last executing test programs: 10m41.728569851s ago: executing program 3 (id=1171): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x8600, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20800000000d, 0x203, 0x4, 0xc, 0x5, 0xfdfe, 0x5, 0x0, 0x9, 0x8, 0xff, 0xa, 0x4, 0xaab, 0x5, 0x4002]}, 0x0, 0x0) 10m41.498922081s ago: executing program 3 (id=1172): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x4048015) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x6, 0x8000) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r2 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/ns_last_pid\x00', 0x88642, 0x0) read$auto(0x3, 0x0, 0x7) write$auto(r2, 0x0, 0xeffd) (async) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/midi2\x00', 0x103341, 0x0) (async) r4 = socket(0x2, 0x800, 0x6) dup2$auto(r3, r4) write$auto(r4, 0x0, 0x1ff) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x4000000000000002, 0x9, 0x5, 0x2, 0x7, 0xb3, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x55, 0x7, 0x4000000000000000, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0xbc]}, 0x1fe, 0x4) (async) mmap$auto(0x0, 0x8, 0xe1, 0x209b72, 0x7fffffff7f, 0x8000) (async) r5 = socket(0x21, 0x2, 0x2) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = socket(0x1d, 0x2, 0x2) connect$auto(0x5, 0x0, 0x9) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(r6, &(0x7f0000000240)={0x0, 0xfffffffffffffced, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRES32=r6, @ANYRES32=r5], 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x40811) (async) r7 = getpgrp(0x0) process_vm_readv$auto(r7, &(0x7f0000000100)={&(0x7f00000000c0)="e63897272fc39e89e29d2b88", 0xd5f}, 0x100000001, &(0x7f0000000140)={&(0x7f0000000200)="40bb012a7eaa6b5958d79857125bfa76f94f9099863d8b327a455d16cd30fe7bb998bae83630f340aeb25ba5713eb1c94d278a2a2303765a6246cade64d1ae0a233e8593e7fe9080783bd4de76380e", 0x2}, 0x8000000000000000, 0x1) 10m40.334107481s ago: executing program 3 (id=1178): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001400), r3) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r3, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000001440)={0x2c, r4, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}]}, 0x2c}}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x21, &(0x7f0000000240), 0x1) sendmsg$auto_BATADV_CMD_SET_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000f9dbdf250f00000008000300", @ANYRES32=r5, @ANYBLOB="05002f00dd"], 0x24}, 0x1, 0x0, 0x0, 0x44010}, 0x0) 10m40.305628893s ago: executing program 3 (id=1179): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x100, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_snd_pcm_oss_f_reg_pcm_oss(r0, &(0x7f0000000080)="7d31244ded50dffde9433571eac2a03030ba0d8605ae8ab0e8c2a06da7e5bd498e3d616746b31b0516a040a2ed66b9cf3d9e8e706c1f7243e9b524c39f044e5a8e03", 0x42) r1 = socket(0x23, 0x5, 0x0) bind$auto(r1, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) r2 = openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$auto_severities_coverage_fops_severity(r2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/uprobe_profile\x00', 0x200000, 0x0) socket(0x2, 0x3, 0x40100) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x1, 0x0) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xc8) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) mount$auto(&(0x7f0000000000)='pimreg\x00', &(0x7f0000000040)='\x00', 0x0, 0x10dfd057, 0x0) mount$auto(0x0, &(0x7f0000000040)='802_15_4_MAC\x00', 0x0, 0xaaa, 0x0) socket(0x10, 0x2, 0x2) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000000)={0x14, r4, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x24040000}, 0x1cc00) ioctl$auto(0x3, 0x400c4d07, 0x1) ioctl$auto_SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000000040)=0x10000) 10m40.012616642s ago: executing program 3 (id=1182): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x3) shmdt$auto(0x0) madvise$auto(0x0, 0x3, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd003a5394e965231da1bd312e7af6d67d0"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) madvise$auto(0x0, 0x2000040080000004, 0xe) (async) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) (async) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x3) (async) shmdt$auto(0x0) (async) madvise$auto(0x0, 0x3, 0x15) (async) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd003a5394e965231da1bd312e7af6d67d0"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) 10m39.253668888s ago: executing program 3 (id=1190): openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000ac0)='/proc/irq/default_smp_affinity\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x4068811}, 0x80) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x11b, 0xf}, 0xc, 0x0, 0x0, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x73) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090027bd7000fbdbdf250200000008000800", @ANYRES32=r6, @ANYBLOB="140001800800020006000000080001"], 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) flistxattr$auto(r2, &(0x7f0000000040)='/dev/vhci\x00', 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x501001, 0x0) read$auto(0x3, 0x0, 0x80) read$auto_fops_u32_ro_(r1, 0x0, 0x0) msgrcv$auto(0xe1, &(0x7f0000000000)={0x8, 0x2}, 0x81, 0x4, 0x9) close_range$auto(0x2, 0x8000, 0x0) getuid() shmctl$auto(0x0, 0xf3, 0x0) socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x634d) socket(0x10, 0x2, 0x4) swapon$auto(&(0x7f00000000c0)='/dev/vhci\x00', 0x5) socket(0x27, 0xa, 0x0) 10m38.95865107s ago: executing program 32 (id=1190): openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000ac0)='/proc/irq/default_smp_affinity\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x4068811}, 0x80) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x11b, 0xf}, 0xc, 0x0, 0x0, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x73) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090027bd7000fbdbdf250200000008000800", @ANYRES32=r6, @ANYBLOB="140001800800020006000000080001"], 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) flistxattr$auto(r2, &(0x7f0000000040)='/dev/vhci\x00', 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x501001, 0x0) read$auto(0x3, 0x0, 0x80) read$auto_fops_u32_ro_(r1, 0x0, 0x0) msgrcv$auto(0xe1, &(0x7f0000000000)={0x8, 0x2}, 0x81, 0x4, 0x9) close_range$auto(0x2, 0x8000, 0x0) getuid() shmctl$auto(0x0, 0xf3, 0x0) socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x634d) socket(0x10, 0x2, 0x4) swapon$auto(&(0x7f00000000c0)='/dev/vhci\x00', 0x5) socket(0x27, 0xa, 0x0) 10.308302321s ago: executing program 1 (id=4716): r0 = socket(0x27, 0x80000, 0x0) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000180), r0) listen$auto(0x3, 0x81) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xdbb, 0x0, 0x7, 0xfffffffffffffffe, 0x600, 0xf4, 0xb, 0x0, 0x7, 0x8, 0x3, {0x3ff, 0xd05}, 0xfffffffffffffff8, 0xa5, 0x9, 0xb87f, 0x0, 0xc7, 0x1000, 0xb, 0x5, 0x5, 0xfffffff5}) 10.099920232s ago: executing program 1 (id=4719): r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r1, @ANYBLOB="01002dbd7000bedbdf2505000000e80003800800c200e0004e0204002a000400110008002e00", @ANYRES32=r0, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c2c0005802800638024009e8008005a002f7d2100110086800c000d0006000000000000004e0000000400c9"], 0xfc}, 0x1, 0x0, 0x0, 0x40000}, 0x2404c810) 9.474804372s ago: executing program 1 (id=4721): unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/rcutree/parameters/qovld\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001c00)=""/4111, 0x100f) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) 8.29965245s ago: executing program 1 (id=4733): r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$auto_I2C_SMBUS(r0, 0x720, 0x4) 8.1788006s ago: executing program 1 (id=4735): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) epoll_create$auto(0xe) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setns(0xffffffffffffffff, 0x2000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x80000000, 0x3532) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250ae9ff000804030000000200080002"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) mmap$auto(0x0, 0x30, 0x4000000000df, 0xeb1, 0x401, 0x2a9a) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm1c/sub2/xrun_injection\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0x3f00) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) alarm$auto(0x7) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) socket(0x2, 0x1, 0x106) sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x4000000) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x2009, 0x0, 0x5, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xb9f134894bd063c, 0x5, 0xfffffff2) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/cpu/1/cpuid\x00', 0x2000, 0x0) arch_prctl$auto(0x1ff, 0x9) read$auto(r0, 0x0, 0x100000001) 3.103456776s ago: executing program 4 (id=4765): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r0, 0x900064b8, 0xc35) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_MPP(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000140)={0x1c, r1, 0x301, 0x70bd2f, 0x25dfdbfd, {}, [@NL80211_ATTR_FILS_DISCOVERY={0x7, 0x14c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200040c4}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x8000) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0x8, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x800000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/ip6_mr_cache\x00', 0x101000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pread64$auto(r3, 0x0, 0x2, 0x1) mount$auto(&(0x7f0000000040)='netdevsim0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='*!]\\:\x00', 0x6, &(0x7f0000000100)="3bace0272082d91f922c202c7ba55b7f5d096d2ca2f7830b7cb8d88bdba26e34005077b0ce4803022b48f9d3f40e6ecde9ca7b62aba480f55e568c0745c46239d651c4b38a4431de788d575711ece46a4274cb7f42ba72c379943d34480ce5b0a8ead6d0f51b06fd8174ee253530e0f37be8ffb95fee334b56c4580530bc6349cb6c8c") open(0x0, 0x80842, 0x91) 2.641848639s ago: executing program 4 (id=4768): r0 = socket(0x2, 0x5, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r1 = getpid() r2 = gettid() r3 = getpid() rt_tgsigqueueinfo$auto(r3, r2, 0x23, &(0x7f0000000600)={@siginfo_0_0={0x8001, 0x3, 0x1000, @_sigpoll={0x401}}}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) rt_tgsigqueueinfo$auto(r1, r2, 0x21, &(0x7f0000000040)={@_si_pad}) io_pgetevents$auto(0x8, 0xfffffffffffff800, 0x2, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x9}}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0xe0}, 0x55) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) fcntl$auto(0xff80000000000000, 0x406, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 2.275723657s ago: executing program 4 (id=4770): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r0, 0x900064b8, 0xc35) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_MPP(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000140)={0x1c, r1, 0x301, 0x70bd2f, 0x25dfdbfd, {}, [@NL80211_ATTR_FILS_DISCOVERY={0x7, 0x14c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200040c4}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x8000) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0x8, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x80000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/ip6_mr_cache\x00', 0x101000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pread64$auto(r3, 0x0, 0x2, 0x1) mount$auto(&(0x7f0000000040)='netdevsim0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='*!]\\:\x00', 0x6, &(0x7f0000000100)="3bace0272082d91f922c202c7ba55b7f5d096d2ca2f7830b7cb8d88bdba26e34005077b0ce4803022b48f9d3f40e6ecde9ca7b62aba480f55e568c0745c46239d651c4b38a4431de788d575711ece46a4274cb7f42ba72c379943d34480ce5b0a8ead6d0f51b06fd8174ee253530e0f37be8ffb95fee334b56c4580530bc6349cb6c8c") open(0x0, 0x80842, 0x91) 2.258473138s ago: executing program 0 (id=4771): mmap$auto(0x0, 0x20009, 0xe1, 0xeb1, 0x40000000000a5, 0x8000) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x24) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x7, 0x1ff, 0x7, 0x5, 0x7181, 0x4, 0x7, 0x3, 0x9, 0xd, 0x80003, 0x4, 0x200000000001, 0xb4, 0x9, 0x8, 0x10006, 0x4000080, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xfffffffffffffffc, 0x6, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x61f, 0x0, 0x2, 0x0, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x31, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x3, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x3, 0x6, 0x2, 0x1f6, 0x40, 0xfffffffffffffffc, 0x6, 0xffff, 0x0, 0x3, 0xfffffffffffffffc, 0xa, 0x8, 0x7, 0xc567]}, 0x1fe, 0xd) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffffffffffd09, &(0x7f00000001c0)) close_range$auto(r0, r0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') open_tree$auto(r0, 0x0, 0x1001) 2.227537805s ago: executing program 2 (id=4772): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000140), r1) sendmsg$auto_NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x14, r2, 0x300, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x20000800) r3 = socket(0x10, 0x2, 0x4) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x3, 0x6) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r5, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014100005800c00c50003000000000000000c02368008027a8087010c800800e800", @ANYRES32=r3, @ANYBLOB="0800fb00", @ANYRES32=r4], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffe) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) ioperm$auto(0x400, 0xd4f8, 0xfff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket(0x10, 0x2, 0x0) shmat$auto(0x0, &(0x7f00000000c0)='(\x00', 0xfffffffa) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000740)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f00000009c0)={{@inferred, 0xc, 0x8, 0x7, "c1f8707d1bd8b77369ec8d37255bc3336a712ff14cc7d0663328a52ffc7859550ccd7a9d01866f57e89b967c"}, 0x5, 0x6, 0x5, @inferred, @reserved="6051df758350f39dc792865f6ad357b52aa1926839c9fc1dd7c57e08d584c0507a6efeb9f6ffebb2befac1b6ac4ff9ede8077a5a7ecf504894e5ab0a633553da18ed4deca0aa6f4975ff4cbe6ad29ce3ef0941949af0c1b43daa2c6f120566e20d2bef7b10165e66054f548654332e8ba2e66f90bcbb712bcdb0c7d66b0e1469", "6238db752b34094b86e743144afdccf5034e108ae74035db44c254d3c6dd8bef78a0c0ebba2fcde694196929139bde270cf080531ef91cb8851c2495aa24159d"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r6, 0xc0505510, 0x0) acct$auto(&(0x7f0000000000)='/dev/snd/controlC1\x00') 1.958236923s ago: executing program 0 (id=4773): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4000008000) socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) io_submit$auto(0x4, 0x8003, &(0x7f0000000100)=&(0x7f00000000c0)={0x1, 0x8, 0x216a40, 0x1ff, 0xfe01, 0xffffffffffffffff, 0x5, 0x3, 0x805}) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000040)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xf}, 0x6, 0x0) ioctl$auto_I2C_SMBUS(0xffffffffffffffff, 0x720, 0x4) 1.762014769s ago: executing program 2 (id=4774): close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace\x00', 0x4c100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = memfd_create$auto(0x0, 0x10000009) r1 = socket(0x2, 0x1, 0x106) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x2, 0x8000) mmap$auto(0x8, 0x1000, 0xdf, 0x80000000000000f4, r0, 0x9) madvise$auto(0x0, 0x600007, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) sendfile$auto(0x6, 0x3, 0x0, 0x7) unshare$auto(0x40000080) writev$auto(r0, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x3, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(r2, 0x1, 0x20009, 0x0, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) mmap$auto(0xfffffffffffffffd, 0x8000000800000000, 0x5, 0xeb1, r0, 0x800002007ffe) madvise$auto(0x8c3a, 0x2, 0xf) socket(0x2, 0xa, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x3) ioctl$auto(0xffffffffffffffff, 0x8, 0xffffffffffffffff) kill$auto(0x0, 0xa) 1.278981086s ago: executing program 2 (id=4775): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r0, 0x900064b8, 0xc35) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_MPP(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000140)={0x1c, r1, 0x301, 0x70bd2f, 0x25dfdbfd, {}, [@NL80211_ATTR_FILS_DISCOVERY={0x7, 0x14c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200040c4}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x8000) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0x8, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x800000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/ip6_mr_cache\x00', 0x101000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pread64$auto(r3, 0x0, 0x2, 0x1) mount$auto(&(0x7f0000000040)='netdevsim0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='*!]