ieee80211_bss_info_update+0x311/0xab0 [ 838.133388][T16158] ieee80211_scan_rx+0x474/0xac0 [ 838.138907][T16158] ieee80211_rx_list+0x1bac/0x2990 [ 838.144594][T16158] ieee80211_rx_napi+0xdd/0x400 [ 838.149987][T16158] ieee80211_handle_queued_frames+0xd5/0x130 [ 838.156615][T16158] tasklet_action_common+0x251/0x3f0 [ 838.162498][T16158] handle_softirqs+0x213/0x8f0 [ 838.167788][T16158] __irq_exit_rcu+0x109/0x170 [ 838.172992][T16158] irq_exit_rcu+0x9/0x30 [ 838.177712][T16158] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 838.183971][T16158] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.190607][T16158] [ 838.193216][T16158] Freed by task 15805: [ 838.197712][T16158] kasan_save_stack+0x33/0x60 [ 838.202907][T16158] kasan_save_track+0x14/0x30 [ 838.208101][T16158] kasan_save_free_info+0x3b/0x60 [ 838.213667][T16158] __kasan_slab_free+0x51/0x70 [ 838.218958][T16158] kfree+0x14f/0x4b0 [ 838.223287][T16158] ieee80211_inform_bss+0xa36/0x10f0 [ 838.229151][T16158] cfg80211_inform_single_bss_data+0x8b1/0x1e40 [ 838.236069][T16158] cfg80211_inform_bss_data+0x254/0x3e40 [ 838.242311][T16158] cfg80211_inform_bss_frame_data+0x252/0x8a0 [ 838.249032][T16158] ieee80211_bss_info_update+0x311/0xab0 [ 838.255281][T16158] ieee80211_scan_rx+0x474/0xac0 [ 838.260765][T16158] ieee80211_rx_list+0x1bac/0x2990 [ 838.266452][T16158] ieee80211_rx_napi+0xdd/0x400 [ 838.271843][T16158] ieee80211_handle_queued_frames+0xd5/0x130 [ 838.278476][T16158] tasklet_action_common+0x251/0x3f0 [ 838.284337][T16158] handle_softirqs+0x213/0x8f0 [ 838.289623][T16158] __irq_exit_rcu+0x109/0x170 [ 838.294822][T16158] irq_exit_rcu+0x9/0x30 [ 838.299532][T16158] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 838.305784][T16158] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.312436][T16158] [ 838.315020][T16158] The buggy address belongs to the object at ffff888056b9b800 [ 838.315020][T16158] which belongs to the cache kmalloc-1k of size 1024 [ 838.330515][T16158] The buggy address is located 560 bytes inside of [ 838.330515][T16158] freed 1024-byte region [ffff888056b9b800, ffff888056b9bc00) [ 838.345841][T16158] [ 838.348439][T16158] The buggy address belongs to the physical page: [ 838.355537][T16158] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56b98 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 838.365343][T16158] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 838.365374][T16158] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 838.365402][T16158] page_type: f5(slab) [ 838.365432][T16158] raw: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001 [ 838.365463][T16158] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 838.365495][T16158] head: 00fff00000000040 ffff88801ac41dc0 0000000000000000 dead000000000001 [ 838.365526][T16158] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 838.365557][T16158] head: 00fff00000000003 ffffea00015ae601 ffffffffffffffff 0000000000000000 [ 838.365588][T16158] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 838.365607][T16158] page dumped because: kasan: bad access detected [ 838.365630][T16158] page_owner tracks the page as allocated [ 838.365639][T16158] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7886, tgid 7886 (kworker/u8:39), ts 379037241798, free_ts 378564040137 [ 838.365692][T16158] post_alloc_hook+0x2d1/0x350 [ 838.365735][T16158] get_page_from_freelist+0xfce/0x2f80 [ 838.365778][T16158] __alloc_pages_noprof+0x223/0x25b0 [ 838.365831][T16158] alloc_pages_mpol_noprof+0x2c8/0x620 [ 838.365862][T16158] new_slab+0x2c9/0x410 [ 838.365897][T16158] ___slab_alloc+0xce2/0x1650 [ 838.365934][T16158] __slab_alloc.constprop.0+0x56/0xb0 [ 838.365973][T16158] __kmalloc_noprof+0x2de/0x4f0 [ 838.366015][T16158] ieee802_11_parse_elems_full+0xe6/0x1630 [ 838.366061][T16158] ieee80211_inform_bss+0xf1/0x10f0 [ 838.366104][T16158] cfg80211_inform_single_bss_data+0x8b1/0x1e40 [ 838.366144][T16158] cfg80211_inform_bss_data+0x254/0x3e40 [ 