last executing test programs: 6m8.414465423s ago: executing program 3 (id=1185): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.0/driver_override\x00', 0x20000, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x40080, 0x0) ioctl$auto_RTC_UIE_ON(r1, 0x7003, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) syz_clone3(&(0x7f0000000200)={0x182000080, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/56, 0x38) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x100000000, 0x8) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x2000002, 0x3ff, 0xdf, 0x1001c, 0xffffffffffffffff, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82082, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x29, 0x80000, 0x0) socket(0x1, 0x2, 0x0) 6m7.828334331s ago: executing program 3 (id=1188): unshare$auto(0x20000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x9, 0x9, 0x3, 0x9b72, 0x8000000000000000, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fsopen$auto(0x0, 0x1) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(0xffffffffffffffff, 0x0, 0x24004054) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) r0 = clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) r1 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, 0x0, 0x2201, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x381182, 0x0) pipe$auto(&(0x7f00000000c0)=r1) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_prog_fd=0xffffffffffffffff, 0x3}, 0xa3) syz_genetlink_get_family_id$auto_nfsd(0x0, r4) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r2, 0x80045010, &(0x7f0000000040)=0x4) socket(0x2, 0x1, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) timer_create$auto(0x3, 0x0, &(0x7f0000000280)=0x6) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8044}, 0x10) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x5) timer_settime$auto(0x0, 0xffff7ffc, &(0x7f00000000c0)={{0xf, 0x10}, {0xc, 0x200000000}}, 0x0) write$auto(0x3, 0x0, 0xfffffdeb) open_tree$auto(r3, 0x0, 0x9) r5 = syz_open_procfs$namespace(r0, &(0x7f00000001c0)='ns/net\x00') setns(r5, 0x0) 6m6.127050674s ago: executing program 3 (id=1197): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), 0xffffffffffffffff) (async) statx$auto(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2, 0x7fff, &(0x7f0000000140)={0x9, 0x0, 0x21a, 0xd2f9, 0xffffffffffffffff, 0xffffffffffffffff, 0xd, 0x3ff, 0x21bff908, 0x8000000, 0x8000000000000000, 0x8000000000000001, {0x9, 0x1}, {0xfffffffffffffffb, 0x80000000}, {0x3, 0x3}, {0x2, 0x794f}, 0xc, 0x20c0, 0x80000001, 0x3, 0x6, 0x6, 0x5, 0x100000001, 0x81, 0x6b47b527, 0x5, 0x2, [0x7, 0x5, 0xa14, 0x8daf, 0x7fffffff, 0x2, 0x1, 0xff, 0xd]}) fstat$auto(r0, &(0x7f0000000240)={0xfffffffffffff000, 0xa05, 0x7, 0x3000000, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x4, 0xfffffffffffffffa, 0x10, 0x9, 0x1f, 0x7, 0xc5, 0x2000, 0x7}) sendmsg$auto_NL802154_CMD_STOP_BEACONS(r1, &(0x7f0000000740)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000700)={&(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYRES32=r3, @ANYRES32=r3, @ANYBLOB="04000480abfd9522b060eb64a76950a1859ae27aac282c0ec4e8819667170df80cad80f8d6154b244f275d0690dcd138417728d74d2e85d63dbbb61bd23913abb869cf06801d83fbb34f96d75954ebe76ce29241225465b9baa384c468ca67cec22861569c5f1db50076cf614b78a41d779025f7e6fc7e0492da54d4297380993de0b3c3e447810cc77f8555fc9d2f0bf2e5a1701454b5519adb9c59f42b8a87f1bc067b1fb043438f5d0c075d86decb5c27d741a3bc94babd684a08827ed2f192fd6d5425aaa996fa8bca7d6a2cb18c0820014661d43c4ade8293e8a3efbdeb268fc895eada1707ef011e0038002f70726f632f7468726561642d73656c662f706167656d61700000006601df80aae809879b0edac85972730175d2bc51b283937362731644b12da5c9d587b1b9801ff1a0df2cf9305dcd7431df071c13b4b927fae22e04013b4a6894ad40faed61ff214b57ce03a445475cb892f61f0eeb8688f29b13d07bd8f69743226c067da5d4f6417caa7ee966592f5253d455cfb53c364520b180e396b50d53f30e833d72d0262ae2d64f5f17277b7dfd72dfc128b22448552d30a5a59735bcde4d505cf8bfb33d3148900cedddc6a40cadb38e5de6b052eb0f2f9d36263718109df6df7e6717f39e35089a1addd1367aa5d8b2c595509d070109f3b73c6f935bbcfef3134d2ab8214d6958458727935e9a5b156af1cfe91b1a11706059f89122ba4367c558220613824d9cac9ec26464d6afc9cdd61d7c2f83f88dddd44f15ec78321725d1e41a3293315f3185c5370d7b419c82967694fdb77989eae0d4c704ec8241a4653444c18f9d7b1fc202b20df00c00100003000000000000000800c000", @ANYRESHEX=r1, @ANYBLOB='\x00\x00\b\x00.\x00', @ANYRES32=r4, @ANYBLOB="1400ce00fc0000000000000000000000000000000000000500110004000000"], 0x3e8}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) (async) r5 = bpf$auto(0xa, &(0x7f0000000e40)=@query={@target_fd, 0x3ff, 0x0, 0x8, 0x8, @prog_cnt=0x96a, 0x0, 0x0, 0x10, 0x6, 0x4}, 0x400) close_range$auto(r5, r0, 0xa9) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x803, 0x10008, 0xd, 0x1000049, 0xffffffffffffffff, 0x20000000000807, 0x3}, 0x6f3) (async) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c00000010417d4aca51cb8ab5bfb89989e82992c1e0d505ae543de9725df6faf4498184360ab3a341f61c5b90a738c40f49e76d872e4fc22766006f8815537d0b9da4d1141e5956a4e6b7663e9e591c53ba6ac0ce4f61c187a54c68f09dd8eb9796c29047a585ea464b253eb684878118ca6bd187512ad3dd35a5ed362ff78e49708a3b11e5fe305c0d4298492f72a06366950452d977eb1e75d08100421a53a2a15b7d7361c3978a10c95bbf8a9748940b5c62e71bfdb99986cbe52e1299094f9944aa739dd3b62c032565b3848930879fd2c43a65f884ad607fba0d531bbcf613c9c278", @ANYRES16=r7, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000c000380080011800400168012000100898771f1c19f1779048590828847000004000280"], 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) preadv2$auto(r0, &(0x7f0000000040)={&(0x7f0000000000)="5c7724ba2b2f4edd40de444bcc0cbdd296b0da0827e582cb", 0x2}, 0x1, 0xf, 0x3, 0x0) (async) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x2, 0x2c, 0x2c, 0x1, 0x2}) 6m5.806138342s ago: executing program 3 (id=1201): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000380)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto_snd_pcm_oss_f_reg_pcm_oss(r0, &(0x7f0000000280)="c2", 0x1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio0\x00', 0x1600, 0x0) acct$auto(&(0x7f0000000100)='Z\x00') adjtimex$auto(&(0x7f0000000000)={0xfffffff0, 0x0, 0x7, 0x9c, 0xe1d, 0x3, 0x3, 0x0, 0xfffffffffffffff7, 0x4, 0x80000000004, {0x100000000, 0x2}, 0x8000000252, 0x5, 0x3, 0x1, 0x0, 0x4, 0x9, 0xc578, 0x4, 0x400, 0x7ff}) acct$auto(&(0x7f0000000140)='\x00') memfd_secret$auto(0x5) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)=0xff) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0x7) ioctl$auto_SNDCTL_DSP_GETODELAY(r0, 0x80045017, &(0x7f0000000040)=0xa7) 6m5.477728344s ago: executing program 3 (id=1204): r0 = socket(0x10, 0x2, 0xf) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000800) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/self/net/dev_snmp6/ip6gre0\x00', 0x400400, 0x0) mmap$auto(0x84c, 0x7f, 0x2, 0x8012, r1, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0x411, 0x401, 0x7ffc) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x21, 0x2, 0x2) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = prctl$auto(0x2f, 0x4, 0xd85, 0x1, 0x5) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xe, 0x10007}, {0x0, 0x800}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="21022cbd0000fbdbdf2501"], 0x1c}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000000) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_DELETE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f8010000", @ANYRES16=r3, @ANYBLOB="000128bd7000fedbdf2509000000080016000004000067010180cc8056a127292727272b51fcb235b148c2259c80de808dbd0b12b73b9b6bd2704c67e0411f2c67df2c47eb398d09970eecb858e4af2f2a76cee2f7b0bf90d3b5133b58610b65c3f3a033177e5fba84723d075e7209f2440c8a23833c6d0f9fcd8b8a72379be1b77d069073d31fd3ae2aa8b39db859802bd9d9eadedba9880f8d52ea4d3d96f6a3093e5206e20556456ceaddc00d5c93f3e962f1c75a7e55a1a26e121590cb2ff48866a507673f6b517a2133485856e7cd9da21b17faed44b66fa5dd617e5225377c8f9e67f580ec407105afe21a790f6ecafc760cb830c5b144b5f84b9215b2b6e60f4271002780877d675743842f5cdae48a9c8d398142900514c736ec5c92c837561b019084bba926bb6a68188d33db9258d47c9d5ef8660e58f762fe470ba9ff8f23d4246524404c0f810d8acab4229f7424233188a83a4e8d4a810b95060aa6c52ba853283b5a677028a75312c3acbdc7e1b400000000080010000400000008000900aa08000061000580bde0812dde57b2d5f80afc17bdf47213fc513d7022fcb514ec0ecab7a1a60cfeb533d10929f96968fe5f38fdca99ac3eef7661cecdc460cd3e03a8a010799274b21900ace01b2db2efb67cc60efc41009050f7943706b267e277ff6770000000"], 0x1f8}, 0x1, 0x0, 0x0, 0x16}, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000129bd7000fedbdf2503000000080012000a0000000800070001000000080007006b00000104000b00"], 0x30}}, 0x1) madvise$auto(0x8c3a, 0x2, 0xf) socket(0x2, 0x3, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a0, 0x8) 6m4.476426913s ago: executing program 3 (id=1209): r0 = socket(0x10, 0x2, 0xf) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000800) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (fail_nth: 2) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/self/net/dev_snmp6/ip6gre0\x00', 0x400400, 0x0) mmap$auto(0x84c, 0x7f, 0x2, 0x8012, r1, 0x8000) sendfile$auto(0x6, 0x3, 0x0, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0x411, 0x401, 0x7ffc) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x21, 0x2, 0x2) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x8c3a, 0x2, 0xf) socket(0x2, 0x3, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a0, 0x8) 6m3.88584412s ago: executing program 32 (id=1209): r0 = socket(0x10, 0x2, 0xf) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000800) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (fail_nth: 2) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/self/net/dev_snmp6/ip6gre0\x00', 0x400400, 0x0) mmap$auto(0x84c, 0x7f, 0x2, 0x8012, r1, 0x8000) sendfile$auto(0x6, 0x3, 0x0, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0x411, 0x401, 0x7ffc) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x21, 0x2, 0x2) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x8c3a, 0x2, 0xf) socket(0x2, 0x3, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a0, 0x8) 5.965564789s ago: executing program 0 (id=2897): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x200) madvise$auto(0xd, 0x0, 0x0) lstat$auto(0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = gettid() process_vm_writev$auto(r0, 0x0, 0x3, 0x0, 0x5, 0x0) r1 = syz_open_procfs$namespace(r0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) clone$auto(0xfffffffe20000, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x800ffffffff) 5.181167099s ago: executing program 0 (id=2901): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x22, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4000008000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = memfd_create$auto(0x0, 0xe) r2 = socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f00000000c0), 0x55) setsockopt$auto(r2, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) shutdown$auto(r0, 0x7) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x3, 0x4, 0x4000000000dc, 0x40eb2, 0xa1c, 0x8) madvise$auto(0xffffffffffffffff, 0xffffffff7fffffff, 0x40000019) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) socket(0x8, 0x5, 0x6) pipe2$auto(&(0x7f0000000000)=r1, 0x1) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000840)="4c9b6e", 0x3) socket(0x8, 0x0, 0x4) read$auto(0x3, 0x0, 0xfdef) 3.815769496s ago: executing program 0 (id=2905): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7400fcdbdf25140000000c00018008000100", @ANYRES32=r2, @ANYBLOB="08001a"], 0x28}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) r3 = socketpair$auto(0xc6a4, 0x3, 0x4, &(0x7f00000001c0)=0x7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000002c0), r3) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r5, 0x400, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x24000081}, 0x48044) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) mknod$auto(&(0x7f0000000b00)='X))\x00', 0x63c1, 0x7ff) lstat$auto(&(0x7f0000000180)='X))\x00', 0x0) socket(0x28, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x9) r6 = socket(0x2, 0x6, 0x0) settimeofday$auto(&(0x7f0000000200)={0x6, 0x4}, &(0x7f0000000240)={0x4, 0x800}) ioperm$auto(0x800, 0x5, 0xd) io_destroy$auto(0xfffffffffffffffa) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, r1, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_RX_BUF_LEN={0x8, 0xa, 0x4}, @ETHTOOL_A_RINGS_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffffffff}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x48}}, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r8 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r8, 0x8008550e, r8) 3.507933828s ago: executing program 0 (id=2907): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)=0x40) r1 = socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x408, 0x3, 0x10101, 0x6fb3, 0x8a, 0xffffd387, r1, [0x100, 0x7, 0x7f], {0x2, 0x7, 0x3034, 0xc, 0x8f, 0x5, 0x5, 0xfffffff9, 0x6}, {0x4000, 0x2, 0x0, 0xfffff000, 0x0, 0xb89, 0xd5, 0x837, 0x8}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='_\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) write$auto(0xffffffffffffffff, &(0x7f0000000040)='5', 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.521755293s ago: executing program 0 (id=2914): r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x29, 0x46, 0x0, 0x18000112) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) memfd_secret$auto(0x800000) ioctl$auto(0xffffffffffffffff, 0x4b68, 0x1) madvise$auto(0x3a3, 0x2, 0x8) r1 = openat$auto_fops_x16_ro_(0xffffffffffffff9c, 0x0, 0x50000, 0x0) close_range$auto(r1, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(0xffffffffffffffff, 0x0, 0x40) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_getsetattr$auto(0x3, 0x0, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x0) bpf$auto(0xd, 0x0, 0x6f5) r2 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) read$auto_ptdump_curusr_fops_(r2, &(0x7f0000000280)=""/80, 0x50) madvise$auto(0x0, 0x100fffd, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = gettid() mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x86, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x3) kill$auto(r3, 0x11) 2.38782062s ago: executing program 1 (id=2915): r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214af"], 0x14}, 0x1, 0x0, 0x0, 0x20000045}, 0x24000044) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000100), 0xffffffffffffffff) capget$auto(&(0x7f0000000140)={0x3, 0x0}, &(0x7f0000000180)={0x8, 0x8, 0x7ff}) sendmsg$auto_IPVS_CMD_FLUSH(r0, &(0x7f0000001840)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001800)={&(0x7f00000001c0)={0x15dc, r3, 0x0, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x31}]}, @IPVS_CMD_ATTR_SERVICE={0x1275, 0x1, 0x0, 0x1, [@typed={0x8, 0x5e, 0x0, 0x0, @ipv4=@broadcast}, @nested={0x27, 0x1, 0x0, 0x1, [@generic="2acb8c30d2b35d8a6c8bfc0e9b0c7604f37183", @typed={0x8, 0x14c, 0x0, 0x0, @pid=r4}, @nested={0x4, 0xe9}, @nested={0x4, 0x61}]}, @generic="33910a97c396bc717174f554824eba1584c277763664ff89e0bcb89cf73a0d4b63800e3157f0631e92a8558a6a80ee6fa5bc190c8b1940d729d89de04dd134238db01c4eb30164051d506985aaf7333e3fa44808e0d16707a62b2394ba78568afed1412d41b2288eb985503ec1061454e33b3ae7eba67c197053513194e236dca6c0c7acb2fb307c0d4ddfc7ac1bbbb27a6133c52cef7436ebbbad7eeb7b28bf4d186a7a7c92854a2ee95379712838db7ce838d15f2243f3767a35287cff54d54d79bf7379519fda34e8b4c725deb16f3193f3632b9f43152828f749e27e4492a41674af23b91d29c8a49951c1a5ce09d3fd9c46e6f1b1e8", @generic="b776207d33970409a08ca821a24af3d662a59fcdb33f6d3f3f909b9e7739b2ea52395a40f9969c6c4b8805e57c05eef23dd2596acda4e2fa1b44412d999a936d0437e941c84a3372f7edf06bebc0608d27fa8245201450e8dda5d79295975ef22a5b5fe8561813b91eeceb22a17b8208b0d69d99ccc79c8e1bb864866dccb05c8250bca75d9553729d6a124fc00c3ef6255b47910cd503b6599fd3b6bbe8bb32790a39c780d53d92bad8a7386ee7eff70be02be51c5ae473790bbd00a62465be1f7d81c03b81a2fc15df04107556b66ca15e3389e5eb0e6980423ee79cc5271893bbc90a839270277a98013acba25f644f347f4ce12c1b0b4e41c355dddb8bd4295967fe00c79792b070b27de2bb15619223021d8bcfa37b0d94fd2bad707c0449df2b69bd23dd4d3412aca2e53af7f110b56ae54b0eefe78e3953894892c4c7af5b01bffccbf55d5483ab2c051c808fdf6bdd9e4a86ff19fa45dcbacabb82bc9e5b0e7a78b21ee8ac736149030a8db3747916756d189089ef82eb74025d341f00ebe3e8fc4cd5cde50c1c821815213bc7023e2c4c19af5ffdb7aae97999a91f44f7906b1fbdf152695a03d9d30b5240dd713e7806251d46738c40aede990b84b18437b5e3ed9c12b42c334bb92c75a47f2692d6a376bb89e7bc5b1d81c9a7e8008494102fa6b3bb1b7b72bbf4eaa4efc5af777b84e4c636536a0c3825864fde50cb5c3e99f9979688e1c60d84c72f04465191427be8ff68f1d2b4a5f45cf03edd9277d86a058f17f45f33d8609525442a28919b9a50164178d456c2cb0e3141d38efafd8961829e0a47577d51ed2b158955290a92fa683c444635948f08243806ffe911364f8fa0a5a3667f04bd91e4623d29c2b9e5f15d794712d983b6f4dfecceb9100b0a84dc12f568687af05071f15955b18dde47f1112739b61dab822672b0440777808ba74dee2296a9d926d119c63cb07f70a6cef741ec997032fd7c9c3d5a94901ade3c325eaee12a61a1bb5a4f1d047d7f7cb7cb19b2a1176a88f7f53ccdef6bf6e859f4f90b1c29bfc0cd444816a1e6335c0c5aee312da3b01d1efafe77f750c177800ffaa37a1f157e5bbe7bb079997e6d11a145e26d32ea864f82c711ccc31de41447f6e22afcabc9929c111b5dc3796e0f5a3346d09d88adb8fff332142d0b7891d97a0e21652a72817552dbdb2aa56dd1dfcd9d3559dcc2546ef0542ad12a8d18acf6c4174fa56ab75c081c74e1d9ca9d34a2cf13ef81c2dbc48ea6e6e59733267026e9f8147ba7059556b3041efaf11315657fb1fa3eb700cdf219527d833c9b74bd543ed29d3b6191504f8e8d779986ec2aa8ed522c96c52d2840b5629d585242598af0a3fde571f6b3b2c7ac21a3cebe1ed3b03f5e80a2a63e371a50524d61c3e89bcbb738a64ffa33691a081b55e6119ee385b6d3de05c4d4b3355fd785c5665ec70539f6f0fa9038777e1d6e08eb0c4fa981142b9930dff63194673690223dd5919c99a78f0675149db5437fa6ccd0a21363f4a394c91631214b0476358a8acdee3bbb42777368776fb6f9f441ccfce5b233a8b509c24cd29174d5c13bf6b3a5da21fd88e108a60033cf12d1927eea619cb87440e34849d4e0877a70f1bffd687a2fa914c5ec0356294137fcd8acfac6e8b50645bc7a948f533d66a198fb5b6ce3d19e26544155f6fcac4ce6bf80e1a952e347f7d641617b6285dd1d173e2952a9adaae411f80356eafa9b54fbd29955330da697ddd140afc3bdd131fdb6c326864da08fd071fbfcf0c5f998435f89fd9eb876395f19ff3e3ae19a94c2a3d433358d5edca4f8cb018432a505a67c0652f7383836738d37eacc0898fbab3a4abb31d4e3b6e7f47ffdfaae14e3ed5b3bf077a807219f8443420309ac2cd99bc5dcbf3d22b470d8112cd3077e60828f79bcfb92ebd8617172df6fc078707551c79f60d2492710c83efd4c2af242d2dd3c95120d0c83d763cfb8ccf7edf7e6d974cd8b98643dd280596532a301e97f4bf2433818b757cdc5df356a574db08eb22709e84ee079c731cd6f6b7ee2d37378c9f9a23cae617ac331aa20ced6d9ff6c77a5c1a288b1ae32497eef435fa8ba4ce1f965992e6dbfd686aa3dd092ce7a6cf8834d47884d9c7228f4b3e1b8c345121b43d8818b58909d64144f6e483634b81cdd3b7156b29bf1694fcdc858331baecd7d2187b9f4a2d2210cb6e7d0fe57e9d591429a361ea86940e9b279293cc969581d6b713364588e33b7184b016145b143d7bb2ee1ad709ab8ad5d0c240212ea39a961751001b935acc56232df0326e8ee41c13488dcd2f1a9e95d8c2e805c82a0702174fee258f0be6f92b36083640fb3cd32abb49b8a4c786d6d107694c4b77c88307f3bf806e9b27bb0361a36730a18e17ff35a2fca363c4feb634b8e7c8b98da3d9103e93c14045ee4403f1ec9261da41b9fc58f6921c3647a33a06858eacd135e35e26cfaf8062a0669b45067b8b