\\:\x00', 0x6, &(0x7f0000000100)="3bace0272082d91f922c202c7ba55b7f5d096d2ca2f7830b7cb8d88bdba26e34005077b0ce4803022b48f9d3f40e6ecde9ca7b62aba480f55e568c0745c46239d651c4b38a4431de788d575711ece46a4274cb7f42ba72c379943d34480ce5b0a8ead6d0f51b06fd8174ee253530e0f37be8ffb95fee334b56c4580530bc6349cb6c8c") open(0x0, 0x80842, 0x91) 1.278850001s ago: executing program 4 (id=4776): socket(0xa, 0x3, 0xff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x3000000}]}, 0x1c}, 0x1, 0x0, 0x30000000, 0x40080}, 0x20040000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000021}, 0x20008004) mmap$auto(0x0, 0x20007, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) socket(0x2a, 0x2, 0x6) connect$auto(0x3, &(0x7f0000000180), 0x54) close_range$auto(0x2, 0x8000, 0x0) 1.27328892s ago: executing program 0 (id=4783): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000140), r1) sendmsg$auto_NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40010}, 0x20000800) r2 = socket(0x10, 0x2, 0x4) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x3, 0x6) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014100005800c00c50003000000000000000c02368008027a8087010c800800e800", @ANYRES32=r2, @ANYBLOB="0800fb00", @ANYRES32=r3], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffe) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) ioperm$auto(0x400, 0xd4f8, 0xfff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket(0x10, 0x2, 0x0) shmat$auto(0x0, &(0x7f00000000c0)='(\x00', 0xfffffffa) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000740)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000009c0)={{@inferred, 0xc, 0x8, 0x7, "c1f8707d1bd8b77369ec8d37255bc3336a712ff14cc7d0663328a52ffc7859550ccd7a9d01866f57e89b967c"}, 0x5, 0x6, 0x5, @inferred, @reserved="6051df758350f39dc792865f6ad357b52aa1926839c9fc1dd7c57e08d584c0507a6efeb9f6ffebb2befac1b6ac4ff9ede8077a5a7ecf504894e5ab0a633553da18ed4deca0aa6f4975ff4cbe6ad29ce3ef0941949af0c1b43daa2c6f120566e20d2bef7b10165e66054f548654332e8ba2e66f90bcbb712bcdb0c7d66b0e1469", "6238db752b34094b86e743144afdccf5034e108ae74035db44c254d3c6dd8bef78a0c0ebba2fcde694196929139bde270cf080531ef91cb8851c2495aa24159d"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r5, 0xc0505510, 0x0) acct$auto(&(0x7f0000000000)='/dev/snd/controlC1\x00') 969.281522ms ago: executing program 0 (id=4777): r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/driver/rtc\x00', 0x20002, 0x0) r1 = socket(0x10, 0x2, 0x15) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x60000004}, 0xc800) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8947, &(0x7f0000000000)={'bond0\x00'}) sendmsg$auto_CTRL_CMD_GETFAMILY(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24006001}, 0x20048000) read$auto_proc_single_file_operations_base(r0, &(0x7f0000000040)=""/4096, 0xffffffffffffffc7) 968.208298ms ago: executing program 4 (id=4778): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r0, 0x900064b8, 0xc35) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a80), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_MPP(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000140)={0x1c, r1, 0x301, 0x70bd2f, 0x25dfdbfd, {}, [@NL80211_ATTR_FILS_DISCOVERY={0x7, 0x14c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200040c4}, 0x20000040) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x8000) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0x8, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0xf0ffff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/ip6_mr_cache\x00', 0x101000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pread64$auto(r3, 0x0, 0x2, 0x1) mount$auto(&(0x7f0000000040)='netdevsim0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='*!]\\:\x00', 0x6, &(0x7f0000000100)="3bace0272082d91f922c202c7ba55b7f5d096d2ca2f7830b7cb8d88bdba26e34005077b0ce4803022b48f9d3f40e6ecde9ca7b62aba480f55e568c0745c46239d651c4b38a4431de788d575711ece46a4274cb7f42ba72c379943d34480ce5b0a8ead6d0f51b06fd8174ee253530e0f37be8ffb95fee334b56c4580530bc6349cb6c8c") open(0x0, 0x80842, 0x91) 898.929377ms ago: executing program 1 (id=4779): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_cancel$auto(0x400, &(0x7f00000001c0)={0x7f, 0xffff, 0xf9d, 0x401, 0xa, 0xffffffffffffffff, 0x4, 0x7fffffffffffffff, 0x5, 0x0, 0x33f, 0xffffffffffffffff}, &(0x7f0000000200)={0xe2, 0xf, 0x3, 0x1}) preadv$auto(r0, &(0x7f0000000280)={&(0x7f0000000240)="c2c519a8e34b342800154812a0113539b298da59ac2199128caad0693b4658e235561f00d4bfedb4"}, 0xfffffffffffffc01, 0x7, 0x80) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fsopen$auto(0x0, 0x3) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000540), 0xa0100, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x500, 0xa}, 0x5, 0x108) clone$auto(0x61000, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x0) r2 = userfaultfd$auto(0x101) write$auto_proc_sys_file_operations_proc_sysctl(r2, &(0x7f00000000c0)="2a999bcfcbf64a70eb249d8804d717f31b09f7ce4c2a8902012a905dcc5b48f79ace529eb9e6ae7aa5aa6c36e039133334188d49ec70edae69f2b0bddcaa19fcf7ba04913433d483ae8a27c8b1f702dd2f301bd3cc200c5f0c5fc3a5bc11896c0bfaad336b3d104ca6d8fb1a15085edd157b4885186073c39de0ec31d78a84ff2274c2163d05ab7ce17d0e9972cc3f23c718a611b563e2b46134d29bbd3b678d144d41ab0ab65bd1165529f2dbdd8ba2ac35eb55c4a18480aa60df0e574b127fb274ddc4dbfbf0a7de18c1a5f8ac5ab522add7136c1eb0f04d4f414b3b9f5e5dc6301fd624f8257788b492c353d6423fdf65dc36e6c3c50bf78936c5fb7d", 0xfe) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r4, 0x4b4c, 0x38) readv$auto(0x0, &(0x7f0000000080)={&(0x7f00000002c0), 0x2}, 0x7ff) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01d2f6ba0c6c32be3afb62040325"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) r5 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r5, &(0x7f0000000040)="6524b5aac083b05c1173a1174ad8f5246cdc9552bbdffc095f2e", 0x1a) mmap$auto(0x1, 0x8, 0x6, 0x9b72, r1, 0xc000000000000) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) read$auto(0x4, 0x0, 0xfdef) 538.973234ms ago: executing program 2 (id=4780): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="21002abd7000fcdbdf254300000008000300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x400c854) 521.629719ms ago: executing program 0 (id=4781): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x3ff, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(r0, 0xc1205531, 0x10) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001d40)='/proc/timer_list\x00', 0xa182, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000240)=""/4096, 0x1000) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0xfffffe13) 365.864129ms ago: executing program 2 (id=4782): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000140), r1) sendmsg$auto_NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)={0x14, r2, 0x300, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x20000800) r3 = socket(0x10, 0x2, 0x4) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x3, 0x6) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r5, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014100005800c00c50003000000000000000c02368008027a8087010c800800e800", @ANYRES32=r3, @ANYBLOB="0800fb00", @ANYRES32=r4], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffe) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) ioperm$auto(0x400, 0xd4f8, 0xfff) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket(0x10, 0x2, 0x0) shmat$auto(0x0, &(0x7f00000000c0)='(\x00', 0xfffffffa) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000740)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f00000009c0)={{@inferred, 0xc, 0x8, 0x7, "c1f8707d1bd8b77369ec8d37255bc3336a712ff14cc7d0663328a52ffc7859550ccd7a9d01866f57e89b967c"}, 0x5, 0x6, 0x5, @inferred, @reserved="6051df758350f39dc792865f6ad357b52aa1926839c9fc1dd7c57e08d584c0507a6efeb9f6ffebb2befac1b6ac4ff9ede8077a5a7ecf504894e5ab0a633553da18ed4deca0aa6f4975ff4cbe6ad29ce3ef0941949af0c1b43daa2c6f120566e20d2bef7b10165e66054f548654332e8ba2e66f90bcbb712bcdb0c7d66b0e1469", "6238db752b34094b86e743144afdccf5034e108ae74035db44c254d3c6dd8bef78a0c0ebba2fcde694196929139bde270cf080531ef91cb8851c2495aa24159d"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r6, 0xc0505510, 0x0) acct$auto(&(0x7f0000000000)='/dev/snd/controlC1\x00') 358.278839ms ago: executing program 4 (id=4784): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd12\x00', 0x8001, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/netfilter/nfnetlink_log\x00', 0x40080, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x121b42, 0x0) r0 = socket(0x21, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r1 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r1, 0x11, 0x67, 0x0, 0x8) setsockopt$auto(0x3, 0x1, 0x2, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @multicast1}, 0x55) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20008010}, 0x4004414) bpf$auto(0x200000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x2e77, 0x5a, 0x5, 0x2, 0xffffffffffff0000, 0x4, 0x2, 0x8, 0x3, 0x100, 0x0, 0x80, 0xc, 0x101}, 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x3}, 0x3, 0x0) unshare$auto(0x40000080) writev$auto(0x1, 0x0, 0x1) mmap$auto(0x5, 0x9, 0x0, 0xc1a, 0x80000001, 0x80000000) madvise$auto(0x0, 0x20200, 0x15) r2 = socket(0xa, 0x2, 0x73) sendto$auto(r2, 0x0, 0xf, 0x800e, &(0x7f00000004c0), 0x19) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r2) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0) write$auto(r3, &(0x7f0000000900)='netpci0\x00', 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) 134.330168ms ago: executing program 0 (id=4785): clock_adjtime$auto(0x0, &(0x7f0000000040)={0xdbb, 0x0, 0x7, 0xfffffffffffffffe, 0x600, 0xf4, 0xb, 0x0, 0x7, 0x8, 0x3, {0x3ff, 0xd05}, 0xfffffffffffffff8, 0xa5, 0x9, 0xb87f, 0x0, 0xc7, 0x1000, 0xb, 0x5, 0x5, 0xfffffff5, 0x0, 0x0, 0xb00}) 0s ago: executing program 2 (id=4786): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r1 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x10000000024, 0x2, 0x2008, 0x40000007, 0xa) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setns(0xffffffffffffffff, 0x0) unshare$auto(0x40000080) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(0x0, r2) ioctl$auto_SNDCTL_DSP_GETISPACE(r1, 0x8010500d, &(0x7f0000000200)={0x4, 0x8, 0xd, 0xd}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)={0x48, r3, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_SCAN_SSIDS={0x2c, 0x2d, 0x0, 0x1, [@nested={0x28, 0x99, 0x0, 0x1, [@nested={0x21, 0x97, 0x0, 0x1, [@generic="972d5f291ab8d2304811b4ecbf70ac6e1fcc8f45b4ec74d9bf40d0cc5d"]}]}]}]}, 0x48}}, 0x4000000) sendmsg$auto_NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x3c, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x99ea}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r1}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x2}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4801) socket(0x2, 0x5, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto(0x0, 0x407, 0x100000) kernel console output (not intermixed with test programs): 1: left allmulticast mode [ 405.038322][ T3433] bridge_slave_1: left promiscuous mode [ 405.052952][ T3433] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.071611][ T3433] bridge_slave_0: left allmulticast mode [ 405.088269][ T3433] bridge_slave_0: left promiscuous mode [ 405.109435][ T3433] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.093039][ T3433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 406.162803][ T3433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 406.191607][ T3433] bond0 (unregistering): Released all slaves [ 406.489237][T14509] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2304'. [ 408.529959][T14546] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2314'. [ 408.771152][ T3433] veth1_macvtap: left promiscuous mode [ 408.789635][ T3433] veth0_macvtap: left promiscuous mode [ 408.807139][ T3433] veth1_vlan: left promiscuous mode [ 408.823628][ T3433] veth0_vlan: left promiscuous mode [ 409.400673][T14581] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[14581] [ 410.455933][ T3433] team0 (unregistering): Port device team_slave_1 removed [ 410.582592][ T3433] team0 (unregistering): Port device team_slave_0 removed [ 412.631543][T14632] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2337'. [ 413.231742][T14654] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2344'. [ 414.322642][T14677] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2350'. [ 415.792421][T14713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2360'. [ 418.391276][T14758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2372'. [ 421.387860][T14811] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2384'. [ 421.419394][T14812] IPVS: length: 242 != 8 [ 421.967609][T14811] team0: Port device team_slave_1 removed [ 427.025252][T14915] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2417'. [ 427.339164][T14925] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2418'. [ 428.737552][T14940] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2423'. [ 429.186953][T14940] team0: Port device team_slave_1 removed [ 431.932222][T15010] netlink: 'syz.2.2453': attribute type 1 has an invalid length. [ 432.949637][T15011] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2445'. [ 433.031793][T15035] random: crng reseeded on system resumption [ 433.090319][T15011] team0: Port device team_slave_1 removed [ 433.933621][T15052] binder: 15051:15052 ioctl c018620b 9 returned -14 [ 434.579756][T15068] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2460'. [ 435.164496][T15080] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2462'. [ 435.313933][T15080] team0: Port device team_slave_1 removed [ 440.256017][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.269243][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.579447][T15291] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2518'. [ 443.641899][T15293] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2519'. [ 443.687146][T15293] : renamed from team0 (while UP) [ 444.407302][T15315] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2528'. [ 444.418899][T15315] erspan0: entered allmulticast mode [ 447.457765][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 447.770576][T15412] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 448.497222][T15425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2569'. [ 450.211943][T15471] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2573'. [ 450.411457][T15486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2576'. [ 452.221141][T15534] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2592'. [ 456.462703][T15634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2611'. [ 458.940988][T15706] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2631'. [ 460.828004][T15750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2643'. [ 460.983327][T15760] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2647'. [ 462.263905][T15797] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 462.428218][T15800] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2659'. [ 462.448299][T15797] CIFS mount error: No usable UNC path provided in device string! [ 462.448299][T15797] [ 462.461462][T15797] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 463.360145][T15829] binder: 15828:15829 ioctl c0306201 9 returned -14 [ 464.076423][T15856] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 464.089085][T15856] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 466.243307][T15911] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2694'. [ 466.449262][T15922] kernel read not supported for file /#)-\&[} (pid: 15922 comm: syz.4.2696) [ 466.449290][ T29] audit: type=1804 audit(1734614424.569:5): pid=15922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2696" name="#)-\&[}" dev="mqueue" ino=44679 res=1 errno=0 [ 466.493538][ T29] audit: type=1800 audit(1734614424.609:6): pid=15922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2696" name="#)-\&[}" dev="mqueue" ino=44679 res=0 errno=0 [ 466.558473][ T29] audit: type=1804 audit(1734614424.609:7): pid=15922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2696" name="#)-\&[}" dev="mqueue" ino=44679 res=1 errno=0 [ 466.582604][ T29] audit: type=1804 audit(1734614424.609:8): pid=15922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2696" name="#)-\&[}" dev="mqueue" ino=44679 res=1 errno=0 [ 466.606446][ C0] vkms_vblank_simulate: vblank timer overrun [ 468.560179][T15950] erspan0: entered allmulticast mode [ 476.782344][ T3433] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.049982][ T3433] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.240871][ T3433] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.443598][ T3433] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.601228][T16176] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2764'. [ 477.917094][ T3433] bridge_slave_1: left allmulticast mode [ 477.935609][ T3433] bridge_slave_1: left promiscuous mode [ 477.952611][ T3433] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.982785][ T3433] bridge_slave_0: left allmulticast mode [ 478.005566][ T3433] bridge_slave_0: left promiscuous mode [ 478.024335][ T3433] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.751259][T16204] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2768'. [ 479.310279][ T3433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 479.406801][ T3433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 479.466253][ T3433] bond0 (unregistering): Released all slaves [ 479.658199][T16236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2776'. [ 480.059152][ T3433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 480.092958][ T3433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 480.117177][ T3433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 480.142343][ T3433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 480.223549][ T3433] veth1_macvtap: left promiscuous mode [ 480.230210][ T3433] veth0_macvtap: left promiscuous mode [ 480.264813][ T3433] veth1_vlan: left promiscuous mode [ 480.291032][ T3433] veth0_vlan: left promiscuous mode [ 481.901345][ T3433] team0 (unregistering): Port device team_slave_1 removed [ 481.986811][ T3433] team0 (unregistering): Port device team_slave_0 removed [ 483.429930][ T8711] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 483.463011][ T8711] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 483.502103][ T8711] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 483.602503][ T8711] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 483.643142][T16338] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2794'. [ 483.687225][ T8711] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 