last executing test programs: 14.794438745s ago: executing program 2 (id=771): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x1e, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r4 = socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) munmap$auto(0x1ffff000, 0x2000000c) (async) munmap$auto(0x1ffff000, 0x2000000c) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000001c0), r4) sendmsg$auto_L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r5, 0x11, 0x70bd29, 0x4, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x53}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x2}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x3}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x3}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x297}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0xba5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000008}, 0x1) waitid$auto(0x3, 0x9, &(0x7f0000000000)={@_si_pad}, 0x8000, 0x0) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a001}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) uname$auto(0x0) (async) uname$auto(0x0) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) readv$auto(r1, &(0x7f0000000180)={0x0, 0x4}, 0x5) write$auto(0x3, 0x0, 0xfffffdef) (async) write$auto(0x3, 0x0, 0xfffffdef) read$auto(r2, 0x0, 0x80000001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 13.138919533s ago: executing program 2 (id=776): mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8a81, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x2a482, 0x0) ioctl$auto(r1, 0x1269, 0x8) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x1) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0xa8602, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x4040, 0x0) fadvise64$auto(r2, 0xfffffffffffffffa, 0x81, 0x4) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvfrom$auto(r0, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) 11.570433897s ago: executing program 2 (id=784): listmount$auto(&(0x7f0000000480)={0x0, @inferred, 0x8000, 0x3, 0x6}, &(0x7f00000004c0)=0x401, 0x5, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd7\x00', 0x42003, 0x0) mmap$auto(0x7, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/pcm0p/sub6/sw_params\x00', 0x2c8480, 0x0) (async) select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffffffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) (async) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/can/rcvlist_all\x00', 0x8000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000000c0)=""/10, 0xa) (async) r1 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r1, &(0x7f00000003c0)={{&(0x7f0000000040), 0x10, 0x0, 0x7, 0x0, 0x2, 0xb}, 0xa7}, 0x7, 0x7fffffff) (async) mmap$auto(0x0, 0x2020009, 0xfffffffffffffff3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev7\x00', 0x181782, 0x0) (async) socket$nl_generic(0x11, 0x3, 0x10) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r2, 0x40345410, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0040000", @ANYRES16=r4, @ANYBLOB="2f212cbd7000fcdbdf252100000008000300", @ANYRES32=r5, @ANYBLOB="b1042d8010"], 0x4d0}}, 0x4000000) bpf$auto(0x5, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_prog_fd, 0x9, @old_map_fd}, 0xc63) (async) ioperm$auto(0x7, 0x6, 0x2) setfsuid$auto(0x4) (async) mprotect$auto(0x1ffff000, 0x7ffffffffffffffd, 0x4) (async) statmount$auto(&(0x7f0000000500)={0x8, @raw=0x5, 0x200, 0x9b, 0x9}, &(0x7f0000000540)={0x1ff, 0x0, 0x9, 0x6, 0x3, 0x7fffffffffffffff, 0x80000001, 0x93, 0xca, 0x30fb2199, 0x1, 0x2, 0xe903, 0x3ff, 0x5, 0xf5e4, 0xb0000000000000, 0x1ff, 0x1, 0x5, 0x5, 0xfffffffb, 0x3, 0x4, 0xc8c, 0xf4, [0x9, 0xfffffffffffffff9, 0x800, 0x1ff, 0x6, 0x200, 0xf3, 0x800, 0x1, 0x5756, 0x7, 0x5, 0x14, 0x7, 0x2, 0x7, 0xa, 0xfffffffffffffff8, 0xfffffffffffff000, 0x9, 0x2, 0x5, 0x2, 0x3, 0x6, 0xa, 0x2, 0x2, 0x400, 0x40, 0x8, 0x2, 0x4, 0x8000000000000000, 0xd, 0x6, 0x7, 0x9, 0xff, 0x7, 0x8, 0xa, 0x3, 0x0, 0x68], "75f8a96cc6bad473cf23e217c8ee86ad1c9e72c795b27fb03e31edc75816143c9c6fc06c35f18059cda2b2374eed5430be7927391fc825298b558353b150082c34458164843227ef6c674c7ae4c633565e4101d95eae5d6bd9c1ddfd95dbc0a83b8cb481c51763a8d904c34daa76dad917fa5e6157742a3f276572cfc376946302cbb184e84a42006f7f2d0c03461044d182f5a42d047915a48a0d1d08d9fe417e378ceeb75ab14c95e106775c2b77dbce7b7c74261788aef921c3fb7495c4201b492e6f0bcbd225ca13fee40d936bf4be46bb7265a0a2df2a47ecb6b9329868195a7b622571048ab27b0121b832874cc68d20fdd3"}, 0x9, 0x4) io_uring_setup$auto(0x5, &(0x7f0000000000)={0x9, 0x1, 0x455, 0x7, 0x5, 0x2, 0x7, [0x20004, 0x2e9, 0x6], {0x0, 0x0, 0x4, 0x7, 0x5, 0x5, 0x2, 0xfffffffc, 0x7}, {0x4, 0xfffff654, 0xffff8003, 0x2, 0x9, 0x200, 0x3, 0x0, 0x3}}) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) semctl$auto(0x2, 0x800, 0x7, 0xa) (async) socket$nl_generic(0x10, 0x3, 0x10) 11.422368992s ago: executing program 0 (id=785): r0 = socket(0x10, 0x2, 0x4) socket(0x2c, 0x3, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x40000, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0x38) (async) ioctl$auto_KVM_CHECK_EXTENSION(r1, 0xae03, 0x38) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) (async) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x10017, 0x80200000008, 0x2, 0x5f, 0x20000000000803}, 0x6f0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x2, 0x0) (async) openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) read$auto_uinput_fops_uinput(0xffffffffffffffff, &(0x7f0000000180)=""/4096, 0x1000) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x2000000, 0x28000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x2000c031) (async) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x2000000, 0x28000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x2000c031) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000001) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000001) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 11.234878811s ago: executing program 3 (id=786): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb, 0x3, 0xfffffffb, 0x940, 0x1ffde, 0x7, 0x2000000000000006, 0x8, 0x4, 0x5, 0x2, 0x5, 0xb0, 0x5, 0x2, 0x9, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, [0x0, 0x0, 0x8, 0x0, 0x8000000000000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x3, 0x0, 0xffffffffffffff80]}, 0x200, 0x81) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0xc0040, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) r2 = syz_clone3(&(0x7f0000001a40)={0x61000, &(0x7f0000000000), &(0x7f0000000380), &(0x7f0000000480), {0x8}, &(0x7f00000009c0)=""/4096, 0x1000, &(0x7f00000004c0)=""/204, &(0x7f00000019c0)}, 0x58) unshare$auto(0x20000080) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000004680)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x502, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) r3 = io_uring_setup$auto(0x2, 0x0) io_uring_enter$auto(r3, 0x1, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00'}) r5 = openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/netdevsim/netdevsim7/trap_flow_action_cookie\x00', 0x80, 0x0) read$auto_nsim_dev_trap_fa_cookie_fops_dev(r5, 0x0, 0x0) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r4, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYBLOB="18000000", @ANYRESOCT=r0, @ANYBLOB="000879870719df2b2bbd7000fedbdf257700"], 0x18}, 0x1, 0x0, 0x0, 0x24040851}, 0x80c1) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40091) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x28, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES8=r1, @ANYRES16=r2, @ANYRES64=r5, @ANYBLOB="0a0005000000000c000000000a000100aaaaaaaaaabbf8ffaaaaaaae35370000080004001000000008", @ANYRES32=0x0, @ANYRES64], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0xffffffffffffffff, 0x40000000) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) mmap$auto(0x8000000000000, 0x400008, 0xe1, 0x9b73, 0xffffffffffffffff, 0x800008000) r6 = socket(0x3d, 0x0, 0x2) write$auto(0x3, 0x0, 0xfffffdf2) syz_clone(0x40100100, &(0x7f0000000680)="c039af5d07a5b28bd3e15aa90672177a3d605c5d9d39f3d4240246824884107dce394fe77af6a3377b858432b7f4c583153d00ed7f5ea6d7448e3204dd241a9343e16704893f1c7e9fcb7d460203ba14801b7cd536fa468a67f4e8cae0381929939ac32564d72bc7c5e09d16a92e433be050ac5f5de662cf6a3778a9b4b44d950dcab3a1354d9f5fcb0f3f70b106bd01d218ecdec359bd673eaa82325703c049050a35750aa09d08975a688a79316852bb24c507944bf85b4b85d77c1b5752668607237440dfc623519c5caefe69a3498342b453a94720404850c351b02fa432c769", 0xe2, 0x0, 0x0, 0x0) dup2$auto(r6, r6) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000100)=ANY=[@ANYRES32=r7, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(r6, 0x0, 0x40) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) 11.203673148s ago: executing program 0 (id=787): socket(0x1d, 0x4, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) r0 = io_uring_setup$auto(0x40005, 0x0) madvise$auto(0x108000, 0x800034, 0x9) mbind$auto(0x401, 0x400, 0x6, &(0x7f0000000040)=0x7, 0x7fff, 0x5) r1 = open_by_handle_at$auto(r0, &(0x7f0000000200)={0x0, 0x4}, 0x6) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'pimreg0\x00'}) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2710, @my=0x0}, 0x69) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x62, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r2, 0x0, 0x9) write$auto(0x3, 0x0, 0x1) capget$auto(&(0x7f0000000100)={0xfffffffb, 0x0}, &(0x7f0000000140)={0x3, 0x37f0e88, 0x4}) rt_sigqueueinfo$auto(r3, 0x7, &(0x7f0000000180)={@_si_pad}) 10.24300861s ago: executing program 2 (id=789): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x2, 0x88) mmap$auto(0x2, 0x8, 0x800000df, 0xeb2, r0, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x80, 0x0) r1 = socket(0x10, 0x3, 0x6) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x40001}, 0x4000800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x5, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYRES64=r1, @ANYBLOB="66ec2a472c79be9f12b9f8f1dba86b2315df6c74f2426fd17e0bf1dea268e48df5912fef6a059d0348d0de0bc4545546640c62c39c"], 0x1ac}, 0x1, 0x0, 0x0, 0x4821}, 0x4004080) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/bus/usb/drivers/ttusb-dec/new_id\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000001c00)=""/4111, 0x100f) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00'}) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r3, 0x5452, &(0x7f0000000880)=0x7) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/pcm0p/sub3/info\x00', 0x20080, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) ioctl$auto_USB_RAW_IOCTL_INIT(r5, 0x41015500, &(0x7f0000000140)={"a7a018b09bb196a05739a38a73473b93f5452886bc599ef976c54a71a5dc79483a251405ce72a9af15390e93a8760df83859e16320e8d0b1161f13d13afae66b1d900a4958396aa98d3504ca431aabab1964249251e57fa70517cc19b0e3974dc2a89edac932b8859c767780d65e849700", "e600d778751f5f9e03e1f2b96e39a8ac08de7e036d650e2184857e6b64f6a2c7fb08c6f5ce3828fb4e9498c076bef49c99c9cd91332e12b53664dc20fa879020fbd184b8d300c13be6e57970685ce029fb2385ae6e132c1c6adbcfbd873a3b925d397a08fb733e19ef5ec4f40b0b473c72efd18b8a9e9f3d12c5e44468922beb", 0x5}) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) socket(0x2, 0x3, 0x100) mmap$auto(0x25, 0x7, 0xdf, 0x1a, 0x2, 0xa9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttynull\x00', 0x480, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 10.119970924s ago: executing program 3 (id=790): r0 = socket(0x15, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) madvise$auto(0x0, 0x2000040080000005, 0xe) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r0, &(0x7f0000005780)={0x0, 0x0, &(0x7f0000005740)={&(0x7f0000000100)={0x38c, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xd2, 0x2, "ef842d758068b027aec2cc7dd3e96881424768e3b2fe7911e1bf3b3ac6edec05e02cdb54be0eab9d172df68cb7e80fd50cef86822d7226c25267102679629419dbfabb74355aa6d265ab5a676b21234f93d19ad4818be9ad964b47a32145b859484ea7963e0dc23d8a2f5a487dc8e531f72c6e9c4924e8472204f0bed5eaf9a9b18a84d66ae01722113bc4b3349619ddff2078f01b4ca1a288253feeaab9f78d3455c2a23b86f343de137c13cd69b671125ee9d61a8f931ba537fad52b12073b96ac866c13819badd3626cffa6d7"}, @HWSIM_ATTR_FREQ={0x8, 0x13, 0x863a}, @HWSIM_ATTR_RX_RATE={0x8, 0x5, 0x10}, @HWSIM_ATTR_PMSR_RESULT={0x294, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x28c, 0x5, 0x0, 0x1, [{0x288, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x80, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_DATA={0x7c, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x78, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_RESP_ATTR_BURST_DURATION={0x5, 0x7, 0x5}, @NL80211_PMSR_FTM_RESP_ATTR_TX_RATE={0xc, 0xb, 0x0, 0x1, [@HWSIM_RATE_INFO_ATTR_BW={0x5, 0x5, 0xff}]}, @NL80211_PMSR_FTM_RESP_ATTR_FTMS_PER_BURST={0x5, 0x8, 0x6}, @NL80211_PMSR_FTM_RESP_ATTR_FTMS_PER_BURST={0x5, 0x8, 0xf}, @NL80211_PMSR_FTM_RESP_ATTR_BUSY_RETRY_TIME={0x5, 0x5, 0x3}, @NL80211_PMSR_FTM_RESP_ATTR_TX_RATE={0x34, 0xb, 0x0, 0x1, [@HWSIM_RATE_INFO_ATTR_NSS={0x5, 0x4, 0x1}, @HWSIM_RATE_INFO_ATTR_LEGACY={0x6, 0x3, 0x7}, @HWSIM_RATE_INFO_ATTR_FLAGS={0x5, 0x1, 0x1}, @HWSIM_RATE_INFO_ATTR_EHT_RU_ALLOC={0x5, 0xb, 0x6}, @HWSIM_RATE_INFO_ATTR_FLAGS={0x5, 0x1, 0x1}, @HWSIM_RATE_INFO_ATTR_BW={0x5, 0x5, 0x5}]}, @NL80211_PMSR_FTM_RESP_ATTR_BURST_DURATION={0x5, 0x7, 0x2}, @NL80211_PMSR_FTM_RESP_ATTR_DIST_SPREAD={0xc, 0x12, 0x8d1b}]}]}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x6f, 0x1, "81ee40b7f347d14d9e88628926899bb9f2949c6cc7f696c0f71d06cbc66e9189da17690332261b5e2b8ff42eb014b8180af71171fdf36a542b27413fdc2e0c0f2154a624f69b2fe790bc89d605f9439573b28b5a8599fc4172d4c7f6fd76f3736667f060db528605272e87"}, @NL80211_PMSR_PEER_ATTR_RESP={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x80000000}]}, @NL80211_PMSR_PEER_ATTR_RESP={0x80, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_FINAL={0x4}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc, 0x4, 0x6}, @NL80211_PMSR_RESP_ATTR_AP_TSF={0xc, 0x4, 0x6}, @NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x4}, @NL80211_PMSR_RESP_ATTR_DATA={0x50, 0x1, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x4c, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC={0x45, 0x14, '/sys/devices/system/clocksource/clocksource0/current_clocksource\x00'}]}]}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0xe2, 0x1, "976b6482b492026477c5f4d1e87e58390101c238d6d40a6564e35f4d40844f48b1f9d20f5a76929f146a4d0ef95f47f8b9f18aeced83fba1f229aa8e10289594178576dfb5ceee7a8bd7a01765d5c2db12ad23e66c0b6ea77cbda5077c206b2d001ec9da44e7a34eef1a5f0e754f7436abe5761a434c9b0c218f607feb16312c29de6f5d655dde4f2a87c30242479a76f8f21d6a0a1fec959f65d9081d11c310b2ef387e43ff6333fe5273f4c388d5e98d2dfb18d572b5eab57d60e6d81107d0be217ff8f644c05953c02a3e5c29a64c2bf7385b279e0e52076e47c2653d"}, @NL80211_PMSR_PEER_ATTR_RESP={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0x1a, 0x1, "1d31e2a97dd9871b36143bd8d47aa2e15516f2e2ec85"}]}]}, @NL80211_PMSR_ATTR_PEERS={0x4}]}]}, 0x38c}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 9.901719491s ago: executing program 0 (id=792): shmctl$auto(0x4, 0x1, &(0x7f0000000280)={{0xfe9e, 0xffffffffffffffff, 0xee00, 0xa6, 0x800, 0x5, 0x3}, 0x7a6e56f5, 0x3, 0x9, 0xa, @inferred, @inferred, 0x1, 0x0, 0x0, 0x0}) (async) r0 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd0001fbdbdf0002"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) (async) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x200000, 0x0) (async) r1 = socket(0x11, 0x4, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x40000) 9.694907472s ago: executing program 0 (id=793): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x1cd041, 0x0) read$auto(0x3, 0x0, 0x8080) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8) keyctl$auto(0x11, 0xdfffffffffffffff, 0x69c9, 0x0, 0xbcd) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/console\x00', 0x48600, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_wakeup_irq\x00', 0x109040, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000080)={0x2c, r2, 0x1, 0x70bd26, 0x25dfdbff, {}, [@OVS_VPORT_ATTR_NETNSID={0x8, 0x9, 0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0x4}, @OVS_VPORT_ATTR_NAME={0x6, 0x3, '*\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040010}, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) close_range$auto(0x2, r0, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xaece, 0xfffffffffffff4e0) read$auto(0x4, 0x0, 0x80) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)=""/4096, 0x1000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 9.680952581s ago: executing program 3 (id=794): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socket(0x10, 0x2, 0x0) (async) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) unshare$auto(0x40000080) (async) socket(0x21, 0x2, 0x5) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) close_range$auto(0x0, 0x5, 0x0) (async) r0 = pipe$auto(0x0) read$auto_proc_sys_file_operations_proc_sysctl(r0, &(0x7f0000000180)=""/4096, 0x1000) (async) pipe$auto(0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) write$auto(0x1, 0x0, 0x80000000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 8.785248366s ago: executing program 0 (id=795): mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) socket(0xa, 0x801, 0x84) getrandom$auto(0x0, 0x6000000, 0x3) setsockopt$auto(0x3, 0x10000000084, 0x1f, 0x0, 0x3ff) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) open(&(0x7f0000000080)='.