45b280faef459c22cb0eb75cd6b7b7533e138538c44c831027c32198351bea17fff1477a7e09ae59461c19c5508b715626ec083682cf3fd6cccd4aae570724500762bcc6bcbeda5290b07513cccd0f13e089ee93214f0e91803a784aa26f28d90df6a0c0103d6538a237d12e445c0ceafe290326840c670d9f28ef7a1e6a5e71e6f36c052b5f9853731f8083886802c3be579fa6afb6a0adb76f2f687d9baa63dd245052ae5d7d7eeb91ea6974ede9f002a7539cd541fce8f7b761a3c4f2f89943bc55333acd0181585832f969cc6ecc613746accbba13c16ab0f63d4c0df432bf8ad86b913b17b115089d78311fc06bb30b127239cf339d9905c672b8641cdb759abc273b4ed535d38ce0752349b59fbed74e0667bb939f8970738255c1da27e1c2f18cd537696a06dfa14edf6c9889a223bc2d821a3cb90b430977654752ebb24104934165f3d7b5b103353a0bd533e66105a392ba2734f66dc9920b638c8748b502737cf8718ddcce56047f0390ed06860f66591a03a68d992c64818fdddaceb53e6e4033130bfa6bae62bbd9572653ff7f0b5f4871b91ed19c806906f56bd7e80b0181365aaf48eef1c32514313c3a843786983730a8f07051f07dd002277bb5956e73eeed77bec889b1c4f3a6933f6b1d554ede27cde78b86232bc85b42d8847fd469fad4b2674373ee3304380b44d6dab69110470eba303ea5ae721afd3eedc66c2ade96ba747a0d2fbef3ebe56e8d8e7bb7a9d9fcf0e6ee83ec63eb43b7ae1cf0f30b2f688e4fb53c7a1e7b57dbbad320109677af584ae3a33b71de62cb5c10152424366300ae8d000ce3f43411a59f3b62f0e656782c5c483ba5871af6775be4e92edce243bdbaa049b2c6baaaddfdc6cff0089950fe569b10691b90de5df07d6ff77349b2975e7ceff2e604c6c6ebb13d8019dfd94519f579d0295e9900b62bca299b026983e5594d781ad5f5c67b2c409fc7dae9c129a4324ded4f32db5447b3fd6fd2e0c19e964c8acaf0407eec197aeafc7ca09e42982c13658d869b6038b4e7219aed680f0e9b3e9c19aa782b2f8b1a989c1186abf189ed68052f952989040e8f22909499b38398722da4827a9bae27b79e71d61dc222b79d2fa1b3b0c948b93b325523d058505b305c7afe5ad8ab16dc8a19748cf14a7e512ae2a426646b38479ca7e5b314c2fbdd917dedce49d457b1df78c711457429cf69cedddcca8a3826c9e358a18f81f14535f2347dc3a07cce6662c740006223eaa87d9c5ac30e395a0f78f24d35f7b8e2cdb49a8b82979cb07e9cbc1eb3c442eea845db6a3d172157df80dc7a44014f141fcf9ea448e5e16e91703315f0ccd9ff539af849e814c21da4994fc5a8a7c32af3d54231ad51c7a3fd7c0d2620162a5589a57edd2c5c8df6e6d85f010e617339c97cf596bf712690407c79e87805809a73f1a589bc65d5b9e17b0349c105bb299299672bc1b034a78f92e295178395bfedd339f0ee7a9baf7666fb97d2c5c94adc8abf190fa7708712cddb570c20abae08d0fac2c4c37fc933cd9d52c00572899601bd6ab774a236f1dce68b6186ede90c7f3449f9287b12265975f6d049500f2df74d598464642517a0c1ec8df37d34fce41f2570decfe55ca617f3ba2edd8bc66350bc7b5985d8a25a5ca578a7c62bbe19c4afafa6de0fb11d29cc1ba7b877004de506cd2e0d87dffbed24b5e9886a0a871b738d77b2d3a24f2ad36fb383949a2188cf19e81d5b7e92ffdae601c363f941c5bf9194c5016694da8a1612fc3f1c5091201aac665dc03be2548ade9ac1d2ca232150e91c3909c461c335e01066904a7cc1da4c2db0a3a294a78c0ef30a5c7dedaedfcf201788413178e1a25e96005ccf437bd977185014a983b3f63b46d167fae7cde6c91b647adcd9e23abcb548810c2a5ddf6c0bdaca799eecad6d77b93b2b466eb603d4d78676aa1efa090b9d9ee9cff820e019840c67482987e67fa0e1a816a24d9f967a4b712a3ce923c9bffb4ee7d087ab59fec123093e3870086e7a89c517b3912280980d6168647557999be81e840758ad78883e7f3035772235ee1aaf80f544c76b389d7cb6a72ece5c4f04df240a362936698f3b35939e3c12368c4bcd43422cd470e025d29ef4811883dd58573e4543ae22a39e4e69019474f7bace474c0445eeaca63655c9e2aa81717e7c074247ada93cea52801fef73f1888464e69c69c249e3684d5f4f29e6df9eaf8b00a7631d939577518f0bf7d84b7f39fbaff9c06df0af15a7f5273ff4c3d70eba68f4870987de6344df72d530b6fe0ac88033994d86ee143a9497d700011056fcf6a36d8377ca2b9e3db4a9f6eec79fd84a93c056707fa44a1df2d2b30a5ffaa7be12c4b26455927d4ad8873c9ababe03bb5050df279c23e31eb0b2160a2bd54139c9ea92ff67236ef8465d81c6cde5e136ff198ef6fe7f0eb89034a5198337af13e52a6c683d152b6023ec2ba26b7485ade3ef82cf4e6d496a131f649f62f307a5531bf477211658cd98baa29aed337cff353e0650d7eebf3606d001d259fe77ec54c3d431dbc16c1fde23fd31acf50be3ca15f9ecd4105a0613a489a57a479e4cf3f7d86539be4e4f12a32338a55e412fd5b8c9b26e1f9d748b3b1428dcaf54a806578099e2f390869ff902cee7086f93752d80dde991a934ffd9657b23cfd504bde43ce02b9590398792337dfecf36bc16caf5d4a9330d308c4aaa53ae1b0bb1c1ac106b2a0358404949a42af537b89e772e292d312f84b8079ddfbda6d51bd3276c3ba9912b00907c386b51356243f74d9ec229661142590141eb10b09dde0227189d8b6e469896af0fd586c199d9ecb38ba4b7e957420483ed9c16e153450d594dee53f257ab71ea2b8ddf29281abb4675ac8c74927ecd42f0444e82fbb77447d2a68e8f472ee4bd2915effd098f7d311c3f1cdf4878034e9c803c368c191629e34c537c0f45eda44fb6b031c614e19f10cc49456f80dd3393cbb705fdb57f751956fc55fc5df6761fb00bd3aaf690ac4c362d3019496a794a8a743d531fa1db12c6cdb83c21b91463dafe0f88a6617e803e105868e4ef637e71c22d89cfde2f345e8b5bfac219285486298d99baf5722f9ccf80d2088f703e0d8b29af90ad1580a60790860ef78d3844cdc86f654f6c64e319bdcbcfa8778c397bb82268e764c1068c44f44ef702f820a2b098e861d27d891d2fb8549b69621a35817947fca175effa5a66922a9bb08856d4f51ea56e28658a87e5665c340035b9a46a61d4a5d9751", @generic="ab52ac4c712246432b68dd6c9950d8e0fbf295242a927ac2d6497ad846c220aa89bff7a4efbb0bc2a0cf5bcb29ac0c569690d08ef29a3396b7", @typed={0xe, 0x59, 0x0, 0x0, @str='[&.:**[}-\x00'}, @nested={0xfd, 0x1f, 0x0, 0x1, [@generic="ade1242356d9e1945459dd5aa5956e577ce96a7f79296b717207eb99586f8e6cc9ae97f5d444c8d62d8e231c14d02b98fb32158987872fcf483994315daa66e8fa939bafed0f2b3788dad741333a9551eaf4e05574aab0a384aeeee8fb25aa5bfcf4234cb41bd5bdecdbc4aaa1df2e8a31087f89dd51d8d0f7d4a07cf1ada932119ef1ea9c86b7e2f2be0d8361199c206b59875e2849f516b2be861af7367f2eb24f24c9c0705d587bff27659cf2b6237eba624aecf0ee904330188e0f04c556db3641f2c899b81304f05c9834ae410a4e26c4753848ae81851cde4a1edaa100c8fde7b6019dc24c1a491f734cd5419f975fa09ef8dec77ff1"]}]}, @IPVS_CMD_ATTR_DAEMON={0x320, 0x3, 0x0, 0x1, [@typed={0x14, 0x76, 0x0, 0x0, @ipv6=@remote}, @nested={0x15b, 0xc7, 0x0, 0x1, [@generic="b6a7f64bb25903ad75f73eb9b5e4dbd04e5fe3eaeede54cb8f8eff57d0448610ddf82ee1d832ff9990c8bd1d302f72a57933b1e38a16426cbcae2cf62abf0b2f1341ee29361b9bd77842d78d5bc7d37b20acd0dc400d601ba815b5d2fd7e6e96878b1bcc9aab27985191768cbd298b6bf1df72d5fc0d223a718d6abd20d39369e812034aaf4a38fd28540fd7ece1b099d84dfc67079f447ef63f95f9437b89620986448d7583891e030318e10d9346a7d8", @generic="6e036bfd4559eaadd11e266256dab27bbb06ea88a58c87b53ba348c72b3929a7b62bdcff01a939634e0fe5925e758850b96f9178775a93331c085af9b40fe7075ec0fbf67f302aee2031a637edd8f452d8f9ee941138cfcff644e017476d27ce843130fe8f4790bd1da07383fe1c0abba191cb061fb5db67d7f1e42bc952ae76e9b951e95c2241a484f2a60639e8cf2e3483c32390e00406d7bf13640c6de783988d988542", @generic="f8"]}, @nested={0x13b, 0x3b, 0x0, 0x1, [@typed={0x14, 0xa3, 0x0, 0x0, @ipv6=@local}, @nested={0x4, 0xd0}, @generic="3c1c3be507b5d5217b7ae8585b6e402a463d3e01352cde7dc9b9878f665f87c14821", @typed={0x4, 0x3f, 0x0, 0x0, @binary}, @generic="bc00b5919d8ce06ab9de8b1a4855a1904fa01509ee2ff57165b410e46fd93bcc17db7243", @generic="d1aa5256074e45306027e4dd2c24cb6aaac0a78ae5bac4117b06dced4bdac2478321ad4c8a12421eebcdb59c323871f9c3a733369694850ca393e34815598671187d77c9fcf6918c017085f92ee546492e8069bbbca37169dffc40282ba6bdadb92f56e21dc955d829b0c08ef854549e838fb01dde2b30f59f71bc3e66628f48564bbb70ca0c02b899dd9c3b0d7c81b171e5d49d873949a5f31ebf78669cb1f5bb3e20e489f4e884781ef7cc38226bf8492e2f32ec", @typed={0x14, 0x59, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0x9, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @nested={0x4, 0x102}]}, @nested={0x58, 0x67, 0x0, 0x1, [@nested={0x4, 0x9b}, @nested={0x4, 0x12f}, @generic="1fdba1b35beb2e544aad38ff6c62d46bbac4ad254a09946bfe5286fe90faf14ff3a354176855253af5e78cee38b2e28c221fcae2ce958c714700c8a97d6beea1e03badbcc53ff4362039422c"]}, @nested={0x10, 0x34, 0x0, 0x1, [@generic, @nested={0x4, 0x94}, @nested={0x4, 0x4e}, @nested={0x4, 0xff}]}, @typed={0x8, 0x0, 0x0, 0x0, @fd}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xf29f}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9c3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8001}]}, 0x15dc}, 0x1, 0x0, 0x0, 0x4000881}, 0x48c0) mmap$auto(0x0, 0x5c8, 0x7, 0x800000000000070, 0x2, 0x8000) r5 = openat$auto_tracing_thresh_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/tracing_thresh\x00', 0x41, 0x0) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kallsyms\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x100000000008, 0x8000) writev$auto(r5, &(0x7f000000a1c0)={0x0, 0x2}, 0x9) 2.278195658s ago: executing program 1 (id=2916): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x3, 0xa) openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/stats\x00', 0xa00, 0x0) socketpair$auto(0x1e, 0xf, 0x8000000000000000, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r2, 0x0, 0xe) r3 = pidfd_getfd$auto(r1, r1, 0x4) read$auto_trace_clock_fops_trace(r3, &(0x7f0000000100)=""/46, 0x2e) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) socket(0x2, 0x1, 0x0) socket(0x23, 0x2, 0x0) ioctl$auto(0x8000000000000001, 0x89ef, 0x9) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002abd3000fbdbdf181800000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x800) 2.175471019s ago: executing program 4 (id=2917): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000680)=""/227, 0xe3) 2.058324287s ago: executing program 4 (id=2918): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0x9, 0x837, 0x8}}) r1 = socket(0x11, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={0x0, 0x49}, 0x5, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) (fail_nth: 4) 2.05275222s ago: executing program 1 (id=2919): mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0xffffffffffffffff, 0x28000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) r1 = socket(0x1, 0x1, 0x1) bind$auto(r1, &(0x7f00000010c0), 0xd) poll$auto(&(0x7f0000000180)={r1, 0x5, 0x7ff}, 0x8, 0x9) bind$auto(r2, &(0x7f00000010c0), 0xe) ioctl$auto(r0, 0xc0045103, 0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x10009b72, 0x2, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000000740)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0e4fab7251eb597f32712537ebd3600958999b1c9be17381a7fc6eeb7d5779292b8e45150cd8b018fab763375f09bd15d7bf98c412c69aca4d718757df266a686e4f8a8cf507f21f3e04c1148782a81d6359d68bc3150edc538a69a39e4c1c845830fbc403ffe8c0de34c1421714031b288b89b957b6de556d901223a12f387ad34342a1f95d7684987834076c5e0454adab11d515d8908c593dcb1e6e3417d7e3fb7ed3276507c475a60572ea0d7bb1bb5b2681eca89e2616a601d3b784a845c1fdb366625fd76e2c9262fe5043e0005dda4e22a9892c006b336567a2205b843a2ce65ff64536d1a3fc808308214db380bd615fd1da1e10a35bf410c1bcb7ee2dd94a512240a60b3da7cc5d35504c5bf8dcb2470818607e8bcee7c35c78635a6353227dd64d5fae70e4561c6cb165737b8975c5d59f31676b1bebf68f60faee32521e6edd97b508619b35980744e60f0060171a260604207bb8c22509fdd296fe87f13cbc4f0d52e425b0e9bd9beac5d4bc50445d0ed450f328988e43a2c6fd1c9788209bd55b96b636c53a5552fcf15d9357a57b844781af7fb0c67e4074746bb95bf051899c18d38538d937c23d1c519e0da3e8f3947702ca81ac3b69767b53915e0683bf181ad3edf72be1689bd675659c7c8f1a9c9d5b61642d71d2387e25e358fa65250f60a6789c50275b4c93b50a86123e0fb7d67e9e4d0f44869860046c21551436142338fba4d5a32c663939a2f4decb5f6e58da8b5bf5efef228a6dbd55a627307485d7020b49b9c9cd069e5b22048a57c7c3987c6b2b1f53435974f41a018c7561f80333499783d0e952ee1682f733aa89195fb0fe1132eb00645ebbd279058f853691a0f0ae0869f72b3099949d2e3fc0b54f43112e3136b5164429d16d2d0d27df08565ff797f0b8aeacb56b9af00f865b9e7726afa9084d8e9460cfbb6b30d8104cad7da375867", 0x318) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setgroups$auto(0x3ff, 0x0) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0xffffffffffffffff, 0x28000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) (async) socket(0x1, 0x1, 0x1) (async) bind$auto(r1, &(0x7f00000010c0), 0xd) (async) poll$auto(&(0x7f0000000180)={r1, 0x5, 0x7ff}, 0x8, 0x9) (async) bind$auto(r2, &(0x7f00000010c0), 0xe) (async) ioctl$auto(r0, 0xc0045103, 0x3) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x10009b72, 0x2, 0x8000) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) (async) write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000000740)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0e4fab7251eb597f32712537ebd3600958999b1c9be17381a7fc6eeb7d5779292b8e45150cd8b018fab763375f09bd15d7bf98c412c69aca4d718757df266a686e4f8a8cf507f21f3e04c1148782a81d6359d68bc3150edc538a69a39e4c1c845830fbc403ffe8c0de34c1421714031b288b89b957b6de556d901223a12f387ad34342a1f95d7684987834076c5e0454adab11d515d8908c593dcb1e6e3417d7e3fb7ed3276507c475a60572ea0d7bb1bb5b2681eca89e2616a601d3b784a845c1fdb366625fd76e2c9262fe5043e0005dda4e22a9892c006b336567a2205b843a2ce65ff64536d1a3fc808308214db380bd615fd1da1e10a35bf410c1bcb7ee2dd94a512240a60b3da7cc5d35504c5bf8dcb2470818607e8bcee7c35c78635a6353227dd64d5fae70e4561c6cb165737b8975c5d59f31676b1bebf68f60faee32521e6edd97b508619b35980744e60f0060171a260604207bb8c22509fdd296fe87f13cbc4f0d52e425b0e9bd9beac5d4bc50445d0ed450f328988e43a2c6fd1c9788209bd55b96b636c53a5552fcf15d9357a57b844781af7fb0c67e4074746bb95bf051899c18d38538d937c23d1c519e0da3e8f3947702ca81ac3b69767b53915e0683bf181ad3edf72be1689bd675659c7c8f1a9c9d5b61642d71d2387e25e358fa65250f60a6789c50275b4c93b50a86123e0fb7d67e9e4d0f44869860046c21551436142338fba4d5a32c663939a2f4decb5f6e58da8b5bf5efef228a6dbd55a627307485d7020b49b9c9cd069e5b22048a57c7c3987c6b2b1f53435974f41a018c7561f80333499783d0e952ee1682f733aa89195fb0fe1132eb00645ebbd279058f853691a0f0ae0869f72b3099949d2e3fc0b54f43112e3136b5164429d16d2d0d27df08565ff797f0b8aeacb56b9af00f865b9e7726afa9084d8e9460cfbb6b30d8104cad7da375867", 0x318) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) setgroups$auto(0x3ff, 0x0) (async) 1.4562458s ago: executing program 4 (id=2920): shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0x10000) read$auto_snd_pcm_oss_f_reg_pcm_oss(r0, &(0x7f0000000000)=""/108, 0x6c) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) read$auto(r0, &(0x7f00000000c0)='[\x00K\xd5wJ/\x81x\xc9\xba', 0x3) sendmmsg$auto(r0, &(0x7f0000000340)={{0x0, 0x735b, &(0x7f0000000240)={&(0x7f0000000140), 0x8}, 0x1, &(0x7f0000000280)="2600b1d896069cae47e9d7954827f6f866bcf56a77ce7c2f04757c395c294cbfacc493b9b46fdb30ca9a", 0x10, 0x6}, 0x1c03}, 0x5, 0x7) r1 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x8800, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = socket(0x2, 0x2, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x3f, 0x200000000065f, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, [0x0, 0x0, 0x0, 0x100, 0x2000000000000000, 0x2000, 0xfffffffffffffffd, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x1, 0x4, 0x7, 0x7ff, 0xfffffffffffffffd, 0x200000000000, 0x0, 0xffffffffefffffff, 0x3, 0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x400000000005b8, 0xc, 0x4000000000, 0x8, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x800000000000a, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x6, 0x0, 0x100000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d", @ANYRESDEC=r2, @ANYRES16=r1], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r3) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ppoll$auto(&(0x7f0000000240)={r2, 0x3, 0x9}, 0x7, &(0x7f00000002c0)={0x5, 0x1}, &(0x7f0000000300)={0x9}, 0x8) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = getpgrp(0x0) wait4$auto(r6, &(0x7f00000000c0)=0x81, 0x2, &(0x7f0000000180)={{0x9, 0x5}, {0x4, 0x10000}, 0x80000001, 0xa5c, 0x9, 0x5, 0x4a, 0x9, 0x10001, 0x9, 0xf, 0x3, 0xb, 0x10000, 0x5847e38e, 0x7}) r7 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002dbd7001f9dbca250100000008000a00000000000500070000000000080009009c781e010600020000000000080017"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) mprotect$auto(0x1ffff000, 0x8007, 0x0) shmdt$auto(&(0x7f0000000040)=':-h`/-^@(\']@%]/\x00\xd5I\x06ei\xfe\xf5X\xad\xa7\xff<\x94\x7fx)\xa8\xe2!\xe0\x16n\x91\xda\xff\xb9\x8d\xb8\xb1E\xcd\xbe\x11\x9b\xd5\x91\x0e\xf6\x15\xfe\x9avD\x17\x04s\xf8R\x00\x00\x00\x00\x00\x00x$\x99L\xf6\xee\xa3\xe2=D\xc22^\x18\xf6\xb6\xd4L\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f') 1.403053781s ago: executing program 2 (id=2921): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) r1 = io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x2, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0x9, 0x837, 0x5}}) r2 = socket(0x11, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={0x0, 0x49}, 0x5, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r1) sendmsg$auto_NL802154_CMD_TRIGGER_SCAN(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xcd180190}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, r3, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x2}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0xf}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'lo\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x8010}, 0x4000000) 1.277341698s ago: executing program 2 (id=2922): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0) ioctl$auto_CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000040)=0x31) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x80091, 0x0) writev$auto(r1, &(0x7f0000000000)={0x0, 0x710d}, 0x8000000000000001) pread64$auto(r0, 0x0, 0x3f, 0x7fff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x40400c5) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) setsockopt$auto(0x3, 0x8000000000000006, 0x1f, 0x0, 0x7ffffc) fanotify_init$auto(0x5, 0x800) mmap$auto(0x3, 0x4020029, 0x6, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x2, 0x200000000001, 0xb4, 0x9, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x1, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0xfffffffffffbfffe, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x4, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x4, 0x100, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x7, 0xc567]}, 0x1fe, 0xd) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0x9f, 0x9b72, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000480)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000ffdbdf25010000000800090004000000060003002a000000"], 0x24}, 0x1, 0x0, 0x0, 0x4040010}, 0x800) 1.21345026s ago: executing program 4 (id=2923): r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x7f, 0x0, 0x0) mmap$auto(0x0, 0x9, 0x401, 0xcd7, r0, 0x7) r1 = socket(0x10, 0x2, 0x14) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x3c, r2, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x24, 0x1, 0x0, 0x1, [@nested={0x1d, 0x10, 0x0, 0x1, [@typed={0x14, 0xd, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @generic="00ba98302f"]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) fstat$auto(r1, &(0x7f0000000380)={0x8000000000000000, 0x0, 0x1, 0xf2, 0xee00, 0x0, 0x0, 0x6, 0x4, 0xfffffffffffff001, 0x6, 0x3, 0x2, 0x800, 0x110, 0x7f, 0x2}) getpid() gettid() r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r4) sendmsg$auto_NETDEV_CMD_DEV_GET(r4, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f00000017c0)={0x14, r5, 0x301, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x28044004) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214af"], 0x14}, 0x1, 0x0, 0x0, 0x20000045}, 0x24000044) 1.08042298s ago: executing program 1 (id=2924): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0) ioctl$auto_CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000040)=0x31) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x80091, 0x0) writev$auto(r1, &(0x7f0000000000)={0x0, 0x710d}, 0x8000000000000001) pread64$auto(r0, 