483.698482][ T8711] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 483.831962][T16327] nbd: socks must be embedded in a SOCK_ITEM attr [ 483.841611][T16327] block nbd4: shutting down sockets [ 484.359325][T16328] chnl_net:caif_netlink_parms(): no params data found [ 484.794512][T16328] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.813426][T16328] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.848416][T16328] bridge_slave_0: entered allmulticast mode [ 484.864671][T16328] bridge_slave_0: entered promiscuous mode [ 484.902071][T16328] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.922430][T16328] bridge0: port 2(bridge_slave_1) entered disabled state [ 484.952609][T16328] bridge_slave_1: entered allmulticast mode [ 484.965928][T16328] bridge_slave_1: entered promiscuous mode [ 485.046464][T16328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 485.061632][T16328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 485.209808][T16328] team0: Port device team_slave_0 added [ 485.260521][T16328] team0: Port device team_slave_1 added [ 485.347699][T16328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 485.365952][T16328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.397102][ C0] vkms_vblank_simulate: vblank timer overrun [ 485.472046][T16328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 485.516136][T16328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 485.549436][T16328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.580568][ C0] vkms_vblank_simulate: vblank timer overrun [ 485.628171][T16328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 485.756108][T16328] hsr_slave_0: entered promiscuous mode [ 485.773581][ T5831] Bluetooth: hci1: command tx timeout [ 485.784321][T16328] hsr_slave_1: entered promiscuous mode [ 485.806386][T16328] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 485.832391][T16328] Cannot create hsr debugfs directory [ 486.000133][T16432] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2807'. [ 486.110501][T16328] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.247458][T16328] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.399749][T16328] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.619676][T16328] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.025207][T16328] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 487.119283][T16328] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 487.168255][T16328] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 487.208837][T16328] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 487.433809][T16328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 487.449769][T16480] netlink: 5995 bytes leftover after parsing attributes in process `syz.2.2813'. [ 487.475421][T16328] 8021q: adding VLAN 0 to HW filter on device team0 [ 487.489223][T13340] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.497772][T13340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 487.556313][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.564868][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 487.665073][T16328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 487.852499][ T5831] Bluetooth: hci1: command tx timeout [ 488.116098][T16328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 488.240277][T16328] veth0_vlan: entered promiscuous mode [ 488.266982][T16328] veth1_vlan: entered promiscuous mode [ 488.334623][T16328] veth0_macvtap: entered promiscuous mode [ 488.369411][T16328] veth1_macvtap: entered promiscuous mode [ 488.415883][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 488.454543][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.496534][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 488.532336][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.553370][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 488.569915][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.584441][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 488.622464][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.643676][T16328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 488.697574][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.726157][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.761890][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.792446][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.822305][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.852437][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.853950][T16520] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2819'. [ 488.885370][T16328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.907013][T16521] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2819'. [ 488.922623][T16328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.946898][T16328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 488.995200][T16328] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.045056][T16328] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.092554][T16328] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.122523][T16328] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.456073][ T3433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.487842][ T3433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.613351][T16300] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.672298][T16300] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.910445][T16555] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2825'. [ 489.933419][ T5831] Bluetooth: hci1: command tx timeout [ 491.365408][T16603] FAULT_INJECTION: forcing a failure. [ 491.365408][T16603] name failslab, interval 1, probability 0, space 0, times 0 [ 491.381758][T16603] CPU: 1 UID: 0 PID: 16603 Comm: syz.2.2835 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 491.394694][T16603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 491.406749][T16603] Call Trace: [ 491.410669][T16603] [ 491.414173][T16603] dump_stack_lvl+0x16c/0x1f0 [ 491.419785][T16603] should_fail_ex+0x497/0x5b0 [ 491.425399][T16603] ? fs_reclaim_acquire+0xae/0x150 [ 491.431577][T16603] should_failslab+0xc2/0x120 [ 491.437194][T16603] __kmalloc_noprof+0xce/0x4f0 [ 491.442931][T16603] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 491.449688][T16603] ? tomoyo_realpath_from_path+0xbf/0x710 [ 491.456550][T16603] tomoyo_realpath_from_path+0xbf/0x710 [ 491.463229][T16603] ? tomoyo_path_number_perm+0x235/0x5b0 [ 491.469992][T16603] tomoyo_path_number_perm+0x248/0x5b0 [ 491.476540][T16603] ? tomoyo_path_number_perm+0x235/0x5b0 [ 491.483306][T16603] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 491.490504][T16603] ? __pfx_lock_release+0x10/0x10 [ 491.496551][T16603] ? trace_lock_acquire+0x14e/0x1f0 [ 491.502790][T16603] ? lock_acquire+0x2f/0xb0 [ 491.508210][T16603] ? __fget_files+0x40/0x3a0 [ 491.513713][T16603] ? __fget_files+0x206/0x3a0 [ 491.519327][T16603] security_file_ioctl+0x9b/0x240 [ 491.525353][T16603] __x64_sys_ioctl+0xb7/0x200 [ 491.530958][T16603] do_syscall_64+0xcd/0x250 [ 491.536360][T16603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.543429][T16603] RIP: 0033:0x7f1bb7185d29 [ 491.548715][T16603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.572232][T16603] RSP: 002b:00007f1bb7f3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 491.582327][T16603] RAX: ffffffffffffffda RBX: 00007f1bb7375fa0 RCX: 00007f1bb7185d29 [ 491.591883][T16603] RDX: 0000000020000380 RSI: 00000000c0505510 RDI: 0000000000000003 [ 491.601434][T16603] RBP: 00007f1bb7f3f090 R08: 0000000000000000 R09: 0000000000000000 [ 491.610986][T16603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.620550][T16603] R13: 0000000000000000 R14: 00007f1bb7375fa0 R15: 00007ffe50773a78 [ 491.630122][T16603] [ 491.713637][T16603] ERROR: Out of memory at tomoyo_realpath_from_path. [ 492.014653][ T5831] Bluetooth: hci1: command tx timeout [ 493.802663][T13340] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 494.883834][T16628] binder: 16627:16628 ioctl c018620b 9 returned -14 [ 496.574427][T16673] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2851'. [ 501.713243][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.720889][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.223598][T16864] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2882'. [ 507.647648][T16934] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 507.678256][T16934] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 508.226038][T16953] Invalid ELF header magic: != ELF [ 509.673006][T16995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2909'. [ 510.046668][T16999] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2911'. [ 513.684286][T17092] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2935'. [ 514.015993][ T8711] Bluetooth: hci4: command 0x0406 tx timeout [ 514.792453][T17125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2947'. [ 514.827163][T17125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2947'. [ 517.149930][T17184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2962'. [ 518.187095][T17211] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2969'. [ 519.755349][T17252] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2981'. [ 523.736030][T17333] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3011'. [ 525.140587][T17372] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3015'. [ 527.155102][T17414] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3024'. [ 527.379131][T17420] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3026'. [ 527.852881][T17437] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3033'. [ 529.011799][T17468] ubi0: attaching mtd0 [ 529.022012][T17468] ubi0: scanning is finished [ 529.041014][T17468] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 529.172483][T17468] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 531.829252][T17527] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 531.867289][T17527] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 532.553078][T17533] Invalid ELF header magic: != ELF [ 535.220782][T17597] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3076'. [ 535.408586][T17600] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 535.939126][T17614] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(12) [ 536.430604][T17623] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 536.491375][T17623] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 536.578465][T17624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3086'. [ 536.651923][T17624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3086'. [ 536.886699][T17631] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3088'. [ 540.180655][T17676] sctp: [Deprecated]: syz.4.3099 (pid 17676) Use of struct sctp_assoc_value in delayed_ack socket option. [ 540.180655][T17676] Use struct sctp_sack_info instead [ 540.790860][T17693] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 540.903371][T17695] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(12) [ 542.421098][T17740] binder: 17739:17740 ioctl c018620b 9 returned -14 [ 544.622123][T17790] netlink: 'syz.0.3143': attribute type 11 has an invalid length. [ 544.964333][T17794] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 548.711858][T17895] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3167'. [ 548.886457][T17899] sctp: [Deprecated]: syz.4.3165 (pid 17899) Use of int in maxseg socket option. [ 548.886457][T17899] Use struct sctp_assoc_value instead [ 551.395818][T17986] netlink: 'syz.1.3188': attribute type 22 has an invalid length. [ 553.132952][T18016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3195'. [ 553.631989][T18022] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 553.654942][T18022] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 557.006407][T18072] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3208'. [ 559.893432][T18115] kernel read not supported for file /#)-\&[} (pid: 18115 comm: syz.4.3219) [ 559.923750][T18118] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3220'. [ 559.935323][ T29] audit: type=1800 audit(1734614518.044:9): pid=18115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3219" name="#)-\&[}" dev="mqueue" ino=44679 res=0 errno=0 [ 559.959282][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.442467][T18129] netlink: 'syz.1.3223': attribute type 2 has an invalid length. [ 563.141293][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.149019][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.823307][T18231] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3250'. [ 572.714345][T18262] tipc: Started in network mode [ 572.772603][T18262] tipc: Node identity ee00, cluster identity 4711 [ 572.780335][T18262] tipc: Node number set to 60928 [ 573.105759][T18271] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3262'. [ 579.982283][T18381] netlink: 'syz.0.3290': attribute type 2 has an invalid length. [ 581.923471][T18410] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3297'. [ 585.903437][T18448] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3310'. [ 590.062376][T18514] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3332'. [ 590.170112][T18515] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3332'. [ 591.972558][T18557] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3345'. [ 592.018979][T18557] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3345'. [ 592.032100][T18544] delete_channel: no stack [ 592.390104][T18566] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3347'. [ 595.594925][ T29] audit: type=1804 audit(1734614553.714:10): pid=18633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3360" name="/newroot/sys/kernel/tracing/set_event_pid" dev="tracefs" ino=23 res=1 errno=0 [ 598.468996][T18714] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3387'. [ 598.492612][T18714] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3387'. [ 600.016873][T18742] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3396'. [ 600.028873][T18742] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3396'. [ 600.164449][T18750] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 600.913747][T18754] cgroup: fork rejected by pids controller in /syz4 [ 601.073699][T18813] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3406'. [ 601.168275][T18825] sctp: [Deprecated]: syz.2.3407 (pid 18825) Use of struct sctp_assoc_value in delayed_ack socket option. [ 601.168275][T18825] Use struct sctp_sack_info instead [ 601.187884][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.687811][T18925] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3409'. [ 601.739249][T18928] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3409'. [ 603.036828][T18972] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3419'. [ 603.314417][T18982] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3422'. [ 603.333290][T18982] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3422'. [ 604.393650][T19018] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3434'. [ 604.843956][T19024] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 604.902939][T19024] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 605.063371][T19026] Invalid ELF header magic: != ELF [ 606.182355][ T8711] Bluetooth: hci1: command 0x0406 tx timeout [ 607.816734][T19125] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3474'. [ 607.849040][T19125] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3474'. [ 608.764224][T19156] netlink: 'syz.1.3476': attribute type 23 has an invalid length. [ 608.991498][T19161] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3478'. [ 609.042965][T19161] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3478'. [ 610.115977][T19187] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3484'. [ 610.176463][T19187] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3484'. [ 610.701764][T19205] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3490'. [ 610.751664][T19205] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3490'. [ 611.369166][T19217] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3492'. [ 613.281239][T19260] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 614.893325][T19283] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3508'. [ 614.930881][T19283] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3508'. [ 615.446062][T19300] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3511'. [ 615.899839][T19306] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3513'. [ 615.912316][T19306] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3513'. [ 616.204203][T19316] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3515'. [ 616.256846][T19316] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3515'. [ 617.765702][T19352] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3527'. [ 617.841847][T19354] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3527'. [ 618.836941][T19369] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3528'. [ 618.881863][T19369] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3528'. [ 620.518726][T19394] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3537'. [ 620.530925][T19394] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3537'. [ 620.742485][T19405] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3540'. [ 620.807856][T19408] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3540'. [ 623.829590][T19468] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3558'. [ 624.578618][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.578672][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.622539][T19542] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3583'. [ 632.492401][T19577] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3582'. [ 