\x00', 0x0, 0x1f2) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x181080, 0x0) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000006880), 0x140, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r2, 0xc0383e04, 0x0) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r1, 0x5509, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/ieee80211/phy2/address_mask\x00', 0x88100, 0x0) 8.402932579s ago: executing program 3 (id=796): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x23, 0xfffffffffffffffe, 0x0) mmap$auto(0x78, 0xfffffffffffffff0, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0xf0, 0xfffffffffffeffd5, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r0 = socket(0x1e, 0x1, 0x0) getsockname$auto(r0, &(0x7f0000000000), &(0x7f0000000040)=0xd1) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) r1 = socket(0x2, 0x80802, 0x0) connect$auto(r1, &(0x7f0000000300)=@in={0x2, 0x4, @remote}, 0x55) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0x5411, 0x10000000000402) openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/printk_formats\x00', 0x400100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) 8.191397496s ago: executing program 0 (id=797): r0 = socket(0x29, 0x2, 0x0) setsockopt$auto(r0, 0x119, 0x1, 0x0, 0x8) (async) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0xa4e00, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) r2 = socket(0x11, 0x80003, 0x304) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4) (async) semctl$auto(0x4000001ff, 0xffffffffffffffff, 0x13, 0x3) (async) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) (async) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) r3 = socket(0x2, 0x801, 0x106) getsockopt$auto(r3, 0x11c, 0x3, 0x0, 0x0) (async) setsockopt$auto(0x200000000000003, 0x1, 0x29, 0x0, 0x300) (async) r4 = openat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1600, 0x0) write$auto_tracing_thresh_fops_trace(r4, &(0x7f0000000080)="0007153f55ae750bf28a8b03ce7e1c5e73ba1e5fa286c13c13c8db921be2afc73d81e7087dc8e80a3a9dbea08f7c5e5e03d723a28f5d371f7865278505084ca1e6b658cdf79fb4d70972df4aadce3d223cf01df18dba0ec8c57f8266d71006dfdc62c926a5c615ef24ead6bc07f8b39798d4cecedfbeea0aa831f81962ce8c6673656ee5e04a9c9e602fe92fc42332c1b98091026b00717be813a95b832ea797880b9b9b0c246e99686f", 0xaa) (async) ioctl$auto_def_blk_fops_fs(r1, 0x2285, &(0x7f0000000080)) (async) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) 7.032650924s ago: executing program 1 (id=798): mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/buffer_percent\x00', 0x40, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 5.367690894s ago: executing program 3 (id=799): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) (async) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x100000000, 0x5, 0x8, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8, 0xae, 0x9, 0x0, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000, 0x0, 0x80000000000, 0x3, 0x0, 0x8000000000000000, 0x80000000000000, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffbfe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0xfffffffffffffffe]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) pwrite64$auto(0xc8, &(0x7f00000001c0)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xad\x83\x13\x82\xdfT\x916;CL\"\x81\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2SZ\xf6\x8d\xdb\xcb\r\xcaN_\xa6h\xe2\xf9*w_\x84\xb8\x1aY>%:\xad9\xb8\x87\xfc\x85\x90\xfaB\xb6\xe3I\x18$\x1f\xc1YG\x94\xec\x82\xb7b[8n(\xd1Y\a\x04w\xd53\xce\xee\xdbw\xb0\xd4\xae\x0f\xce\x8e+\xaa\xcf\x86\xcd@~\xe0', 0xfded, 0x3) r1 = openat$auto_fops_u64_ro_(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/zswap/reject_alloc_fail\x00', 0x18040, 0x0) bpf$auto(0xa6, &(0x7f0000000300)=@link_detach={r1}, 0x80) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy15/netdev:wlan0/aqm\x00', 0x40, 0x0) setrlimit$auto(0x1, &(0x7f0000000040)={0x4, 0x80000002}) (async) setrlimit$auto(0x1, &(0x7f0000000040)={0x4, 0x80000002}) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) socket(0x2, 0x1, 0x0) (async) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) getrlimit$auto(0x5, &(0x7f0000000400)={0x800, 0x2}) pidfd_send_signal$auto(r2, 0x0, &(0x7f0000000140)={@_si_pad}, 0x7) (async) pidfd_send_signal$auto(r2, 0x0, &(0x7f0000000140)={@_si_pad}, 0x7) chdir$auto(&(0x7f00000003c0)='./file0\x00') ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) setrlimit$auto(0x20a, &(0x7f0000000080)={0x107d0601}) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/card0\x00', 0x101000, 0x0) 5.02294014s ago: executing program 3 (id=800): msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) mlock$auto(0xfbe8, 0x4) personality$auto(0xfffffffc) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0xc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_l2tp(0x0, r0) 3.884912952s ago: executing program 2 (id=801): mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/numa_maps\x00', 0x80040, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) pread64$auto(r0, &(0x7f0000000200)='%\x00\xfd\x12\x9bCf7\x80\xc43\x1e\xc1M\xa1\xdd\x0fHc~\x12\xb0X\xa2}\xc3\x9b\xbe\x17\xce{\xab\n\x9a\xe5\xc4\xa3%o\xf9\x95\xdb\xc0\xe7 ?\x172j\xdd\xbb\x02\xee6\x92\vV\xba\xe6\x80rx4bs\xe2$\xab\xe2X\xb6M\x1e\xcc\x88\xac\xf8+\x9c\xea\x8c\xdb\x1e\xd1J\xf3\xf0\xfe\xa0_\r\xc8\xd8\xeb\xf9\xd8\xa3[D\x10\x8a\x11\x98\xec\x04C\x9bz\xbcD\xc3\xec\xb7\xb0\x981Z\xc2\xc1l\xee\xe1\xdcM\x91d\xab|h\x8e\"\xbfv\x8f\x95j5\'\x13\xec7,\xdb\"T\xf9K\xe0-\xe9\x15\xae\xc1\xaf\x17\xc6\xdb\x95\xcd\xd3\xb2\x06\xd4\x1c*\xd8\x83\xf7X\x97A\x15\xc2\xe2\x1f\x1a\xb7\x19\xf2\x10B\x13\x03a&\x18\x05#IT\x11\r\x92\xadQ\x06\x94\xd1\x98\xf1\x16e3\x10\xd2\x1c\xba8:\x1f\xae\xc2\xeb\x93\xfe\xc31\x95\x92>\x15\x88\xb0\xc6H\xd2RO50l\xc7\x93k\xe4\xb9\x14\xab&\xcd\xa2\a\x8e\x00\xe0w\x89\xe4\xa5\xda#=K=\xc9T:\x12\"\xd8R`a\x82s\n\xf7\x1e\x15E\xeb\xe8mN\xe1\"\xb1\xb6\'\x85xf\xdf\x89H\x91\xa1*b\xb3\xc0\'z\x81RlG', 0x9, 0x3) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x74, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x4}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x78094f2f}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x80000001}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @local}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x100}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x51}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private0={0xfc, 0x0, '\x00', 0x1}}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x101}]}, 0x74}, 0x1, 0x0, 0x0, 0x40080c0}, 0x8000) (async) unshare$auto(0x200) (async) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) (async) clone$auto(0xfffffffe20000, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x800ffffffff) 3.822010434s ago: executing program 1 (id=802): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x21, 0x0, 0x20) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x8}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) truncate$auto(&(0x7f00000000c0)='./file0\x00', 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x101002, 0x0) mmap$auto(0x0, 0x400008, 0x45, 0x9b72, 0x2, 0x7fff) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) fstat$auto(0x2, 0x0) ioctl$auto(0xffffffffffffffff, 0x7fffffff, r1) ioctl$auto_KVM_CREATE_VM(r1, 0x4018aee2, 0x0) 3.346815225s ago: executing program 2 (id=803): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mprotect$auto(0x1ffff000, 0x800007, 0x6) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f00000041c0)={0x18, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@HWSIM_ATTR_REG_STRICT_REG={0x4}]}, 0x18}}, 0x4048000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'erspan0\x00'}) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec8\x00', 0x101901, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001500)='/sys/kernel/irq/5/actions\x00', 0x22040, 0x0) (async) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001500)='/sys/kernel/irq/5/actions\x00', 0x22040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001540)=""/104, 0x68) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x46, 0x2, 0x9b4, 0xd, "ce7009002ce100", '\x00', "0201ccb7", '\x00', ["00009f0003010000007abfc1", "0a00170000b4f7f212004000", "228675c1b82444c2000000ec", "00deff100000deff1900"]}) openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) (async) r5 = openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) bind$auto(r5, &(0x7f00000000c0)=@sco={0x1f, @none}, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r8, 0xc0105702, &(0x7f0000000240)={0x5}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r7) (async) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r7) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x4c, r9, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r10}, @NL80211_ATTR_SCAN_FREQUENCIES={0x2e, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @fd=r7}, @generic="f1b55aee2ce029f89d9c495b31d6c603b8b048a9d5e3a7c9773e06ca6a498ba1f509"]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4000000) r11 = getpid() process_vm_readv$auto(r11, &(0x7f0000000400)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xfffffffd}, 0x4, 0x0) (async) process_vm_readv$auto(r11, &(0x7f0000000400)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xfffffffd}, 0x4, 0x0) socket(0x1e, 0x2, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f00000014c0), 0x311300, 0x0) r12 = getuid() sendmsg$auto_NL80211_CMD_LEAVE_IBSS(r6, &(0x7f0000001480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001440)={&(0x7f0000001540)={0x1248, r9, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r11}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x4}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x3}, @NL80211_ATTR_EHT_CAPABILITY={0x21, 0x136, "65577f27f34137c7ef3539429151255054630572cea1117c4dcf2dabb6"}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x1136, 0x75, 0x0, 0x1, [@generic="eda3", @nested={0x1127, 0xf, 0x0, 0x1, [@nested={0x4, 0x10}, @generic="4983e300c9a907f2e554d82af74630798e20a101df8114881d2adaff5165e100c68b9f0b7fb024d964b4e1f37630d8b0b9bd7fb2a33eb1c311b0b960cf05735b1fef029ab5756b86da7ac5065d4fb206a5455800bf2f1c0a2fb9280376ac7c042452ecf45d98f13bb1fffb0103556fd80fbf23742fc3ab0159e111818ceeba87cab4ad24f94838ad9c8bb66db6a3f8a16e96354c95c1aa77198f84e9c776e61f05fa9bac23bede4f55c89814295736841b13459ba9def85f1e61a654b2c4c9dbaf4bac8dccb2d2", @generic="772afbcc25158bdc8024f74f96a7f036060c88f19274f317820a30dade8af90bd5e1d28110dfc253f0ce27159b39eab2c723f617c01d1cc4", @typed={0x8, 0x88, 0x0, 0x0, @u32=0x1}, @generic="610669950759ffbecda63deb5856425b1cba33f22562428b25ed729f2fb17510868718da5b92083caa2f0a7298e6f1722c232dd5c5c1c6312a39781117b8610513a181264766e4255d825897f6e81a55db05b3f01e7cc88c0daa1ed79afa143f6cbca328b4ce9168dc156c50a054fedd57544ffe462d059177eeca7e25231e30f7cfa9ac55be56ca54da00a2b5329b74c3863d278da71095a3efb4ff5b75e10a6133a61f5a72856cf316768e140670ffca42e2ae5e07faa7ddd42ca6e0c4f9a92cca992be3b6a4d7040787adf4881a56a52d7ef37ee26f98c989fc53af1dcad49b93d4d49022e79f8e1d36f6b48693a79b28f6ce19d92d99ebbd8ae65ef67cdf2205573ffaa45cefad2b5e7e562faa9acc5448a15cf68e39005ef8623cadb947ceeb5b456f72327037dcb1964f9f6bcb998975bce60b12aaa0ae098d0c22570bcfda82914decd4e8de9100c194fbb92baf1a93667b1f91db6c8efbe6b897eafad7ef8dd01af97c1af1efaae5623a0694f0909508dc96c10799b4c6260e2006a21c091860aeff8ed496eb4ae96d28bed4a6625584271ac5b41907e0a5e80d335aa3df916ce0b6aa874120f3d951476a3ea2526e571f557389c262ee854d377b9fc275443b9070898795985bf65a8ee9f2f2647835b799245b7bfca9f54329d5b01750a5978203cb360fafa9014e4acaed9379e32a9d293610f7c5a1510af9213c869487142fc02ddf5db4983a310a834891f4a5737771cf58bcd340e95bd653a2ea63fc39d76302162b93d3eb7abeb7ea21ad755550445304f148bb73ea406d93e034c2606fad2e09c161cb2651373885c274aa97a38f0ac91347caca14afa11a3219b09ac07bde5e82a979543cfaf307b40be1b3325d84a207638eda96d74a8c1b086af09ae5d26b36a3275e0dff9233c64adede227531b80e0efc62a2cf2dd17527899deb0b402237729ed68e02620e6056cfafe9a942b83160f78dd36687d6fb467a2325b0be509e2eb38fd94c15d2f411738a69950100765f16811a79bee1c29c10cef40e6479357b9e5e28de9e99365578333f93986f25c4ae047730552c2039993d9c229629276d53b5587af9eb7f6842e61c29670bb3895a79ff2bb4af132a20882a1c48d35f44803572752df9cf68567a1b47fbcba027e782094493527df582067737e4e221283e70f97de709bbd602dc399c4619c64c472a1cce175b8b19b4a43c007fb8f572c521f9be496d6f7aba0d904eb4dfbd7a0cb601f641c2f21050512664cebc7eb8fadd7902a2e31590c551fcad8f731940303381640a620e48dc2bcaf65d0f490fcf915d5bfbdcec098e04bd7ce6acb13358566e78fc3afded27eaa866c434a7db455ac7d9fa7767904e57b9e7b857046554c1afe0ee31dc0d72218af76a98ecc04983a9d84e6444172038e8b9c37d801621876c5c394179c7c159e9ea1ada90189d004ce26ef87e8f91b99310ab588c15f3a1edd31abc61c3a3d356a5b1fda30f80b507e81ea6138b60d8224e78c4d00939c45f4825444a7500d97de77d0a7a4a2935cdd43226cc61201f2fae48dba8c37a486a1aba6d9d43eb319c677ba4ce5f867934a016a850308d2b150b583c8b365b20f84c6033d06bb492709265df7290668774b9e0626f6865a1957a69c0043a2ce41de6958217d8f134fe2bb651d4e566826ab9eacdd6b8e07fbbd4c0715614d9e440fe762df59ca34f809bda68562a879550627fb145dfa059482d08cb9736b5dc3212661580d281