0x0, 0x3f, 0x7fff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x40400c5) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) setsockopt$auto(0x3, 0x8000000000000006, 0x1f, 0x0, 0x7ffffc) fanotify_init$auto(0x5, 0x800) mmap$auto(0x3, 0x4020029, 0x6, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x2, 0x200000000001, 0xb4, 0x9, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x1, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0xfffffffffffbfffe, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x4, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x4, 0x100, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x7, 0xc567]}, 0x1fe, 0xd) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0x9f, 0x9b72, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000480)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000ffdbdf25010000000800090004000000060003002a000000"], 0x24}, 0x1, 0x0, 0x0, 0x4040010}, 0x800) 1.040152089s ago: executing program 4 (id=2925): r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x7f, 0x0, 0x0) mmap$auto(0x0, 0x9, 0x401, 0xcd7, r0, 0x7) r1 = socket(0x10, 0x2, 0x14) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x3c, r2, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x24, 0x1, 0x0, 0x1, [@nested={0x1d, 0x10, 0x0, 0x1, [@typed={0x14, 0xd, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @generic="00ba98302f"]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) fstat$auto(r1, &(0x7f0000000380)={0x8000000000000000, 0x0, 0x1, 0xf2, 0xee00, 0x0, 0x0, 0x6, 0x4, 0xfffffffffffff001, 0x6, 0x3, 0x2, 0x800, 0x110, 0x7f, 0x2}) r4 = getpid() r5 = gettid() rt_tgsigqueueinfo$auto(r4, r5, 0x21, 0x0) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f00000017c0)={0x14, r6, 0x301, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x28044004) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214af"], 0x14}, 0x1, 0x0, 0x0, 0x20000045}, 0x24000044) 925.033023ms ago: executing program 4 (id=2926): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x0, 0x10000, 0x0) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000001880), 0x10b040, 0x0) ioctl$auto_RTC_PARAM_GET(r0, 0x40187013, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) close_range$auto(r1, r1, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES16, @ANYRESDEC=r3, @ANYBLOB="c994200317cd991007e175105847d65fc480b174259649e5d4757016289ec2a65a3365b27d43ef166a570f87acfba1758b79319bf10a427739742d2aeded505da7fcbc644ceb7bf1e6bfe71a8fffdb57be1c9883724b5b7ea3dbdd2603bb3913c7deca754494ecb6344c3e861d89a152fbbf430ba957363c6c696e107fa147c25861e62e49c1d76ee8dfc0cd7f77758ec0590ecfed9dff0b1a25f02139cd86a6524c01a5ac26bcfe4ac07315e61be037f3854c0b248a8cc8be945fc822a1d459580e8b64d4a250488d371299fda67f1beeaf41bbc3d5b3745e5c07"], 0x14}}, 0x4064890) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000003c0), 0x80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000140)='./file0\x00', 0x161342, 0x100) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) sysfs$auto(0x2, 0x4, 0x4) mincore$auto(0x1000, 0x8001, 0x0) r4 = io_uring_setup$auto(0x2, 0x0) io_uring_enter$auto(r4, 0x80000001, 0x40cd00, 0x7, 0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) newfstatat$auto(0xffffffffffffff9c, 0x0, 0x0, 0x5000) readv$auto(0x3, &(0x7f0000000080)={0x0, 0x4}, 0x1fffffff7fffff) read$auto(0x3, 0x0, 0xfdef) 563.923986ms ago: executing program 1 (id=2927): mmap$auto(0xfffffffffffffffe, 0x400005, 0xdd, 0x9b7d, 0xffffffffffffffff, 0x8000) (async, rerun: 64) r0 = timerfd_create$auto(0x9, 0x0) (rerun: 64) select$auto(0x7, 0x0, &(0x7f0000000440)={[0x8, 0x5, 0x2d5, 0x2, 0x0, 0xd, 0x4, 0x1000000, 0x1, 0x6, 0xb, 0xfffffffffffffc01, 0x4, 0x6b8, 0x7]}, 0x0, 0x0) (async) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8002) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async, rerun: 32) setsockopt$auto(r0, 0x4, 0x46, 0xffffffffffffffff, 0x3) (async, rerun: 32) madvise$auto(0x0, 0x3, 0x66) (async, rerun: 64) madvise$auto(0x0, 0x2003f0, 0x15) (async, rerun: 64) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x800a6f31, 0x0) (async, rerun: 64) ioctl$auto(0x3, 0x40085400, 0x5) (async, rerun: 64) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(r2, 0x0, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/misc/dlm-monitor/power/runtime_suspended_time\x00', 0x428000, 0x0) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) (rerun: 32) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) ioperm$auto(0x7, 0x6, 0x80) init_module$auto(0x0, 0x75f6, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) bind$auto(0x3, 0x0, 0x68) (async) connect$auto(0x3, 0x0, 0x55) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async, rerun: 64) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0x2000, 0x0) (rerun: 64) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) (async, rerun: 32) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100)=""/129, 0x81) (async, rerun: 32) syz_clone3(&(0x7f0000000200)={0x180043800, &(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080), {0x28}, &(0x7f0000000340)=""/132, 0x84, &(0x7f0000000180)=""/10, &(0x7f0000000280)}, 0x58) ptrace$auto(0x10, r5, 0x0, 0x8693) 476.436554ms ago: executing program 2 (id=2928): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x1f) getsockopt$auto(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x81, 0x0) 360.424547ms ago: executing program 1 (id=2929): openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040), 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fstatfs$auto(0x3, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x8) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000140), 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) get_mempolicy$auto(0x0, 0x0, 0x8, 0x1, 0xfffffffffffffffb) r3 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/current\x00', 0x2, 0x0) writev$auto(r3, &(0x7f00000001c0)={0x0, 0x5}, 0xf) connect$auto(0x3, &(0x7f0000000140), 0x55) bpf$auto(0x0, 0x0, 0xfbf) shutdown$auto(0x200000003, 0x2) write$auto(0x3, 0x0, 0x296) sendmsg$auto_NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, 0x0, 0x20048800) select$auto(0x100000b, 0x0, &(0x7f0000000100)={[0xa, 0x203, 0x80000000000000b, 0x2, 0xffffffffffff10e3, 0xf4, 0x6, 0x4, 0xc0009, 0x6, 0xf1, 0x2, 0x95, 0x200000000008, 0x6, 0xfffffffffffffff7]}, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="04002c007ca507000000facc6b4cc3338e26cd7cc830", @ANYRES16=r2, @ANYBLOB="02002dbd7000fbdbdf2502000000080001000200000005000400000000000800020088000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) settimeofday$auto(&(0x7f0000000080)={0x5, 0x9}, &(0x7f00000000c0)={0x3, 0x2}) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/ocfs2/cluster_stack\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) 325.729479ms ago: executing program 2 (id=2930): mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) fcntl$auto(r0, 0x7, 0x4) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/250, 0xfa) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001140)='/sys/devices/virtual/block/zram0/comp_algorithm\x00', 0x20b42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000002c0)=""/251, 0xfb) 155.398837ms ago: executing program 2 (id=2931): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x161200, 0x0) r0 = socket(0x10, 0x2, 0x0) recvfrom$auto(0x3, 0x0, 0x142e, 0x2, 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) 62.092854ms ago: executing program 0 (id=2932): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) pidfd_send_signal$auto(0x1, 0xffffff49, &(0x7f0000000140)={@_si_pad}, 0x2) mmap$auto(0x3, 0x800, 0x7, 0x80000010, 0xd12, 0xfffffffffffffe08) mmap$auto(0x9, 0xc, 0x4000000000df, 0x14, 0x10006, 0x8000) mmap$auto(0x7, 0x5, 0x2, 0x40eb2, r0, 0x300000000000) mmap$auto(0xfffffffffffffffb, 0x4, 0xdd, 0x7f, 0x2, 0x800008000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x30200, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x1e}, 0x3) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4402, 0x0) ioctl$auto(r1, 0x4000560f, 0xffffffffffffffff) mmap$auto(0x8010001, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/pci/resource_alignment\x00', 0x20140, 0x0) open(0x0, 0x80842, 0x91) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1a9382, 0x0) write$auto(r2, 0x0, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) socket(0x21, 0x5, 0x81) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000480)='/proc/fs/cifs/smbd_max_send_size\x00', 0x4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 0s ago: executing program 2 (id=2933): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x141200, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x1}, 0x2, 0xffffffffffffffff, 0x7, 0x2e) socketpair$auto(0x1e, 0x1, 0x8000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x0) getsockopt$auto(0xffffffffffffffff, 0x7f, 0x75, 0x0, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r4 = bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) ioctl$auto_RNDRESEEDCRNG(r3, 0x5207, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x81, 0x0) ioctl$auto_SNDCTL_DSP_PROFILE(r4, 0x40045017, &(0x7f0000000040)=0x7) kernel console output (not intermixed with test programs): 1 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.511156][T12790] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 420.519582][T12790] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 420.527555][T12790] RDX: 0000000000000006 RSI: 0000000020000000 RDI: 0000000000000003 [ 420.535528][T12790] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 420.543501][T12790] R10: 00000000000006b6 R11: 0000000000000246 R12: 0000000000000001 [ 420.551469][T12790] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 420.559453][T12790] [ 420.562570][ C1] vkms_vblank_simulate: vblank timer overrun [ 420.625326][T12796] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1846'. [ 420.835379][T12809] FAULT_INJECTION: forcing a failure. [ 420.835379][T12809] name failslab, interval 1, probability 0, space 0, times 0 [ 420.875792][T12809] CPU: 0 UID: 0 PID: 12809 Comm: syz.2.1849 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 420.886623][T12809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 420.896708][T12809] Call Trace: [ 420.900009][T12809] [ 420.902971][T12809] dump_stack_lvl+0x16c/0x1f0 [ 420.907691][T12809] should_fail_ex+0x497/0x5b0 [ 420.912404][T12809] ? fs_reclaim_acquire+0xae/0x150 [ 420.917551][T12809] should_failslab+0xc2/0x120 [ 420.922319][T12809] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 420.928162][T12809] ? hlock_class+0x4e/0x130 [ 420.932696][T12809] ? __alloc_skb+0x2b3/0x380 [ 420.937326][T12809] __alloc_skb+0x2b3/0x380 [ 420.941864][T12809] ? __pfx___alloc_skb+0x10/0x10 [ 420.946846][T12809] ? __pfx___lock_acquire+0x10/0x10 [ 420.952075][T12809] ? hlock_class+0x4e/0x130 [ 420.956611][T12809] ? __lock_acquire+0x15a9/0x3c40 [ 420.961665][T12809] __ip6_append_data.isra.0+0x2b2e/0x45e0 [ 420.967435][T12809] ? __pfx_raw6_getfrag+0x10/0x10 [ 420.972503][T12809] ? __pfx___ip6_append_data.isra.0+0x10/0x10 [ 420.978606][T12809] ? ip6_mtu+0x231/0x4a0 [ 420.982877][T12809] ? ip6_setup_cork+0xc60/0x1460 [ 420.987859][T12809] ip6_append_data+0x1e6/0x500 [ 420.992668][T12809] ? __pfx_raw6_getfrag+0x10/0x10 [ 420.997726][T12809] rawv6_sendmsg+0x1597/0x4450 [ 421.002528][T12809] ? __lock_acquire+0xcc5/0x3c40 [ 421.007503][T12809] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 421.012663][T12809] ? __lock_acquire+0x15a9/0x3c40 [ 421.017750][T12809] ? __pfx___might_resched+0x10/0x10 [ 421.023079][T12809] ? __pfx_aa_sk_perm+0x10/0x10 [ 421.027974][T12809] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 421.033118][T12809] ? inet_sendmsg+0x119/0x140 [ 421.037818][T12809] inet_sendmsg+0x119/0x140 [ 421.042352][T12809] ____sys_sendmsg+0x907/0xb40 [ 421.047148][T12809] ? copy_msghdr_from_user+0x10b/0x160 [ 421.052647][T12809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 421.057962][T12809] ? __lock_acquire+0xcc5/0x3c40 [ 421.062942][T12809] ___sys_sendmsg+0x135/0x1e0 [ 421.067660][T12809] ? __pfx____sys_sendmsg+0x10/0x10 [ 421.072917][T12809] ? trace_lock_acquire+0x14e/0x1f0 [ 421.078179][T12809] __sys_sendmmsg+0x201/0x420 [ 421.082910][T12809] ? __pfx___sys_sendmmsg+0x10/0x10 [ 421.088154][T12809] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 421.094185][T12809] ? fput+0x67/0x440 [ 421.098112][T12809] ? ksys_write+0x1ba/0x250 [ 421.102640][T12809] ? __pfx_ksys_write+0x10/0x10 [ 421.107532][T12809] __x64_sys_sendmmsg+0x9c/0x100 [ 421.112509][T12809] ? lockdep_hardirqs_on+0x7c/0x110 [ 421.117739][T12809] do_syscall_64+0xcd/0x250 [ 421.122302][T12809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.128234][T12809] RIP: 0033:0x7f4e06d85d29 [ 421.132680][T12809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.152329][T12809] RSP: 002b:00007f4e04bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 421.160791][T12809] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d85d29 [ 421.168795][T12809] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000003 [ 421.176879][T12809] RBP: 00007f4e04bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 421.184872][T12809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.192862][T12809] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 421.200876][T12809] [ 422.003970][T12820] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 422.023038][T12820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 422.037014][T12820] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 422.057555][T12820] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 422.832811][T12824] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1854'. [ 423.044668][T12848] FAULT_INJECTION: forcing a failure. [ 423.044668][T12848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.104173][T12848] CPU: 0 UID: 0 PID: 12848 Comm: syz.4.1859 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 423.115001][T12848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 423.125092][T12848] Call Trace: [ 423.128396][T12848] [ 423.131355][T12848] dump_stack_lvl+0x16c/0x1f0 [ 423.136073][T12848] should_fail_ex+0x497/0x5b0 [ 423.140791][T12848] _copy_to_user+0x32/0xd0 [ 423.145251][T12848] simple_read_from_buffer+0xd0/0x160 [ 423.150659][T12848] proc_fail_nth_read+0x198/0x270 [ 423.155722][T12848] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 423.161313][T12848] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 423.166902][T12848] vfs_read+0x1df/0xbe0 [ 423.171092][T12848] ? __fget_files+0x1fc/0x3a0 [ 423.175803][T12848] ? __pfx___mutex_lock+0x10/0x10 [ 423.180866][T12848] ? __pfx_vfs_read+0x10/0x10 [ 423.185587][T12848] ? __fget_files+0x206/0x3a0 [ 423.190313][T12848] ksys_read+0x12b/0x250 [ 423.194587][T12848] ? __pfx_ksys_read+0x10/0x10 [ 423.199441][T12848] do_syscall_64+0xcd/0x250 [ 423.203982][T12848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.209911][T12848] RIP: 0033:0x7fc09d18473c [ 423.214353][T12848] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 423.233989][T12848] RSP: 002b:00007fc09deeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 423.242438][T12848] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d18473c [ 423.250441][T12848] RDX: 000000000000000f RSI: 00007fc09deeb0a0 RDI: 0000000000000004 [ 423.257575][T12857] FAULT_INJECTION: forcing a failure. [ 423.257575][T12857] name failslab, interval 1, probability 0, space 0, times 0 [ 423.258416][T12848] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 423.278983][T12848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.286967][T12848] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 423.294976][T12848] [ 423.298014][T12857] CPU: 1 UID: 0 PID: 12857 Comm: syz.2.1863 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 423.308812][T12857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 423.318888][T12857] Call Trace: [ 423.322172][T12857] [ 423.325110][T12857] dump_stack_lvl+0x16c/0x1f0 [ 423.329808][T12857] should_fail_ex+0x497/0x5b0 [ 423.334496][T12857] ? fs_reclaim_acquire+0xae/0x150 [ 423.339615][T12857] should_failslab+0xc2/0x120 [ 423.344305][T12857] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 423.350123][T12857] ? __alloc_skb+0x2b3/0x380 [ 423.354727][T12857] __alloc_skb+0x2b3/0x380 [ 423.359150][T12857] ? __pfx___alloc_skb+0x10/0x10 [ 423.364096][T12857] ? lock_acquire+0x2f/0xb0 [ 423.368606][T12857] netlink_alloc_large_skb+0x69/0x130 [ 423.373985][T12857] netlink_sendmsg+0x689/0xd70 [ 423.378758][T12857] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.384057][T12857] ____sys_sendmsg+0x9ae/0xb40 [ 423.388827][T12857] ? copy_msghdr_from_user+0x10b/0x160 [ 423.394296][T12857] ? __pfx_____sys_sendmsg+0x10/0x10 [ 423.399604][T12857] ___sys_sendmsg+0x135/0x1e0 [ 423.404294][T12857] ? __pfx____sys_sendmsg+0x10/0x10 [ 423.409509][T12857] ? __pfx_lock_release+0x10/0x10 [ 423.414535][T12857] ? trace_lock_acquire+0x14e/0x1f0 [ 423.419771][T12857] ? __fget_files+0x206/0x3a0 [ 423.424482][T12857] __sys_sendmsg+0x16e/0x220 [ 423.429098][T12857] ? __pfx___sys_sendmsg+0x10/0x10 [ 423.434239][T12857] do_syscall_64+0xcd/0x250 [ 423.438755][T12857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.444662][T12857] RIP: 0033:0x7f4e06d85d29 [ 423.449083][T12857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.468695][T12857] RSP: 002b:00007f4e04bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 423.477111][T12857] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d85d29 [ 423.485083][T12857] RDX: 0000000020008084 RSI: 0000000020000100 RDI: 0000000000000003 [ 423.493052][T12857] RBP: 00007f4e04bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 423.501021][T12857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.508991][T12857] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 423.516975][T12857] [ 423.520130][ C1] vkms_vblank_simulate: vblank timer overrun [ 424.043639][ T5145] Bluetooth: hci2: command 0x0406 tx timeout [ 424.049771][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 424.056196][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 424.123888][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 424.924881][T12879] FAULT_INJECTION: forcing a failure. [ 424.924881][T12879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 424.978539][T12879] CPU: 0 UID: 0 PID: 12879 Comm: syz.2.1869 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 424.989365][T12879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 424.999453][T12879] Call Trace: [ 425.002753][T12879] [ 425.005703][T12879] dump_stack_lvl+0x16c/0x1f0 [ 425.010413][T12879] should_fail_ex+0x497/0x5b0 [ 425.015134][T12879] _copy_to_user+0x32/0xd0 [ 425.019586][T12879] simple_read_from_buffer+0xd0/0x160 [ 425.024990][T12879] proc_fail_nth_read+0x198/0x270 [ 425.030052][T12879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.035641][T12879] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.041223][T12879] vfs_read+0x1df/0xbe0 [ 425.045410][T12879] ? __fget_files+0x1fc/0x3a0 [ 