634.152010][T19594] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3586'. [ 634.198868][T19594] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3586'. [ 637.829004][T19618] ptrace attach of "./syz-executor exec"[10469] was attempted by "./syz-executor exec"[19618] [ 638.923067][T19638] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3600'. [ 639.033977][T19639] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3600'. [ 641.004966][T19666] nfsd: Unknown parameter '' [ 644.291863][T19711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3620'. [ 644.343454][T19711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3620'. [ 644.877399][T19720] netlink: 968 bytes leftover after parsing attributes in process `syz.2.3623'. [ 646.054947][ T8711] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 646.075695][ T8711] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 646.085060][ T8711] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 646.109511][ T8711] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 646.150229][ T8711] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 646.162630][ T8711] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 646.754139][T19739] chnl_net:caif_netlink_parms(): no params data found [ 647.098539][T19739] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.128867][T19739] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.184275][T19739] bridge_slave_0: entered allmulticast mode [ 647.224216][T19739] bridge_slave_0: entered promiscuous mode [ 647.252604][T19739] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.261124][T19739] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.324012][T19739] bridge_slave_1: entered allmulticast mode [ 647.345109][T19739] bridge_slave_1: entered promiscuous mode [ 647.565628][T19739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 647.610277][T19739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 647.936656][T19739] team0: Port device team_slave_0 added [ 647.975378][T19739] team0: Port device team_slave_1 added [ 648.142662][T19769] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3634'. [ 648.168192][T19769] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3634'. [ 648.252493][ T5831] Bluetooth: hci0: command tx timeout [ 648.284473][T19739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 648.300934][T19739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 648.390525][T19739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 648.441252][T19739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 648.449718][T19739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 648.480771][ C1] vkms_vblank_simulate: vblank timer overrun [ 648.488369][T19739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 648.615509][T19739] hsr_slave_0: entered promiscuous mode [ 648.662657][T19739] hsr_slave_1: entered promiscuous mode [ 648.673640][T19739] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 648.683116][T19739] Cannot create hsr debugfs directory [ 649.568773][T19739] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.895341][T19739] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.304225][T19739] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 650.332326][ T5831] Bluetooth: hci0: command tx timeout [ 651.044184][T19739] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.711332][T19739] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 651.804655][T19739] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 651.854707][T19739] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 651.972301][T19739] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 652.215831][T19739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 652.251273][T19739] 8021q: adding VLAN 0 to HW filter on device team0 [ 652.294153][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 652.302704][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 652.357891][T16299] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.366431][T16299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 652.412629][ T5831] Bluetooth: hci0: command tx timeout [ 652.843122][T19739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 653.567920][T19739] veth0_vlan: entered promiscuous mode [ 653.735368][T19739] veth1_vlan: entered promiscuous mode [ 653.789907][T19739] veth0_macvtap: entered promiscuous mode [ 653.834967][T19739] veth1_macvtap: entered promiscuous mode [ 653.900960][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.940477][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.952793][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.965611][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 653.977477][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 653.990065][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.001873][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 654.014470][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.026621][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 654.039933][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.055632][T19739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 654.066720][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.079312][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.091169][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.104253][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.116241][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.128807][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.141042][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.153961][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.166071][T19739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 654.179108][T19739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 654.191993][T19739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 654.231681][T19739] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.243676][T19739] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.302250][T19739] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.313241][T19739] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 654.493439][ T8711] Bluetooth: hci0: command tx timeout [ 654.512899][T19831] nbd4: detected capacity change from 0 to 68719476736 [ 654.539103][T16632] block nbd4: Send control failed (result -22) [ 654.563562][T19837] Process accounting resumed [ 654.573394][T16632] block nbd4: Request send failed, requeueing [ 654.609011][ T43] block nbd4: Dead connection, failed to find a fallback [ 654.618157][ T43] block nbd4: shutting down sockets [ 654.625043][ T43] blk_print_req_error: 24 callbacks suppressed [ 654.625067][ T43] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 654.643600][ T43] buffer_io_error: 23 callbacks suppressed [ 654.643616][ T43] Buffer I/O error on dev nbd4, logical block 0, async page read [ 654.672351][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 654.722559][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 654.731923][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 654.803178][T13340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.813173][T13340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.832538][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 654.874701][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 654.921884][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 654.936507][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 654.976743][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 654.981117][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 655.013298][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 655.062394][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 655.112363][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 655.121862][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 655.182303][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 655.212578][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 655.248608][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 655.287253][T16632] ldm_validate_partition_table(): Disk read failed. [ 655.303420][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 655.339014][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 655.373309][T16632] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 655.415762][T16632] Buffer I/O error on dev nbd4, logical block 0, async page read [ 655.483175][T16632] Dev nbd4: unable to read RDB block 0 [ 655.490239][T16632] nbd4: unable to read partition table [ 655.553863][T16632] ldm_validate_partition_table(): Disk read failed. [ 655.569660][T16632] Dev nbd4: unable to read RDB block 0 [ 655.588820][T16632] nbd4: unable to read partition table [ 655.640444][T19850] netlink: 'syz.1.3652': attribute type 39 has an invalid length. [ 655.662662][T19850] netlink: 'syz.1.3652': attribute type 40 has an invalid length. [ 655.791856][T19850] netlink: 'syz.1.3652': attribute type 41 has an invalid length. [ 655.868505][T19850] netlink: 'syz.1.3652': attribute type 44 has an invalid length. [ 655.982922][T19850] netlink: 'syz.1.3652': attribute type 46 has an invalid length. [ 656.082814][T19850] netlink: 'syz.1.3652': attribute type 47 has an invalid length. [ 656.171574][T19850] netlink: 'syz.1.3652': attribute type 48 has an invalid length. [ 656.240670][T19850] netlink: 'syz.1.3652': attribute type 49 has an invalid length. [ 656.280610][T19850] netlink: 'syz.1.3652': attribute type 50 has an invalid length. [ 656.302696][T19850] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3652'. [ 656.383702][T19853] netlink: 'syz.1.3652': attribute type 39 has an invalid length. [ 656.492422][T19853] netlink: 46 bytes leftover after parsing attributes in process `syz.1.3652'. [ 657.880666][T19886] FAULT_INJECTION: forcing a failure. [ 657.880666][T19886] name failslab, interval 1, probability 0, space 0, times 0 [ 658.113485][T19886] CPU: 1 UID: 0 PID: 19886 Comm: syz.0.3658 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 658.126439][T19886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 658.138517][T19886] Call Trace: [ 658.142459][T19886] [ 658.145995][T19886] dump_stack_lvl+0x16c/0x1f0 [ 658.151639][T19886] should_fail_ex+0x497/0x5b0 [ 658.157266][T19886] ? fs_reclaim_acquire+0xae/0x150 [ 658.163413][T19886] should_failslab+0xc2/0x120 [ 658.169057][T19886] __kmalloc_noprof+0xce/0x4f0 [ 658.174793][T19886] ? tomoyo_encode2+0x100/0x3e0 [ 658.180638][T19886] tomoyo_encode2+0x100/0x3e0 [ 658.186272][T19886] tomoyo_realpath_from_path+0x1a7/0x710 [ 658.193050][T19886] ? tomoyo_path_number_perm+0x235/0x5b0 [ 658.199837][T19886] tomoyo_path_number_perm+0x248/0x5b0 [ 658.206409][T19886] ? tomoyo_path_number_perm+0x235/0x5b0 [ 658.213191][T19886] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 658.220418][T19886] ? __pfx_lock_release+0x10/0x10 [ 658.226446][T19886] ? trace_lock_acquire+0x14e/0x1f0 [ 658.232685][T19886] ? lock_acquire+0x2f/0xb0 [ 658.238072][T19886] ? __fget_files+0x40/0x3a0 [ 658.243577][T19886] ? __fget_files+0x206/0x3a0 [ 658.249184][T19886] security_file_ioctl+0x9b/0x240 [ 658.255205][T19886] __x64_sys_ioctl+0xb7/0x200 [ 658.260805][T19886] do_syscall_64+0xcd/0x250 [ 658.266201][T19886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.273263][T19886] RIP: 0033:0x7fc15bd85d29 [ 658.278545][T19886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 658.302064][T19886] RSP: 002b:00007fc15cc24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 658.312151][T19886] RAX: ffffffffffffffda RBX: 00007fc15bf75fa0 RCX: 00007fc15bd85d29 [ 658.321709][T19886] RDX: 0000000000000001 RSI: 000000000000890b RDI: 0000000000000004 [ 658.331259][T19886] RBP: 00007fc15cc24090 R08: 0000000000000000 R09: 0000000000000000 [ 658.340812][T19886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.350368][T19886] R13: 0000000000000000 R14: 00007fc15bf75fa0 R15: 00007fffdd173d98 [ 658.359936][T19886] [ 658.363635][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.584498][T19886] ERROR: Out of memory at tomoyo_realpath_from_path. [ 659.733922][T19913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3666'. [ 660.193558][T19920] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3670'. [ 660.314844][T19920] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3670'. [ 660.831338][T19927] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3680'. [ 660.880752][T19927] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3680'. [ 662.551087][T19958] ptrace attach of "./syz-executor exec"[12141] was attempted by "./syz-executor exec"[19958] [ 670.121583][T20040] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3699'. [ 670.399596][T20049] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3702'. [ 670.411753][T20049] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3702'. [ 671.892456][T20066] ptrace attach of "./syz-executor exec"[16328] was attempted by "./syz-executor exec"[20066] [ 672.752410][T20088] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3712'. [ 672.831591][T20088] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3712'. [ 674.753525][T20119] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3720'. [ 677.982360][T20153] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3726'. [ 678.175875][T20155] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3726'. [ 680.876048][T20193] validate_nla: 6 callbacks suppressed [ 680.876069][T20193] netlink: 'syz.2.3737': attribute type 13 has an invalid length. [ 681.272327][T20198] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3738'. [ 681.342891][T20201] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3738'. [ 683.215443][T20241] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3750'. [ 683.441314][T20233] ptrace attach of "./syz-executor exec"[16328] was attempted by "./syz-executor exec"[20233] [ 684.255125][T20252] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3752'. [ 684.306510][T20254] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3752'. [ 685.054495][T20265] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3754'. [ 685.262098][T20247] ptrace attach of "./syz-executor exec"[19739] was attempted by "./syz-executor exec"[20247] [ 686.023094][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.030660][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.870123][T20282] nbd5: detected capacity change from 0 to 68719476736 [ 686.941347][T16632] block nbd5: Send control failed (result -22) [ 686.972378][T16632] block nbd5: Request send failed, requeueing [ 687.010293][ T5831] block nbd5: Receive control failed (result -32) [ 687.010425][ T1071] block nbd5: Dead connection, failed to find a fallback [ 687.028845][ T1071] block nbd5: shutting down sockets [ 687.035389][ T1071] blk_print_req_error: 24 callbacks suppressed [ 687.035405][ T1071] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.054837][ T1071] buffer_io_error: 23 callbacks suppressed [ 687.054855][ T1071] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.075866][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.153450][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.230577][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.282240][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.322508][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.392269][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.444426][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.473158][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.493993][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.526658][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.559647][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.570689][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.580245][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.591136][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.600595][T16632] ldm_validate_partition_table(): Disk read failed. [ 687.608622][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.619602][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.629613][T16632] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 687.641615][T16632] Buffer I/O error on dev nbd5, logical block 0, async page read [ 687.651580][T16632] Dev nbd5: unable to read RDB block 0 [ 687.651722][T20293] ptrace attach of "./syz-executor exec"[13948] was attempted by "./syz-executor exec"[20293] [ 687.658768][T16632] nbd5: unable to read partition table [ 687.705358][T16632] ldm_validate_partition_table(): Disk read failed. [ 687.732630][T16632] Dev nbd5: unable to read RDB block 0 [ 687.752013][T16632] nbd5: unable to read partition table [ 689.657692][T20312] ptrace attach of "./syz-executor exec"[12141] was attempted by "./syz-executor exec"[20312] [ 690.297322][T20337] netlink: 'syz.1.3774': attribute type 3 has an invalid length. [ 690.542251][T20318] ptrace attach of "./syz-executor exec"[19739] was attempted by "./syz-executor exec"[20318] [ 692.663830][T20382] delete_channel: no stack [ 692.951840][T20391] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3789'. [ 693.602392][T20381] ptrace attach of "./syz-executor exec"[13948] was attempted by "./syz-executor exec"[20381] [ 693.841260][T20387] ptrace attach of "./syz-executor exec"[12141] was attempted by "./syz-executor exec"[20387] [ 693.988694][T20410] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3793'. [ 696.261687][T20449] Process accounting resumed [ 698.187760][T20485] netlink: 'syz.2.3811': attribute type 3 has an invalid length. [ 701.036082][T20539] netlink: 206 bytes leftover after parsing attributes in process `syz.0.3825'. [ 703.058670][T20575] ptrace attach of "./syz-executor exec"[13948] was attempted by "./syz-executor exec"[20575] [ 