e83c8c52effb2bc461c14113b47cbaeb9496bbaf79a7e822ec52d7a9c48ccdb50b4329dcfaef1eedaf89cf6a99984877ab032ca24b3a87a67166d3b8693ef9b2b76a51604a8740a4cced03a60fcdd44d0d6858a6275db9919a2fc5cae043245955e686c7ae406f6862a3fde15c9ac2a83f6c1656a3ce294ea06522005360659ebd42c6d76f49fc79d2c3630639d6df29075b04722f2d29d885a4e95029d370b9b7485edfb8800c6bce962546309c27e6cfd96c5e0607591270cc080b5e58f16edcd8795d8ae942aa256205f051591ab42ad044447c9d1c108350821575e68a5c1c7f3b8cb6e41c35d2a2896ce6a8b0aa349e357a97e363e1898c922572c19630c7be16ea868492142eded4f57ca645237e96ccff6c2f2c5e45c6cca322fd58e6b58bf4cbf988777a80484eb496cd1bd272872ad68d2d48755c2786096887bf331f11c7604a2680e16e4a604b20fa8c516b9e22a965b0dc0153addc35821c40f6d704d3f192e8a73c3b737d2a0ef8635c420eaa0448c561f6d4bedc3f5a235b1c922a86f0e6bc6c299b83d41a7fe2f11f31cdee1e64853c9d67a6dd1f68fc7ab280ac0c02153faedee06ec38f64b53449db06c122afc1bad0cb16bb6a90a59c0064b65777d850318fdf44fe2ed7bf79119e8a2155054e638b14401c738d94444c51924ce813dc23954424672a65a574b67228d87718ec403d2d1f02bd3d515c421bc60314ed2749ea56426cf594da2637c64128d7eec0b076321574570d54977921a94c1dd45296afc9ffb1997adaded7a18a4c66220d615bba7fbe7baa33716a520d62922cb8b5dec6bfa7384f4828197b4d1992f880dc5d1380b176cbf27c758ef8f111a491743dc395c191b13d08d58d93b44c997b0a948f121d42b7dcad6fa06beba4f466b2107fa32976d7a39a071fbeccd22b6e62dd8f6f3b3e587994a989832e38a5a429098b6a4ceded3c4a871bd9523460ced0490da638a3d3880e892f62ce6f621e291c73c8f71704524edc6d7a0cfa46029fd2f40244528f3d5d36536462909e01c7364e784756496dbe4ba755047c163cb5a93a2d7491fdd65f2cffd00890f825580ed35265325965382c1c87250a1c463ab9b65e4dca4e864803103f9eb3c0316bd5d83705c5b02708c24a66eec9baf0621a004b1426800437fb57dd17024b3f4234fd43eba4245bdda5088788fa7690993e6a58e419f9e578efd89237a0178a940b3be8762d1d1015fa0b5af75d41d1f0b9048f39e38f0923be60825fadd410f58adcddc7b310d2ae1ff7ca4278d23cdc0f3806ad92fe97d6ba19e61f16f9ac50d128f0ba5c39e5ca0047ac2c93e881a67db667a0ce0a2d33218cefcbe51c080b0bbc8bd0479b36e55097d9671634c414fedb5008513b606ee106f36bf3b6b22b3a55c91dc334815c8f044182c715da9f2fdc2c97af52c3203ff8b4581abcc51a9518fdbdd846311f3b33c0f2b852b2f523248ebdf6d8f6659de273fefe5a4dd51afeb58d258ac798e68e3194a30124bd7f16f5ab935af5735955974f01a5de85a73e67767accf4baa92430542fef8b7c7054000129f6819df86c0c9c7522bf7aef80d74d78f4201c3e30006a2661c700c621b0408382b58a37a35777cbafd880bab8b528b3be6de1c548ace982ba366caf099b5971e6813c012d5a5d6f31881ba2cee03efcda26b0520833791797d5096351d966864eb55a58f838bdd1255cbf691377f9510b1203c0b5403b6460279c9b1edace882348a686bc827e5b7de7d494a104c7dff5d5678ea0d3c59761198fbaaa9007753cc92ae612327a286c3fe32a99291985ec9c4b3b194be9b9e98d0e283b50a0906155ba4f9d013055d77ccf69ec1ca6c14827d3d217ef6e4400f91fca1c42071c63e8fdeb4af1c233a5c95b0cf75d4bf50019411baf5914663d5a87bfd4b3f974502b21b97a2cc14c5447994fc3b9335a8e2fadba809116b9bb5c79314ecea29bff3c232d7eceb32b57cc9dd9fe2776f1ab8a78d59d922132bc12f28006cddca9b8f66939a25fae34c1fd6b6af3f5407eccc3264589b554d3ffcbc685fab2fa38e1531689e53fd390a12ce1454cc807839764b065b3f096ffa21516c4f94c5b885b2fd0634214ed107555b17979e58dde5ad1689d51fffb519859f60d9b4e96c577cb908074bfeabf43b1eab7aa64ed405b06c972923fc663a913bd9a923af823b31fbed72be43005c1f599cbb40c983bc747a6522904186519eb7aaabaf46ee121b708d9c683e224f72b34759339053c9dc077012dcdb8d80e44f838388f0d9eb9205939d00874d02b58f0a0bc928b40a67066547a6de413ff4a6bbede80b00c51f3cc902d7f8f7007917677e7dbf42c639722b25f1372b54f154cb3ceaabad1e61ee4cd6ced93c61041b930e87c47a89d73a08d69f78f9dbf3d6dbf6af41e37ff6abc9351262b769379bb475d482bee59fe9246894f663557a2f302f58c4b8939219c54bd2bbc46d723d0cf7a210019f63df419102c96a847e105bb14d257746097d396f7ae6e2dd9b3fbc5eeda4b70ec281e98b3edd681944c153c9111eb3bf6b55fc2aa5010ebc0697cd0118b8b0336b6df74176649902d5e90b7a68394bb846dce63d5a860964dee801cae82d463b78945a8ac8c1a443e87e5de069baf4205c8a68a34a7f52518f16e92615215f93b045c7285b9c15d5e3a812bf15d23ed9561bf0456abc2bb90ceb457da8441f83424c6e4809cc48f6a275b93baeff8581460836da32247177eaa2144111aa0baea273a94278053d12198018ee4e2f198d4be2d1ab92a44e4e5588c31799e4fad66ad243c2467dfe7d30dab0916ffe42b2a7d2c10153d7bbe01f47bf1296b7ef714b1f639e6de5d7858caa4d69c56cab80f5f769778bf6057a6b24cf8b15451233887dc5c4c4b826df8a039f677e8122cc402b104d8877e77ad76916205989582a0a61b13b3414fb301d62d751d6d13e733061a22880577bee6dfd70a9d3361ef8ded0b1f62d0f9f8ef44fb1c6b45474b2f4709ba67964b5df5293e9043f3db0a49cf3a38cafa0b9e38d58b01cc5976c819fadc8757b5bf8352f70636378999eb353bb4e9096e10dca70a786f4c486563b03cfd8d6762c0bbbb9e9cefcdc02b95188c62b13a5cfa555c76e25ad41fb959da44610a9d9b517e2a1139be206f2298083b13a7879e3e432f50176ab129aaa0a1333e52bcb3d7e7784a8592e50b2b47c34d2f8b2488f2cad34ea84a9ce33d6416f97e63267aa56eba11fb8d53e4ff682bafece08e085d1f951472b7ecd08b508ef41a2d8277c216e7b4e8963ea3d66b2b56493b543ebcd51aa07887ef5121cea33cfbd93e6f8727d6d2a6a7971d860924281f2a4f1faebfa0ec9aebdcf4a8c286608302cdd0fdd3aceb09eaf6b6b534744de0bda83e18e0aa0b66d0a12e2fd2c0a992e588dae6cb08b5a59d8c575dac7ff96ef3eea146ece1e3afacb9cc441e59039e899169045dca282726f120ac1decf6e5aa1982a7ff42a17da28a7c02315ebe1696582f811346cb0844ace918f45e37b7e6c45ef8afb9ab3d2a1b445db7f9c73f69524a59ce11e4a8f1eff322dec46717beee8043410ed4de3f82dd6340a846bbd3ad6ba07075f492ba653c9e278c508da5e4794bc607bb9fdf6f457cd32758caa50ad3ed42782245eb553c7df1feb2313f94625e962393bdfe9623ce01e857675f78cffdbeca9592a2f36d48367f9a76e1b79ce7dff17ba842fe62d696689abf98eaaf775472ede44c3f2e18e04963bdcf4e503ef673e6e180d209e37a372551b84426b6c6563c6d6b6837b0cf79dcbc4526d88ee7a2352bc20a9f3e90b2991bf6f965602dcbb8ed4ce01bbbd10b6422015a8a62f4a1c644936b396cdb64f6b14d4165e09d288131c09566874b0099f6e19164ceb9e8d2ccd49e22b231ee3abe0e9c83e14ba6bfe174b3b43093f3adb049d7632701d98a53f53a5556d31bc2f57f21af3bfee0abc3abffae737bcc0bf8f52fa8c0fce7584e66d91e96796b", @typed={0xc, 0x13b, 0x0, 0x0, @u64=0x4}, @typed={0x8, 0xaf, 0x0, 0x0, @uid=r12}, @nested={0x4, 0x45}]}, @typed={0x8, 0x94, 0x0, 0x0, @u32=0x3}]}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x9}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, "4ea1"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa8, 0xe8, "d11dcb7fa6d564904047116626aa5b7d2024a9750ed08160a5f700fcd067cfc35cbc8a05540c74b5fbb4aeff65b948ddc2e091a962b8d2c46a16a724011966a3ca4188dd41318f66f0d1575d0fdfabb03b49216de02845b3598c5a458aa88f51d3efc43848f4927e7fbb772fd66f8e70582cfbce312a5c2eacb0e270c32f556c9a40f7d38996923742b2dcc1f22a00b04416e67243ca016d0e01c8af7e9f5d4e4e2801df"}]}, 0x1248}, 0x1, 0x0, 0x0, 0xc000}, 0x20004041) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r0, 0x84, 0x75, 0x0, &(0x7f0000000000)=0x9b) (async) r13 = getsockopt$auto(r0, 0x84, 0x75, 0x0, &(0x7f0000000000)=0x9b) read$auto(r13, &(0x7f0000001500)='/[\x00', 0x0) (async) read$auto(r13, &(0x7f0000001500)='/[\x00', 0x0) 3.12583467s ago: executing program 1 (id=804): r0 = socket$nl_generic(0x10, 0x3, 0x10) fsconfig$auto(r0, 0x1, &(0x7f0000000200)='I\xee\"\xe3\xb7\xcfD\xe5\xb1\x05\x1e#\xff1<\xd9h[e\xdf\xc0M\xa2\x00\v\x97\xb5\xd4\x94\x99u\x9e\xf4O\x1a\xb1\x05\xb8\xcb\x96\fd\xa3\xf9&\xc9~\x10\x06X\a\xc8\xb7\x97\xc7M\x83\'^\xc9\x9e\xccAsv\xce8sw\v\xac\xcd\xa2B\xf8.\xce\xe6n\xfe\xd6\xc8^W>Rz`C+\x0e\x8c<\xc5\x8f\xe6\x0f\x14\xfa\x9ea4>\xd8O[{\xede\xfd\xbc\xc7\xbd4_\xbc\xc6\x06\xe5h\x9e\xf5/4\xe8\xcfc\x95\xbb~\xd9.\xb3\x84\xb8K\xa7\xca\xda\xc8\x11u\xa1\x1d\x9d\xe1%\xc0m\xf6%1\xba\xe7^\xed0\xdc\x86\xeaG)?p,Up \xe9\b\x14\xaf\xbf\xd9\xc3,\xb8\x17\x10\x9f\x92\x95@),A\xb4\x92Q\x86\xbe\xed=p\x1b\x9d\xd4\x99_]K\xce.\x00\x00\x00\x8eDv\x0fl\xed\x93ey\xf9\x19\xf0\x9d\xf5\xfe\xed\xc7Q\xc0ZJ\xc9*7\xf2\x1a\xa7\xb3\xc6v\v\xe1u\x16:\x15\xefel\xf0\x8c/\xa2\x95\xc1\xacd\xc9\a\xe5\x888F\xaa\xce\x94\xa2zsx\xea\x96\x7f~]\xdbj\xd1#\x94K\xcf\x11l\xe5Z\xec\xa6B\x90\xb6\xa3`\x88\xd4\x87\x17\x8a\xedFx\x95#\x83\x99\x00\xc6Z\x1au\x8e\xa7}\xa7\xe9\x83X\xa3\xad\xe2T\xea\xa0\xba\xd7R8T\x00\x8e0h\x8ck4\x15\xf3sh0\xd3\x1e\xedU@\xab\xc0g\xeeT\xc5\x8d\x9b\x188x)\xf0i]\xdcf\xdd\xf9\xffA\"ZQ\x8d\x15\xff\xf3WYX\x8a/\xb36\x1d\x8e7\xb2d3\xe8\xf4\x1e3\xec\xfe\xbf\xbbo\xbb\xd2Z\x89:\xa2\xc8n8k\xa8\xba\xa5E\x9f\xbe>3,\xcb\xa2\xa7q \xe2', &(0x7f0000000280), 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf2501000000050007000b000000e8146a9565473dee4ca2bb08c64799cb9cb7054b9608c6a0023af43a600aa2d705a135f849907fa05957dac0b3e9f99e"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) sendmsg$auto_ILA_CMD_FLUSH(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000540)={0x50, r2, 0x1, 0x2, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}, @ILA_ATTR_IFINDEX={0x8}, @ILA_ATTR_IFINDEX={0x8}, @ILA_ATTR_LOCATOR_MATCH={0xc, 0x3, 0xe}, @ILA_ATTR_LOCATOR_MATCH={0xc, 0x3, 0x3}, @ILA_ATTR_LOCATOR={0xc, 0x1, 0x10}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000004}, 0x40844) 2.205413156s ago: executing program 1 (id=805): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf2501"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) sendmsg$auto_ILA_CMD_FLUSH(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000540)={0x14, r2, 0x1, 0x2, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x4c, 0x4000004}, 0x40844) 968.375609ms ago: executing program 1 (id=806): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/io_poll_delay\x00', 0x181482, 0x0) readv$auto(0x3, &(0x7f0000003100)={0x0, 0x36}, 0x1) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0xf0740, 0x0) read$auto_def_blk_fops_fs(r1, &(0x7f0000000140)=""/194, 0xc2) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x200, 0x0) sendmsg$auto_L2TP_CMD_SESSION_GET(0xffffffffffffffff, 0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/pci0000:00/0000:00:01.3/d3cold_allowed\x00', 0x2, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x100000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES8=r2, @ANYBLOB="000226bd7000fedbdf25030000000800030001000100060007000080000008000300000400000a0005001e16390f3abc00000a000500aaaaaaaaaabb00000a0005000000000000000000fcfff54f8541c7c54a5f94a8f7c404ea787078f97628add3d5d2fbf88bb6764c6b02615935f9dc42f786a8d8051987f5cb23e7bfb1ad466a356a6104a506d341f70847"], 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r3, 0xc0686611, &(0x7f0000000080)={0x101, 0x5, 0x7fff, 0x5, 0x8000000000c, 0x1, 0x800, 0xffffffffffff0000, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x107ff, 0x7, 0x9}) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setrlimit$auto(0x1000000007, 0x0) r4 = set_tid_address$auto(0x0) setpgid$auto(0x0, r4) 0s ago: executing program 1 (id=807): mmap$auto(0x0, 0x1000, 0xe2, 0x9b72, 0x7, 0x28000) mount_setattr$auto(0x5, 0x0, 0x8000, 0x0, 0x283) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop6/queue/nr_requests\x00', 0x1a3a42, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(0xffffffffffffffff, 0x0, 0x2004881c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) pwritev$auto(0x1, 0x0, 0x0, 0x9, 0x2) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1b0026bd7400fddbdf2503000000040008001009000000000980080001808847338012000100898771f1c19f1779048590828848000004000280fbd5e9484c7e75ded45c4aa418e76c22653229dad54b075a78a7c5c051c1e66630d9ef7d271b3062f9ff4474cfbdc17ec7cc39a6997db1df8b3446c371f928287414353f5bd6c42b786f90ce6d6d3a6d6f9b99ecbcf3ac5f3a19185a99d83009a8a3781d2a388514d169930ad84165362dafb875ea8d6cf3101d0f19aff4ad8b9945319031c723118fd62e9857d2b42f430ae99e8e4f1d86fef5b7cc9e7860f69099ce5c0f847c8c83b6f1cb36f4f62fb50616313e99a4927af28c8de6e392c42a913b50631dc2da4423f8548e85d24a188eb87ab9aedeb85b2535eefc0252b3ae3eb077b2591e35d603cd44b8c63ae7a11a8fa23d4b34e2d8bf19313f38a35662f8bd5dd3029941b5830c271a1d2a"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) capget$auto(0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(r0, 0xffffffffffffffff, 0x1) socket(0x18, 0x2, 0x100) socket(0x2, 0x1, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) pipe$auto(0x0) dup2$auto(0x5, 0x4) read$auto_trace_options_core_fops_trace(r3, &(0x7f0000000280)=""/73, 0x49) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.134' (ED25519) to the list of known hosts. [ 87.118029][ T5822] cgroup: Unknown subsys name 'net' [ 87.243597][ T5822] cgroup: Unknown subsys name 'cpuset' [ 87.252723][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.087597][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.109539][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.118791][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.139135][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.159686][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.167906][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 91.179124][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.239977][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.255273][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.276731][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.296364][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.305029][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.316229][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.352702][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.360910][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.364590][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.377731][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.377917][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.388005][ T5843] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 91.394422][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.406618][ T5843] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 91.407607][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 91.414116][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.422988][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.428915][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.683076][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 91.843302][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.850736][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.858216][ T5831] bridge_slave_0: entered allmulticast mode [ 91.865541][ T5831] bridge_slave_0: entered promiscuous mode [ 91.876550][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.883831][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.891394][ T5831] bridge_slave_1: entered allmulticast mode [ 91.898434][ T5831] bridge_slave_1: entered promiscuous mode [ 91.961487][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.973768][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.037357][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 92.101079][ T5831] team0: Port device team_slave_0 added [ 92.138093][ T5831] team0: Port device team_slave_1 added [ 92.198863][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 92.222078][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.229979][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.257555][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.279807][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 92.299883][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.307214][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.335139][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.367693][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.375158][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.383755][ T5835] bridge_slave_0: entered allmulticast mode [ 92.390933][ T5835] bridge_slave_0: entered