425.050123][T12879] ? __pfx___mutex_lock+0x10/0x10 [ 425.055181][T12879] ? __pfx_vfs_read+0x10/0x10 [ 425.059899][T12879] ? __fget_files+0x206/0x3a0 [ 425.064618][T12879] ksys_read+0x12b/0x250 [ 425.068892][T12879] ? __pfx_ksys_read+0x10/0x10 [ 425.073697][T12879] do_syscall_64+0xcd/0x250 [ 425.078239][T12879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.084163][T12879] RIP: 0033:0x7f4e06d8473c [ 425.088601][T12879] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 425.108239][T12879] RSP: 002b:00007f4e04bf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 425.116688][T12879] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d8473c [ 425.124684][T12879] RDX: 000000000000000f RSI: 00007f4e04bf60a0 RDI: 0000000000000004 [ 425.132677][T12879] RBP: 00007f4e04bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 425.140673][T12879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.148671][T12879] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 425.156683][T12879] [ 426.378561][T12906] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1877'. [ 426.788994][T12922] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 426.824773][T12922] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 427.436173][T12929] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 427.485699][T12929] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 428.033959][T12970] FAULT_INJECTION: forcing a failure. [ 428.033959][T12970] name failslab, interval 1, probability 0, space 0, times 0 [ 428.051511][T12970] CPU: 1 UID: 0 PID: 12970 Comm: syz.0.1893 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 428.062321][T12970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 428.072406][T12970] Call Trace: [ 428.075707][T12970] [ 428.078666][T12970] dump_stack_lvl+0x16c/0x1f0 [ 428.083395][T12970] should_fail_ex+0x497/0x5b0 [ 428.088114][T12970] ? fs_reclaim_acquire+0xae/0x150 [ 428.093273][T12970] should_failslab+0xc2/0x120 [ 428.097992][T12970] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 428.103402][T12970] ? seq_open+0x55/0x170 [ 428.107687][T12970] seq_open+0x55/0x170 [ 428.111798][T12970] probes_open+0xb8/0x100 [ 428.116173][T12970] do_dentry_open+0xf59/0x1ea0 [ 428.120975][T12970] ? __pfx_probes_open+0x10/0x10 [ 428.125951][T12970] ? inode_permission+0xdd/0x5f0 [ 428.130933][T12970] vfs_open+0x82/0x3f0 [ 428.135036][T12970] ? may_open+0x1f2/0x400 [ 428.139397][T12970] path_openat+0x1e6a/0x2d60 [ 428.144033][T12970] ? __pfx_path_openat+0x10/0x10 [ 428.149001][T12970] ? __pfx___lock_acquire+0x10/0x10 [ 428.154223][T12970] ? lock_acquire.part.0+0x11b/0x380 [ 428.159530][T12970] ? find_held_lock+0x2d/0x110 [ 428.164305][T12970] do_filp_open+0x20c/0x470 [ 428.168816][T12970] ? __pfx_do_filp_open+0x10/0x10 [ 428.173855][T12970] ? find_held_lock+0x2d/0x110 [ 428.178658][T12970] ? alloc_fd+0x41f/0x760 [ 428.183014][T12970] do_sys_openat2+0x17a/0x1e0 [ 428.187712][T12970] ? __pfx_do_sys_openat2+0x10/0x10 [ 428.192925][T12970] ? __fget_files+0x206/0x3a0 [ 428.197616][T12970] __x64_sys_openat+0x175/0x210 [ 428.202478][T12970] ? __pfx___x64_sys_openat+0x10/0x10 [ 428.207860][T12970] ? ksys_write+0x1ba/0x250 [ 428.212385][T12970] do_syscall_64+0xcd/0x250 [ 428.216901][T12970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.222799][T12970] RIP: 0033:0x7fecf5785d29 [ 428.227216][T12970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.246823][T12970] RSP: 002b:00007fecf6630038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 428.255238][T12970] RAX: ffffffffffffffda RBX: 00007fecf5975fa0 RCX: 00007fecf5785d29 [ 428.263208][T12970] RDX: 0000000000000302 RSI: 00000000200009c0 RDI: ffffffffffffff9c [ 428.271179][T12970] RBP: 00007fecf6630090 R08: 0000000000000000 R09: 0000000000000000 [ 428.279150][T12970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.287132][T12970] R13: 0000000000000001 R14: 00007fecf5975fa0 R15: 00007ffd95db1698 [ 428.295115][T12970] [ 428.460389][T12972] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 429.116944][T12992] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1900'. [ 429.167175][T12992] bond0: (slave bond_slave_0): Releasing backup interface [ 429.326568][T13004] FAULT_INJECTION: forcing a failure. [ 429.326568][T13004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 429.346979][T13004] CPU: 0 UID: 0 PID: 13004 Comm: syz.4.1899 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 429.357809][T13004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 429.367893][T13004] Call Trace: [ 429.371187][T13004] [ 429.374135][T13004] dump_stack_lvl+0x16c/0x1f0 [ 429.378844][T13004] should_fail_ex+0x497/0x5b0 [ 429.383556][T13004] _copy_from_iter+0x29b/0x1400 [ 429.388447][T13004] ? trace_lock_acquire+0x14e/0x1f0 [ 429.393684][T13004] ? __pfx__copy_from_iter+0x10/0x10 [ 429.399000][T13004] ? __virt_addr_valid+0x1a4/0x590 [ 429.404148][T13004] ? __virt_addr_valid+0x5e/0x590 [ 429.409202][T13004] ? __phys_addr+0xc6/0x150 [ 429.413738][T13004] ? __phys_addr_symbol+0x30/0x80 [ 429.418795][T13004] ? __check_object_size+0x488/0x710 [ 429.424124][T13004] mptcp_sendmsg+0x1010/0x1f20 [ 429.428933][T13004] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 429.434080][T13004] ? __pfx_aa_sk_perm+0x10/0x10 [ 429.438964][T13004] ? find_held_lock+0x2d/0x110 [ 429.443761][T13004] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 429.448899][T13004] inet_sendmsg+0x119/0x140 [ 429.453504][T13004] sock_write_iter+0x4ac/0x5b0 [ 429.458291][T13004] ? __pfx_sock_write_iter+0x10/0x10 [ 429.463592][T13004] ? bpf_lsm_file_permission+0x9/0x10 [ 429.468977][T13004] ? security_file_permission+0x71/0x210 [ 429.474620][T13004] vfs_write+0x5ae/0x1150 [ 429.478956][T13004] ? __pfx_sock_write_iter+0x10/0x10 [ 429.484254][T13004] ? __pfx_vfs_write+0x10/0x10 [ 429.489024][T13004] ? __fget_files+0x40/0x3a0 [ 429.493635][T13004] ksys_write+0x207/0x250 [ 429.497971][T13004] ? __pfx_ksys_write+0x10/0x10 [ 429.502833][T13004] do_syscall_64+0xcd/0x250 [ 429.507347][T13004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.513252][T13004] RIP: 0033:0x7fc09d185d29 [ 429.517671][T13004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.537279][T13004] RSP: 002b:00007fc09afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 429.545698][T13004] RAX: ffffffffffffffda RBX: 00007fc09d376160 RCX: 00007fc09d185d29 [ 429.553675][T13004] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 429.561643][T13004] RBP: 00007fc09afd5090 R08: 0000000000000000 R09: 0000000000000000 [ 429.569615][T13004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 429.577596][T13004] R13: 0000000000000001 R14: 00007fc09d376160 R15: 00007fff46ffcf28 [ 429.585594][T13004] [ 429.588746][ C0] vkms_vblank_simulate: vblank timer overrun [ 429.750305][T13015] FAULT_INJECTION: forcing a failure. [ 429.750305][T13015] name failslab, interval 1, probability 0, space 0, times 0 [ 429.770295][T13015] CPU: 1 UID: 0 PID: 13015 Comm: syz.0.1908 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 429.781116][T13015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 429.791200][T13015] Call Trace: [ 429.794502][T13015] [ 429.797453][T13015] dump_stack_lvl+0x16c/0x1f0 [ 429.802167][T13015] should_fail_ex+0x497/0x5b0 [ 429.806877][T13015] ? fs_reclaim_acquire+0xae/0x150 [ 429.812030][T13015] should_failslab+0xc2/0x120 [ 429.816742][T13015] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 429.822153][T13015] ? ptlock_alloc+0x1f/0x70 [ 429.826698][T13015] ptlock_alloc+0x1f/0x70 [ 429.831066][T13015] pte_alloc_one+0x74/0x390 [ 429.835595][T13015] __pte_alloc+0x6e/0x3b0 [ 429.839943][T13015] ? __pfx___pte_alloc+0x10/0x10 [ 429.844895][T13015] do_pte_missing+0x2810/0x3e00 [ 429.849756][T13015] ? mt_find+0x82d/0xa20 [ 429.854011][T13015] ? __pfx_lock_release+0x10/0x10 [ 429.859052][T13015] __handle_mm_fault+0x103c/0x2a40 [ 429.864182][T13015] ? __pfx___handle_mm_fault+0x10/0x10 [ 429.869651][T13015] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 429.875306][T13015] ? find_vma+0xc0/0x140 [ 429.879555][T13015] ? __pfx_find_vma+0x10/0x10 [ 429.884238][T13015] ? hlock_class+0x4e/0x130 [ 429.888750][T13015] handle_mm_fault+0x3fa/0xaa0 [ 429.893528][T13015] do_user_addr_fault+0x7a3/0x13f0 [ 429.898647][T13015] exc_page_fault+0x5c/0xc0 [ 429.903160][T13015] asm_exc_page_fault+0x26/0x30 [ 429.908016][T13015] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 429.913836][T13015] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 429.933448][T13015] RSP: 0018:ffffc90005c77d10 EFLAGS: 00050206 [ 429.939516][T13015] RAX: 0000000000000001 RBX: 0000000020000000 RCX: 0000000000000003 [ 429.947490][T13015] RDX: fffff52000b8efb5 RSI: 0000000020000000 RDI: ffffc90005c77da0 [ 429.955464][T13015] RBP: 0000000000000003 R08: 0000000000000001 R09: fffff52000b8efb4 [ 429.963434][T13015] R10: ffffc90005c77da2 R11: 0000000000000001 R12: 0000000000000000 [ 429.971405][T13015] R13: ffffc90005c77da0 R14: 0000000000000003 R15: 0000000000000011 [ 429.979398][T13015] _copy_from_user+0x9a/0xd0 [ 429.984013][T13015] __io_uring_register+0x16e4/0x2290 [ 429.989317][T13015] ? trace_contention_end+0xee/0x140 [ 429.994618][T13015] ? __pfx___io_uring_register+0x10/0x10 [ 430.000259][T13015] ? __mutex_lock+0x1cc/0xa60 [ 430.004953][T13015] ? __x64_sys_io_uring_register+0x168/0x2b0 [ 430.010946][T13015] ? __pfx_lock_release+0x10/0x10 [ 430.015989][T13015] ? __pfx___mutex_lock+0x10/0x10 [ 430.021024][T13015] ? __fget_files+0x40/0x3a0 [ 430.025622][T13015] ? __fget_files+0x206/0x3a0 [ 430.030318][T13015] __x64_sys_io_uring_register+0x17a/0x2b0 [ 430.036134][T13015] do_syscall_64+0xcd/0x250 [ 430.040645][T13015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.046545][T13015] RIP: 0033:0x7fecf5785d29 [ 430.050966][T13015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.070577][T13015] RSP: 002b:00007fecf6630038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 430.079004][T13015] RAX: ffffffffffffffda RBX: 00007fecf5975fa0 RCX: 00007fecf5785d29 [ 430.086983][T13015] RDX: 0000000020000000 RSI: 0000000000000011 RDI: 0000000000000002 [ 430.094953][T13015] RBP: 00007fecf6630090 R08: 0000000000000000 R09: 0000000000000000 [ 430.102926][T13015] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 430.110899][T13015] R13: 0000000000000000 R14: 00007fecf5975fa0 R15: 00007ffd95db1698 [ 430.118886][T13015] [ 431.352937][T13051] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1918'. [ 431.435028][T13051] veth0_macvtap: left promiscuous mode [ 431.459922][T13047] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 431.493359][T13047] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 431.550143][T13019] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 431.559836][T13019] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 431.574120][T13019] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 431.596150][T13019] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 432.283421][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 432.709365][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1928'. [ 433.306317][T13100] netlink: 'syz.0.1933': attribute type 19 has an invalid length. [ 433.383276][T13100] netlink: 310 bytes leftover after parsing attributes in process `syz.0.1933'. [ 433.533854][T13102] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 433.563472][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 433.602479][T13102] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 433.643246][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 433.649318][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 434.668709][T13120] Invalid ELF header magic: != ELF [ 434.749469][T13126] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 434.783228][T13126] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 435.364081][T13134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1940'. [ 435.721213][T13140] ptrace attach of "./syz-executor exec"[5831] was attempted by ""[13140] [ 438.307044][T13168] Process accounting paused [ 438.365330][T13177] FAULT_INJECTION: forcing a failure. [ 438.365330][T13177] name failslab, interval 1, probability 0, space 0, times 0 [ 438.388787][T13177] CPU: 1 UID: 0 PID: 13177 Comm: syz.0.1951 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 438.399615][T13177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 438.409711][T13177] Call Trace: [ 438.413014][T13177] [ 438.415967][T13177] dump_stack_lvl+0x16c/0x1f0 [ 438.420690][T13177] should_fail_ex+0x497/0x5b0 [ 438.425414][T13177] ? fs_reclaim_acquire+0xae/0x150 [ 438.430567][T13177] should_failslab+0xc2/0x120 [ 438.435291][T13177] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 438.440705][T13177] ? ptlock_alloc+0x1f/0x70 [ 438.445254][T13177] ptlock_alloc+0x1f/0x70 [ 438.449616][T13177] pte_alloc_one+0x74/0x390 [ 438.454130][T13177] do_pte_missing+0x1ae7/0x3e00 [ 438.458994][T13177] ? do_raw_spin_unlock+0x172/0x230 [ 438.464210][T13177] ? __pmd_alloc+0x3c2/0x8b0 [ 438.468894][T13177] __handle_mm_fault+0x103c/0x2a40 [ 438.474023][T13177] ? __pfx___handle_mm_fault+0x10/0x10 [ 438.479492][T13177] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 438.485141][T13177] ? find_vma+0xc0/0x140 [ 438.489391][T13177] ? __pfx_find_vma+0x10/0x10 [ 438.494076][T13177] handle_mm_fault+0x3fa/0xaa0 [ 438.498854][T13177] do_user_addr_fault+0x7a3/0x13f0 [ 438.503975][T13177] exc_page_fault+0x5c/0xc0 [ 438.508487][T13177] asm_exc_page_fault+0x26/0x30 [ 438.513344][T13177] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 438.519163][T13177] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 438.538775][T13177] RSP: 0018:ffffc9000cc97ca0 EFLAGS: 00050202 [ 438.544848][T13177] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007 [ 438.552822][T13177] RDX: fffff52001992fb9 RSI: 0000000000000000 RDI: ffffc9000cc97dc0 [ 438.560794][T13177] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52001992fb8 [ 438.568764][T13177] R10: ffffc9000cc97dc6 R11: 0000000000000000 R12: 0000000000000000 [ 438.576736][T13177] R13: ffffc9000cc97dc0 R14: 0000000000000000 R15: ffffc9000cc97dc0 [ 438.584722][T13177] _copy_from_user+0x9a/0xd0 [ 438.589330][T13177] __sys_bpf+0x215/0x57a0 [ 438.593663][T13177] ? __pfx_lock_release+0x10/0x10 [ 438.598693][T13177] ? __pfx___sys_bpf+0x10/0x10 [ 438.603462][T13177] ? vfs_write+0x306/0x1150 [ 438.607975][T13177] ? __mutex_unlock_slowpath+0x164/0x690 [ 438.613634][T13177] ? fput+0x67/0x440 [ 438.617537][T13177] ? ksys_write+0x1ba/0x250 [ 438.622046][T13177] ? __pfx_ksys_write+0x10/0x10 [ 438.626906][T13177] __x64_sys_bpf+0x78/0xc0 [ 438.631337][T13177] ? lockdep_hardirqs_on+0x7c/0x110 [ 438.636544][T13177] do_syscall_64+0xcd/0x250 [ 438.641056][T13177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.646958][T13177] RIP: 0033:0x7fecf5785d29 [ 438.651375][T13177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.671003][T13177] RSP: 002b:00007fecf6630038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 438.679435][T13177] RAX: ffffffffffffffda RBX: 00007fecf5975fa0 RCX: 00007fecf5785d29 [ 438.687418][T13177] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000013 [ 438.695395][T13177] RBP: 00007fecf6630090 R08: 0000000000000000 R09: 0000000000000000 [ 438.703371][T13177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 438.711351][T13177] R13: 0000000000000000 R14: 00007fecf5975fa0 R15: 00007ffd95db1698 [ 438.719338][T13177] [ 439.868407][T13189] Process accounting paused [ 440.314894][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.321254][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.052139][T13231] FAULT_INJECTION: forcing a failure. [ 441.052139][T13231] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 441.072711][T13231] CPU: 1 UID: 0 PID: 13231 Comm: syz.0.1965 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 441.083533][T13231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 441.093610][T13231] Call Trace: [ 441.096913][T13231] [ 441.099867][T13231] dump_stack_lvl+0x16c/0x1f0 [ 441.104576][T13231] should_fail_ex+0x497/0x5b0 [ 441.109284][T13231] _copy_to_user+0x32/0xd0 [ 441.113739][T13231] simple_read_from_buffer+0xd0/0x160 [ 441.119148][T13231] proc_fail_nth_read+0x198/0x270 [ 441.124215][T13231] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 441.129806][T13231] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 441.135389][T13231] vfs_read+0x1df/0xbe0 [ 441.139573][T13231] ? __fget_files+0x1fc/0x3a0 [ 441.144274][T13231] ? __pfx___mutex_lock+0x10/0x10 [ 441.149326][T13231] ? __pfx_vfs_read+0x10/0x10 [ 441.154038][T13231] ? __fget_files+0x206/0x3a0 [ 441.158757][T13231] ksys_read+0x12b/0x250 [ 441.163065][T13231] ? __pfx_ksys_read+0x10/0x10 [ 441.167876][T13231] do_syscall_64+0xcd/0x250 [ 441.172419][T13231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.178351][T13231] RIP: 0033:0x7fecf578473c [ 441.182789][T13231] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 441.202425][T13231] RSP: 002b:00007fecf6630030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 441.210872][T13231] RAX: ffffffffffffffda RBX: 00007fecf5975fa0 RCX: 00007fecf578473c [ 441.218867][T13231] RDX: 000000000000000f RSI: 00007fecf66300a0 RDI: 0000000000000003 [ 441.226860][T13231] RBP: 00007fecf6630090 R08: 0000000000000000 R09: 0000000000000000 [ 441.234848][T13231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.242835][T13231] R13: 0000000000000001 R14: 00007fecf5975fa0 R15: 00007ffd95db1698 [ 441.250843][T13231] [ 442.473717][T13253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1971'. [ 442.732002][T13236] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 442.742414][T13236] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 442.750019][T13236] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 442.761158][T13236] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 443.177268][T13281] FAULT_INJECTION: forcing a failure. [ 443.177268][T13281] name failslab, interval 1, probability 0, space 0, times 0 [ 443.196113][T13281] CPU: 0 UID: 0 PID: 13281 Comm: syz.2.1982 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 443.206943][T13281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 443.217029][T13281] Call Trace: [ 443.220334][T13281] [ 443.223293][T13281] dump_stack_lvl+0x16c/0x1f0 [ 443.228015][T13281] should_fail_ex+0x497/0x5b0 [ 443.232730][T13281] ? fs_reclaim_acquire+0xae/0x150 [ 443.237892][T13281] should_failslab+0xc2/0x120 [ 443.242614][T13281] __kmalloc_cache_noprof+0x68/0x420 [ 443.247939][T13281] ? get_pipe_info+0xad/0xf0 [ 443.252574][T13281] keyctl_watch_key+0x393/0x500 [ 443.257471][T13281] __do_sys_keyctl+0x123/0x590 [ 443.262279][T13281] do_syscall_64+0xcd/0x250 [ 443.266830][T13281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.272769][T13281] RIP: 0033:0x7f4e06d85d29 [ 443.277208][T13281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.296855][T13281] RSP: 002b:00007f4e04bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 443.305310][T13281] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d85d29 [ 443.313318][T13281] RDX: 