703.682677][T20593] nbd6: detected capacity change from 0 to 68719476736 [ 703.734965][T16632] block nbd6: Send control failed (result -22) [ 703.753776][T16632] block nbd6: Request send failed, requeueing [ 703.783478][ T5831] block nbd6: Receive control failed (result -32) [ 703.783618][ T1071] block nbd6: Dead connection, failed to find a fallback [ 703.808129][ T1071] block nbd6: shutting down sockets [ 703.815046][ T1071] blk_print_req_error: 24 callbacks suppressed [ 703.815062][ T1071] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 703.833710][ T1071] buffer_io_error: 23 callbacks suppressed [ 703.833724][ T1071] Buffer I/O error on dev nbd6, logical block 0, async page read [ 703.855429][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 703.875515][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 703.925339][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.002267][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.012748][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.024211][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.034094][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.044987][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.054517][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.065443][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.074885][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.085771][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.095412][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.106506][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.116460][T16632] ldm_validate_partition_table(): Disk read failed. [ 704.125309][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.136622][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.146128][T16632] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 704.157132][T16632] Buffer I/O error on dev nbd6, logical block 0, async page read [ 704.166719][T16632] Dev nbd6: unable to read RDB block 0 [ 704.173902][T16632] nbd6: unable to read partition table [ 704.193263][T16632] ldm_validate_partition_table(): Disk read failed. [ 704.201554][T16632] Dev nbd6: unable to read RDB block 0 [ 704.208577][T16632] nbd6: unable to read partition table [ 705.392488][T20600] Invalid ELF header magic: != ELF [ 705.771188][T20628] ptrace attach of "./syz-executor exec"[16328] was attempted by "./syz-executor exec"[20628] [ 709.512397][T20733] nbd7: detected capacity change from 0 to 68719476736 [ 709.537264][T16632] block nbd7: Send control failed (result -22) [ 709.578440][T16632] block nbd7: Request send failed, requeueing [ 709.651638][ T43] block nbd7: Dead connection, failed to find a fallback [ 709.660201][ T43] block nbd7: shutting down sockets [ 709.667039][ T43] blk_print_req_error: 24 callbacks suppressed [ 709.667056][ T43] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.685721][ T43] buffer_io_error: 23 callbacks suppressed [ 709.685735][ T43] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.706119][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.717083][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.726830][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.737742][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.747751][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.759701][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.769517][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.780497][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.789954][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.801012][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.810485][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.821502][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.830929][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.842410][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.851736][T16632] ldm_validate_partition_table(): Disk read failed. [ 709.860716][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.871994][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.881496][T16632] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 709.892427][T16632] Buffer I/O error on dev nbd7, logical block 0, async page read [ 709.901936][T16632] Dev nbd7: unable to read RDB block 0 [ 709.910807][T16632] nbd7: unable to read partition table [ 709.920062][T16632] ldm_validate_partition_table(): Disk read failed. [ 709.928369][T16632] Dev nbd7: unable to read RDB block 0 [ 709.935507][T16632] nbd7: unable to read partition table [ 711.541164][T20776] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3895'. [ 711.814433][T20783] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3897'. [ 712.147254][T20783] hsr_slave_1 (unregistering): left promiscuous mode [ 713.380303][T20823] delete_channel: no stack [ 713.397195][T20820] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3909'. [ 714.393363][T20857] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3922'. [ 716.539731][T20894] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3933'. [ 716.571506][T20894] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3933'. [ 720.184244][T20943] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3945'. [ 720.282650][T20946] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3945'. [ 720.673598][T20951] nbd8: detected capacity change from 0 to 68719476736 [ 720.833235][T17013] block nbd8: Send control failed (result -22) [ 720.850893][T17013] block nbd8: Request send failed, requeueing [ 720.866645][ T5831] block nbd8: Receive control failed (result -32) [ 720.878987][ T1071] block nbd8: Dead connection, failed to find a fallback [ 720.888117][ T1071] block nbd8: shutting down sockets [ 720.894510][ T1071] blk_print_req_error: 24 callbacks suppressed [ 720.894526][ T1071] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 720.914295][ T1071] buffer_io_error: 23 callbacks suppressed [ 720.914312][ T1071] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.002934][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.022653][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.043321][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.064679][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.076006][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.092232][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.101625][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.126134][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.137127][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.148127][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.157587][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.168496][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.178173][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.189186][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.198675][T17013] ldm_validate_partition_table(): Disk read failed. [ 721.206722][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.218663][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.230673][T17013] I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 721.241985][T17013] Buffer I/O error on dev nbd8, logical block 0, async page read [ 721.251928][T17013] Dev nbd8: unable to read RDB block 0 [ 721.259185][T17013] nbd8: unable to read partition table [ 721.277859][T17013] ldm_validate_partition_table(): Disk read failed. [ 721.292609][T17013] Dev nbd8: unable to read RDB block 0 [ 721.299672][T17013] nbd8: unable to read partition table [ 724.416842][T20985] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3959'. [ 727.512495][T21047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3978'. [ 728.039256][T21053] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3979'. [ 728.252606][T21057] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3979'. [ 728.446243][ T8711] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 728.456674][ T8711] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 728.466244][ T8711] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 728.538888][ T8711] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 728.550503][ T8711] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 728.563409][ T8711] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 728.756323][T21063] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3982'. [ 728.792018][T21063] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3982'. [ 729.340976][T21072] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3984'. [ 729.553285][T21060] chnl_net:caif_netlink_parms(): no params data found [ 730.436141][T21060] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.452371][T21060] bridge0: port 1(bridge_slave_0) entered disabled state [ 730.470897][T21060] bridge_slave_0: entered allmulticast mode [ 730.485716][T21060] bridge_slave_0: entered promiscuous mode [ 730.512883][T21060] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.521758][T21060] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.535920][T21060] bridge_slave_1: entered allmulticast mode [ 730.565323][T21060] bridge_slave_1: entered promiscuous mode [ 730.652269][ T5831] Bluetooth: hci2: command tx timeout [ 730.746301][T21060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.785152][T21060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.914661][T21060] team0: Port device team_slave_0 added [ 730.934481][T21060] team0: Port device team_slave_1 added [ 731.021720][T21060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 731.043992][T21060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.112187][T21060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 731.141866][T21060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 731.156976][T21060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.262218][T21060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 731.441297][T21060] hsr_slave_0: entered promiscuous mode [ 731.502483][T21060] hsr_slave_1: entered promiscuous mode [ 731.552445][T21060] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 731.582197][T21060] Cannot create hsr debugfs directory [ 732.051592][T21060] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.171483][T21120] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3993'. [ 732.212319][T21120] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3993'. [ 732.323929][T21060] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.609117][T21060] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.732813][ T5831] Bluetooth: hci2: command tx timeout [ 732.835374][T21060] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 733.441999][T21060] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 733.659756][T21060] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 733.702411][T21060] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 733.727554][T21060] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 734.812311][ T5831] Bluetooth: hci2: command tx timeout [ 735.048249][T21060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 735.214098][T21060] 8021q: adding VLAN 0 to HW filter on device team0 [ 735.243445][T20475] bridge0: port 1(bridge_slave_0) entered blocking state [ 735.251951][T20475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 735.279171][T20475] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.287719][T20475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 735.861032][T21060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 735.975630][T21060] veth0_vlan: entered promiscuous mode [ 735.987396][T21060] veth1_vlan: entered promiscuous mode [ 736.046306][T21060] veth0_macvtap: entered promiscuous mode [ 736.056812][T21060] veth1_macvtap: entered promiscuous mode [ 736.077623][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.090453][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.112175][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.125506][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.137331][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.149917][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.162089][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.175447][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.187651][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.200264][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.212394][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.225010][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.240025][T21060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 736.251508][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.264658][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.277010][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.289968][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.302190][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.314754][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.326631][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.339234][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.351070][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.363974][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.376462][T21060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.389322][T21060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.402274][T21060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 736.588634][T21060] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.612331][T21060] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.662291][T21060] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.692385][T21060] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.892834][ T5831] Bluetooth: hci2: command tx timeout [ 737.062208][T21205] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4017'. [ 737.363457][ T548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 737.399610][ T548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 737.634719][ T3433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 737.682348][ T3433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 739.108293][ T29] audit: type=1326 audit(1734614697.224:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21226 comm="syz.1.4023" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa187385d29 code=0x0 [ 739.195618][T21236] nfsd: Unknown parameter 'IPVS' [ 742.432459][T21300] nbd9: detected capacity change from 0 to 68719476736 [ 742.460364][T16632] block nbd9: Send control failed (result -22) [ 742.467906][T16632] block nbd9: Request send failed, requeueing [ 742.515028][ T43] block nbd9: Dead connection, failed to find a fallback [ 742.526285][ T43] block nbd9: shutting down sockets [ 742.532982][ T43] blk_print_req_error: 24 callbacks suppressed [ 742.532999][ T43] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.551286][ T43] buffer_io_error: 23 callbacks suppressed [ 742.551302][ T43] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.567725][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.579041][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.588503][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.599417][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.608861][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.620162][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.642406][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.665064][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.710602][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.767595][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.826603][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.872252][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.881680][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 742.922157][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 742.959600][T16632] ldm_validate_partition_table(): Disk read failed. [ 743.012263][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 743.042265][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 743.064642][T16632] I/O error, dev nbd9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 743.090819][T16632] Buffer I/O error on dev nbd9, logical block 0, async page read [ 743.155567][T16632] Dev nbd9: unable to read RDB block 0 [ 743.181101][T16632] nbd9: unable to read partition table [ 743.228229][T16632] ldm_validate_partition_table(): Disk read failed. [ 743.262845][T16632] Dev nbd9: unable to read RDB block 0 [ 743.290273][T16632] nbd9: unable to read partition table [ 744.574393][T21343] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4055'. [ 744.635068][T21345] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4055'. [ 745.785564][ T29] audit: type=1326 audit(1734615726.911:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21362 comm="syz.0.4059" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc15bd85d29 code=0x0 [ 746.082215][ T29] audit: type=1326 audit(1734615727.201:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21347 comm="syz.4.4057" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8017d85d29 code=0x0 [ 746.248311][T21369] nfsd: Unknown parameter 'IPVS' [ 747.462678][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.470243][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.172505][ T29] audit: type=1326 audit(1734615732.281:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21413 comm="syz.0.4072" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc15bd85d29 code=0x0 [ 751.198464][ C0] vkms_vblank_simulate: vblank timer overrun [ 751.483105][T21421] nfsd: Unknown parameter 'IPVS' [ 753.026426][T21445] Process accounting resumed [ 753.399205][T21452] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4095'. [ 756.107932][T21480] CIFS mount error: No usable UNC path provided in device string! [ 