promiscuous mode [ 92.417535][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.425169][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.433197][ T5835] bridge_slave_1: entered allmulticast mode [ 92.441551][ T5835] bridge_slave_1: entered promiscuous mode [ 92.521451][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.555980][ T5831] hsr_slave_0: entered promiscuous mode [ 92.563487][ T5831] hsr_slave_1: entered promiscuous mode [ 92.596533][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.757179][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.769217][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.776602][ T5839] bridge_slave_0: entered allmulticast mode [ 92.790210][ T5839] bridge_slave_0: entered promiscuous mode [ 92.826663][ T5835] team0: Port device team_slave_0 added [ 92.843766][ T5835] team0: Port device team_slave_1 added [ 92.853619][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.864403][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.875388][ T5838] bridge_slave_0: entered allmulticast mode [ 92.883181][ T5838] bridge_slave_0: entered promiscuous mode [ 92.891852][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.909277][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.917803][ T5839] bridge_slave_1: entered allmulticast mode [ 92.926567][ T5839] bridge_slave_1: entered promiscuous mode [ 92.978359][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.992597][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.002462][ T5838] bridge_slave_1: entered allmulticast mode [ 93.014579][ T5838] bridge_slave_1: entered promiscuous mode [ 93.062670][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.071912][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.099599][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.127010][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.142267][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.155256][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.183859][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.207405][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.230155][ T5845] Bluetooth: hci0: command tx timeout [ 93.238308][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.250693][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.291067][ T5839] team0: Port device team_slave_0 added [ 93.326598][ T5839] team0: Port device team_slave_1 added [ 93.347991][ T5838] team0: Port device team_slave_0 added [ 93.357745][ T5838] team0: Port device team_slave_1 added [ 93.413960][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.422283][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.452481][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.467477][ T5835] hsr_slave_0: entered promiscuous mode [ 93.473840][ T5845] Bluetooth: hci2: command tx timeout [ 93.479213][ T5845] Bluetooth: hci1: command tx timeout [ 93.482284][ T5834] Bluetooth: hci3: command tx timeout [ 93.488537][ T5835] hsr_slave_1: entered promiscuous mode [ 93.497771][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.507131][ T5835] Cannot create hsr debugfs directory [ 93.539422][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.546455][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.573496][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.586046][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.593698][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.620447][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.655094][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.663862][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.690607][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.777116][ T5838] hsr_slave_0: entered promiscuous mode [ 93.784220][ T5838] hsr_slave_1: entered promiscuous mode [ 93.800415][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.808221][ T5838] Cannot create hsr debugfs directory [ 93.865902][ T5839] hsr_slave_0: entered promiscuous mode [ 93.873099][ T5839] hsr_slave_1: entered promiscuous mode [ 93.880443][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.888160][ T5839] Cannot create hsr debugfs directory [ 93.918001][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.955074][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.968826][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.001360][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.168927][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.181323][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.214261][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.226847][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.302134][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.329147][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.342293][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.355382][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.446607][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.457680][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.484531][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.498219][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.610184][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.671976][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.698917][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.711148][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.726186][ T2904] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.734154][ T2904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.755192][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.775323][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.782605][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.821577][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.829262][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.868587][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.880750][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.888081][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.926863][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.948291][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.955726][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.992393][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.999789][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.035463][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.080863][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.088111][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.134689][ T2904] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.142717][ T2904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.235627][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.309560][ T5834] Bluetooth: hci0: command tx timeout [ 95.391358][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.519995][ T5831] veth0_vlan: entered promiscuous mode [ 95.559592][ T5834] Bluetooth: hci1: command tx timeout [ 95.559805][ T5845] Bluetooth: hci2: command tx timeout [ 95.565091][ T5834] Bluetooth: hci3: command tx timeout [ 95.576089][ T5831] veth1_vlan: entered promiscuous mode [ 95.680361][ T5831] veth0_macvtap: entered promiscuous mode [ 95.696775][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.721185][ T5831] veth1_macvtap: entered promiscuous mode [ 95.755403][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.771734][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.784567][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.816868][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.838327][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.848810][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.858329][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.867358][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.981211][ T5839] veth0_vlan: entered promiscuous mode [ 96.002920][ T5835] veth0_vlan: entered promiscuous mode [ 96.009611][ T5838] veth0_vlan: entered promiscuous mode [ 96.025636][ T5835] veth1_vlan: entered promiscuous mode [ 96.063909][ T5839] veth1_vlan: entered promiscuous mode [ 96.081398][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.086365][ T5838] veth1_vlan: entered promiscuous mode [ 96.105129][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.178309][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.186890][ T5839] veth0_macvtap: entered promiscuous mode [ 96.194507][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.216238][ T5839] veth1_macvtap: entered promiscuous mode [ 96.242050][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.258577][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.280134][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.299457][ T5835] veth0_macvtap: entered promiscuous mode [ 96.313844][ T5835] veth1_macvtap: entered promiscuous mode [ 96.329470][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.341649][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.354111][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.368343][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.377998][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.387298][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.396763][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.415375][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.471659][ T5838] veth0_macvtap: entered promiscuous mode [ 96.484467][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.498238][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.518847][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.538460][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.556673][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.585836][ T5838] veth1_macvtap: entered promiscuous mode [ 96.615836][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.634426][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.646211][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.662697][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.678765][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.715558][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.725184][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.734134][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.743419][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.768307][ T4543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.771213][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.791554][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.801715][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.802452][ T4543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.813169][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.831624][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.850138][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.867927][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.907281][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.907317][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.907334][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.907357][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.907373][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.907397][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.908656][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.922420][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.922519][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.922570][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.922631][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.944040][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.944073][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.064346][ T5897] Zero length message leads to an empty skb [ 97.064794][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.064820][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.231882][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.231915][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.406612][ T5834] Bluetooth: hci0: command tx timeout [ 97.414819][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.427084][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.547813][ T4543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.554358][ T46] cfg80211: failed to load regulatory.db [ 97.588000][ T4543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.629318][ T5834] Bluetooth: hci3: command tx timeout [ 97.629432][ T5845] Bluetooth: hci2: command tx timeout [ 97.635393][ T5834] Bluetooth: hci1: command tx timeout [ 98.297382][ T5903] Invalid ELF header magic: != ELF [ 98.954539][ T5914] FAULT_INJECTION: forcing a failure. [ 98.954539][ T5914] name failslab, interval 1, probability 0, space 0, times 1 [ 99.019196][ T5914] CPU: 0 UID: 0 PID: 5914 Comm: syz.2.6 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 99.030031][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 99.040977][ T5914] Call Trace: [ 99.044721][ T5914] [ 99.048324][ T5914] dump_stack_lvl+0x16c/0x1f0 [ 99.053387][ T5914] should_fail_ex+0x497/0x5b0 [ 99.058870][ T5914] ? fs_reclaim_acquire+0xae/0x150 [ 99.064352][ T5914] should_failslab+0xc2/0x120 [ 99.070453][ T5914] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 99.076472][ T5914] ? security_file_alloc+0x34/0x2b0 [ 99.082942][ T5914] security_file_alloc+0x34/0x2b0 [ 99.088352][ T5914] init_file+0x93/0x480 [ 99.092975][ T5914] alloc_empty_file+0x91/0x1e0 [ 99.098022][ T5914] path_openat+0xe1/0x2d60 [ 99.102767][ T5914] ? hlock_class+0x4e/0x130 [ 99.107797][ T5914] ? __lock_acquire+0x15a9/0x3c40 [ 99.113090][ T5914] ? __pfx_path_openat+0x10/0x10 [ 99.118470][ T5914] ? __pfx___lock_acquire+0x10/0x10 [ 99.124023][ T5914] ? lock_acquire.part.0+0x11b/0x380 [ 99.129577][ T5914] ? find_held_lock+0x2d/0x110 [ 99.134962][ T5914] do_filp_open+0x20c/0x470 [ 99.139758][ T5914] ? __pfx_do_filp_open+0x10/0x10 [ 99.145057][ T5914] ? find_held_lock+0x2d/0x110 [ 99.150332][ T5914] ? alloc_fd+0x41f/0x760 [ 99.154957][ T5914] do_sys_openat2+0x17a/0x1e0 [ 99.159926][ T5914] ? __pfx_do_sys_openat2+0x10/0x10 [ 99.166568][ T5914] __x64_sys_openat+0x175/0x210 [ 99.172128][ T5914] ? __pfx___x64_sys_openat+0x10/0x10 [ 99.177933][ T5914] do_syscall_64+0xcd/0x250 [ 99.183056][ T5914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.189151][ T5914] RIP: 0033:0x7f2fdad85d29 [ 99.193668][ T5914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.214155][ T5914] RSP: 002b:00007f2fdbb29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 99.223517][ T5914] RAX: ffffffffffffffda RBX: 00007f2fdaf75fa0 RCX: 00007f2fdad85d29 [ 99.232109][ T5914] RDX: 0000000000200002 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 99.241133][ T5914] RBP: 00007f2fdae01b08 R08: 0000000000000000 R09: 0000000000000000 [ 99.249375][ T5914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.257473][ T5914] R13: 0000000000000000 R14: 00007f2fdaf75fa0 R15: 00007ffedc359608 [ 99.265807][ T5914] [ 99.469609][ T5834] Bluetooth: hci0: command tx timeout [ 99.709190][ T5834] Bluetooth: hci1: command tx timeout [ 99.712017][ T5845] Bluetooth: hci2: command tx timeout [ 99.715038][ T5834] Bluetooth: hci3: command tx timeout [ 100.650613][ T5921] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 100.676602][ T5921] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 100.790289][ T5921] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 100.853567][ T5921] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 100.869584][ T5921] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 100.913510][ T5921] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 100.991859][ T5921] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 101.049446][ T5921] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 101.078107][ T5921] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 101.122742][ T5921] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 101.160914][ T5921] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.205280][ T5932] ima: policy update failed [ 101.211657][ T29] audit: type=1807 audit(1737230958.288:2): UNKNOWN=§ÖÉìÓ res=0 [ 101.248030][ T5921] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.257190][ T29] audit: type=1802 audit(1737230958.288:3): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.10" res=0 errno=0 [ 101.308328][ T29] audit: type=1802 audit(1737230958.298:4): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.10" res=0 errno=0 [ 102.031134][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 102.909185][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 103.069388][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 103.168622][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 104.119182][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 104.540619][ T5993] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 104.953485][ T5979] kexec: Could not allocate control_code_buffer [ 104.998901][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 105.150484][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 105.230099][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.861424][ T6004] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.208808][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.069153][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 107.236628][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.312121][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 107.691229][ T6052] bdi 43:96: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 108.882923][ T6058] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.063584][ T6075] binder: 6074:6075 ioctl 401870c8 38 returned -22 [ 109.272140][ T6080] binder: 6074:6080 ioctl 3 4 returned -22 [ 110.059643][ T6087] program syz.0.36 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.554202][ T6075] kexec: Could not allocate control_code_buffer [ 111.116622][ T29] audit: type=1800 audit(1737230968.198:5): pid=6099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.39" name="dummy_udc" dev="gadgetfs" ino=6124 res=0 errno=0 [ 112.052351][ T6109] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 113.882316][ T6136] process 'syz.1.47' launched ':,' with NULL argv: empty string added [ 114.062505][ T6132] netlink: zone id is out of range [ 114.155788][ T6132] netlink: zone id is out of range [ 114.186790][ T6132] netlink: set zone limit has 8 unknown bytes [ 117.649814][ T6158] netlink: 28 bytes leftover after parsing attributes in process `syz.2.50'. [ 118.149820][ T6158] geneve1: entered allmulticast mode [ 118.193341][ T6173] zram: Added device: zram1 [ 120.805849][ T6208] netlink: 'syz.3.62': attribute type 4 has an invalid length. [ 122.370448][ T6234] netlink: 'syz.1.70': attribute type 11 has an invalid length. [ 122.400687][ T6234] netlink: 'syz.1.70': attribute type 11 has an invalid length. [ 122.422977][ T6234] netlink: 'syz.1.70': attribute type 11 has an invalid length. [ 122.447521][ T6234] netlink: 'syz.1.70': attribute type 11 has an invalid length. syzkaller syzkaller login: [ 128.068174][ T6320] netlink: 'syz.0.88': attribute type 11 has an invalid length. [ 128.099353][ T6320] netlink: 'syz.0.88': attribute type 11 has an invalid length. [ 128.118850][ T6320] netlink: 'syz.0.88': attribute type 11 has an invalid length. [ 128.147019][ T6320] netlink: 'syz.0.88': attribute type 11 has an invalid length. [ 128.719184][ T6334] delete_channel: no stack [ 129.260492][ T6344] netlink: 'syz.2.94': attribute type 16 has an invalid length. [ 131.391785][ T6389] netlink: 'syz.1.106': attribute type 11 has an invalid length. [ 131.436148][ T6389] netlink: 'syz.1.106': attribute type 11 has an invalid length. [ 131.467164][ T6389] netlink: 'syz.1.106': attribute type 11 has an invalid length. [ 131.510265][ T6389] netlink: 'syz.1.106': attribute type 11 has an invalid length. [ 133.761832][ T6437] netlink: 'syz.2.116': attribute type 16 has an invalid length. [ 134.139817][ T6440] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 134.166740][ T6440] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 134.177565][ T6440] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 134.201450][ T6440] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 134.629858][ T6453] FAULT_INJECTION: forcing a failure. [ 134.629858][ T6453] name fail_futex, interval 1, probability 0, space 0, times 1 [ 134.659505][ T6453] CPU: 0 UID: 0 PID: 6453 Comm: syz.1.122 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 134.670244][ T6453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 134.680381][ T6453] Call Trace: [ 134.683699][ T6453] [ 134.686957][ T6453] dump_stack_lvl+0x16c/0x1f0 [ 134.691731][ T6453] should_fail_ex+0x497/0x5b0 [ 134.696474][ T6453] get_futex_key+0x4a3/0x1000 [ 134.701218][ T6453] ? netlink_sendmsg+0x4f3/0xd70 [ 134.706739][ T6453] ? __pfx_get_futex_key+0x10/0x10 [ 134.712021][ T6453] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.717472][ T6453] futex_wait_setup+0x72/0x290 [ 134.722396][ T6453] __futex_wait+0x267/0x3c0 [ 134.727744][ T6453] ? __pfx___futex_wait+0x10/0x10 [ 134.732836][ T6453] ? __pfx_futex_wake_mark+0x10/0x10 [ 134.738385][ T6453] ? __pfx____sys_sendmsg+0x10/0x10 [ 134.743721][ T6453] futex_wait+0xe9/0x380 [ 134.748012][ T6453] ? __pfx_futex_wait+0x10/0x10 [ 134.752941][ T6453] do_futex+0x22b/0x350 [ 134.757156][ T6453] ? __pfx_do_futex+0x10/0x10 [ 134.761892][ T6453] ? fput+0x67/0x440 [ 134.765856][ T6453] ? __sys_sendmsg+0x19a/0x220 [ 134.770770][ T6453] __x64_sys_futex+0x1e1/0x4c0 [ 134.775624][ T6453] ? __pfx___x64_sys_futex+0x10/0x10 [ 134.780988][ T6453] do_syscall_64+0xcd/0x250 [ 134.785558][ T6453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.791525][ T6453] RIP: 0033:0x7f3a71f85d29 [ 134.795989][ T6453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.815681][ T6453] RSP: 002b:00007f3a72d460e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 134.824147][ T6453] RAX: ffffffffffffffda RBX: 00007f3a72175fa8 RCX: 00007f3a71f85d29 [ 134.832200][ T6453] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3a72175fa8 [ 134.840211][ T6453] RBP: 00007f3a72175fa0 R08: 0000000000000000 R09: 0000000000000000 [ 134.848852][ T6453] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3a72175fac [ 134.856956][ T6453] R13: 0000000000000000 R14: 00007ffe2b4a7400 R15: 00007ffe2b4a74e8 [ 134.865080][ T6453] [ 135.351075][ T6459] cgroup: fork rejected by pids controller in /syz2 [ 136.196402][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.202699][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.202829][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 136.269162][ T54] Bluetooth: hci2: command 0x0c1a tx timeout [ 136.531743][ T6518] netlink: 'syz.2.130': attribute type 16 has an invalid length. [ 138.151780][ T6539] binder: 6538:6539 ioctl c0105512 1 returned -22 [ 138.195139][ T6539] binder: 6538:6539 ioctl c0306201 9 returned -14 [ 138.279318][ T6541] netlink: 'syz.0.137': attribute type 11 has an invalid length. [ 138.300803][ T6541] netlink: 'syz.0.137': attribute type 11 has an invalid length. [ 138.329135][ T6541] netlink: 'syz.0.137': attribute type 11 has an invalid length. [ 138.359264][ T6541] netlink: 'syz.0.137': attribute type 11 has an invalid length. [ 138.515705][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.522752][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.691445][ T6549] FAULT_INJECTION: forcing a failure. [ 138.691445][ T6549] name failslab, interval 1, probability 0, space 0, times 0 [ 138.759089][ T6549] CPU: 1 UID: 0 PID: 6549 Comm: syz.0.139 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 138.769802][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 138.780015][ T6549] Call Trace: [ 138.783385][ T6549] [ 138.786460][ T6549] dump_stack_lvl+0x16c/0x1f0 [ 138.791227][ T6549] should_fail_ex+0x497/0x5b0 [ 138.795991][ T6549] ? fs_reclaim_acquire+0xae/0x150 [ 138.801238][ T6549] should_failslab+0xc2/0x120 [ 138.806099][ T6549] __kmalloc_noprof+0xce/0x4f0 [ 138.810962][ T6549] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 138.816671][ T6549] ? tomoyo_realpath_from_path+0xbf/0x710 [ 138.822561][ T6549] ? rcu_is_watching+0x12/0xc0 [ 138.827409][ T6549] tomoyo_realpath_from_path+0xbf/0x710 [ 138.833045][ T6549] tomoyo_check_open_permission+0x2ad/0x3c0 [ 138.839129][ T6549] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 138.845646][ T6549] ? __pfx___lock_acquire+0x10/0x10 [ 138.850940][ T6549] ? __pfx_hook_file_open+0x10/0x10 [ 138.856252][ T6549] ? lock_acquire+0x2f/0xb0 [ 138.860917][ T6549] tomoyo_file_open+0x6b/0x90 [ 138.865690][ T6549] security_file_open+0x84/0x1e0 [ 138.870848][ T6549] do_dentry_open+0x57e/0x1ea0 [ 138.875688][ T6549] ? inode_permission+0xdd/0x5f0 [ 138.880692][ T6549] vfs_open+0x82/0x3f0 [ 138.884825][ T6549] ? may_open+0x1f2/0x400 [ 138.889226][ T6549] path_openat+0x1e6a/0x2d60 [ 138.893875][ T6549] ? __pfx_path_openat+0x10/0x10 [ 138.898946][ T6549] ? __pfx___lock_acquire+0x10/0x10 [ 138.904553][ T6549] ? lock_acquire.part.0+0x11b/0x380 [ 138.910408][ T6549] ? find_held_lock+0x2d/0x110 [ 138.915489][ T6549] do_filp_open+0x20c/0x470 [ 138.920041][ T6549] ? __pfx_do_filp_open+0x10/0x10 [ 138.925201][ T6549] ? find_held_lock+0x2d/0x110 [ 138.930046][ T6549] ? alloc_fd+0x41f/0x760 [ 138.934527][ T6549] do_sys_openat2+0x17a/0x1e0 [ 138.939318][ T6549] ? __pfx_do_sys_openat2+0x10/0x10 [ 138.944613][ T6549] __x64_sys_openat+0x175/0x210 [ 138.949544][ T6549] ? __pfx___x64_sys_openat+0x10/0x10 [ 138.954987][ T6549] do_syscall_64+0xcd/0x250 [ 138.959724][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.965848][ T6549] RIP: 0033:0x7f77fdf85d29 [ 138.970319][ T6549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.989975][ T6549] RSP: 002b:00007f77fed51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 138.998480][ T6549] RAX: ffffffffffffffda RBX: 00007f77fe176080 RCX: 00007f77fdf85d29 [ 139.006581][ T6549] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 139.014776][ T6549] RBP: 00007f77fe001b08 R08: 0000000000000000 R09: 0000000000000000 [ 139.022784][ T6549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.030786][ T6549] R13: 0000000000000000 R14: 00007f77fe176080 R15: 00007ffcef7e1938 [ 139.038901][ T6549] [ 139.055342][ T6549] ERROR: Out of memory at tomoyo_realpath_from_path. [ 139.997607][ T6579] futex_wake_op: syz.0.146 tries to shift op by 64; fix this program [ 140.025658][ T6579] capability: warning: `syz.0.146' uses 32-bit capabilities (legacy support in use) [ 141.147209][ T6592] netlink: 'syz.3.148': attribute type 11 has an invalid length. [ 141.166006][ T6592] netlink: 'syz.3.148': attribute type 11 has an invalid length. [ 141.186293][ T6592] netlink: 'syz.3.148': attribute type 11 has an invalid length. [ 141.209158][ T6592] netlink: 'syz.3.148': attribute type 11 has an invalid length. [ 143.347548][ T6629] netlink: 'syz.1.160': attribute type 11 has an invalid length. [ 143.366918][ T6629] netlink: 'syz.1.160': attribute type 11 has an invalid length. [ 143.386913][ T6629] netlink: 'syz.1.160': attribute type 11 has an invalid length. [ 143.417329][ T6629] netlink: 'syz.1.160': attribute type 11 has an invalid length. [ 143.881545][ T6651] mmap: syz.2.164 (6651) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 144.843956][ T6672] erspan0: entered allmulticast mode [ 146.745552][ T6710] netlink: 'syz.2.179': attribute type 1 has an invalid length. [ 147.097561][ T6724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.182'. [ 147.133576][ T6724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.182'. [ 147.389158][ T6726] mkiss: ax0: crc mode is auto. [ 149.693688][ T6792] netlink: 'syz.0.201': attribute type 16 has an invalid length. [ 150.977507][ T6832] Process accounting resumed [ 151.150506][ T6841] Process accounting resumed [ 151.241297][ T6834] netlink: 'syz.0.212': attribute type 16 has an invalid length. [ 151.899216][ T6869] bridge0: port 3(team0) entered blocking state [ 151.907156][ T6869] bridge0: port 3(team0) entered disabled state [ 151.999303][ T6869] team0: entered allmulticast mode [ 152.009086][ T6869] team_slave_0: entered allmulticast mode [ 152.028031][ T6869] team_slave_1: entered allmulticast mode [ 152.050448][ T6869] team0: entered promiscuous mode [ 152.055583][ T6869] team_slave_0: entered promiscuous mode [ 152.087184][ T6869] team_slave_1: entered promiscuous mode [ 152.093441][ T6871] syz.0.218 uses obsolete (PF_INET,SOCK_PACKET) [ 152.130117][ T6869] bridge0: port 3(team0) entered blocking state [ 152.136843][ T6869] bridge0: port 3(team0) entered forwarding state [ 152.400021][ T6885] netlink: 'syz.0.220': attribute type 11 has an invalid length. [ 152.422186][ T6885] netlink: 'syz.0.220': attribute type 11 has an invalid length. [ 152.439447][ T6885] netlink: 'syz.0.220': attribute type 11 has an invalid length. [ 152.452443][ T6885] netlink: 'syz.0.220': attribute type 11 has an invalid length. [ 152.616726][ T6860] ptm ptm4: ldisc open failed (-12), clearing slot 4 [ 155.218751][ T6954] netlink: 'syz.0.241': attribute type 11 has an invalid length. [ 155.227175][ T6954] netlink: 'syz.0.241': attribute type 11 has an invalid length. [ 155.235916][ T6954] netlink: 'syz.0.241': attribute type 11 has an invalid length. [ 155.244825][ T6954] netlink: 'syz.0.241': attribute type 11 has an invalid length. [ 155.403540][ T6952] netlink: 28 bytes leftover after parsing attributes in process `syz.1.240'. [ 156.233362][ T6984] FAULT_INJECTION: forcing a failure. [ 156.233362][ T6984] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 156.282808][ T6984] CPU: 0 UID: 0 PID: 6984 Comm: syz.3.248 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 156.293585][ T6984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 156.303836][ T6984] Call Trace: [ 156.307447][ T6984] [ 156.310498][ T6984] dump_stack_lvl+0x16c/0x1f0 [ 156.315452][ T6984] should_fail_ex+0x497/0x5b0 [ 156.321116][ T6984] ? fs_reclaim_acquire+0xae/0x150 [ 156.326622][ T6984] should_fail_alloc_page+0xe7/0x130 [ 156.332107][ T6984] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 156.338397][ T6984] __alloc_pages_noprof+0x190/0x25b0 [ 156.343796][ T6984] ? hlock_class+0x4e/0x130 [ 156.348650][ T6984] ? mark_lock+0xb5/0xc60 [ 156.353074][ T6984] ? kasan_save_stack+0x33/0x60 [ 156.358014][ T6984] ? __pfx___lock_acquire+0x10/0x10 [ 156.363560][ T6984] ? __pfx_mark_lock+0x10/0x10 [ 156.368482][ T6984] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 156.374488][ T6984] ? hlock_class+0x4e/0x130 [ 156.379519][ T6984] ? __pfx_mark_lock+0x10/0x10 [ 156.384399][ T6984] ? hlock_class+0x4e/0x130 [ 156.388972][ T6984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 156.395165][ T6984] ? policy_nodemask+0xea/0x4e0 [ 156.400108][ T6984] alloc_pages_mpol_noprof+0x2c8/0x620 [ 156.405617][ T6984] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 156.411743][ T6984] ? __pfx___lock_acquire+0x10/0x10 [ 156.417094][ T6984] ? hlock_class+0x4e/0x130 [ 156.421671][ T6984] ? __lock_acquire+0xcc5/0x3c40 [ 156.426751][ T6984] pte_alloc_one+0x20/0x390 [ 156.431380][ T6984] do_pte_missing+0x1ae7/0x3e00 [ 156.436296][ T6984] __handle_mm_fault+0x103c/0x2a40 [ 156.442151][ T6984] ? __pfx___handle_mm_fault+0x10/0x10 [ 156.448137][ T6984] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 156.453968][ T6984] ? find_vma+0xc0/0x140 [ 156.458265][ T6984] ? __pfx_find_vma+0x10/0x10 [ 156.463013][ T6984] handle_mm_fault+0x3fa/0xaa0 [ 156.468028][ T6984] do_user_addr_fault+0x7a3/0x13f0 [ 156.473549][ T6984] exc_page_fault+0x5c/0xc0 [ 156.478103][ T6984] asm_exc_page_fault+0x26/0x30 [ 156.483009][ T6984] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 156.489141][ T6984] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 156.509597][ T6984] RSP: 0018:ffffc9000ba5fb98 EFLAGS: 00050212 [ 156.516349][ T6984] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000022 [ 156.524486][ T6984] RDX: fffff5200174bf83 RSI: 0000000000000000 RDI: ffffc9000ba5fbf8 [ 156.532695][ T6984] RBP: 0000000000000022 R08: 0000000000000001 R09: fffff5200174bf83 [ 156.540984][ T6984] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000000 [ 156.549624][ T6984] R13: ffffc9000ba5fbf8 R14: ffffc9000ba5fcb8 R15: 1ffff9200174bfaf [ 156.558135][ T6984] _copy_from_user+0x9a/0xd0 [ 156.562903][ T6984] kstrtouint_from_user+0xd7/0x1c0 [ 156.568457][ T6984] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 156.574642][ T6984] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 156.580423][ T6984] proc_fail_nth_write+0x84/0x250 [ 156.585770][ T6984] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 156.592697][ T6984] ? ksys_write+0x12b/0x250 [ 156.597253][ T6984] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 156.602937][ T6984] vfs_write+0x24c/0x1150 [ 156.607307][ T6984] ? __fget_files+0x1fc/0x3a0 [ 156.612059][ T6984] ? __pfx___mutex_lock+0x10/0x10 [ 156.617143][ T6984] ? __pfx_vfs_write+0x10/0x10 [ 156.621962][ T6984] ? __fget_files+0x206/0x3a0 [ 156.626686][ T6984] ksys_write+0x12b/0x250 [ 156.631059][ T6984] ? __pfx_ksys_write+0x10/0x10 [ 156.635963][ T6984] do_syscall_64+0xcd/0x250 [ 156.640518][ T6984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.646458][ T6984] RIP: 0033:0x7fa2bbd85d29 [ 156.650902][ T6984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.670560][ T6984] RSP: 002b:00007fa2bcbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 156.679022][ T6984] RAX: ffffffffffffffda RBX: 00007fa2bbf76080 RCX: 00007fa2bbd85d29 [ 156.687136][ T6984] RDX: 00000000fffffded RSI: 0000000000000000 RDI: 0000000000000003 [ 156.695145][ T6984] RBP: 00007fa2bcbef090 R08: 0000000000000000 R09: 0000000000000000 [ 156.703166][ T6984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.711295][ T6984] R13: 0000000000000001 R14: 00007fa2bbf76080 R15: 00007ffe609c18f8 [ 156.719717][ T6984] [ 156.973967][ T6988] FAULT_INJECTION: forcing a failure. [ 156.973967][ T6988] name failslab, interval 1, probability 0, space 0, times 0 [ 156.990310][ T6988] CPU: 0 UID: 0 PID: 6988 Comm: syz.0.249 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 157.001017][ T6988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 157.011323][ T6988] Call Trace: [ 157.015220][ T6988] [ 157.018343][ T6988] dump_stack_lvl+0x16c/0x1f0 [ 157.023605][ T6988] should_fail_ex+0x497/0x5b0 [ 157.028441][ T6988] ? fs_reclaim_acquire+0xae/0x150 [ 157.033718][ T6988] should_failslab+0xc2/0x120 [ 157.038767][ T6988] __kmalloc_noprof+0xce/0x4f0 [ 157.043720][ T6988] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 157.050147][ T6988] ? tomoyo_realpath_from_path+0xbf/0x710 [ 157.056059][ T6988] tomoyo_realpath_from_path+0xbf/0x710 [ 157.061693][ T6988] ? tomoyo_path_number_perm+0x235/0x5b0 [ 157.067610][ T6988] tomoyo_path_number_perm+0x248/0x5b0 [ 157.073303][ T6988] ? tomoyo_path_number_perm+0x235/0x5b0 [ 157.079306][ T6988] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 157.085545][ T6988] ? __pfx_lock_release+0x10/0x10 [ 157.090662][ T6988] ? trace_lock_acquire+0x14e/0x1f0 [ 157.095951][ T6988] ? lock_acquire+0x2f/0xb0 [ 157.100522][ T6988] ? __fget_files+0x40/0x3a0 [ 157.105288][ T6988] ? __fget_files+0x206/0x3a0 [ 157.110046][ T6988] security_file_ioctl+0x9b/0x240 [ 157.115144][ T6988] __x64_sys_ioctl+0xb7/0x200 [ 157.119886][ T6988] do_syscall_64+0xcd/0x250 [ 157.124469][ T6988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.130483][ T6988] RIP: 0033:0x7f77fdf85d29 [ 157.134957][ T6988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.154771][ T6988] RSP: 002b:00007f77fed72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.163487][ T6988] RAX: ffffffffffffffda RBX: 00007f77fe175fa0 RCX: 00007f77fdf85d29 [ 157.171749][ T6988] RDX: 0000000000000000 RSI: 0000000080104592 RDI: 0000000000000003 [ 157.180485][ T6988] RBP: 00007f77fed72090 R08: 0000000000000000 R09: 0000000000000000 [ 157.188679][ T6988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.196838][ T6988] R13: 0000000000000000 R14: 00007f77fe175fa0 R15: 00007ffcef7e1938 [ 157.205284][ T6988] [ 157.250307][ T6988] ERROR: Out of memory at tomoyo_realpath_from_path. [ 157.573759][ T6999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'. [ 157.661827][ T7001] netlink: 'syz.0.253': attribute type 21 has an invalid length. [ 157.694721][ T7001] netlink: 334 bytes leftover after parsing attributes in process `syz.0.253'. [ 158.866832][ T7020] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 158.875212][ T7020] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 158.883393][ T7020] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 158.891733][ T7020] netlink: 'syz.3.260': attribute type 11 has an invalid length. [ 158.998533][ T7023] ======================================================= [ 158.998533][ T7023] WARNING: The mand mount option has been deprecated and [ 158.998533][ T7023] and is ignored by this kernel. Remove the mand [ 158.998533][ T7023] option from the mount to silence this warning. [ 158.998533][ T7023] ======================================================= [ 159.001705][ T7019] netlink: 342 bytes leftover after parsing attributes in process `syz.2.258'. [ 159.067137][ T7025] FAULT_INJECTION: forcing a failure. [ 159.067137][ T7025] name failslab, interval 1, probability 0, space 0, times 0 [ 159.080033][ T7025] CPU: 0 UID: 0 PID: 7025 Comm: syz.0.261 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 159.090714][ T7025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 159.100844][ T7025] Call Trace: [ 159.104190][ T7025] [ 159.107162][ T7025] dump_stack_lvl+0x16c/0x1f0 [ 159.111909][ T7025] should_fail_ex+0x497/0x5b0 [ 159.116677][ T7025] ? fs_reclaim_acquire+0xae/0x150 [ 159.121926][ T7025] should_failslab+0xc2/0x120 [ 159.126654][ T7025] __kmalloc_noprof+0xce/0x4f0 [ 159.131467][ T7025] ? d_absolute_path+0x137/0x1b0 [ 159.136458][ T7025] ? tomoyo_encode2+0x100/0x3e0 [ 159.141355][ T7025] tomoyo_encode2+0x100/0x3e0 [ 159.146084][ T7025] tomoyo_realpath_from_path+0x1a7/0x710 [ 159.151774][ T7025] tomoyo_path_number_perm+0x248/0x5b0 [ 159.157292][ T7025] ? tomoyo_path_number_perm+0x235/0x5b0 [ 159.162983][ T7025] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 159.169077][ T7025] ? __pfx_lock_release+0x10/0x10 [ 159.174142][ T7025] ? trace_lock_acquire+0x14e/0x1f0 [ 159.179743][ T7025] ? lock_acquire+0x2f/0xb0 [ 159.184287][ T7025] ? __fget_files+0x40/0x3a0 [ 159.188917][ T7025] ? __fget_files+0x206/0x3a0 [ 159.193646][ T7025] security_file_ioctl+0x9b/0x240 [ 159.198707][ T7025] __x64_sys_ioctl+0xb7/0x200 [ 159.203421][ T7025] do_syscall_64+0xcd/0x250 [ 159.208061][ T7025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.214022][ T7025] RIP: 0033:0x7f77fdf85d29 [ 159.218482][ T7025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.238214][ T7025] RSP: 002b:00007f77fed72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.246673][ T7025] RAX: ffffffffffffffda RBX: 00007f77fe175fa0 RCX: 00007f77fdf85d29 [ 159.254789][ T7025] RDX: 0000000000000000 RSI: 0000000080104592 RDI: 0000000000000003 [ 159.262982][ T7025] RBP: 00007f77fed72090 R08: 0000000000000000 R09: 0000000000000000 [ 159.271009][ T7025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.279112][ T7025] R13: 0000000000000000 R14: 00007f77fe175fa0 R15: 00007ffcef7e1938 [ 159.287157][ T7025] [ 159.291376][ T7025] ERROR: Out of memory at tomoyo_realpath_from_path. [ 159.722235][ T7029] Invalid ELF header magic: != ELF [ 159.790109][ T7029] Invalid ELF header magic: != ELF [ 159.927785][ T7029] Invalid ELF header magic: != ELF [ 160.085905][ T7029] Invalid ELF header magic: != ELF [ 160.170211][ T7029] Invalid ELF header magic: != ELF [ 160.259474][ T7061] netlink: 'syz.2.270': attribute type 11 has an invalid length. [ 160.279406][ T7061] netlink: 'syz.2.270': attribute type 11 has an invalid length. [ 160.297863][ T7061] netlink: 'syz.2.270': attribute type 11 has an invalid length. [ 160.311774][ T7029] Invalid ELF header magic: != ELF [ 160.319159][ T7061] netlink: 'syz.2.270': attribute type 11 has an invalid length. [ 160.701692][ T7067] loop6: detected capacity change from 0 to 8192 [ 160.991532][ T7074] FAULT_INJECTION: forcing a failure. [ 160.991532][ T7074] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 161.037785][ T7074] CPU: 1 UID: 0 PID: 7074 Comm: syz.3.275 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 161.048914][ T7074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 161.059059][ T7074] Call Trace: [ 161.062388][ T7074] [ 161.065364][ T7074] dump_stack_lvl+0x16c/0x1f0 [ 161.070117][ T7074] should_fail_ex+0x497/0x5b0 [ 161.074868][ T7074] _copy_from_user+0x2e/0xd0 [ 161.079541][ T7074] evdev_do_ioctl+0xce9/0x1ae0 [ 161.084375][ T7074] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 161.089658][ T7074] ? trace_lock_acquire+0x14e/0x1f0 [ 161.094950][ T7074] ? __pfx_evdev_ioctl+0x10/0x10 [ 161.099973][ T7074] evdev_ioctl+0x16a/0x1a0 [ 161.104466][ T7074] ? __pfx_evdev_ioctl+0x10/0x10 [ 161.109513][ T7074] __x64_sys_ioctl+0x190/0x200 [ 161.114344][ T7074] do_syscall_64+0xcd/0x250 [ 161.118924][ T7074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.124893][ T7074] RIP: 0033:0x7fa2bbd85d29 [ 161.129373][ T7074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.149052][ T7074] RSP: 002b:00007fa2bcc10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.157544][ T7074] RAX: ffffffffffffffda RBX: 00007fa2bbf75fa0 RCX: 00007fa2bbd85d29 [ 161.165588][ T7074] RDX: 0000000000000000 RSI: 0000000080104592 RDI: 0000000000000003 [ 161.174150][ T7074] RBP: 00007fa2bcc10090 R08: 0000000000000000 R09: 0000000000000000 [ 161.182608][ T7074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.190649][ T7074] R13: 0000000000000000 R14: 00007fa2bbf75fa0 R15: 00007ffe609c18f8 [ 161.198712][ T7074] [ 161.349020][ T7075] netlink: 342 bytes leftover after parsing attributes in process `syz.1.274'. [ 162.119570][ T7104] netlink: 108 bytes leftover after parsing attributes in process `syz.2.281'. [ 162.301273][ T7106] netlink: 146 bytes leftover after parsing attributes in process `syz.0.282'. [ 162.651292][ T7122] netlink: 146 bytes leftover after parsing attributes in process `syz.0.282'. [ 164.965229][ T7181] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 165.077725][ T7181] netlink: 20 bytes leftover after parsing attributes in process `syz.2.297'. [ 165.620073][ T7190] netlink: 28 bytes leftover after parsing attributes in process `syz.2.300'. [ 165.672202][ T7196] svc: failed to register nfsdv3 RPC service (errno 111). [ 165.693995][ T7196] svc: failed to register nfsaclv3 RPC service (errno 111). [ 165.916581][ T7190] hsr_slave_0 (unregistering): left promiscuous mode [ 167.200258][ T7235] netlink: 'syz.0.310': attribute type 11 has an invalid length. [ 167.229212][ T7235] netlink: 'syz.0.310': attribute type 11 has an invalid length. [ 167.237888][ T7235] netlink: 'syz.0.310': attribute type 11 has an invalid length. [ 167.269848][ T7235] netlink: 'syz.0.310': attribute type 11 has an invalid length. [ 167.399253][ T54] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 167.951817][ T7253] netlink: 16 bytes leftover after parsing attributes in process `syz.3.314'. [ 169.184959][ T7279] netlink: 'syz.0.323': attribute type 16 has an invalid length. [ 169.469825][ T7283] vhci_hcd: invalid port number 115 [ 169.517020][ T7283] vhci_hcd: default hub control req: 6974 v6679 i0073 l0 [ 171.054827][ T7309] netlink: 'syz.2.332': attribute type 11 has an invalid length. [ 171.062964][ T7309] netlink: 'syz.2.332': attribute type 11 has an invalid length. [ 171.070989][ T7309] netlink: 'syz.2.332': attribute type 11 has an invalid length. [ 171.078895][ T7309] netlink: 'syz.2.332': attribute type 11 has an invalid length. [ 171.633229][ T29] audit: type=1807 audit(1737231040.708:6): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 171.645659][ T29] audit: type=1802 audit(1737231040.708:7): pid=7326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.338" res=0 errno=0 [ 171.667736][ T7326] ima: policy update failed [ 171.689110][ T29] audit: type=1802 audit(1737231040.768:8): pid=7326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.338" res=0 errno=0 [ 171.935678][ T7337] netlink: 342 bytes leftover after parsing attributes in process `syz.0.341'. [ 172.700937][ T7364] netlink: 'syz.2.346': attribute type 16 has an invalid length. [ 173.838806][ T7398] netlink: 1204 bytes leftover after parsing attributes in process `syz.2.356'. [ 173.838814][ T7399] netlink: 1204 bytes leftover after parsing attributes in process `syz.2.356'. [ 174.962412][ T7406] syz.2.357 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 176.716987][ T7472] netlink: 'syz.2.368': attribute type 16 has an invalid length. syzkaller syzkaller login: [ 177.485357][ T7487] Invalid ELF header magic: != ELF [ 177.631564][ T7487] can: request_module (can-proto-5) failed. [ 177.955830][ T7498] netlink: 28 bytes leftover after parsing attributes in process `syz.1.373'. [ 178.922821][ T7512] netlink: 'syz.2.377': attribute type 11 has an invalid length. [ 178.949051][ T7512] netlink: 'syz.2.377': attribute type 11 has an invalid length. [ 178.977457][ T7512] netlink: 'syz.2.377': attribute type 11 has an invalid length. [ 178.996020][ T7512] netlink: 'syz.2.377': attribute type 11 has an invalid length. [ 179.029431][ T7509] netlink: 28 bytes leftover after parsing attributes in process `syz.0.375'. [ 179.162883][ T7509] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 181.038282][ T7554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.389'. [ 183.915650][ T7609] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[7609] [ 183.931440][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.405'. [ 184.295170][ T7614] netlink: 28 bytes leftover after parsing attributes in process `syz.3.408'. [ 186.136128][ T7637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.411'. [ 187.051284][ T7659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.416'. [ 187.105746][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.229464][ T7659] bridge_slave_0 (unregistering): left allmulticast mode [ 187.237032][ T7659] bridge_slave_0 (unregistering): left promiscuous mode [ 187.248601][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.169031][ T7655] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 188.205687][ T7655] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 188.233822][ T7655] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 188.258758][ T7655] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 188.749056][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.990488][ T7688] netlink: 28 bytes leftover after parsing attributes in process `syz.3.422'. [ 189.203003][ T7685] netlink: 28 bytes leftover after parsing attributes in process `syz.0.421'. [ 189.502083][ T7685] bond0: (slave bond_slave_0): Releasing backup interface [ 190.269225][ T54] Bluetooth: hci2: command 0x0c1a tx timeout [ 190.269294][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 190.276310][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 192.665346][ T7739] FAULT_INJECTION: forcing a failure. [ 192.665346][ T7739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.727860][ T7739] CPU: 0 UID: 0 PID: 7739 Comm: syz.1.435 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 192.738550][ T7739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 192.748672][ T7739] Call Trace: [ 192.751996][ T7739] [ 192.755678][ T7739] dump_stack_lvl+0x16c/0x1f0 [ 192.760437][ T7739] should_fail_ex+0x497/0x5b0 [ 192.765194][ T7739] _copy_to_user+0x32/0xd0 [ 192.769696][ T7739] simple_read_from_buffer+0xd0/0x160 [ 192.775144][ T7739] proc_fail_nth_read+0x198/0x270 [ 192.780282][ T7739] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 192.785923][ T7739] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 192.791549][ T7739] vfs_read+0x1df/0xbe0 [ 192.795772][ T7739] ? __fget_files+0x1fc/0x3a0 [ 192.800519][ T7739] ? __pfx___mutex_lock+0x10/0x10 [ 192.805622][ T7739] ? __pfx_vfs_read+0x10/0x10 [ 192.810379][ T7739] ? __fget_files+0x206/0x3a0 [ 192.815137][ T7739] ksys_read+0x12b/0x250 [ 192.819463][ T7739] ? __pfx_ksys_read+0x10/0x10 [ 192.824304][ T7739] do_syscall_64+0xcd/0x250 [ 192.828886][ T7739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.834854][ T7739] RIP: 0033:0x7f3a71f8473c [ 192.839341][ T7739] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 192.859106][ T7739] RSP: 002b:00007f3a72d25030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 192.867592][ T7739] RAX: ffffffffffffffda RBX: 00007f3a72176080 RCX: 00007f3a71f8473c [ 192.875626][ T7739] RDX: 000000000000000f RSI: 00007f3a72d250a0 RDI: 0000000000000005 [ 192.883656][ T7739] RBP: 00007f3a72d25090 R08: 0000000000000000 R09: 0000000000000000 [ 192.891685][ T7739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.899715][ T7739] R13: 0000000000000001 R14: 00007f3a72176080 R15: 00007ffe2b4a74e8 [ 192.907764][ T7739] [ 192.982015][ T7742] netlink: 28 bytes leftover after parsing attributes in process `syz.3.437'. [ 196.207715][ T7818] netlink: 'syz.1.455': attribute type 11 has an invalid length. [ 196.269018][ T7818] netlink: 'syz.1.455': attribute type 11 has an invalid length. [ 196.334524][ T7818] netlink: 'syz.1.455': attribute type 11 has an invalid length. [ 196.368578][ T7818] netlink: 'syz.1.455': attribute type 11 has an invalid length. [ 196.967786][ T7839] netlink: 338 bytes leftover after parsing attributes in process `syz.3.460'. [ 197.973989][ T7868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.463'. [ 198.169844][ T7860] devtmpfs: Unknown parameter ' ' [ 198.740572][ T7889] netlink: 8 bytes leftover after parsing attributes in process `syz.0.471'. [ 199.297153][ T7907] netlink: 'syz.1.476': attribute type 11 has an invalid length. [ 199.339164][ T7907] netlink: 'syz.1.476': attribute type 11 has an invalid length. [ 199.369217][ T7907] netlink: 'syz.1.476': attribute type 11 has an invalid length. [ 199.412581][ T7907] netlink: 'syz.1.476': attribute type 11 has an invalid length. [ 199.866570][ T7908] netlink: 306 bytes leftover after parsing attributes in process `syz.2.475'. [ 199.951436][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.958000][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.519299][ T7921] netlink: 28 bytes leftover after parsing attributes in process `syz.2.481'. [ 205.317129][ T7984] svc: failed to register nfsdv3 RPC service (errno 111). [ 205.387119][ T7984] svc: failed to register nfsaclv3 RPC service (errno 111). [ 206.529341][ T7996] netlink: 'syz.3.496': attribute type 11 has an invalid length. [ 206.537806][ T7996] netlink: 'syz.3.496': attribute type 11 has an invalid length. [ 206.679178][ T7996] netlink: 'syz.3.496': attribute type 11 has an invalid length. [ 206.687009][ T7996] netlink: 'syz.3.496': attribute type 11 has an invalid length. [ 208.383850][ T8017] bridge0: port 4(veth1_to_hsr) entered blocking state [ 208.391534][ T8017] bridge0: port 4(veth1_to_hsr) entered disabled state [ 208.401331][ T8017] veth1_to_hsr: entered allmulticast mode [ 208.416900][ T8017] veth1_to_hsr: entered promiscuous mode [ 208.429587][ T8017] bridge0: port 4(veth1_to_hsr) entered blocking state [ 208.436978][ T8017] bridge0: port 4(veth1_to_hsr) entered forwarding state [ 209.932907][ T8030] FAULT_INJECTION: forcing a failure. [ 209.932907][ T8030] name failslab, interval 1, probability 0, space 0, times 0 [ 209.982278][ T8030] CPU: 1 UID: 0 PID: 8030 Comm: syz.0.507 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 209.993156][ T8030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 210.003682][ T8030] Call Trace: [ 210.007456][ T8030] [ 210.010453][ T8030] dump_stack_lvl+0x16c/0x1f0 [ 210.015371][ T8030] should_fail_ex+0x497/0x5b0 [ 210.020236][ T8030] ? fs_reclaim_acquire+0xae/0x150 [ 210.025477][ T8030] should_failslab+0xc2/0x120 [ 210.030328][ T8030] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 210.035792][ T8030] ? alloc_empty_file+0x73/0x1e0 [ 210.040824][ T8030] alloc_empty_file+0x73/0x1e0 [ 210.045680][ T8030] alloc_file_pseudo+0x13d/0x200 [ 210.050719][ T8030] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 210.056331][ T8030] ? alloc_fd+0x41f/0x760 [ 210.060772][ T8030] sock_alloc_file+0x50/0x1d0 [ 210.065576][ T8030] __sys_socket+0x1c2/0x260 [ 210.070166][ T8030] ? __pfx___sys_socket+0x10/0x10 [ 210.075332][ T8030] ? rcu_is_watching+0x12/0xc0 [ 210.080207][ T8030] __x64_sys_socket+0x72/0xb0 [ 210.085065][ T8030] ? lockdep_hardirqs_on+0x7c/0x110 [ 210.090619][ T8030] do_syscall_64+0xcd/0x250 [ 210.095224][ T8030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.101736][ T8030] RIP: 0033:0x7f77fdf85d29 [ 210.106401][ T8030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.126674][ T8030] RSP: 002b:00007f77fed72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 210.135168][ T8030] RAX: ffffffffffffffda RBX: 00007f77fe175fa0 RCX: 00007f77fdf85d29 [ 210.143214][ T8030] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 210.151249][ T8030] RBP: 00007f77fe001b08 R08: 0000000000000000 R09: 0000000000000000 [ 210.159399][ T8030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.167705][ T8030] R13: 0000000000000000 R14: 00007f77fe175fa0 R15: 00007ffcef7e1938 [ 210.175778][ T8030] [ 210.717365][ T8048] netlink: 'syz.0.512': attribute type 11 has an invalid length. [ 210.758236][ T8048] netlink: 'syz.0.512': attribute type 11 has an invalid length. [ 210.812437][ T8048] netlink: 'syz.0.512': attribute type 11 has an invalid length. [ 210.834259][ T8048] netlink: 'syz.0.512': attribute type 11 has an invalid length. [ 213.221196][ T8101] netlink: 'syz.2.522': attribute type 11 has an invalid length. [ 213.229910][ T8101] netlink: 'syz.2.522': attribute type 11 has an invalid length. [ 213.238074][ T8101] netlink: 'syz.2.522': attribute type 11 has an invalid length. [ 213.253702][ T8101] netlink: 'syz.2.522': attribute type 11 has an invalid length. [ 214.509329][ T8124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.989218][ T8131] netlink: 8 bytes leftover after parsing attributes in process `syz.0.528'. [ 216.419388][ T8146] netlink: 'syz.2.532': attribute type 11 has an invalid length. [ 216.464739][ T8146] netlink: 'syz.2.532': attribute type 11 has an invalid length. [ 216.495114][ T8146] netlink: 'syz.2.532': attribute type 11 has an invalid length. [ 216.529132][ T8146] netlink: 'syz.2.532': attribute type 11 has an invalid length. [ 219.296597][ T8171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.538'. [ 220.972467][ T8202] netlink: 28 bytes leftover after parsing attributes in process `syz.2.544'. [ 221.851815][ T8218] netlink: 28 bytes leftover after parsing attributes in process `syz.0.547'. [ 221.939169][ T8218] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 221.971302][ T8224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'. [ 222.067836][ T8227] mkiss: ax0: crc mode is auto. [ 222.216483][ T8226] mkiss: ax0: crc mode is auto. [ 223.420923][ T8264] netlink: 28 bytes leftover after parsing attributes in process `syz.0.558'. [ 223.918562][ T8275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.561'. [ 224.888794][ T8282] Invalid ELF header magic: != ELF [ 225.333389][ T8303] Invalid ELF header magic: != ELF [ 226.760608][ T8319] netlink: 8 bytes leftover after parsing attributes in process `syz.0.570'. [ 227.238539][ T8334] netlink: 'syz.2.574': attribute type 11 has an invalid length. [ 227.265849][ T8334] netlink: 'syz.2.574': attribute type 11 has an invalid length. [ 227.316231][ T8334] netlink: 'syz.2.574': attribute type 11 has an invalid length. [ 228.372108][ T8354] WARNING! power/level is deprecated; use power/control instead [ 228.692501][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.3.581'. [ 228.927053][ T8364] netlink: 28 bytes leftover after parsing attributes in process `syz.3.582'. [ 229.179200][ T8369] netlink: 1204 bytes leftover after parsing attributes in process `syz.3.584'. [ 229.220771][ T8369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.584'. [ 229.418093][ T8377] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(3912612146.1622237737.3929262020), cmd(17) [ 229.837126][ T8387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.590'. [ 230.048883][ T8394] mkiss: ax0: crc mode is auto. [ 230.431429][ T8406] netlink: 'syz.1.597': attribute type 11 has an invalid length. [ 230.872357][ T8419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.602'. [ 230.980550][ T8425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.603'. [ 231.115614][ T8425] veth1_macvtap: entered allmulticast mode [ 231.562658][ T8435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'. [ 232.034683][ T8450] netlink: 'syz.1.608': attribute type 11 has an invalid length. [ 232.044407][ T8450] netlink: 'syz.1.608': attribute type 11 has an invalid length. [ 232.052347][ T8450] netlink: 'syz.1.608': attribute type 11 has an invalid length. [ 232.062110][ T8450] netlink: 'syz.1.608': attribute type 11 has an invalid length. [ 232.343723][ T8460] netlink: 8 bytes leftover after parsing attributes in process `syz.3.611'. [ 234.639344][ T8496] netlink: 28 bytes leftover after parsing attributes in process `syz.1.622'. [ 236.201654][ T8511] netlink: 'syz.1.627': attribute type 11 has an invalid length. [ 236.229382][ T8511] netlink: 'syz.1.627': attribute type 11 has an invalid length. [ 236.263449][ T8511] netlink: 'syz.1.627': attribute type 11 has an invalid length. [ 236.299262][ T8511] netlink: 'syz.1.627': attribute type 11 has an invalid length. [ 237.151528][ T8525] Invalid ELF header magic: != ELF [ 237.379124][ T8537] netlink: 8 bytes leftover after parsing attributes in process `syz.3.634'. [ 239.049953][ T8557] netlink: 'syz.0.638': attribute type 11 has an invalid length. [ 239.078267][ T8557] netlink: 'syz.0.638': attribute type 11 has an invalid length. [ 239.094251][ T8557] netlink: 'syz.0.638': attribute type 11 has an invalid length. [ 239.119191][ T8557] netlink: 'syz.0.638': attribute type 11 has an invalid length. [ 239.227213][ T8555] program syz.2.637 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 239.299422][ T8555] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 240.706614][ T8591] Process accounting resumed [ 241.071201][ T8614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.652'. [ 241.497356][ T8630] futex_wake_op: syz.3.656 tries to shift op by 64; fix this program [ 242.317958][ T8658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.665'. [ 242.390872][ T8660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.664'. [ 242.420378][ T8660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.664'. [ 242.560978][ T8643] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 242.567178][ T8643] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 242.590027][ T8643] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 242.596456][ T8643] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 242.715891][ T8667] netlink: 'syz.0.668': attribute type 11 has an invalid length. [ 242.734236][ T8667] netlink: 'syz.0.668': attribute type 11 has an invalid length. [ 242.763351][ T8667] netlink: 'syz.0.668': attribute type 11 has an invalid length. [ 242.779930][ T8667] netlink: 'syz.0.668': attribute type 11 has an invalid length. [ 244.039115][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 244.589179][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 244.596624][ T8706] random: crng reseeded on system resumption [ 244.669912][ T54] Bluetooth: hci2: command 0x0c1a tx timeout [ 244.676033][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 245.225363][ T8717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.686'. [ 246.148026][ T8729] netlink: 28 bytes leftover after parsing attributes in process `syz.0.690'. [ 246.177297][ T8731] netlink: 28 bytes leftover after parsing attributes in process `syz.0.690'. [ 246.709185][ T8729] hsr_slave_0 (unregistering): left promiscuous mode [ 248.585972][ T8763] netlink: 342 bytes leftover after parsing attributes in process `syz.3.696'. [ 249.700376][ T8785] netlink: 342 bytes leftover after parsing attributes in process `syz.3.702'. [ 249.733895][ T8785] netlink: 342 bytes leftover after parsing attributes in process `syz.3.702'. [ 250.531846][ T8787] raw_sendmsg: syz.3.705 forgot to set AF_INET. Fix it! [ 251.709193][ T54] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 251.730802][ T8818] netlink: 28 bytes leftover after parsing attributes in process `syz.3.712'. [ 251.790081][ T8817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.710'. [ 251.829143][ T8818] macvlan1: entered promiscuous mode [ 251.865749][ T8817] lo: entered allmulticast mode [ 252.029028][ T8819] lo: left allmulticast mode [ 253.175654][ T8842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.717'. [ 255.938422][ T8888] FAULT_INJECTION: forcing a failure. [ 255.938422][ T8888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 256.027446][ T8888] CPU: 1 UID: 0 PID: 8888 Comm: syz.1.727 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 256.038158][ T8888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 256.048278][ T8888] Call Trace: [ 256.051616][ T8888] [ 256.054594][ T8888] dump_stack_lvl+0x16c/0x1f0 [ 256.059353][ T8888] should_fail_ex+0x497/0x5b0 [ 256.064118][ T8888] _copy_to_user+0x32/0xd0 [ 256.068620][ T8888] simple_read_from_buffer+0xd0/0x160 [ 256.074062][ T8888] proc_fail_nth_read+0x198/0x270 [ 256.079166][ T8888] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 256.084830][ T8888] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 256.090474][ T8888] vfs_read+0x1df/0xbe0 [ 256.094707][ T8888] ? __fget_files+0x1fc/0x3a0 [ 256.099442][ T8888] ? __pfx___mutex_lock+0x10/0x10 [ 256.104550][ T8888] ? __pfx_vfs_read+0x10/0x10 [ 256.109279][ T8888] ? __fget_files+0x206/0x3a0 [ 256.114007][ T8888] ksys_read+0x12b/0x250 [ 256.118289][ T8888] ? __pfx_ksys_read+0x10/0x10 [ 256.123104][ T8888] do_syscall_64+0xcd/0x250 [ 256.127655][ T8888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.133599][ T8888] RIP: 0033:0x7f3a71f8473c [ 256.138045][ T8888] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 256.157704][ T8888] RSP: 002b:00007f3a72d46030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 256.166158][ T8888] RAX: ffffffffffffffda RBX: 00007f3a72175fa0 RCX: 00007f3a71f8473c [ 256.174163][ T8888] RDX: 000000000000000f RSI: 00007f3a72d460a0 RDI: 0000000000000003 [ 256.182166][ T8888] RBP: 00007f3a72d46090 R08: 0000000000000000 R09: 0000000000000000 [ 256.190174][ T8888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.198182][ T8888] R13: 0000000000000000 R14: 00007f3a72175fa0 R15: 00007ffe2b4a74e8 [ 256.206203][ T8888] [ 256.635108][ T8893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.729'. [ 257.389139][ T54] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 257.788815][ T8912] netlink: 28 bytes leftover after parsing attributes in process `syz.3.735'. [ 259.759542][ T8942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.740'. [ 260.759182][ T8966] netlink: 'syz.3.747': attribute type 11 has an invalid length. [ 260.799073][ T8966] netlink: 'syz.3.747': attribute type 11 has an invalid length. [ 260.806916][ T8966] netlink: 'syz.3.747': attribute type 11 has an invalid length. [ 260.865801][ T8966] netlink: 'syz.3.747': attribute type 11 has an invalid length. [ 261.392126][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.399902][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.962743][ T8993] zram: Added device: zram2 [ 262.171081][ T8998] netlink: 28 bytes leftover after parsing attributes in process `syz.2.750'. [ 262.934170][ T9026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.761'. [ 262.950118][ T9026] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 262.967493][ T9026] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 263.046020][ T9026] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 263.062104][ T9026] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 263.940301][ T9049] netlink: 28 bytes leftover after parsing attributes in process `syz.0.766'. [ 265.801464][ T9094] FAULT_INJECTION: forcing a failure. [ 265.801464][ T9094] name failslab, interval 1, probability 0, space 0, times 0 [ 265.838653][ T9094] CPU: 0 UID: 0 PID: 9094 Comm: syz.0.773 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 265.849349][ T9094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 265.859468][ T9094] Call Trace: [ 265.862814][ T9094] [ 265.865799][ T9094] dump_stack_lvl+0x16c/0x1f0 [ 265.870563][ T9094] should_fail_ex+0x497/0x5b0 [ 265.875318][ T9094] ? fs_reclaim_acquire+0xae/0x150 [ 265.880506][ T9094] should_failslab+0xc2/0x120 [ 265.885319][ T9094] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 265.890776][ T9094] ? prepare_creds+0x2e/0x750 [ 265.895635][ T9094] prepare_creds+0x2e/0x750 [ 265.900221][ T9094] ? get_ruleset_from_fd+0x95/0x240 [ 265.905504][ T9094] __x64_sys_landlock_restrict_self+0x149/0x410 [ 265.911832][ T9094] do_syscall_64+0xcd/0x250 [ 265.916432][ T9094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.922416][ T9094] RIP: 0033:0x7f77fdf85d29 [ 265.926907][ T9094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.946594][ T9094] RSP: 002b:00007f77fed72038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 265.955092][ T9094] RAX: ffffffffffffffda RBX: 00007f77fe175fa0 RCX: 00007f77fdf85d29 [ 265.963133][ T9094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 265.971255][ T9094] RBP: 00007f77fe001b08 R08: 0000000000000000 R09: 0000000000000000 [ 265.979291][ T9094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.987324][ T9094] R13: 0000000000000000 R14: 00007f77fe175fa0 R15: 00007ffcef7e1938 [ 265.995381][ T9094] [ 266.458527][ T9105] netlink: 24 bytes leftover after parsing attributes in process `syz.0.777'. [ 267.353692][ T9129] netlink: 'syz.3.781': attribute type 11 has an invalid length. [ 267.379062][ T9129] netlink: 'syz.3.781': attribute type 11 has an invalid length. [ 267.387542][ T9129] netlink: 'syz.3.781': attribute type 11 has an invalid length. [ 267.421114][ T9129] netlink: 'syz.3.781': attribute type 11 has an invalid length. [ 269.437785][ T9175] netlink: 'syz.3.790': attribute type 11 has an invalid length. [ 269.492899][ T9175] netlink: 'syz.3.790': attribute type 11 has an invalid length. [ 269.527978][ T9175] netlink: 'syz.3.790': attribute type 11 has an invalid length. [ 269.561607][ T9175] netlink: 'syz.3.790': attribute type 11 has an invalid length. [ 274.184661][ T9215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.799'. [ 275.427029][ T9181] Process accounting paused [ 277.879523][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.805'. [ 279.723009][ T9239] netlink: 40 bytes leftover after parsing attributes in process `syz.1.807'. [ 279.892391][ T9240] [ 279.894811][ T9240] ====================================================== [ 279.901880][ T9240] WARNING: possible circular locking dependency detected [ 279.909014][ T9240] 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 Not tainted [ 279.916166][ T9240] ------------------------------------------------------ [ 279.923236][ T9240] syz.1.807/9240 is trying to acquire lock: [ 279.929275][ T9240] ffff888142fedde0 (&q->sysfs_lock){+.+.}-{4:4}, at: queue_attr_store+0xe2/0x170 [ 279.938615][ T9240] [ 279.938615][ T9240] but task is already holding lock: [ 279.946018][ T9240] ffff888142fed8b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: queue_attr_store+0xd8/0x170 [ 279.956321][ T9240] [ 279.956321][ T9240] which lock already depends on the new lock. [ 279.956321][ T9240] [ 279.966770][ T9240] [ 279.966770][ T9240] the existing dependency chain (in reverse order) is: [ 279.975921][ T9240] [ 279.975921][ T9240] -> #4 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 279.984621][ T9240] blk_mq_submit_bio+0x1fb6/0x24c0 [ 279.990319][ T9240] __submit_bio+0x384/0x540 [ 279.995429][ T9240] submit_bio_noacct_nocheck+0x698/0xd70 [ 280.001675][ T9240] submit_bio_noacct+0x93a/0x1e20 [ 280.007328][ T9240] mpage_readahead+0x41d/0x590 [ 280.012869][ T9240] read_pages+0x1a8/0xdc0 [ 280.017791][ T9240] page_cache_ra_unbounded+0x3dc/0x750 [ 280.023851][ T9240] force_page_cache_ra+0x24b/0x340 [ 280.029556][ T9240] page_cache_sync_ra+0x110/0x9c0 [ 280.035187][ T9240] filemap_get_pages+0xd7b/0x1be0 [ 280.040817][ T9240] filemap_read+0x3ca/0xd70 [ 280.045928][ T9240] blkdev_read_iter+0x187/0x480 [ 280.051377][ T9240] vfs_read+0x87f/0xbe0 [ 280.056124][ T9240] ksys_read+0x12b/0x250 [ 280.060964][ T9240] do_syscall_64+0xcd/0x250 [ 280.066061][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.072559][ T9240] [ 280.072559][ T9240] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}: [ 280.081249][ T9240] down_read+0x9a/0x330 [ 280.086024][ T9240] filemap_fault+0x2e0/0x2820 [ 280.091319][ T9240] __do_fault+0x10a/0x490 [ 280.096287][ T9240] do_pte_missing+0xebd/0x3e00 [ 280.101644][ T9240] __handle_mm_fault+0x103c/0x2a40 [ 280.107362][ T9240] handle_mm_fault+0x3fa/0xaa0 [ 280.112721][ T9240] __get_user_pages+0x8d9/0x3b50 [ 280.118253][ T9240] __gup_longterm_locked+0x211/0x1870 [ 280.124321][ T9240] gup_fast_fallback+0x1802/0x2690 [ 280.130036][ T9240] pin_user_pages_fast+0xa8/0x100 [ 280.135745][ T9240] iov_iter_extract_pages+0x3a5/0x2010 [ 280.141818][ T9240] bio_iov_iter_get_pages+0x37c/0x1100 [ 280.147970][ T9240] blkdev_direct_IO+0x1054/0x1ad0 [ 280.153859][ T9240] blkdev_write_iter+0x6f9/0xd40 [ 280.159417][ T9240] vfs_write+0x5ae/0x1150 [ 280.164424][ T9240] ksys_write+0x12b/0x250 [ 280.169437][ T9240] do_syscall_64+0xcd/0x250 [ 280.174539][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.181041][ T9240] [ 280.181041][ T9240] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 280.189210][ T9240] __might_fault+0x11b/0x190 [ 280.194400][ T9240] _copy_from_user+0x29/0xd0 [ 280.199594][ T9240] __blk_trace_setup+0xa8/0x180 [ 280.205304][ T9240] blk_trace_setup+0x47/0x70 [ 280.210483][ T9240] sg_ioctl+0x7a3/0x26b0 [ 280.215334][ T9240] __x64_sys_ioctl+0x190/0x200 [ 280.220925][ T9240] do_syscall_64+0xcd/0x250 [ 280.226012][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.232505][ T9240] [ 280.232505][ T9240] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 280.240427][ T9240] __mutex_lock+0x19b/0xa60 [ 280.245530][ T9240] blk_register_queue+0x13c/0x4f0 [ 280.251232][ T9240] add_disk_fwnode+0x785/0x1300 [ 280.256690][ T9240] brd_alloc.isra.0+0x50a/0x7c0 [ 280.262132][ T9240] brd_init+0x12b/0x1d0 [ 280.266866][ T9240] do_one_initcall+0x128/0x630 [ 280.272226][ T9240] kernel_init_freeable+0x58f/0x8b0 [ 280.278035][ T9240] kernel_init+0x1c/0x2b0 [ 280.282960][ T9240] ret_from_fork+0x45/0x80 [ 280.287953][ T9240] ret_from_fork_asm+0x1a/0x30 [ 280.293311][ T9240] [ 280.293311][ T9240] -> #0 (&q->sysfs_lock){+.+.}-{4:4}: [ 280.300946][ T9240] __lock_acquire+0x249e/0x3c40 [ 280.306372][ T9240] lock_acquire.part.0+0x11b/0x380 [ 280.312067][ T9240] __mutex_lock+0x19b/0xa60 [ 280.317170][ T9240] queue_attr_store+0xe2/0x170 [ 280.322531][ T9240] sysfs_kf_write+0x117/0x170 [ 280.327799][ T9240] kernfs_fop_write_iter+0x33d/0x500 [ 280.333680][ T9240] vfs_write+0x5ae/0x1150 [ 280.338595][ T9240] ksys_write+0x12b/0x250 [ 280.343515][ T9240] do_syscall_64+0xcd/0x250 [ 280.348606][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.355092][ T9240] [ 280.355092][ T9240] other info that might help us debug this: [ 280.355092][ T9240] [ 280.365387][ T9240] Chain exists of: [ 280.365387][ T9240] &q->sysfs_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#23 [ 280.365387][ T9240] [ 280.380299][ T9240] Possible unsafe locking scenario: [ 280.380299][ T9240] [ 280.387798][ T9240] CPU0 CPU1 [ 280.393204][ T9240] ---- ---- [ 280.398614][ T9240] lock(&q->q_usage_counter(io)#23); [ 280.404060][ T9240] lock(mapping.invalidate_lock#2); [ 280.411941][ T9240] lock(&q->q_usage_counter(io)#23); [ 280.419899][ T9240] lock(&q->sysfs_lock); [ 280.424287][ T9240] [ 280.424287][ T9240] *** DEADLOCK *** [ 280.424287][ T9240] [ 280.432466][ T9240] 6 locks held by syz.1.807/9240: [ 280.437533][ T9240] #0: ffff888035224b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x267/0x390 [ 280.446710][ T9240] #1: ffff888035794420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 [ 280.455823][ T9240] #2: ffff8880aa46f488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 [ 280.465686][ T9240] #3: ffff8880203500f8 (kn->active#133){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 [ 280.475920][ T9240] #4: ffff888142fed8b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: queue_attr_store+0xd8/0x170 [ 280.486674][ T9240] #5: ffff888142fed8e8 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: queue_attr_store+0xd8/0x170 [ 280.497589][ T9240] [ 280.497589][ T9240] stack backtrace: [ 280.503516][ T9240] CPU: 1 UID: 0 PID: 9240 Comm: syz.1.807 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 280.514171][ T9240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 280.524286][ T9240] Call Trace: [ 280.527605][ T9240] [ 280.530580][ T9240] dump_stack_lvl+0x116/0x1f0 [ 280.535321][ T9240] print_circular_bug+0x41c/0x610 [ 280.540423][ T9240] check_noncircular+0x31a/0x400 [ 280.545545][ T9240] ? __pfx_check_noncircular+0x10/0x10 [ 280.551114][ T9240] ? save_trace+0x290/0xa10 [ 280.555700][ T9240] ? add_lock_to_list+0x17d/0x390 [ 280.560797][ T9240] __lock_acquire+0x249e/0x3c40 [ 280.565707][ T9240] ? __pfx___lock_acquire+0x10/0x10 [ 280.570955][ T9240] ? __pfx___lock_acquire+0x10/0x10 [ 280.576214][ T9240] lock_acquire.part.0+0x11b/0x380 [ 280.581479][ T9240] ? queue_attr_store+0xe2/0x170 [ 280.586480][ T9240] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 280.592193][ T9240] ? rcu_is_watching+0x12/0xc0 [ 280.597020][ T9240] ? trace_lock_acquire+0x14e/0x1f0 [ 280.602286][ T9240] ? find_held_lock+0x2d/0x110 [ 280.607138][ T9240] ? queue_attr_store+0xe2/0x170 [ 280.612147][ T9240] ? lock_acquire+0x2f/0xb0 [ 280.616716][ T9240] ? queue_attr_store+0xe2/0x170 [ 280.621727][ T9240] __mutex_lock+0x19b/0xa60 [ 280.626302][ T9240] ? queue_attr_store+0xe2/0x170 [ 280.631314][ T9240] ? mark_held_locks+0x9f/0xe0 [ 280.636157][ T9240] ? queue_attr_store+0xe2/0x170 [ 280.641173][ T9240] ? __pfx___mutex_lock+0x10/0x10 [ 280.646285][ T9240] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 280.652185][ T9240] ? blk_mq_freeze_queue_wait+0xaf/0x190 [ 280.657895][ T9240] ? __pfx_autoremove_wake_function+0x10/0x10 [ 280.664041][ T9240] ? queue_attr_store+0xd8/0x170 [ 280.669052][ T9240] ? queue_attr_store+0xe2/0x170 [ 280.674068][ T9240] queue_attr_store+0xe2/0x170 [ 280.678897][ T9240] ? __pfx_queue_attr_store+0x10/0x10 [ 280.684332][ T9240] sysfs_kf_write+0x117/0x170 [ 280.689087][ T9240] kernfs_fop_write_iter+0x33d/0x500 [ 280.694446][ T9240] ? __pfx_sysfs_kf_write+0x10/0x10 [ 280.699722][ T9240] vfs_write+0x5ae/0x1150 [ 280.704098][ T9240] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 280.709956][ T9240] ? __pfx___mutex_lock+0x10/0x10 [ 280.715030][ T9240] ? __pfx_vfs_write+0x10/0x10 [ 280.719836][ T9240] ksys_write+0x12b/0x250 [ 280.724207][ T9240] ? __pfx_ksys_write+0x10/0x10 [ 280.729093][ T9240] do_syscall_64+0xcd/0x250 [ 280.733646][ T9240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.739585][ T9240] RIP: 0033:0x7f3a71f85d29 [ 280.744033][ T9240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.763674][ T9240] RSP: 002b:00007f3a72d25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 280.772125][ T9240] RAX: ffffffffffffffda RBX: 00007f3a72176080 RCX: 00007f3a71f85d29 [ 280.780125][ T9240] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 280.788204][ T9240] RBP: 00007f3a72001b08 R08: 0000000000000000 R09: 0000000000000000 [ 280.796202][ T9240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.804199][ T9240] R13: 0000000000000000 R14: 00007f3a72176080 R15: 00007ffe2b4a74e8 [ 280.812202][ T9240] [ 281.337115][ T9245] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'