0000000000000008 RSI: ffffffffffffffff RDI: 0200000000000020 [ 443.321322][T13281] RBP: 00007f4e04bf6090 R08: 0000000000000008 R09: 0000000000000000 [ 443.329327][T13281] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 443.337330][T13281] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 443.345352][T13281] [ 443.627677][T13291] FAULT_INJECTION: forcing a failure. [ 443.627677][T13291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 443.665108][T13291] CPU: 1 UID: 0 PID: 13291 Comm: syz.0.1985 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 443.675940][T13291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 443.686027][T13291] Call Trace: [ 443.689330][T13291] [ 443.692291][T13291] dump_stack_lvl+0x16c/0x1f0 [ 443.697010][T13291] should_fail_ex+0x497/0x5b0 [ 443.701732][T13291] _copy_from_user+0x2e/0xd0 [ 443.706369][T13291] ____sys_sendmsg+0x56e/0xb40 [ 443.711170][T13291] ? __pfx_____sys_sendmsg+0x10/0x10 [ 443.716488][T13291] ? __lock_acquire+0xcc5/0x3c40 [ 443.721478][T13291] ___sys_sendmsg+0x135/0x1e0 [ 443.723629][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 443.726183][T13291] ? __pfx____sys_sendmsg+0x10/0x10 [ 443.737385][T13291] ? trace_lock_acquire+0x14e/0x1f0 [ 443.742641][T13291] __sys_sendmmsg+0x201/0x420 [ 443.743418][T13289] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 443.747342][T13291] ? __pfx___sys_sendmmsg+0x10/0x10 [ 443.762012][T13291] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 443.768038][T13291] ? fput+0x67/0x440 [ 443.771844][T13289] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 443.771951][T13291] ? ksys_write+0x1ba/0x250 [ 443.785035][T13291] ? __pfx_ksys_write+0x10/0x10 [ 443.789904][T13291] __x64_sys_sendmmsg+0x9c/0x100 [ 443.794866][T13291] ? lockdep_hardirqs_on+0x7c/0x110 [ 443.800070][T13291] do_syscall_64+0xcd/0x250 [ 443.804582][T13291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.810487][T13291] RIP: 0033:0x7fecf5785d29 [ 443.814905][T13291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.834515][T13291] RSP: 002b:00007fecf6630038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 443.842950][T13291] RAX: ffffffffffffffda RBX: 00007fecf5975fa0 RCX: 00007fecf5785d29 [ 443.850930][T13291] RDX: 0000000000000002 RSI: 00000000200001c0 RDI: 0000000000000004 [ 443.858909][T13291] RBP: 00007fecf6630090 R08: 0000000000000000 R09: 0000000000000000 [ 443.866910][T13291] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 443.874884][T13291] R13: 0000000000000000 R14: 00007fecf5975fa0 R15: 00007ffd95db1698 [ 443.882868][T13291] [ 443.885947][ C1] vkms_vblank_simulate: vblank timer overrun [ 444.108429][T13301] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1988'. [ 444.117743][T13301] tc_dump_action: action bad kind [ 444.559352][T13319] FAULT_INJECTION: forcing a failure. [ 444.559352][T13319] name failslab, interval 1, probability 0, space 0, times 0 [ 444.601272][T13319] CPU: 0 UID: 0 PID: 13319 Comm: syz.2.1994 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 444.612101][T13319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 444.622187][T13319] Call Trace: [ 444.625486][T13319] [ 444.628435][T13319] dump_stack_lvl+0x16c/0x1f0 [ 444.633146][T13319] should_fail_ex+0x497/0x5b0 [ 444.637862][T13319] ? fs_reclaim_acquire+0xae/0x150 [ 444.643020][T13319] should_failslab+0xc2/0x120 [ 444.647742][T13319] __kmalloc_node_noprof+0xd1/0x520 [ 444.652986][T13319] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 444.658498][T13319] __kvmalloc_node_noprof+0xad/0x1a0 [ 444.663827][T13319] seq_read_iter+0x82a/0x12b0 [ 444.668542][T13319] ? __mutex_trylock_common+0xea/0x250 [ 444.674046][T13319] kernfs_fop_read_iter+0x414/0x580 [ 444.679285][T13319] ? rw_verify_area+0xd0/0x700 [ 444.684088][T13319] vfs_read+0x87f/0xbe0 [ 444.688285][T13319] ? __pfx_vfs_read+0x10/0x10 [ 444.693024][T13319] ksys_read+0x12b/0x250 [ 444.697304][T13319] ? __pfx_ksys_read+0x10/0x10 [ 444.702110][T13319] do_syscall_64+0xcd/0x250 [ 444.706661][T13319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.712586][T13319] RIP: 0033:0x7f4e06d85d29 [ 444.717032][T13319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.736675][T13319] RSP: 002b:00007f4e04bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 444.745126][T13319] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d85d29 [ 444.753126][T13319] RDX: 00000000000000fb RSI: 00000000200002c0 RDI: 0000000000000003 [ 444.761128][T13319] RBP: 00007f4e04bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 444.769123][T13319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.777124][T13319] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 444.785144][T13319] [ 444.789013][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 444.808216][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 444.817153][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 445.702036][T13353] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2005'. [ 445.721282][T13353] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2005'. [ 445.814525][T13355] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 445.830656][T13358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2005'. [ 445.851477][T13355] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 445.853808][T13353] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2005'. [ 447.102063][T13379] netlink: 'syz.2.2012': attribute type 1 has an invalid length. [ 451.149058][T13464] FAULT_INJECTION: forcing a failure. [ 451.149058][T13464] name failslab, interval 1, probability 0, space 0, times 0 [ 451.228048][T13464] CPU: 0 UID: 0 PID: 13464 Comm: syz.2.2041 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 451.238878][T13464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 451.248968][T13464] Call Trace: [ 451.252270][T13464] [ 451.255224][T13464] dump_stack_lvl+0x16c/0x1f0 [ 451.259942][T13464] should_fail_ex+0x497/0x5b0 [ 451.264657][T13464] ? fs_reclaim_acquire+0xae/0x150 [ 451.269808][T13464] should_failslab+0xc2/0x120 [ 451.274526][T13464] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 451.279938][T13464] ? __thp_vma_allowable_orders+0x1ca/0xb30 [ 451.285874][T13464] ? __pmd_alloc+0xc3/0x8b0 [ 451.290460][T13464] __pmd_alloc+0xc3/0x8b0 [ 451.294831][T13464] __handle_mm_fault+0x94a/0x2a40 [ 451.299896][T13464] ? lock_vma_under_rcu+0x6b9/0x980 [ 451.305115][T13464] ? __pfx___handle_mm_fault+0x10/0x10 [ 451.310612][T13464] handle_mm_fault+0x3fa/0xaa0 [ 451.315399][T13464] do_user_addr_fault+0x60d/0x13f0 [ 451.320525][T13464] exc_page_fault+0x5c/0xc0 [ 451.325047][T13464] asm_exc_page_fault+0x26/0x30 [ 451.329907][T13464] RIP: 0033:0x7f4e06d6b801 [ 451.334386][T13464] Code: 00 0f 1f 84 00 00 00 00 00 48 85 f6 74 37 49 89 f0 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 5f 02 00 00 fd 74 0f c5 fd d7 c1 48 83 fe 20 76 11 85 c0 74 6d f3 0f bc c0 [ 451.354182][T13464] RSP: 002b:00007f4e04bf4f58 EFLAGS: 00010283 [ 451.360261][T13464] RAX: 0000000000000000 RBX: 00007f4e04bf5024 RCX: 0000000000000000 [ 451.368240][T13464] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000 [ 451.376220][T13464] RBP: 0000000000000003 R08: 000000000000000f R09: 0000000000000000 [ 451.384194][T13464] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 451.392166][T13464] R13: 00007f4e04bf4fc0 R14: 00007f4e06f75fa0 R15: 0000000000000000 [ 451.400152][T13464] [ 451.437763][T13464] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 452.963932][T13501] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2052'. [ 452.972942][T13501] tc_dump_action: action bad kind [ 454.159507][T13520] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 454.179430][T13520] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 455.408433][T13552] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 455.442983][T13552] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 455.589546][T13564] FAULT_INJECTION: forcing a failure. [ 455.589546][T13564] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.617721][T13564] CPU: 1 UID: 0 PID: 13564 Comm: syz.2.2069 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 455.628551][T13564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 455.638636][T13564] Call Trace: [ 455.641936][T13564] [ 455.644890][T13564] dump_stack_lvl+0x16c/0x1f0 [ 455.649607][T13564] should_fail_ex+0x497/0x5b0 [ 455.654323][T13564] strncpy_from_user+0x3b/0x2d0 [ 455.659211][T13564] getname_flags.part.0+0x8f/0x550 [ 455.664368][T13564] getname+0x8d/0xe0 [ 455.668299][T13564] do_sys_openat2+0x104/0x1e0 [ 455.673014][T13564] ? __pfx_do_sys_openat2+0x10/0x10 [ 455.678264][T13564] __x64_sys_openat+0x175/0x210 [ 455.683180][T13564] ? __pfx___x64_sys_openat+0x10/0x10 [ 455.688609][T13564] ? ksys_write+0x1ba/0x250 [ 455.693153][T13564] do_syscall_64+0xcd/0x250 [ 455.697703][T13564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.703631][T13564] RIP: 0033:0x7f4e06d85d29 [ 455.708074][T13564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.727708][T13564] RSP: 002b:00007f4e04bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 455.736145][T13564] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d85d29 [ 455.744119][T13564] RDX: 0000000000101e81 RSI: 0000000020000400 RDI: ffffffffffffff9c [ 455.752092][T13564] RBP: 00007f4e04bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 455.760062][T13564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.768034][T13564] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 455.776017][T13564] [ 456.961841][T13586] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 456.992220][T13586] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 459.554396][T13622] FAULT_INJECTION: forcing a failure. [ 459.554396][T13622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.573175][T13622] CPU: 0 UID: 0 PID: 13622 Comm: syz.4.2082 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 459.583986][T13622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 459.594067][T13622] Call Trace: [ 459.597365][T13622] [ 459.600317][T13622] dump_stack_lvl+0x16c/0x1f0 [ 459.605035][T13622] should_fail_ex+0x497/0x5b0 [ 459.609757][T13622] _copy_from_user+0x2e/0xd0 [ 459.614389][T13622] ____sys_sendmsg+0x56e/0xb40 [ 459.619190][T13622] ? __pfx_____sys_sendmsg+0x10/0x10 [ 459.624525][T13622] ___sys_sendmsg+0x135/0x1e0 [ 459.629254][T13622] ? __pfx____sys_sendmsg+0x10/0x10 [ 459.634510][T13622] ? __pfx_lock_release+0x10/0x10 [ 459.639558][T13622] ? trace_lock_acquire+0x14e/0x1f0 [ 459.644797][T13622] ? __fget_files+0x206/0x3a0 [ 459.649521][T13622] __sys_sendmsg+0x16e/0x220 [ 459.654153][T13622] ? __pfx___sys_sendmsg+0x10/0x10 [ 459.659327][T13622] do_syscall_64+0xcd/0x250 [ 459.663871][T13622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.669801][T13622] RIP: 0033:0x7fc09d185d29 [ 459.674240][T13622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.693891][T13622] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 459.702343][T13622] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 459.710346][T13622] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 459.718351][T13622] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 459.726358][T13622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.734354][T13622] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 459.742369][T13622] [ 460.154358][T13635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2086'. [ 460.164054][T13635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2086'. [ 460.218104][T13635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2086'. [ 460.952505][T13651] FAULT_INJECTION: forcing a failure. [ 460.952505][T13651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 460.968658][T13651] CPU: 1 UID: 0 PID: 13651 Comm: syz.2.2089 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 460.979471][T13651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 460.989559][T13651] Call Trace: [ 460.992864][T13651] [ 460.995820][T13651] dump_stack_lvl+0x16c/0x1f0 [ 461.000536][T13651] should_fail_ex+0x497/0x5b0 [ 461.005257][T13651] _copy_to_user+0x32/0xd0 [ 461.009726][T13651] simple_read_from_buffer+0xd0/0x160 [ 461.015141][T13651] proc_fail_nth_read+0x198/0x270 [ 461.020206][T13651] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.025801][T13651] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.031389][T13651] vfs_read+0x1df/0xbe0 [ 461.035561][T13651] ? __fget_files+0x1fc/0x3a0 [ 461.040250][T13651] ? __pfx___mutex_lock+0x10/0x10 [ 461.045292][T13651] ? __pfx_vfs_read+0x10/0x10 [ 461.049982][T13651] ? __fget_files+0x206/0x3a0 [ 461.054673][T13651] ksys_read+0x12b/0x250 [ 461.058920][T13651] ? __pfx_ksys_read+0x10/0x10 [ 461.063694][T13651] do_syscall_64+0xcd/0x250 [ 461.068223][T13651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.074146][T13651] RIP: 0033:0x7f4e06d8473c [ 461.078570][T13651] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 461.098191][T13651] RSP: 002b:00007f4e04bf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 461.106616][T13651] RAX: ffffffffffffffda RBX: 00007f4e06f75fa0 RCX: 00007f4e06d8473c [ 461.114589][T13651] RDX: 000000000000000f RSI: 00007f4e04bf60a0 RDI: 0000000000000005 [ 461.122560][T13651] RBP: 00007f4e04bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 461.130534][T13651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 461.138507][T13651] R13: 0000000000000000 R14: 00007f4e06f75fa0 R15: 00007fff04c83238 [ 461.146492][T13651] [ 461.390234][T13663] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 461.418611][T13663] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 462.791825][T13715] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 462.816121][T13715] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 463.050553][T13718] ima: policy update failed [ 463.084523][ T29] audit: type=1802 audit(4294967319.010:7): pid=13718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2108" res=0 errno=0 [ 464.813605][T13776] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 464.862812][T13776] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 465.388509][T13790] Process accounting resumed [ 466.612957][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 466.628696][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 466.644078][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 466.659669][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 466.667977][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 466.679842][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 467.023447][T13821] Process accounting resumed [ 467.068030][T13814] chnl_net:caif_netlink_parms(): no params data found [ 467.248206][T13821] FAULT_INJECTION: forcing a failure. [ 467.248206][T13821] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 467.261537][T13821] CPU: 0 UID: 0 PID: 13821 Comm: syz.4.2137 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 467.272336][T13821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 467.282419][T13821] Call Trace: [ 467.285715][T13821] [ 467.288663][T13821] dump_stack_lvl+0x16c/0x1f0 [ 467.293374][T13821] should_fail_ex+0x497/0x5b0 [ 467.298094][T13821] _copy_to_user+0x32/0xd0 [ 467.302559][T13821] simple_read_from_buffer+0xd0/0x160 [ 467.307979][T13821] proc_fail_nth_read+0x198/0x270 [ 467.313047][T13821] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 467.318641][T13821] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 467.324222][T13821] vfs_read+0x1df/0xbe0 [ 467.328392][T13821] ? __fget_files+0x1fc/0x3a0 [ 467.333079][T13821] ? __pfx___mutex_lock+0x10/0x10 [ 467.338133][T13821] ? __pfx_vfs_read+0x10/0x10 [ 467.342839][T13821] ? __fget_files+0x206/0x3a0 [ 467.347541][T13821] ksys_read+0x12b/0x250 [ 467.351798][T13821] ? __pfx_ksys_read+0x10/0x10 [ 467.356589][T13821] do_syscall_64+0xcd/0x250 [ 467.361113][T13821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.367022][T13821] RIP: 0033:0x7fc09d18473c [ 467.371441][T13821] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 467.391053][T13821] RSP: 002b:00007fc09deeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 467.399473][T13821] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d18473c [ 467.407449][T13821] RDX: 000000000000000f RSI: 00007fc09deeb0a0 RDI: 0000000000000004 [ 467.415421][T13821] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 467.423391][T13821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.431365][T13821] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 467.439356][T13821] [ 467.467633][T13814] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.475390][T13814] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.485441][T13814] bridge_slave_0: entered allmulticast mode [ 467.492492][T13814] bridge_slave_0: entered promiscuous mode [ 467.501632][T13814] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.509506][T13814] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.529422][T13814] bridge_slave_1: entered allmulticast mode [ 467.540493][T13814] bridge_slave_1: entered promiscuous mode [ 467.622576][T13814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.661839][T13814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.725465][T13814] team0: Port device team_slave_0 added [ 467.741740][T13814] team0: Port device team_slave_1 added [ 467.812943][T13814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 467.831931][T13814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.879053][T13814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 467.905612][T13834] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 467.906243][T13814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 467.929163][T13834] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 467.933334][T13814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.981824][T13814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 468.149839][T13814] hsr_slave_0: entered promiscuous mode [ 468.160744][T13814] hsr_slave_1: entered promiscuous mode [ 468.517692][T13814] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.775130][ T5145] Bluetooth: hci3: command tx timeout [ 469.033163][T13857] Process accounting resumed [ 469.139290][T13814] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.420915][T13814] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.700470][T13814] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.253386][T13814] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 470.302396][T13814] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 470.432456][T13814] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 470.511599][T13814] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 470.722812][T13814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 470.740258][T13814] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.751986][ T3601] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.759193][ T3601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.824453][ T3456] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.831567][ T3456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.852106][ T5145] Bluetooth: hci3: command tx timeout [ 471.554905][T13814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 471.639505][T13814] veth0_vlan: entered promiscuous mode [ 471.677164][T13814] veth1_vlan: entered promiscuous mode [ 471.843684][T13814] veth0_macvtap: entered promiscuous mode [ 471.883924][T13814] veth1_macvtap: entered promiscuous mode [ 471.932755][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 471.946690][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.969181][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 471.995829][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.005871][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.016334][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.026330][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 472.036967][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.051564][T13814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 472.063750][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.074262][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.084227][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.094821][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.104832][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.115558][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.151782][T13814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.182762][T13814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.214418][T13814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 472.378193][T13814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.432263][T13814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.441861][T13814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.452643][T13814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.821274][ T3424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.854628][ T3424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 472.929577][ T5145] Bluetooth: hci3: command tx timeout [ 472.942491][ T3601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.967177][ T3601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.885737][T13971] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 474.925291][T13971] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 475.003435][ T5145] Bluetooth: hci3: command tx timeout [ 476.877227][T14023] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 476.887770][T14017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2185'. [ 476.904051][T14023] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 478.962648][T14085] [U] [ 478.965489][T14085] [U] [ 478.968194][T14085] [U] [ 478.970893][T14085] [U] [ 478.973598][T14085] [U] [ 478.977768][T14085] [U] [ 478.980518][T14085] [U] [ 478.981932][T14077] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 478.983226][T14085] [U] [ 478.983293][T14085] [U] [ 478.985177][T14084] [U] [ 479.073583][T14077] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 479.542231][T14096] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2207'. [ 479.638319][T14096] veth1_macvtap: left promiscuous mode [ 480.071829][T14108] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2209'. [ 480.096816][T14082] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[14082] [ 482.951431][T14171] lo: entered allmulticast mode [ 482.957230][T14171] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2219'. [ 483.380664][T14171] lo: left allmulticast mode [ 483.394067][T14180] FAULT_INJECTION: forcing a failure. [ 483.394067][T14180] name failslab, interval 1, probability 0, space 0, times 0 [ 483.407337][T14180] CPU: 1 UID: 0 PID: 14180 Comm: syz.0.2221 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 483.418143][T14180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 483.428226][T14180] Call Trace: [ 483.431519][T14180] [ 483.434474][T14180] dump_stack_lvl+0x16c/0x1f0 [ 483.439193][T14180] should_fail_ex+0x497/0x5b0 [ 483.443910][T14180] should_failslab+0xc2/0x120 [ 483.448621][T14180] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 483.454028][T14180] ? dst_alloc+0x99/0x1a0 [ 483.458398][T14180] dst_alloc+0x99/0x1a0 [ 483.462590][T14180] rt_dst_alloc+0x35/0x3a0 [ 483.467043][T14180] ip_route_output_key_hash_rcu+0x8a5/0x2770 [ 483.473041][T14180] ? mark_lock+0xb12/0xc60 [ 483.477481][T14180] ip_route_output_key_hash+0x138/0x2e0 [ 483.483031][T14180] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 483.489112][T14180] ? __pfx_lock_release+0x10/0x10 [ 483.494138][T14180] ? trace_lock_acquire+0x14e/0x1f0 [ 483.499345][T14180] ? __check_object_size+0xad/0x710 [ 483.504556][T14180] ip_route_output_flow+0x27/0x150 [ 483.509684][T14180] ping_v4_sendmsg+0x9cf/0x1a00 [ 483.514563][T14180] ? __pfx_ping_v4_sendmsg+0x10/0x10 [ 483.519863][T14180] ? release_sock+0x21/0x220 [ 483.524461][T14180] ? reacquire_held_locks+0x20b/0x4c0 [ 483.529849][T14180] ? inet_autobind+0x145/0x1a0 [ 483.534625][T14180] ? lock_acquire+0x2f/0xb0 [ 483.539134][T14180] ? inet_autobind+0x145/0x1a0 [ 483.543908][T14180] ? __local_bh_enable_ip+0xa4/0x120 [ 483.549195][T14180] ? inet_autobind+0x14a/0x1a0 [ 483.553969][T14180] ? __pfx_ping_v4_sendmsg+0x10/0x10 [ 483.559267][T14180] inet_sendmsg+0x119/0x140 [ 483.563781][T14180] __sys_sendto+0x42a/0x4f0 [ 483.568294][T14180] ? __pfx___sys_sendto+0x10/0x10 [ 483.573346][T14180] ? ksys_write+0x1ba/0x250 [ 483.577858][T14180] ? __pfx_ksys_write+0x10/0x10 [ 483.582715][T14180] __x64_sys_sendto+0xe0/0x1c0 [ 483.587487][T14180] ? do_syscall_64+0x91/0x250 [ 483.592171][T14180] ? lockdep_hardirqs_on+0x7c/0x110 [ 483.597375][T14180] do_syscall_64+0xcd/0x250 [ 483.601886][T14180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.607788][T14180] RIP: 0033:0x7fc2b0185d29 [ 483.612207][T14180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.631818][T14180] RSP: 002b:00007fc2b0fa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 483.640237][T14180] RAX: ffffffffffffffda RBX: 00007fc2b0375fa0 RCX: 00007fc2b0185d29 [ 483.648211][T14180] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000003 [ 483.656180][T14180] RBP: 00007fc2b0fa1090 R08: 0000000020000100 R09: 0000000000000019 [ 483.664151][T14180] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001 [ 483.672122][T14180] R13: 0000000000000000 R14: 00007fc2b0375fa0 R15: 00007ffcbf5d2518 [ 483.680107][T14180] [ 485.496760][T14213] FAULT_INJECTION: forcing a failure. [ 485.496760][T14213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 485.539686][T14213] CPU: 1 UID: 0 PID: 14213 Comm: syz.0.2230 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 485.550512][T14213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 485.560593][T14213] Call Trace: [ 485.563896][T14213] [ 485.566849][T14213] dump_stack_lvl+0x16c/0x1f0 [ 485.571555][T14213] should_fail_ex+0x497/0x5b0 [ 485.576271][T14213] _copy_to_user+0x32/0xd0 [ 485.580727][T14213] simple_read_from_buffer+0xd0/0x160 [ 485.586132][T14213] proc_fail_nth_read+0x198/0x270 [ 485.591207][T14213] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 485.596798][T14213] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 485.602384][T14213] vfs_read+0x1df/0xbe0 [ 485.606577][T14213] ? __fget_files+0x1fc/0x3a0 [ 485.611291][T14213] ? __pfx___mutex_lock+0x10/0x10 [ 485.616350][T14213] ? __pfx_vfs_read+0x10/0x10 [ 485.621072][T14213] ? __fget_files+0x206/0x3a0 [ 485.625792][T14213] ksys_read+0x12b/0x250 [ 485.630067][T14213] ? __pfx_ksys_read+0x10/0x10 [ 485.634872][T14213] do_syscall_64+0xcd/0x250 [ 485.639415][T14213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.645346][T14213] RIP: 0033:0x7fc2b018473c [ 485.649784][T14213] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 485.669419][T14213] RSP: 002b:00007fc2b0f80030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 485.677866][T14213] RAX: ffffffffffffffda RBX: 00007fc2b0376080 RCX: 00007fc2b018473c [ 485.685863][T14213] RDX: 000000000000000f RSI: 00007fc2b0f800a0 RDI: 0000000000000004 [ 485.693860][T14213] RBP: 00007fc2b0f80090 R08: 0000000000000000 R09: 0000000000000000 [ 485.701870][T14213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.709868][T14213] R13: 0000000000000001 R14: 00007fc2b0376080 R15: 00007ffcbf5d2518 [ 485.717887][T14213] [ 486.463636][T14231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2235'. [ 487.645863][T14251] Invalid ELF header magic: != ELF [ 490.576026][T14304] FAULT_INJECTION: forcing a failure. [ 490.576026][T14304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 490.643273][T14304] CPU: 0 UID: 0 PID: 14304 Comm: syz.0.2256 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 490.654101][T14304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 490.664188][T14304] Call Trace: [ 490.667487][T14304] [ 490.670440][T14304] dump_stack_lvl+0x16c/0x1f0 [ 490.675156][T14304] should_fail_ex+0x497/0x5b0 [ 490.679877][T14304] _copy_to_user+0x32/0xd0 [ 490.684339][T14304] simple_read_from_buffer+0xd0/0x160 [ 490.689747][T14304] proc_fail_nth_read+0x198/0x270 [ 490.694819][T14304] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 490.700417][T14304] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 490.706004][T14304] vfs_read+0x1df/0xbe0 [ 490.710193][T14304] ? __fget_files+0x1fc/0x3a0 [ 490.714905][T14304] ? __pfx___mutex_lock+0x10/0x10 [ 490.719965][T14304] ? __pfx_vfs_read+0x10/0x10 [ 490.724687][T14304] ? __fget_files+0x206/0x3a0 [ 490.729416][T14304] ksys_read+0x12b/0x250 [ 490.733693][T14304] ? __pfx_ksys_read+0x10/0x10 [ 490.738505][T14304] do_syscall_64+0xcd/0x250 [ 490.743044][T14304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.748973][T14304] RIP: 0033:0x7fc2b018473c [ 490.753415][T14304] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 490.773055][T14304] RSP: 002b:00007fc2b0fa1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 490.781509][T14304] RAX: ffffffffffffffda RBX: 00007fc2b0375fa0 RCX: 00007fc2b018473c [ 490.789516][T14304] RDX: 000000000000000f RSI: 00007fc2b0fa10a0 RDI: 0000000000000003 [ 490.797517][T14304] RBP: 00007fc2b0fa1090 R08: 0000000000000000 R09: 0000000000000000 [ 490.805519][T14304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 490.813522][T14304] R13: 0000000000000001 R14: 00007fc2b0375fa0 R15: 00007ffcbf5d2518 [ 490.821539][T14304] [ 491.696690][T14337] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 491.736375][T14337] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 492.853543][T14362] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 492.863766][T14362] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 495.391005][T14395] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 495.425680][T14395] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 497.420139][T14426] netlink: 'syz.2.2288': attribute type 1 has an invalid length. [ 497.790398][T14433] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 497.814383][T14433] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 497.952496][T14437] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[14437] [ 498.423635][ T11] bridge_slave_1: left allmulticast mode [ 498.434593][ T11] bridge_slave_1: left promiscuous mode [ 498.440395][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.533894][ T11] bridge_slave_0: left allmulticast mode [ 498.539592][ T11] bridge_slave_0: left promiscuous mode [ 498.584077][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.611618][T14453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2294'. [ 499.724297][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 499.779954][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 499.810164][ T11] bond0 (unregistering): Released all slaves [ 500.191792][T14465] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 500.284061][T14465] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 500.620409][T14472] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[14472] [ 500.633250][ T11] hsr_slave_0: left promiscuous mode [ 500.654605][ T11] hsr_slave_1: left promiscuous mode [ 500.691906][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 500.713271][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 500.738675][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 500.763226][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 500.846329][ T11] veth1_vlan: left promiscuous mode [ 500.851686][ T11] veth0_vlan: left promiscuous mode [ 501.713662][T14504] Falling back ldisc for pty250. [ 501.725933][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.732391][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.075961][ T11] team0 (unregistering): Port device team_slave_1 removed [ 503.214834][ T11] team0 (unregistering): Port device team_slave_0 removed [ 504.516288][T14493] HSR: entered promiscuous mode [ 505.270505][T14539] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[14539] [ 506.041297][T14556] FAULT_INJECTION: forcing a failure. [ 506.041297][T14556] name failslab, interval 1, probability 0, space 0, times 0 [ 506.094291][T14556] CPU: 0 UID: 0 PID: 14556 Comm: syz.0.2317 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 506.105127][T14556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 506.115213][T14556] Call Trace: [ 506.118521][T14556] [ 506.121482][T14556] dump_stack_lvl+0x16c/0x1f0 [ 506.126204][T14556] should_fail_ex+0x497/0x5b0 [ 506.130922][T14556] ? fs_reclaim_acquire+0xae/0x150 [ 506.136072][T14556] should_failslab+0xc2/0x120 [ 506.140793][T14556] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 506.146203][T14556] ? security_file_alloc+0x34/0x2b0 [ 506.151444][T14556] security_file_alloc+0x34/0x2b0 [ 506.156507][T14556] init_file+0x93/0x480 [ 506.160701][T14556] alloc_empty_file+0x91/0x1e0 [ 506.165504][T14556] alloc_file_pseudo+0x13d/0x200 [ 506.170486][T14556] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 506.175984][T14556] ? alloc_fd+0x41f/0x760 [ 506.180351][T14556] ? __pfx_lock_release+0x10/0x10 [ 506.185411][T14556] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 506.190823][T14556] __anon_inode_getfile+0x136/0x3c0 [ 506.196059][T14556] ? _raw_spin_unlock+0x28/0x50 [ 506.200939][T14556] ? __pfx___anon_inode_getfile+0x10/0x10 [ 506.206712][T14556] ? lockdep_init_map_type+0x16d/0x7d0 [ 506.212207][T14556] anon_inode_getfd+0x52/0xb0 [ 506.216923][T14556] __do_sys_fanotify_init+0x88d/0xb00 [ 506.222337][T14556] do_syscall_64+0xcd/0x250 [ 506.226878][T14556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.232804][T14556] RIP: 0033:0x7fc2b0185d29 [ 506.237242][T14556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.256885][T14556] RSP: 002b:00007fc2b0fa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 506.265340][T14556] RAX: ffffffffffffffda RBX: 00007fc2b0375fa0 RCX: 00007fc2b0185d29 [ 506.273340][T14556] RDX: 0000000000000000 RSI: 0002000000000002 RDI: 0000000000000005 [ 506.281335][T14556] RBP: 00007fc2b0fa1090 R08: 0000000000000000 R09: 0000000000000000 [ 506.289330][T14556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 506.297334][T14556] R13: 0000000000000000 R14: 00007fc2b0375fa0 R15: 00007ffcbf5d2518 [ 506.305352][T14556] [ 507.072307][T14585] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2322'. [ 507.224017][T14592] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 507.294750][T14592] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 510.953357][T14650] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2335'. [ 511.072113][T14641] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[14641] [ 511.351421][T14650] hsr_slave_1 (unregistering): left promiscuous mode [ 511.512825][T14671] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2338'. [ 513.486833][T14708] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2348'. [ 513.542196][T14708] ip6gre0: entered promiscuous mode [ 514.118497][T14721] netlink: 346 bytes leftover after parsing attributes in process `syz.4.2352'. [ 516.772646][T14770] netlink: 346 bytes leftover after parsing attributes in process `syz.4.2365'. [ 517.053832][T14773] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[14773] [ 519.413960][T14818] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[14818] [ 519.724177][T14827] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 523.814039][T14862] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 523.853347][T14862] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 526.229933][T14911] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 526.762582][T14918] random: crng reseeded on system resumption [ 527.397433][T14920] can0: slcan on ptm0. [ 527.562755][T14927] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[14927] [ 527.813704][T14917] can0 (unregistered): slcan off ptm0. [ 529.074035][T14961] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[14961] [ 530.276711][T15001] random: crng reseeded on system resumption [ 530.631295][T15003] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[15003] [ 531.191384][T15023] FAULT_INJECTION: forcing a failure. [ 531.191384][T15023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 531.214177][T15005] can0: slcan on ptm0. [ 531.278105][T15023] CPU: 0 UID: 0 PID: 15023 Comm: syz.4.2421 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 531.288937][T15023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 531.299033][T15023] Call Trace: [ 531.302334][T15023] [ 531.305290][T15023] dump_stack_lvl+0x16c/0x1f0 [ 531.310012][T15023] should_fail_ex+0x497/0x5b0 [ 531.314731][T15023] _copy_to_user+0x32/0xd0 [ 531.319191][T15023] simple_read_from_buffer+0xd0/0x160 [ 531.324604][T15023] proc_fail_nth_read+0x198/0x270 [ 531.329679][T15023] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 531.335377][T15023] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 531.340979][T15023] vfs_read+0x1df/0xbe0 [ 531.345177][T15023] ? __fget_files+0x1fc/0x3a0 [ 531.349893][T15023] ? __pfx___mutex_lock+0x10/0x10 [ 531.354966][T15023] ? __pfx_vfs_read+0x10/0x10 [ 531.359701][T15023] ? __fget_files+0x206/0x3a0 [ 531.364424][T15023] ksys_read+0x12b/0x250 [ 531.368699][T15023] ? __pfx_ksys_read+0x10/0x10 [ 531.373506][T15023] do_syscall_64+0xcd/0x250 [ 531.378046][T15023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.383979][T15023] RIP: 0033:0x7fc09d18473c [ 531.388420][T15023] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 531.408062][T15023] RSP: 002b:00007fc09deeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 531.416514][T15023] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d18473c [ 531.424513][T15023] RDX: 000000000000000f RSI: 00007fc09deeb0a0 RDI: 0000000000000005 [ 531.432514][T15023] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 531.440513][T15023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.448514][T15023] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 531.456537][T15023] [ 531.459634][ C0] vkms_vblank_simulate: vblank timer overrun [ 532.131052][T14999] can0 (unregistered): slcan off ptm0. [ 535.576073][T15098] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[15098] [ 535.879666][T15102] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[15102] [ 