756.107932][T21480] [ 756.217827][T21480] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 756.473552][T21487] kAFS: unparsable volume name [ 756.512924][T21483] nbd10: detected capacity change from 0 to 68719476736 [ 756.609813][T21316] block nbd10: Send control failed (result -22) [ 756.632349][T21316] block nbd10: Request send failed, requeueing [ 756.672660][ T43] block nbd10: Dead connection, failed to find a fallback [ 756.681297][ T43] block nbd10: shutting down sockets [ 756.687798][ T43] blk_print_req_error: 24 callbacks suppressed [ 756.687815][ T43] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.707270][ T43] buffer_io_error: 23 callbacks suppressed [ 756.707287][ T43] Buffer I/O error on dev nbd10, logical block 0, async page read [ 756.748298][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.801999][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 756.843584][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.899364][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 756.942430][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.002314][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.011869][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.104988][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.172304][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.232200][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.241744][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.287968][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.322541][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.345457][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.369461][T21316] ldm_validate_partition_table(): Disk read failed. [ 757.382042][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.420859][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.454422][T21316] I/O error, dev nbd10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.492281][T21316] Buffer I/O error on dev nbd10, logical block 0, async page read [ 757.501935][T21316] Dev nbd10: unable to read RDB block 0 [ 757.539797][T21316] nbd10: unable to read partition table [ 757.570062][T21316] ldm_validate_partition_table(): Disk read failed. [ 757.610754][T21316] Dev nbd10: unable to read RDB block 0 [ 757.632841][T21316] nbd10: unable to read partition table [ 758.242154][ T29] audit: type=1326 audit(1734616762.349:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21508 comm="syz.2.4099" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1bb7185d29 code=0x0 [ 762.661113][T21565] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4114'. [ 763.074320][ T29] audit: type=1326 audit(1734617790.206:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21560 comm="syz.4.4113" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8017d85d29 code=0x0 [ 765.593992][T21604] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4126'. [ 768.770733][T21634] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4135'. [ 768.923727][T21638] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4135'. [ 770.072259][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 770.594691][ T29] audit: type=1800 audit(1734619843.732:17): pid=21651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4138" name="features" dev="configfs" ino=69659 res=0 errno=0 [ 770.702234][ T29] audit: type=1800 audit(1734619843.772:18): pid=21655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4138" name="dbroot" dev="configfs" ino=69662 res=0 errno=0 [ 770.726420][ C1] vkms_vblank_simulate: vblank timer overrun [ 771.595069][T21662] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4144'. [ 774.092588][T21663] nbd11: detected capacity change from 0 to 68719476736 [ 774.106732][T21316] block nbd11: Send control failed (result -22) [ 774.132210][T21316] block nbd11: Request send failed, requeueing [ 774.154101][ T43] block nbd11: Dead connection, failed to find a fallback [ 774.163731][ T43] block nbd11: shutting down sockets [ 774.170089][ T43] blk_print_req_error: 24 callbacks suppressed [ 774.170105][ T43] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.189159][ T43] buffer_io_error: 23 callbacks suppressed [ 774.189174][ T43] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.206115][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.258281][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.320525][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.333009][T21663] syz.4.4143 (21663) used greatest stack depth: 17392 bytes left [ 774.388752][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.423512][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.469805][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.510540][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.542296][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.551809][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.612267][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.642563][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.682213][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.691720][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.727016][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.767561][T21316] ldm_validate_partition_table(): Disk read failed. [ 774.782557][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.811304][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.842538][T21316] I/O error, dev nbd11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 774.882427][T21316] Buffer I/O error on dev nbd11, logical block 0, async page read [ 774.892642][T21316] Dev nbd11: unable to read RDB block 0 [ 774.899743][T21316] nbd11: unable to read partition table [ 774.950502][T21316] ldm_validate_partition_table(): Disk read failed. [ 774.966018][T21316] Dev nbd11: unable to read RDB block 0 [ 774.992784][T21316] nbd11: unable to read partition table [ 775.880504][T21703] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4156'. [ 776.037495][T21703] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4156'. [ 780.388711][T21762] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4172'. [ 782.992673][T21796] nbd12: detected capacity change from 0 to 68719476736 [ 783.007582][T21316] block nbd12: Send control failed (result -22) [ 783.037752][T21316] block nbd12: Request send failed, requeueing [ 783.062708][ T5831] block nbd12: Receive control failed (result -32) [ 783.062794][ T1071] block nbd12: Dead connection, failed to find a fallback [ 783.083131][ T1071] block nbd12: shutting down sockets [ 783.089491][ T1071] blk_print_req_error: 24 callbacks suppressed [ 783.089507][ T1071] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.110103][ T1071] buffer_io_error: 23 callbacks suppressed [ 783.110118][ T1071] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.127031][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.194541][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.246493][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.249494][T21794] nfs: Unknown parameter 'DGzиiFϢ&MjoC#oXo\FBnj>./file0' [ 783.322180][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.331737][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.414359][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.442314][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.492217][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.535974][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.593152][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.610086][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.652258][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.661811][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.742230][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.751726][T21316] ldm_validate_partition_table(): Disk read failed. [ 783.793753][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.832170][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.841693][T21316] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 783.902028][T21316] Buffer I/O error on dev nbd12, logical block 0, async page read [ 783.933666][T21316] Dev nbd12: unable to read RDB block 0 [ 783.940792][T21316] nbd12: unable to read partition table [ 784.023272][T21316] ldm_validate_partition_table(): Disk read failed. [ 784.031608][T21316] Dev nbd12: unable to read RDB block 0 [ 784.081909][T21316] nbd12: unable to read partition table [ 786.620806][T21859] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4202'. [ 786.898582][T21865] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4205'. [ 786.952980][T21865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4205'. [ 790.283307][T21949] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4229'. [ 792.668245][T22007] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4246'. [ 794.166135][T22035] program syz.1.4256 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 794.613759][T22039] Process accounting resumed [ 796.463161][T22092] FAULT_INJECTION: forcing a failure. [ 796.463161][T22092] name failslab, interval 1, probability 0, space 0, times 0 [ 796.572522][T22092] CPU: 0 UID: 0 PID: 22092 Comm: syz.4.4271 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 796.585494][T22092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 796.597571][T22092] Call Trace: [ 796.601511][T22092] [ 796.605037][T22092] dump_stack_lvl+0x16c/0x1f0 [ 796.610674][T22092] should_fail_ex+0x497/0x5b0 [ 796.616313][T22092] ? fs_reclaim_acquire+0xae/0x150 [ 796.622485][T22092] should_failslab+0xc2/0x120 [ 796.628137][T22092] __kmalloc_noprof+0xce/0x4f0 [ 796.633880][T22092] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 796.640659][T22092] ? tomoyo_realpath_from_path+0xbf/0x710 [ 796.647556][T22092] tomoyo_realpath_from_path+0xbf/0x710 [ 796.654235][T22092] ? tomoyo_path_number_perm+0x235/0x5b0 [ 796.661025][T22092] tomoyo_path_number_perm+0x248/0x5b0 [ 796.667593][T22092] ? tomoyo_path_number_perm+0x235/0x5b0 [ 796.674398][T22092] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 796.681635][T22092] ? __pfx_lock_release+0x10/0x10 [ 796.687678][T22092] ? trace_lock_acquire+0x14e/0x1f0 [ 796.693966][T22092] ? lock_acquire+0x2f/0xb0 [ 796.699394][T22092] ? __fget_files+0x40/0x3a0 [ 796.704922][T22092] ? __fget_files+0x206/0x3a0 [ 796.710631][T22092] security_file_ioctl+0x9b/0x240 [ 796.716680][T22092] __x64_sys_ioctl+0xb7/0x200 [ 796.722312][T22092] do_syscall_64+0xcd/0x250 [ 796.727741][T22092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.734826][T22092] RIP: 0033:0x7f8017d85d29 [ 796.740132][T22092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.763670][T22092] RSP: 002b:00007f8018c48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 796.773784][T22092] RAX: ffffffffffffffda RBX: 00007f8017f76160 RCX: 00007f8017d85d29 [ 796.783361][T22092] RDX: 0000000000000002 RSI: 0000000000008936 RDI: 0020000000000003 [ 796.792938][T22092] RBP: 00007f8018c48090 R08: 0000000000000000 R09: 0000000000000000 [ 796.802514][T22092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 796.812088][T22092] R13: 0000000000000000 R14: 00007f8017f76160 R15: 00007ffdffd44af8 [ 796.821679][T22092] [ 796.825362][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.837709][T22092] ERROR: Out of memory at tomoyo_realpath_from_path. [ 797.608291][T22109] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4276'. [ 797.631787][T22107] FAULT_INJECTION: forcing a failure. [ 797.631787][T22107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 797.657633][T22107] CPU: 1 UID: 0 PID: 22107 Comm: syz.4.4275 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 797.670578][T22107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 797.682652][T22107] Call Trace: [ 797.686591][T22107] [ 797.690107][T22107] dump_stack_lvl+0x16c/0x1f0 [ 797.695734][T22107] should_fail_ex+0x497/0x5b0 [ 797.701375][T22107] _copy_from_user+0x2e/0xd0 [ 797.706907][T22107] move_addr_to_kernel+0x68/0x160 [ 797.712959][T22107] __sys_connect+0xb0/0x170 [ 797.718382][T22107] ? __pfx___sys_connect+0x10/0x10 [ 797.724543][T22107] ? __pfx_ksys_write+0x10/0x10 [ 797.730394][T22107] __x64_sys_connect+0x72/0xb0 [ 797.736125][T22107] ? lockdep_hardirqs_on+0x7c/0x110 [ 797.742380][T22107] do_syscall_64+0xcd/0x250 [ 797.747810][T22107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.754897][T22107] RIP: 0033:0x7f8017d85d29 [ 797.760199][T22107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.783734][T22107] RSP: 002b:00007f8018c8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 797.793865][T22107] RAX: ffffffffffffffda RBX: 00007f8017f75fa0 RCX: 00007f8017d85d29 [ 797.803445][T22107] RDX: 0000000000000055 RSI: 00000000200000c0 RDI: 0000000000000003 [ 797.813025][T22107] RBP: 00007f8018c8a090 R08: 0000000000000000 R09: 0000000000000000 [ 797.822599][T22107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 797.832171][T22107] R13: 0000000000000000 R14: 00007f8017f75fa0 R15: 00007ffdffd44af8 [ 797.841762][T22107] [ 800.023390][T22155] blk_print_req_error: 24 callbacks suppressed [ 800.023411][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.117701][T22155] buffer_io_error: 23 callbacks suppressed [ 800.117720][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.205520][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.252388][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.299368][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.332319][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.371240][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.399838][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.419668][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.447951][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.460057][T22162] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4289'. [ 800.467663][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.496738][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.512268][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.542157][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.568838][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.620150][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.631116][T22155] ldm_validate_partition_table(): Disk read failed. [ 800.651040][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.709603][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.732725][T22155] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 800.772612][T22155] Buffer I/O error on dev nbd12, logical block 0, async page read [ 800.796989][T22155] Dev nbd12: unable to read RDB block 0 [ 800.810564][T22155] nbd12: unable to read partition table [ 802.901546][T22203] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4300'. [ 803.312772][T22206] nbd: must specify at least one socket [ 804.638404][T22220] netlink: 'syz.0.4305': attribute type 1 has an invalid length. [ 805.696628][T22240] FAULT_INJECTION: forcing a failure. [ 805.696628][T22240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 805.742259][T22240] CPU: 0 UID: 0 PID: 22240 Comm: syz.1.4311 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 805.755197][T22240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 805.767248][T22240] Call Trace: [ 805.771168][T22240] [ 805.774673][T22240] dump_stack_lvl+0x16c/0x1f0 [ 805.780282][T22240] should_fail_ex+0x497/0x5b0 [ 805.785891][T22240] _copy_from_user+0x2e/0xd0 [ 805.791398][T22240] copy_msghdr_from_user+0x99/0x160 [ 805.797638][T22240] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 805.804624][T22240] ___sys_sendmsg+0xff/0x1e0 [ 805.810134][T22240] ? __pfx____sys_sendmsg+0x10/0x10 [ 805.816379][T22240] ? __pfx_lock_release+0x10/0x10 [ 805.822403][T22240] ? trace_lock_acquire+0x14e/0x1f0 [ 805.828642][T22240] ? __fget_files+0x206/0x3a0 [ 805.834251][T22240] __sys_sendmsg+0x16e/0x220 [ 805.839755][T22240] ? __pfx___sys_sendmsg+0x10/0x10 [ 805.845903][T22240] do_syscall_64+0xcd/0x250 [ 805.851299][T22240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.858366][T22240] RIP: 0033:0x7fa187385d29 [ 805.863652][T22240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 805.887167][T22240] RSP: 002b:00007fa188125038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 805.897252][T22240] RAX: ffffffffffffffda RBX: 00007fa187575fa0 RCX: 00007fa187385d29 [ 805.906816][T22240] RDX: 0000000000004010 RSI: 00000000200023c0 RDI: 0000000000000007 [ 805.916380][T22240] RBP: 00007fa188125090 R08: 0000000000000000 R09: 0000000000000000 [ 805.925933][T22240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.935480][T22240] R13: 0000000000000000 R14: 00007fa187575fa0 R15: 00007fffb70e6808 [ 805.945042][T22240] [ 805.948662][ C0] vkms_vblank_simulate: vblank timer overrun [ 807.500018][T22271] binder: 22270:22271 ioctl 40044900 800000000000003 returned -22 [ 808.136565][T22280] FAULT_INJECTION: forcing a failure. [ 808.136565][T22280] name failslab, interval 1, probability 0, space 0, times 0 [ 808.216502][T22280] CPU: 1 UID: 0 PID: 22280 Comm: syz.0.4321 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 808.229457][T22280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 808.241535][T22280] Call Trace: [ 808.245473][T22280] [ 808.248999][T22280] dump_stack_lvl+0x16c/0x1f0 [ 808.254632][T22280] should_fail_ex+0x497/0x5b0 [ 808.260257][T22280] ? fs_reclaim_acquire+0xae/0x150 [ 808.266420][T22280] should_failslab+0xc2/0x120 [ 808.272055][T22280] __kmalloc_noprof+0xce/0x4f0 [ 808.277787][T22280] ? tomoyo_encode2+0x100/0x3e0 [ 808.283627][T22280] tomoyo_encode2+0x100/0x3e0 [ 808.289255][T22280] tomoyo_realpath_from_path+0x1a7/0x710 [ 808.296034][T22280] ? tomoyo_path_number_perm+0x235/0x5b0 [ 808.302821][T22280] tomoyo_path_number_perm+0x248/0x5b0 [ 808.309391][T22280] ? tomoyo_path_number_perm+0x235/0x5b0 [ 808.316171][T22280] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 808.323814][T22280] ? __pfx_lock_release+0x10/0x10 [ 808.329849][T22280] ? trace_lock_acquire+0x14e/0x1f0 [ 808.336103][T22280] ? lock_acquire+0x2f/0xb0 [ 808.341511][T22280] ? __fget_files+0x40/0x3a0 [ 808.347037][T22280] ? __fget_files+0x206/0x3a0 [ 808.352669][T22280] security_file_ioctl+0x9b/0x240 [ 808.358713][T22280] __x64_sys_ioctl+0xb7/0x200 [ 808.364342][T22280] do_syscall_64+0xcd/0x250 [ 808.369772][T22280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.376860][T22280] RIP: 0033:0x7fc15bd85d29 [ 808.382161][T22280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 808.405694][T22280] RSP: 002b:00007fc15cbe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 808.415799][T22280] RAX: ffffffffffffffda RBX: 00007fc15bf76160 RCX: 00007fc15bd85d29 [ 808.425686][T22280] RDX: 0000000000000002 RSI: 0000000000008936 RDI: 0020000000000003 [ 808.435258][T22280] RBP: 00007fc15cbe2090 R08: 0000000000000000 R09: 0000000000000000 [ 808.444844][T22280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 808.454414][T22280] R13: 0000000000000000 R14: 00007fc15bf76160 R15: 00007fffdd173d98 [ 808.464005][T22280] [ 808.567621][T22280] ERROR: Out of memory at tomoyo_realpath_from_path. [ 808.895854][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.906657][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.727306][T22303] netlink: 93 bytes leftover after parsing attributes in process `syz.0.4322'. [ 810.511906][T22315] FAULT_INJECTION: forcing a failure. [ 810.511906][T22315] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 810.642386][T22315] CPU: 0 UID: 0 PID: 22315 Comm: syz.0.4329 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 810.655340][T22315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 810.667416][T22315] Call Trace: [ 810.671353][T22315] [ 810.674874][T22315] dump_stack_lvl+0x16c/0x1f0 [ 810.680506][T22315] should_fail_ex+0x497/0x5b0 [ 810.686142][T22315] _copy_to_user+0x32/0xd0 [ 810.691463][T22315] simple_read_from_buffer+0xd0/0x160 [ 810.697939][T22315] proc_fail_nth_read+0x198/0x270 [ 810.703992][T22315] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 810.710674][T22315] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 810.717349][T22315] vfs_read+0x1df/0xbe0 [ 810.722350][T22315] ? __might_fault+0xe3/0x190 [ 810.727983][T22315] ? __pfx_vfs_read+0x10/0x10 [ 810.733604][T22315] ? _copy_from_user+0x59/0xd0 [ 810.739337][T22315] ? __sys_connect_file+0x148/0x1a0 [ 810.745594][T22315] ? __sys_connect+0xf2/0x170 [ 810.751223][T22315] ? __pfx___sys_connect+0x10/0x10 [ 810.757383][T22315] ksys_read+0x12b/0x250 [ 810.762489][T22315] ? __pfx_ksys_read+0x10/0x10 [ 810.768223][T22315] do_syscall_64+0xcd/0x250 [ 810.773645][T22315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.780731][T22315] RIP: 0033:0x7fc15bd8473c [ 810.786033][T22315] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 810.809572][T22315] RSP: 002b:00007fc15cc03030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 810.819676][T22315] RAX: ffffffffffffffda RBX: 00007fc15bf76080 RCX: 00007fc15bd8473c [ 810.829251][T22315] RDX: 000000000000000f RSI: 00007fc15cc030a0 RDI: 0000000000000003 [ 810.838824][T22315] RBP: 00007fc15cc03090 R08: 0000000000000000 R09: 0000000000000000 [ 810.848399][T22315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 810.857974][T22315] R13: 0000000000000000 R14: 00007fc15bf76080 R15: 00007fffdd173d98 [ 810.867562][T22315] [ 810.979058][T22321] capability: warning: `syz.1.4332' uses 32-bit capabilities (legacy support in use) [ 810.998450][T22320] FAULT_INJECTION: forcing a failure. [ 810.998450][T22320] name failslab, interval 1, probability 0, space 0, times 0 [ 811.080419][T22320] CPU: 0 UID: 0 PID: 22320 Comm: syz.4.4331 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 811.093365][T22320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 811.105442][T22320] Call Trace: [ 811.109389][T22320] [ 811.112917][T22320] dump_stack_lvl+0x16c/0x1f0 [ 811.118549][T22320] should_fail_ex+0x497/0x5b0 [ 811.124493][T22320] ? fs_reclaim_acquire+0xae/0x150 [ 811.130645][T22320] should_failslab+0xc2/0x120 [ 811.136306][T22320] __kmalloc_noprof+0xce/0x4f0 [ 811.142043][T22320] ? rcu_is_watching+0x12/0xc0 [ 811.147779][T22320] ? kernfs_fop_write_iter+0x223/0x500 [ 811.154352][T22320] kernfs_fop_write_iter+0x223/0x500 [ 811.160718][T22320] vfs_write+0x5ae/0x1150 [ 811.165924][T22320] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 811.172917][T22320] ? __pfx___mutex_lock+0x10/0x10 [ 811.178960][T22320] ? __pfx_vfs_write+0x10/0x10 [ 811.184743][T22320] ksys_write+0x12b/0x250 [ 811.189955][T22320] ? __pfx_ksys_write+0x10/0x10 [ 811.195812][T22320] do_syscall_64+0xcd/0x250 [ 811.201245][T22320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.208350][T22320] RIP: 0033:0x7f8017d85d29 [ 811.213652][T22320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 811.237200][T22320] RSP: 002b:00007f8018c8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 811.247312][T22320] RAX: ffffffffffffffda RBX: 00007f8017f75fa0 RCX: 00007f8017d85d29 [ 811.256890][T22320] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000005 [ 811.266461][T22320] RBP: 00007f8018c8a090 R08: 0000000000000000 R09: 0000000000000000 [ 811.276044][T22320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 811.285621][T22320] R13: 0000000000000000 R14: 00007f8017f75fa0 R15: 00007ffdffd44af8 [ 811.295210][T22320] [ 812.843930][T22367] Invalid ELF header magic: != ELF [ 820.064591][T22527] usb usb15: usbfs: interface 0 claimed by hub while 'syz.4.4389' sets config #0 [ 820.678358][T22542] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4395'. [ 822.074337][T22590] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4409'. [ 822.277041][T22596] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4410'. [ 823.195513][T22607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4415'. [ 823.283041][T22607] veth1_macvtap: left promiscuous mode [ 823.289630][T22607] macsec0: entered promiscuous mode [ 823.410922][T22626] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4422'. [ 823.440383][T22625] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4421'. [ 825.355489][T22675] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4435'. [ 825.441862][T22679] usb usb6: check_ctrlrecip: process 22679 (syz.1.4430) requesting ep 01 but needs 81 [ 825.455308][T22679] usb usb6: usbfs: process 22679 (syz.1.4430) did not claim interface 0 before use [ 826.572888][T22690] netlink: 93 bytes leftover after parsing attributes in process `syz.2.4433'. [ 827.591508][T22722] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4447'. [ 829.814339][T22765] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4458'. [ 830.895041][T22771] netlink: 93 bytes leftover after parsing attributes in process `syz.4.4457'. [ 833.938573][T22825] netlink: 334 bytes leftover after parsing attributes in process `syz.4.4474'. [ 837.273808][T22849] netlink: 'syz.4.4479': attribute type 4 has an invalid length. [ 837.456535][ T29] audit: type=1800 audit(1734622988.606:19): pid=22863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4481" name="discovery_nqn" dev="configfs" ino=74514 res=0 errno=0 [ 839.404841][T22882] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4486'. [ 839.746655][T22882] mac80211_hwsim hwsim79 wlan1: entered allmulticast mode [ 840.422597][T22913] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4496'. [ 842.109980][T22957] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4509'. [ 842.140054][T22957] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4509'. [ 847.513685][ T29] audit: type=1800 audit(1734625044.669:20): pid=23062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4541" name="discovery_nqn" dev="configfs" ino=76038 res=0 errno=0 [ 847.563461][T23062] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4541'. [ 851.534137][T23138] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4563'. [ 851.936684][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 852.095039][T23149] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 852.106105][T23149] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 852.115667][T23149] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 852.124997][T23149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 852.134637][T23149] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 852.143349][T23149] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 852.371174][T23155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4569'. [ 853.241259][T23143] chnl_net:caif_netlink_parms(): no params data found [ 853.472869][T23168] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4574'. [ 854.333959][ T5831] Bluetooth: hci3: command tx timeout [ 854.462413][T23143] bridge0: port 1(bridge_slave_0) entered blocking state [ 854.470975][T23143] bridge0: port 1(bridge_slave_0) entered disabled state [ 854.492727][T23143] bridge_slave_0: entered allmulticast mode [ 854.500936][T23143] bridge_slave_0: entered promiscuous mode [ 854.554156][T23143] bridge0: port 2(bridge_slave_1) entered blocking state [ 854.590135][T23143] bridge0: port 2(bridge_slave_1) entered disabled state [ 854.622111][T23143] bridge_slave_1: entered allmulticast mode [ 854.644568][T23143] bridge_slave_1: entered promiscuous mode [ 854.884896][T23143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 854.919847][T23143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 855.144050][T23143] team0: Port device team_slave_0 added [ 855.239022][T23143] team0: Port device team_slave_1 added [ 855.368744][T23143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 855.402228][T23143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 855.480388][T23143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 855.512559][T23143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 855.531060][T23143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 855.615824][T23143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 856.020038][T23143] hsr_slave_0: entered promiscuous mode [ 856.034486][T23143] hsr_slave_1: entered promiscuous mode [ 856.080442][T23143] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 856.090118][T23143] Cannot create hsr debugfs directory [ 856.422286][ T5831] Bluetooth: hci3: command tx timeout [ 856.763159][T23143] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 857.121679][T23143] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 857.318572][T23143] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 857.482655][T23201] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4582'. [ 857.515490][T23143] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 857.826090][T23143] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 857.894660][T23143] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 857.955183][T23143] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 858.004851][T23143] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 858.204362][T23143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 858.259826][T23143] 8021q: adding VLAN 0 to HW filter on device team0 [ 858.323906][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 858.332445][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 858.383200][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 858.391735][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 858.492151][ T5831] Bluetooth: hci3: command tx timeout [ 858.905449][T23143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 859.007773][T23143] veth0_vlan: entered promiscuous mode [ 859.049377][T23143] veth1_vlan: entered promiscuous mode [ 859.081780][T23143] veth0_macvtap: entered promiscuous mode [ 859.093339][T23143] veth1_macvtap: entered promiscuous mode [ 859.116547][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.182192][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.212264][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.232621][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.253180][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.292414][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.312506][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.332653][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.364775][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.388959][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.411015][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.442159][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.462179][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 859.499173][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.533876][T23143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 859.575139][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 859.613196][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.632150][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 859.662316][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.716945][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 859.762868][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.812158][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 859.825514][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.862150][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 859.902133][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.930434][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 859.962126][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.996149][T23143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 860.027109][T23231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4597'. [ 860.042115][T23143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.066995][T23143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 860.229863][T23143] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.260164][T23143] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.291809][T23143] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.311708][T23143] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 860.575962][ T5831] Bluetooth: hci3: command tx timeout [ 860.955572][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 860.985299][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 861.057098][T16252] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 861.088190][T16252] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 861.417058][T23253] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4592'. [ 861.482961][T23253] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4592'. [ 861.753208][T23263] nbd13: detected capacity change from 0 to 68719476736 [ 861.769577][T21316] block nbd13: Send control failed (result -22) [ 861.789617][T21316] block nbd13: Request send failed, requeueing [ 861.821448][ T5831] block nbd13: Receive control failed (result -32) [ 861.821546][ T43] block nbd13: Dead connection, failed to find a fallback [ 861.839038][ T43] block nbd13: shutting down sockets [ 861.845474][ T43] blk_print_req_error: 6 callbacks suppressed [ 861.845490][ T43] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 861.867362][ T43] buffer_io_error: 6 callbacks suppressed [ 861.867378][ T43] Buffer I/O error on dev nbd13, logical block 0, async page read [ 861.891103][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 861.912136][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 861.932375][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 861.943591][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 861.953169][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 861.964877][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 861.974999][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 861.986427][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 861.996344][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 862.008083][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 862.018590][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 862.030504][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 862.040815][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 862.051891][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 862.061374][T21316] ldm_validate_partition_table(): Disk read failed. [ 862.069650][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 862.080883][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 862.090420][T21316] I/O error, dev nbd13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 862.101878][T21316] Buffer I/O error on dev nbd13, logical block 0, async page read [ 862.112780][T21316] Dev nbd13: unable to read RDB block 0 [ 862.119899][T21316] nbd13: unable to read partition table [ 862.147704][T21316] ldm_validate_partition_table(): Disk read failed. [ 862.156135][T21316] Dev nbd13: unable to read RDB block 0 [ 862.163305][T21316] nbd13: unable to read partition table [ 865.207154][T23349] openvswitch: netlink: IP tunnel dst address not specified [ 866.583936][T23378] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 866.648132][T23378] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 867.896674][T23372] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4630'. [ 868.904953][T23395] HfR: entered promiscuous mode [ 870.338749][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.346520][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.657474][T23426] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4642'. [ 870.712306][T23424] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4642'. [ 871.137330][T23443] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4645'. [ 871.165484][T23443] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4645'. [ 