838.366181][T16158] cfg80211_inform_bss_frame_data+0x252/0x8a0 [ 838.366222][T16158] ieee80211_bss_info_update+0x311/0xab0 [ 838.366265][T16158] ieee80211_scan_rx+0x474/0xac0 [ 838.366305][T16158] ieee80211_rx_list+0x1bac/0x2990 [ 838.366348][T16158] page last free pid 10320 tgid 10319 stack trace: [ 838.366366][T16158] free_unref_page+0x661/0x1080 [ 838.366407][T16158] __put_partials+0x14c/0x170 [ 838.366445][T16158] qlist_free_all+0x4e/0x120 [ 838.366484][T16158] kasan_quarantine_reduce+0x195/0x1e0 [ 838.366526][T16158] __kasan_slab_alloc+0x69/0x90 [ 838.366572][T16158] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 838.366616][T16158] __kernfs_new_node+0xd3/0x890 [ 838.366658][T16158] kernfs_new_node+0x186/0x240 [ 838.366695][T16158] __kernfs_create_file+0x53/0x350 [ 838.366740][T16158] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 838.366795][T16158] internal_create_group+0x56c/0xf10 [ 838.366827][T16158] internal_create_groups+0x9d/0x150 [ 838.366859][T16158] device_add+0x6d3/0x1a70 [ 838.366888][T16158] netdev_register_kobject+0x183/0x3a0 [ 838.366934][T16158] register_netdevice+0x1473/0x1e20 [ 838.366983][T16158] register_netdev+0x2f/0x50 [ 838.367030][T16158] [ 838.367038][T16158] Memory state around the buggy address: [ 838.367054][T16158] ffff888056b9b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 838.367078][T16158] ffff888056b9b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 838.367101][T16158] >ffff888056b9ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 838.367119][T16158] ^ [ 838.367137][T16158] ffff888056b9ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 838.367161][T16158] ffff888056b9bb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 838.367179][T16158] ================================================================== [ 838.547001][T16158] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 838.547026][T16158] CPU: 1 UID: 0 PID: 16158 Comm: syz.4.2609 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 [ 838.547069][T16158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 838.547089][T16158] Call Trace: [ 838.547099][T16158] [ 838.547113][T16158] dump_stack_lvl+0x3d/0x1f0 [ 838.547161][T16158] panic+0x71d/0x800 [ 838.547208][T16158] ? __pfx_panic+0x10/0x10 [ 838.547257][T16158] ? preempt_schedule_thunk+0x1a/0x30 [ 838.547292][T16158] ? preempt_schedule_common+0x44/0xc0 [ 838.547339][T16158] check_panic_on_warn+0xab/0xb0 [ 838.547390][T16158] end_report+0x117/0x180 [ 838.547439][T16158] kasan_report+0xe9/0x110 [ 838.547485][T16158] ? force_suspend_read+0x12e/0x150 [ 838.547524][T16158] ? force_suspend_read+0x12e/0x150 [ 838.547564][T16158] force_suspend_read+0x12e/0x150 [ 838.547601][T16158] ? __pfx_force_suspend_read+0x10/0x10 [ 838.547644][T16158] full_proxy_read+0xfd/0x1b0 [ 838.547686][T16158] ? __pfx_full_proxy_read+0x10/0x10 [ 838.547731][T16158] vfs_read+0x1df/0xbe0 [ 838.547787][T16158] ? __fget_files+0x1fc/0x3a0 [ 838.547828][T16158] ? __pfx___mutex_lock+0x10/0x10 [ 838.547871][T16158] ? __pfx_vfs_read+0x10/0x10 [ 838.547913][T16158] ? __fget_files+0x206/0x3a0 [ 838.547957][T16158] ksys_read+0x12b/0x250 [ 838.548012][T16158] ? __pfx_ksys_read+0x10/0x10 [ 838.548058][T16158] do_syscall_64+0xcd/0x250 [ 838.548103][T16158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.548150][T16158] RIP: 0033:0x7f016b785d29 [ 838.548177][T16158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 838.548212][T16158] RSP: 002b:00007f016c60e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 838.548246][T16158] RAX: ffffffffffffffda RBX: 00007f016b976080 RCX: 00007f016b785d29 [ 838.548271][T16158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 838.548294][T16158] RBP: 00007f016b801b08 R08: 0000000000000000 R09: 0000000000000000 [ 838.548317][T16158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 838.548340][T16158] R13: 0000000000000000 R14: 00007f016b976080 R15: 00007ffe49fa5ae8 [ 838.548373][T16158] [ 838.548849][T16158] Kernel Offset: disabled