538.104287][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 538.161028][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 538.200633][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 538.264055][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 538.291890][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 538.300368][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 538.647431][T15139] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[15139] [ 539.518043][T15130] chnl_net:caif_netlink_parms(): no params data found [ 540.152159][T15130] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.163467][T15130] bridge0: port 1(bridge_slave_0) entered disabled state [ 540.170696][T15130] bridge_slave_0: entered allmulticast mode [ 540.184835][T15130] bridge_slave_0: entered promiscuous mode [ 540.201973][T15130] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.221252][T15130] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.231467][T15130] bridge_slave_1: entered allmulticast mode [ 540.246634][T15130] bridge_slave_1: entered promiscuous mode [ 540.363394][ T54] Bluetooth: hci4: command tx timeout [ 540.624743][T15130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 540.657608][T15130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.532595][T15130] team0: Port device team_slave_0 added [ 541.565512][T15130] team0: Port device team_slave_1 added [ 541.686874][T15130] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.708091][T15130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.780324][T15130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 541.806155][T15175] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 541.813916][T15130] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 541.853237][T15130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.903016][T15130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 541.903334][T15175] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 542.136411][T15130] hsr_slave_0: entered promiscuous mode [ 542.223601][T15130] hsr_slave_1: entered promiscuous mode [ 542.264022][T15130] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 542.271638][T15130] Cannot create hsr debugfs directory [ 542.443632][ T54] Bluetooth: hci4: command tx timeout [ 542.552435][T15181] FAULT_INJECTION: forcing a failure. [ 542.552435][T15181] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 542.593277][T15181] CPU: 1 UID: 0 PID: 15181 Comm: syz.4.2453 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 542.604098][T15181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 542.614182][T15181] Call Trace: [ 542.617481][T15181] [ 542.620430][T15181] dump_stack_lvl+0x16c/0x1f0 [ 542.625143][T15181] should_fail_ex+0x497/0x5b0 [ 542.629865][T15181] _copy_to_user+0x32/0xd0 [ 542.634324][T15181] simple_read_from_buffer+0xd0/0x160 [ 542.639731][T15181] proc_fail_nth_read+0x198/0x270 [ 542.644799][T15181] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 542.650392][T15181] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 542.655989][T15181] vfs_read+0x1df/0xbe0 [ 542.660177][T15181] ? __fget_files+0x1fc/0x3a0 [ 542.664885][T15181] ? __pfx___mutex_lock+0x10/0x10 [ 542.669944][T15181] ? __pfx_vfs_read+0x10/0x10 [ 542.674666][T15181] ? __fget_files+0x206/0x3a0 [ 542.679384][T15181] ksys_read+0x12b/0x250 [ 542.683657][T15181] ? __pfx_ksys_read+0x10/0x10 [ 542.688457][T15181] do_syscall_64+0xcd/0x250 [ 542.692995][T15181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.698923][T15181] RIP: 0033:0x7fc09d18473c [ 542.703359][T15181] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 542.723003][T15181] RSP: 002b:00007fc09deeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 542.731452][T15181] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d18473c [ 542.739452][T15181] RDX: 000000000000000f RSI: 00007fc09deeb0a0 RDI: 0000000000000004 [ 542.747450][T15181] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 542.755450][T15181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 542.763447][T15181] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 542.771462][T15181] [ 543.312482][T15130] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.620847][T15130] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.892351][T15130] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.246441][T15130] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.532799][ T54] Bluetooth: hci4: command tx timeout [ 544.628410][T15130] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 544.704242][T15130] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 544.771351][T15130] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 544.857715][T15130] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 545.037646][T15130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 545.085139][T15130] 8021q: adding VLAN 0 to HW filter on device team0 [ 545.117254][ T3601] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.124412][ T3601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 545.164777][ T3601] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.171955][ T3601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 545.202780][T15194] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 545.260471][T15194] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 545.279846][T15130] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 545.313285][T15130] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 545.682178][T15130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.775934][T15130] veth0_vlan: entered promiscuous mode [ 545.835180][T15130] veth1_vlan: entered promiscuous mode [ 545.935025][T15217] netlink: 4368 bytes leftover after parsing attributes in process `syz.4.2461'. [ 546.127516][T15130] veth0_macvtap: entered promiscuous mode [ 546.161962][T15130] veth1_macvtap: entered promiscuous mode [ 546.241549][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.260593][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.273487][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.303043][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.336716][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.371153][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.383652][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.400930][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.414488][T15130] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 546.507439][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.549269][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.560417][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.577343][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.591534][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.613352][ T54] Bluetooth: hci4: command tx timeout [ 546.626331][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.683358][T15130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.713190][T15130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.754531][T15130] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 546.782944][T15130] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.833289][T15130] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.842589][T15130] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.883240][T15130] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.121290][ T3601] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.149671][ T3601] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.227669][ T3456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.245860][ T3456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.314126][T15255] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[15255] [ 550.137631][T15282] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 551.945735][T15295] netlink: 1204 bytes leftover after parsing attributes in process `syz.2.2479'. [ 552.059511][T15295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2479'. [ 554.867218][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 554.886148][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 554.903439][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 554.914993][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 554.943735][ T5836] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 554.952213][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 555.786883][T15328] chnl_net:caif_netlink_parms(): no params data found [ 556.138846][T15328] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.166463][T15328] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.180420][T15328] bridge_slave_0: entered allmulticast mode [ 556.198347][T15328] bridge_slave_0: entered promiscuous mode [ 556.218337][T15328] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.243485][T15328] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.263374][T15328] bridge_slave_1: entered allmulticast mode [ 556.277261][T15328] bridge_slave_1: entered promiscuous mode [ 556.407782][T15328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.423365][T15356] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[15356] [ 556.437409][T15328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.601052][T15328] team0: Port device team_slave_0 added [ 556.635245][T15328] team0: Port device team_slave_1 added [ 556.745878][T15328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 556.764767][T15328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.823787][T15328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 557.003885][ T5836] Bluetooth: hci1: command tx timeout [ 557.023542][T15328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 557.030528][T15328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 557.102373][T15328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 557.292914][T15328] hsr_slave_0: entered promiscuous mode [ 557.309770][T15328] hsr_slave_1: entered promiscuous mode [ 557.349959][T15328] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 557.358863][T15328] Cannot create hsr debugfs directory [ 557.830255][T15328] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.988171][T15328] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.167016][T15328] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.389482][T15328] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.629848][T15389] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 558.686281][T15389] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 558.721846][T15328] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 558.751978][T15328] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 558.778485][T15328] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 558.815615][T15328] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 559.067191][T15328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 559.084359][ T5836] Bluetooth: hci1: command tx timeout [ 559.155920][T15328] 8021q: adding VLAN 0 to HW filter on device team0 [ 559.168351][ T3651] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.175529][ T3651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 559.255061][ T3601] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.262216][ T3601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 559.565083][T15328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 559.942937][T15328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.052346][T15328] veth0_vlan: entered promiscuous mode [ 560.085611][T15328] veth1_vlan: entered promiscuous mode [ 560.164121][T15328] veth0_macvtap: entered promiscuous mode [ 560.191799][T15328] veth1_macvtap: entered promiscuous mode [ 560.240210][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.273286][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.291614][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.302211][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.340200][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.350767][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.389896][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.420380][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.445235][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.460784][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.475980][T15423] FAULT_INJECTION: forcing a failure. [ 560.475980][T15423] name failslab, interval 1, probability 0, space 0, times 0 [ 560.489913][T15328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.522264][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.534412][T15423] CPU: 0 UID: 0 PID: 15423 Comm: syz.2.2509 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 560.539941][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.545196][T15423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 560.545214][T15423] Call Trace: [ 560.545222][T15423] [ 560.545232][T15423] dump_stack_lvl+0x16c/0x1f0 [ 560.545268][T15423] should_fail_ex+0x497/0x5b0 [ 560.545302][T15423] ? fs_reclaim_acquire+0xae/0x150 [ 560.545333][T15423] should_failslab+0xc2/0x120 [ 560.545368][T15423] __kmalloc_noprof+0xce/0x4f0 [ 560.545397][T15423] ? d_absolute_path+0x137/0x1b0 [ 560.600152][T15423] ? tomoyo_encode2+0x100/0x3e0 [ 560.605022][T15423] tomoyo_encode2+0x100/0x3e0 [ 560.609713][T15423] tomoyo_realpath_from_path+0x1a7/0x710 [ 560.615358][T15423] tomoyo_path_number_perm+0x248/0x5b0 [ 560.620829][T15423] ? tomoyo_path_number_perm+0x235/0x5b0 [ 560.626475][T15423] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 560.632489][T15423] ? __pfx_lock_release+0x10/0x10 [ 560.637516][T15423] ? trace_lock_acquire+0x14e/0x1f0 [ 560.642724][T15423] ? lock_acquire+0x2f/0xb0 [ 560.647228][T15423] ? __fget_files+0x40/0x3a0 [ 560.651826][T15423] ? __fget_files+0x206/0x3a0 [ 560.656510][T15423] security_file_ioctl+0x9b/0x240 [ 560.661542][T15423] __x64_sys_ioctl+0xb7/0x200 [ 560.666230][T15423] do_syscall_64+0xcd/0x250 [ 560.670748][T15423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.676650][T15423] RIP: 0033:0x7f3720b85d29 [ 560.681076][T15423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.700700][T15423] RSP: 002b:00007f37219bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 560.709125][T15423] RAX: ffffffffffffffda RBX: 00007f3720d75fa0 RCX: 00007f3720b85d29 [ 560.717113][T15423] RDX: 0000000000000000 RSI: 000000004008af03 RDI: 0000000000000003 [ 560.725095][T15423] RBP: 00007f37219bb090 R08: 0000000000000000 R09: 0000000000000000 [ 560.733067][T15423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 560.741044][T15423] R13: 0000000000000000 R14: 00007f3720d75fa0 R15: 00007ffeedabb4d8 [ 560.749034][T15423] [ 560.753265][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.764020][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.774345][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.785219][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.795162][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.805692][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.808134][T15423] ERROR: Out of memory at tomoyo_realpath_from_path. [ 560.815764][T15328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.847006][T15328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.883519][T15328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.909582][T15328] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.933961][T15328] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.942721][T15328] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.971644][T15328] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.163393][ T5836] Bluetooth: hci1: command tx timeout [ 561.219053][ T3601] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.262568][ T3601] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.445895][T14368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.464188][T14368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.023927][T15448] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 562.073368][T15448] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 562.165986][T15454] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2513'. [ 563.067150][T15470] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2515'. [ 563.165928][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.172324][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.253325][ T5836] Bluetooth: hci1: command tx timeout [ 563.289553][T15480] FAULT_INJECTION: forcing a failure. [ 563.289553][T15480] name failslab, interval 1, probability 0, space 0, times 0 [ 563.378974][T15480] CPU: 1 UID: 0 PID: 15480 Comm: syz.4.2521 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 563.389811][T15480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 563.399898][T15480] Call Trace: [ 563.403200][T15480] [ 563.406147][T15480] dump_stack_lvl+0x16c/0x1f0 [ 563.410846][T15480] should_fail_ex+0x497/0x5b0 [ 563.415539][T15480] ? fs_reclaim_acquire+0xae/0x150 [ 563.420658][T15480] should_failslab+0xc2/0x120 [ 563.425345][T15480] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 563.430727][T15480] ? getname_flags.part.0+0x4c/0x550 [ 563.436027][T15480] ? vfs_write+0x306/0x1150 [ 563.440540][T15480] getname_flags.part.0+0x4c/0x550 [ 563.445669][T15480] getname+0x8d/0xe0 [ 563.449567][T15480] do_sys_openat2+0x104/0x1e0 [ 563.454257][T15480] ? __pfx_do_sys_openat2+0x10/0x10 [ 563.459472][T15480] ? __fget_files+0x206/0x3a0 [ 563.464158][T15480] __x64_sys_openat+0x175/0x210 [ 563.469017][T15480] ? __pfx___x64_sys_openat+0x10/0x10 [ 563.474402][T15480] ? ksys_write+0x1ba/0x250 [ 563.478917][T15480] do_syscall_64+0xcd/0x250 [ 563.483429][T15480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.489328][T15480] RIP: 0033:0x7fc09d185d29 [ 563.493741][T15480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.513352][T15480] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 563.521775][T15480] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 563.529745][T15480] RDX: 00000000000c0040 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 563.537720][T15480] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 563.545695][T15480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.553668][T15480] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 563.561647][T15480] [ 564.025374][T15484] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 564.041354][T15484] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 564.477892][T15501] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2526'. [ 564.492202][T15501] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.510129][T15501] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 564.544828][T15501] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 564.552423][T15501] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 565.330920][T15523] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[15523] [ 565.583831][T15521] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[15521] [ 568.222020][T15570] Process accounting resumed [ 568.331819][T15569] Process