871.561066][T23453] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4647'. [ 872.906626][T23471] program syz.4.4651 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 873.542742][T23485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4657'. [ 873.940020][T23487] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4656'. [ 874.008503][T23492] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4656'. [ 874.822592][T23483] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4655'. [ 875.441959][T23520] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4668'. [ 875.942783][T23522] nbd14: detected capacity change from 0 to 68719476736 [ 875.986874][T21316] block nbd14: Send control failed (result -22) [ 876.046451][T21316] block nbd14: Request send failed, requeueing [ 876.072362][ T43] block nbd14: Dead connection, failed to find a fallback [ 876.080987][ T43] block nbd14: shutting down sockets [ 876.087918][ T43] blk_print_req_error: 24 callbacks suppressed [ 876.087935][ T43] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.106801][ T43] buffer_io_error: 23 callbacks suppressed [ 876.106815][ T43] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.124120][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.142139][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.162262][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.232835][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.283016][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.332189][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.362263][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.398549][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.442311][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.491834][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.541169][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.597419][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.664021][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.712152][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.742185][T21316] ldm_validate_partition_table(): Disk read failed. [ 876.762486][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.811498][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.830858][T21316] I/O error, dev nbd14, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 876.862156][T21316] Buffer I/O error on dev nbd14, logical block 0, async page read [ 876.886937][T21316] Dev nbd14: unable to read RDB block 0 [ 876.908184][T21316] nbd14: unable to read partition table [ 876.937671][T21316] ldm_validate_partition_table(): Disk read failed. [ 876.963504][T21316] Dev nbd14: unable to read RDB block 0 [ 876.985646][T21316] nbd14: unable to read partition table [ 877.827333][T23542] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4673'. [ 878.164186][T23552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4677'. [ 878.512335][T23565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4679'. [ 879.175740][T23574] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4683'. [ 879.303333][T23577] netlink: 'syz.1.4684': attribute type 4 has an invalid length. [ 879.329964][T23574] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4683'. [ 879.983961][T23590] usb usb15: usbfs: interface 0 claimed by hub while 'syz.1.4689' sets config #0 [ 881.250795][T23562] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4678'. [ 883.709349][T23600] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4691'. [ 883.753586][T23605] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4691'. [ 884.692245][T23631] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4704'. [ 884.724752][T23631] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4704'. [ 885.044546][T23640] netlink: 'syz.4.4707': attribute type 22 has an invalid length. [ 886.737223][T23679] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4717'. [ 886.783303][T23681] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 887.836963][T23703] ucma_write: process 1518 (syz.0.4727) changed security contexts after opening file descriptor, this is not allowed. [ 888.612688][T23717] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4732'. [ 888.626238][T23715] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4731'. [ 888.657649][T23722] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4732'. [ 888.682798][T23715] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4731'. [ 890.218383][T23757] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4744'. [ 890.303963][T23760] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4744'. [ 890.452362][T23763] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4745'. [ 890.489741][T23763] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4745'. [ 891.182760][T23777] nbd15: detected capacity change from 0 to 68719476736 [ 891.209197][T21316] block nbd15: Send control failed (result -22) [ 891.216975][T21316] block nbd15: Request send failed, requeueing [ 891.226300][ T5831] block nbd15: Receive control failed (result -32) [ 891.226398][ T1071] block nbd15: Dead connection, failed to find a fallback [ 891.243294][ T1071] block nbd15: shutting down sockets [ 891.250075][ T1071] blk_print_req_error: 24 callbacks suppressed [ 891.250092][ T1071] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.269175][ T1071] buffer_io_error: 23 callbacks suppressed [ 891.269191][ T1071] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.285838][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.302192][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.312617][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.342130][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.372872][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.422123][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.431903][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.475732][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.494749][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.527503][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.562419][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.592170][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.622324][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.652114][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.672174][T21316] ldm_validate_partition_table(): Disk read failed. [ 891.691165][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.709241][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.730883][T21316] I/O error, dev nbd15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 891.757827][T21316] Buffer I/O error on dev nbd15, logical block 0, async page read [ 891.785476][T21316] Dev nbd15: unable to read RDB block 0 [ 891.802804][T21316] nbd15: unable to read partition table [ 891.816376][T21316] ldm_validate_partition_table(): Disk read failed. [ 891.852445][T21316] Dev nbd15: unable to read RDB block 0 [ 891.871927][T21316] nbd15: unable to read partition table [ 892.080538][T23792] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4755'. [ 892.092896][T23792] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4755'. [ 894.304088][T23827] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4767'. [ 894.334425][T23827] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4767'. [ 894.737924][T23837] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 894.779730][T23838] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4772'. [ 894.840761][T23838] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4772'. [ 895.638252][T23853] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4783'. [ 895.652017][T23853] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4783'. [ 896.043598][T23862] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4777'. [ 896.157445][T23863] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4777'. [ 896.582092][T23878] blk_print_req_error: 24 callbacks suppressed [ 896.582114][T23878] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 896.601366][T23878] buffer_io_error: 23 callbacks suppressed [ 896.601383][T23878] Buffer I/O error on dev nbd12, logical block 0, async page read [ 896.608979][T23879] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4782'. [ 896.643486][T23878] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 896.662918][T23879] netlink: 252 bytes leftover after parsing attributes in process `syz.2.4782'. [ 896.671219][T23878] Buffer I/O error on dev nbd12, logical block 0, async page read [ 896.732695][T23878] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 896.756465][T23878] Buffer I/O error on dev nbd12, logical block 0, async page read [ 896.806816][T23883] ================================================================== [ 896.816502][T23883] BUG: KASAN: slab-out-of-bounds in nsim_dev_health_break_write+0x1be/0x1e0 [ 896.826927][T23883] Read of size 1 at addr ffff8880323361ff by task syz.4.4784/23883 [ 896.836398][T23883] [ 896.839191][T23883] CPU: 1 UID: 0 PID: 23883 Comm: syz.4.4784 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 896.852104][T23883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 896.864167][T23883] Call Trace: [ 896.868098][T23883] [ 896.871625][T23883] dump_stack_lvl+0x116/0x1f0 [ 896.877252][T23883] print_report+0xc3/0x620 [ 896.882574][T23883] ? __virt_addr_valid+0x5e/0x590 [ 896.888621][T23883] ? __phys_addr+0xc6/0x150 [ 896.894043][T23883] kasan_report+0xd9/0x110 [ 896.899358][T23883] ? nsim_dev_health_break_write+0x1be/0x1e0 [ 896.906550][T23883] ? nsim_dev_health_break_write+0x1be/0x1e0 [ 896.913754][T23883] nsim_dev_health_break_write+0x1be/0x1e0 [ 896.920737][T23883] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 896.928345][T23883] ? rcu_is_watching+0x12/0xc0 [ 896.934081][T23883] ? trace_lock_acquire+0x14e/0x1f0 [ 896.940337][T23883] full_proxy_write+0xfb/0x1b0 [ 896.946071][T23883] ? __pfx_full_proxy_write+0x10/0x10 [ 896.952535][T23883] vfs_write+0x24c/0x1150 [ 896.957750][T23883] ? __fget_files+0x1fc/0x3a0 [ 896.963376][T23883] ? __pfx___mutex_lock+0x10/0x10 [ 896.969420][T23883] ? __pfx_vfs_write+0x10/0x10 [ 896.975149][T23883] ? __fget_files+0x206/0x3a0 [ 896.980784][T23883] ksys_write+0x12b/0x250 [ 896.985995][T23883] ? __pfx_ksys_write+0x10/0x10 [ 896.991834][T23883] do_syscall_64+0xcd/0x250 [ 896.997254][T23883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.004349][T23883] RIP: 0033:0x7f8017d85d29 [ 897.006796][T23878] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 897.009631][T23883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 897.009662][T23883] RSP: 002b:00007f8018c48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 897.052216][T23878] Buffer I/O error on dev nbd12, logical block 0, async page read [ 897.054149][T23883] RAX: ffffffffffffffda RBX: 00007f8017f76160 RCX: 00007f8017d85d29 [ 897.054171][T23883] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000007 [ 897.054188][T23883] RBP: 00007f8017e01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 897.054206][T23883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 897.054223][T23883] R13: 0000000000000000 R14: 00007f8017f76160 R15: 00007ffdffd44af8 [ 897.111280][T23883] [ 897.114902][T23883] [ 897.117681][T23883] Allocated by task 1: [ 897.122552][T23883] kasan_save_stack+0x33/0x60 [ 897.128178][T23883] kasan_save_track+0x14/0x30 [ 897.133796][T23883] __kasan_kmalloc+0xaa/0xb0 [ 897.139311][T23883] __kmalloc_node_track_caller_noprof+0x21d/0x520 [ 897.147022][T23883] kstrdup+0x42/0xb0 [ 897.151701][T23883] kstrdup_const+0x63/0x80 [ 897.153035][T23878] I/O error, dev nbd12, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 897.156991][T23883] __kernfs_new_node+0x9c/0x890 [ 897.157019][T23883] kernfs_new_node+0x186/0x240 [ 897.179413][T23883] kernfs_create_dir_ns+0x4c/0x150 [ 897.185553][T23883] sysfs_create_dir_ns+0x13b/0x2b0 [ 897.191710][T23883] kobject_add_internal+0x2c8/0x990 [ 897.197958][T23883] kobject_init_and_add+0x11c/0x190 [ 897.204205][T23883] locate_module_kobject+0xf3/0x1a0 [ 897.210455][T23883] param_sysfs_builtin_init+0x1e0/0x3c0 [ 897.217121][T23883] do_one_initcall+0x128/0x630 [ 897.222832][T23883] kernel_init_freeable+0x58f/0x8b0 [ 897.229057][T23883] kernel_init+0x1c/0x2b0 [ 897.234243][T23883] ret_from_fork+0x45/0x80 [ 897.239525][T23883] ret_from_fork_asm+0x1a/0x30 [ 897.245241][T23883] [ 897.248006][T23883] The buggy address belongs to the object at ffff8880323361e0 [ 897.248006][T23883] which belongs to the cache kmalloc-8 of size 8 [ 897.264432][T23883] The buggy address is located 26 bytes to the right of [ 897.264432][T23883] allocated 5-byte region [ffff8880323361e0, ffff8880323361e5) [ 897.281695][T23883] [ 897.284462][T23883] The buggy address belongs to the physical page: [ 897.292141][T23883] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32336 [ 897.302644][T23883] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 897.311152][T23883] page_type: f5(slab) [ 897.315913][T23883] raw: 00fff00000000000 ffff88801ac41500 dead000000000100 dead000000000122 [ 897.326194][T23883] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 897.336473][T23883] page dumped because: kasan: bad access detected [ 897.344148][T23883] page_owner tracks the page as allocated [ 897.350979][T23883] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 17757743355, free_ts 17724411782 [ 897.373151][T23883] post_alloc_hook+0x2d1/0x350 [ 897.378859][T23883] get_page_from_freelist+0xfce/0x2f80 [ 897.385400][T23883] __alloc_pages_noprof+0x223/0x25b0 [ 897.391731][T23883] alloc_pages_mpol_noprof+0x2c9/0x610 [ 897.398277][T23883] new_slab+0x2c9/0x410 [ 897.403247][T23883] ___slab_alloc+0xce2/0x1650 [ 897.408841][T23883] __slab_alloc.constprop.0+0x56/0xb0 [ 897.415269][T23883] __kmalloc_cache_noprof+0xf6/0x420 [ 897.421594][T23883] add_sysfs_param+0x6c1/0x930 [ 897.427299][T23883] param_sysfs_builtin_init+0x253/0x3c0 [ 897.433951][T23883] do_one_initcall+0x128/0x630 [ 897.439656][T23883] kernel_init_freeable+0x58f/0x8b0 [ 897.445882][T23883] kernel_init+0x1c/0x2b0 [ 897.451068][T23883] ret_from_fork+0x45/0x80 [ 897.456353][T23883] ret_from_fork_asm+0x1a/0x30 [ 897.462062][T23883] page last free pid 25 tgid 25 stack trace: [ 897.469212][T23883] free_unref_page+0x661/0x1080 [ 897.475017][T23883] vfree+0x17a/0x890 [ 897.479675][T23883] delayed_vfree_work+0x56/0x70 [ 897.485479][T23883] process_one_work+0x958/0x1b30 [ 897.491384][T23883] worker_thread+0x6c8/0xf00 [ 897.496876][T23883] kthread+0x2c1/0x3a0 [ 897.501747][T23883] ret_from_fork+0x45/0x80 [ 897.507028][T23883] ret_from_fork_asm+0x1a/0x30 [ 897.512739][T23883] [ 897.515507][T23883] Memory state around the buggy address: [ 897.522237][T23883] ffff888032336080: 06 fc fc fc 05 fc fc fc fa fc fc fc 07 fc fc fc [ 897.531888][T23883] ffff888032336100: 07 fc fc fc fa fc fc fc 03 fc fc fc 03 fc fc fc [ 897.541544][T23883] >ffff888032336180: fa fc fc fc fa fc fc fc 05 fc fc fc 05 fc fc fc [ 897.551199][T23883] ^ [ 897.560749][T23883] ffff888032336200: 01 fc fc fc 07 fc fc fc 07 fc fc fc fa fc fc fc [ 897.570402][T23883] ffff888032336280: 06 fc fc fc 06 fc fc fc 06 fc fc fc fa fc fc fc [ 897.580051][T23883] ================================================================== [ 897.589770][ C1] vkms_vblank_simulate: vblank timer overrun [ 897.616775][T23883] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 897.625424][T23883] CPU: 0 UID: 0 PID: 23883 Comm: syz.4.4784 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 897.638341][T23883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 897.650407][T23883] Call Trace: [ 897.654341][T23883] [ 897.657858][T23883] dump_stack_lvl+0x3d/0x1f0 [ 897.663375][T23883] panic+0x71d/0x800 [ 897.668062][T23883] ? __pfx_panic+0x10/0x10 [ 897.673377][T23883] ? irqentry_exit+0x3b/0x90 [ 897.678902][T23883] ? lockdep_hardirqs_on+0x7c/0x110 [ 897.685180][T23883] ? preempt_schedule_thunk+0x1a/0x30 [ 897.691636][T23883] ? preempt_schedule_common+0x44/0xc0 [ 897.698200][T23883] check_panic_on_warn+0xab/0xb0 [ 897.704142][T23883] end_report+0x117/0x180 [ 897.709347][T23883] kasan_report+0xe9/0x110 [ 897.714657][T23883] ? nsim_dev_health_break_write+0x1be/0x1e0 [ 897.721846][T23883] ? nsim_dev_health_break_write+0x1be/0x1e0 [ 897.729037][T23883] nsim_dev_health_break_write+0x1be/0x1e0 [ 897.736014][T23883] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 897.743619][T23883] ? rcu_is_watching+0x12/0xc0 [ 897.749344][T23883] ? trace_lock_acquire+0x14e/0x1f0 [ 897.755597][T23883] full_proxy_write+0xfb/0x1b0 [ 897.761326][T23883] ? __pfx_full_proxy_write+0x10/0x10 [ 897.767785][T23883] vfs_write+0x24c/0x1150 [ 897.772994][T23883] ? __fget_files+0x1fc/0x3a0 [ 897.778618][T23883] ? __pfx___mutex_lock+0x10/0x10 [ 897.784658][T23883] ? __pfx_vfs_write+0x10/0x10 [ 897.790395][T23883] ? __fget_files+0x206/0x3a0 [ 897.796022][T23883] ksys_write+0x12b/0x250 [ 897.801226][T23883] ? __pfx_ksys_write+0x10/0x10 [ 897.807065][T23883] do_syscall_64+0xcd/0x250 [ 897.812484][T23883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.819573][T23883] RIP: 0033:0x7f8017d85d29 [ 897.824872][T23883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 897.848402][T23883] RSP: 002b:00007f8018c48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 897.858508][T23883] RAX: ffffffffffffffda RBX: 00007f8017f76160 RCX: 00007f8017d85d29 [ 897.868293][T23883] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000007 [ 897.877859][T23883] RBP: 00007f8017e01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 897.887429][T23883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 897.897013][T23883] R13: 0000000000000000 R14: 00007f8017f76160 R15: 00007ffdffd44af8 [ 897.906596][T23883] [ 897.910451][T23883] Kernel Offset: disabled [ 897.915627][T23883] Rebooting in 86400 seconds..