accounting resumed [ 570.772424][T15607] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 570.829293][T15607] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 572.336850][T15635] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[15635] [ 572.698589][T15627] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[15627] [ 572.724514][T15636] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[15636] [ 580.268448][T15727] FAULT_INJECTION: forcing a failure. [ 580.268448][T15727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 580.454023][T15727] CPU: 1 UID: 0 PID: 15727 Comm: syz.0.2579 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 580.464849][T15727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 580.474931][T15727] Call Trace: [ 580.478231][T15727] [ 580.481179][T15727] dump_stack_lvl+0x16c/0x1f0 [ 580.485900][T15727] should_fail_ex+0x497/0x5b0 [ 580.490622][T15727] _copy_to_user+0x32/0xd0 [ 580.495079][T15727] simple_read_from_buffer+0xd0/0x160 [ 580.500485][T15727] proc_fail_nth_read+0x198/0x270 [ 580.505554][T15727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 580.511144][T15727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 580.516739][T15727] vfs_read+0x1df/0xbe0 [ 580.520932][T15727] ? __fget_files+0x1fc/0x3a0 [ 580.525643][T15727] ? __pfx___mutex_lock+0x10/0x10 [ 580.530704][T15727] ? __pfx_vfs_read+0x10/0x10 [ 580.535422][T15727] ? __fget_files+0x206/0x3a0 [ 580.540143][T15727] ksys_read+0x12b/0x250 [ 580.544421][T15727] ? __pfx_ksys_read+0x10/0x10 [ 580.549232][T15727] do_syscall_64+0xcd/0x250 [ 580.553771][T15727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.559697][T15727] RIP: 0033:0x7fc2b018473c [ 580.564135][T15727] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 580.583767][T15727] RSP: 002b:00007fc2b0f80030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 580.592221][T15727] RAX: ffffffffffffffda RBX: 00007fc2b0376080 RCX: 00007fc2b018473c [ 580.600234][T15727] RDX: 000000000000000f RSI: 00007fc2b0f800a0 RDI: 0000000000000003 [ 580.608256][T15727] RBP: 00007fc2b0f80090 R08: 0000000000000000 R09: 0000000000000000 [ 580.616257][T15727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 580.624255][T15727] R13: 0000000000000000 R14: 00007fc2b0376080 R15: 00007ffcbf5d2518 [ 580.632274][T15727] [ 581.733385][T15744] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[15744] [ 582.330404][T15758] Invalid input. Must be >= 4608 [ 583.953017][T15761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2589'. [ 584.254635][T15761] mac80211_hwsim hwsim31 wlan1: entered allmulticast mode [ 587.155853][T15817] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[15817] [ 590.030347][T15859] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[15859] [ 590.450194][T15875] block mtdblock0: the capability attribute has been deprecated. [ 590.843211][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 591.588960][T15885] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[15885] [ 593.463882][T15918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2630'. [ 595.202718][T15938] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[15938] [ 597.728372][T15966] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 598.817940][T15979] Process accounting paused [ 599.218497][T15986] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[15986] [ 600.132570][T16009] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 600.189949][T16009] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 603.064102][T16049] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[16049] [ 606.219576][T16104] ptrace attach of "./syz-executor exec"[15130] was attempted by "./syz-executor exec"[16104] [ 607.387698][T16134] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 607.436405][T16134] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 609.448131][T16163] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 609.463266][T16163] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 610.065728][T16175] Process accounting resumed [ 610.144133][T16174] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2692'. [ 610.255141][T16177] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 610.362647][T16184] i2c i2c-0: delete_device: Can't parse I2C address [ 610.670183][T16186] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 610.680004][T16186] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 611.502070][T16189] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 611.982788][T16215] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 612.003476][T16215] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 612.153034][T16218] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[16218] [ 612.915256][T16243] i2c i2c-0: delete_device: Can't parse I2C address [ 613.857675][T16245] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 616.100623][T16298] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[16298] [ 618.336897][T16344] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 618.355589][T16344] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 620.480718][T16377] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[16377] [ 621.462529][T16396] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2752'. [ 621.491227][T16414] Process accounting resumed [ 621.588271][T16402] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 621.599010][T16414] Process accounting resumed [ 622.303454][T16423] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 622.341809][T16423] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 622.858311][T16444] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[16444] [ 624.539149][T16461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2767'. [ 624.619658][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.626235][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.584453][T16492] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 626.608456][T16492] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 627.214934][T16503] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[16503] [ 628.765559][T16523] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 628.818970][T16523] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 629.387470][T16520] Process accounting resumed [ 629.677844][T16541] Process accounting resumed [ 629.786678][T16550] lo: entered allmulticast mode [ 629.806784][T16550] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2787'. [ 630.211829][T16551] lo: left allmulticast mode [ 631.416479][T16573] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2791'. [ 631.497351][T16574] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 634.290257][T16616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2803'. [ 636.162743][T16640] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[16640] [ 637.583415][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2813'. [ 641.090508][T16690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2820'. [ 644.491808][T16728] ptrace attach of "./syz-executor exec"[10180] was attempted by "./syz-executor exec"[16728] [ 644.537721][T16734] Process accounting resumed [ 645.023615][T16740] Invalid ELF header magic: != ELF [ 645.233811][T16744] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 647.440036][T16740] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2832'. [ 647.742952][T16740] lo: entered promiscuous mode [ 647.756373][T16740] lo: entered allmulticast mode [ 648.096641][T16785] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 652.977832][T16861] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 652.999326][T16861] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 653.003855][T16868] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[16868] [ 653.016002][T16861] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 653.050299][T16861] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 653.063790][T16861] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 653.138416][T16861] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 653.177443][T16861] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 653.186310][T16861] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 653.204155][T16861] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 654.686300][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 654.967206][T16898] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 655.083467][ T5836] Bluetooth: hci4: command 0x0c1a tx timeout [ 655.089550][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 655.243347][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout syzkaller syzkaller login: [ 656.213788][T16933] ptrace attach of "./syz-executor exec"[13814] was attempted by "./syz-executor exec"[16933] [ 656.287506][T16885] kexec: Could not allocate control_code_buffer [ 656.894335][T16979] FAULT_INJECTION: forcing a failure. [ 656.894335][T16979] name failslab, interval 1, probability 0, space 0, times 0 [ 656.923913][T16979] CPU: 0 UID: 0 PID: 16979 Comm: syz.0.2886 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 656.934733][T16979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 656.944816][T16979] Call Trace: [ 656.948114][T16979] [ 656.951063][T16979] dump_stack_lvl+0x16c/0x1f0 [ 656.955782][T16979] should_fail_ex+0x497/0x5b0 [ 656.960492][T16979] ? fs_reclaim_acquire+0xae/0x150 [ 656.965636][T16979] should_failslab+0xc2/0x120 [ 656.970347][T16979] __kmalloc_noprof+0xce/0x4f0 [ 656.975124][T16979] ? ima_alloc_init_template+0x195/0x720 [ 656.980774][T16979] ima_alloc_init_template+0x195/0x720 [ 656.986246][T16979] ? __pfx_d_absolute_path+0x10/0x10 [ 656.991548][T16979] ima_store_measurement+0x1ea/0x5c0 [ 656.996843][T16979] ? __pfx_ima_store_measurement+0x10/0x10 [ 657.002665][T16979] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 657.008133][T16979] process_measurement+0x1bcb/0x2370 [ 657.013431][T16979] ? __pfx_process_measurement+0x10/0x10 [ 657.019075][T16979] ? __pfx___lock_acquire+0x10/0x10 [ 657.024283][T16979] ? trace_lock_acquire+0x14e/0x1f0 [ 657.029514][T16979] ? _raw_spin_unlock_irq+0x23/0x50 [ 657.034717][T16979] ? lockdep_hardirqs_on+0x7c/0x110 [ 657.039916][T16979] ? inode_to_bdi+0x9e/0x160 [ 657.044521][T16979] ima_file_check+0xc6/0x110 [ 657.049116][T16979] ? __pfx_ima_file_check+0x10/0x10 [ 657.054326][T16979] security_file_post_open+0x8e/0x210 [ 657.059701][T16979] path_openat+0x1419/0x2d60 [ 657.064307][T16979] ? __pfx_path_openat+0x10/0x10 [ 657.069252][T16979] ? __pfx___lock_acquire+0x10/0x10 [ 657.074448][T16979] ? lock_acquire.part.0+0x11b/0x380 [ 657.079756][T16979] ? find_held_lock+0x2d/0x110 [ 657.084546][T16979] do_filp_open+0x20c/0x470 [ 657.089069][T16979] ? __pfx_do_filp_open+0x10/0x10 [ 657.094104][T16979] ? find_held_lock+0x2d/0x110 [ 657.098897][T16979] ? alloc_fd+0x41f/0x760 [ 657.103246][T16979] do_sys_openat2+0x17a/0x1e0 [ 657.107938][T16979] ? __pfx_do_sys_openat2+0x10/0x10 [ 657.113157][T16979] ? __fget_files+0x206/0x3a0 [ 657.117846][T16979] __x64_sys_openat+0x175/0x210 [ 657.122709][T16979] ? __pfx___x64_sys_openat+0x10/0x10 [ 657.128092][T16979] ? ksys_write+0x1ba/0x250 [ 657.132607][T16979] do_syscall_64+0xcd/0x250 [ 657.137122][T16979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.143028][T16979] RIP: 0033:0x7fc2b0185d29 [ 657.147456][T16979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.167066][T16979] RSP: 002b:00007fc2b0fa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 657.175482][T16979] RAX: ffffffffffffffda RBX: 00007fc2b0375fa0 RCX: 00007fc2b0185d29 [ 657.183463][T16979] RDX: 0000000000101002 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 657.191432][T16979] RBP: 00007fc2b0fa1090 R08: 0000000000000000 R09: 0000000000000000 [ 657.199411][T16979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 657.207382][T16979] R13: 0000000000000001 R14: 00007fc2b0375fa0 R15: 00007ffcbf5d2518 [ 657.215367][T16979] [ 657.237748][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 657.243908][ T5836] Bluetooth: hci4: command 0x0c1a tx timeout [ 657.256967][ T29] audit: type=1804 audit(4294967522.182:8): pid=16979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.0.2886" name="/newroot/dev/gadgetfs/dummy_udc" dev="gadgetfs" ino=7170 res=0 errno=0 [ 657.325939][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 658.269609][T16991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2888'. [ 658.270238][T16993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2888'. [ 658.698981][T17019] FAULT_INJECTION: forcing a failure. [ 658.698981][T17019] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 658.712366][T17019] CPU: 0 UID: 0 PID: 17019 Comm: syz.4.2893 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 658.723156][T17019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 658.733230][T17019] Call Trace: [ 658.736527][T17019] [ 658.739478][T17019] dump_stack_lvl+0x16c/0x1f0 [ 658.744195][T17019] should_fail_ex+0x497/0x5b0 [ 658.748903][T17019] ? fs_reclaim_acquire+0xae/0x150 [ 658.754057][T17019] should_fail_alloc_page+0xe7/0x130 [ 658.759385][T17019] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 658.765565][T17019] __alloc_pages_noprof+0x190/0x25b0 [ 658.770868][T17019] ? __pfx_mark_lock+0x10/0x10 [ 658.775648][T17019] ? __pfx___lock_acquire+0x10/0x10 [ 658.780845][T17019] ? mark_lock+0xb5/0xc60 [ 658.785183][T17019] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 658.790918][T17019] ? hlock_class+0x4e/0x130 [ 658.795426][T17019] ? __lock_acquire+0xcc5/0x3c40 [ 658.800365][T17019] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 658.806262][T17019] ? policy_nodemask+0xea/0x4e0 [ 658.811124][T17019] alloc_pages_mpol_noprof+0x2c9/0x610 [ 658.816585][T17019] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 658.822569][T17019] ? find_held_lock+0x2d/0x110 [ 658.827344][T17019] folio_alloc_mpol_noprof+0x36/0xd0 [ 658.832634][T17019] shmem_alloc_folio+0x135/0x160 [ 658.837582][T17019] shmem_alloc_and_add_folio+0x48b/0xc00 [ 658.843225][T17019] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 658.849385][T17019] ? shmem_allowable_huge_orders+0xd0/0x410 [ 658.855288][T17019] shmem_get_folio_gfp+0x689/0x1530 [ 658.860496][T17019] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 658.866136][T17019] ? filemap_map_pages+0xf92/0x16b0 [ 658.871344][T17019] shmem_fault+0x200/0xae0 [ 658.875768][T17019] ? __pfx_shmem_fault+0x10/0x10 [ 658.880713][T17019] ? do_pte_missing+0xdd7/0x3e00 [ 658.885657][T17019] ? __pfx_lock_release+0x10/0x10 [ 658.890689][T17019] __do_fault+0x10a/0x490 [ 658.895025][T17019] do_pte_missing+0xebd/0x3e00 [ 658.899800][T17019] ? do_raw_spin_unlock+0x172/0x230 [ 658.905005][T17019] ? __pmd_alloc+0x3c2/0x8b0 [ 658.909606][T17019] __handle_mm_fault+0x103c/0x2a40 [ 658.914732][T17019] ? __pfx___handle_mm_fault+0x10/0x10 [ 658.920196][T17019] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 658.925842][T17019] ? find_vma+0xc0/0x140 [ 658.930086][T17019] ? __pfx_find_vma+0x10/0x10 [ 658.934767][T17019] handle_mm_fault+0x3fa/0xaa0 [ 658.939543][T17019] do_user_addr_fault+0x7a3/0x13f0 [ 658.944665][T17019] exc_page_fault+0x5c/0xc0 [ 658.949286][T17019] asm_exc_page_fault+0x26/0x30 [ 658.954143][T17019] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 658.959961][T17019] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 658.979572][T17019] RSP: 0018:ffffc90005ccfca0 EFLAGS: 00050202 [ 658.985642][T17019] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007 [ 658.993611][T17019] RDX: fffff52000b99fb9 RSI: 0000000000000000 RDI: ffffc90005ccfdc0 [ 659.001583][T17019] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52000b99fb8 [ 659.009555][T17019] R10: ffffc90005ccfdc6 R11: 0000000000000000 R12: 0000000000000000 [ 659.017525][T17019] R13: ffffc90005ccfdc0 R14: 0000000000000000 R15: ffffc90005ccfdc0 [ 659.025508][T17019] _copy_from_user+0x9a/0xd0 [ 659.030113][T17019] __sys_bpf+0x215/0x57a0 [ 659.034446][T17019] ? __pfx_lock_release+0x10/0x10 [ 659.039475][T17019] ? __pfx___sys_bpf+0x10/0x10 [ 659.044241][T17019] ? vfs_write+0x306/0x1150 [ 659.048756][T17019] ? __mutex_unlock_slowpath+0x164/0x690 [ 659.054408][T17019] ? fput+0x67/0x440 [ 659.058313][T17019] ? ksys_write+0x1ba/0x250 [ 659.062821][T17019] ? __pfx_ksys_write+0x10/0x10 [ 659.067684][T17019] __x64_sys_bpf+0x78/0xc0 [ 659.072104][T17019] ? lockdep_hardirqs_on+0x7c/0x110 [ 659.077308][T17019] do_syscall_64+0xcd/0x250 [ 659.081822][T17019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.087720][T17019] RIP: 0033:0x7fc09d185d29 [ 659.092136][T17019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.111747][T17019] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 659.120162][T17019] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 659.128136][T17019] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000013 [ 659.136107][T17019] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 659.144077][T17019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 659.152052][T17019] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 659.160039][T17019] [ 659.183427][T17021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2895'. [ 659.323764][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 659.399179][T17019] Process accounting paused [ 659.403623][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 659.582731][T17027] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[17027] [ 661.399991][T17015] kexec: Could not allocate control_code_buffer [ 662.840296][T17085] ptrace attach of "./syz-executor exec"[15328] was attempted by "./syz-executor exec"[17085] [ 663.717581][T17104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2916'. [ 663.916248][T17110] FAULT_INJECTION: forcing a failure. [ 663.916248][T17110] name failslab, interval 1, probability 0, space 0, times 0 [ 663.949304][T17110] CPU: 0 UID: 0 PID: 17110 Comm: syz.4.2918 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 663.960118][T17110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 663.970192][T17110] Call Trace: [ 663.973489][T17110] [ 663.976439][T17110] dump_stack_lvl+0x16c/0x1f0 [ 663.981148][T17110] should_fail_ex+0x497/0x5b0 [ 663.985855][T17110] ? fs_reclaim_acquire+0xae/0x150 [ 663.991010][T17110] should_failslab+0xc2/0x120 [ 663.995726][T17110] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 664.001567][T17110] ? kasan_save_stack+0x33/0x60 [ 664.006447][T17110] ? __alloc_skb+0x2b3/0x380 [ 664.011082][T17110] __alloc_skb+0x2b3/0x380 [ 664.015529][T17110] ? __pfx___alloc_skb+0x10/0x10 [ 664.020495][T17110] ? __lock_acquire+0xcc5/0x3c40 [ 664.025469][T17110] alloc_skb_with_frags+0xe4/0x850 [ 664.030602][T17110] ? __pfx___lock_acquire+0x10/0x10 [ 664.035820][T17110] ? hlock_class+0x4e/0x130 [ 664.040359][T17110] ? __pfx_mark_lock+0x10/0x10 [ 664.045153][T17110] ? mark_lock+0xb5/0xc60 [ 664.049519][T17110] sock_alloc_send_pskb+0x7f1/0x980 [ 664.054751][T17110] ? find_held_lock+0x2d/0x110 [ 664.059550][T17110] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 664.065302][T17110] ? lock_acquire+0x2f/0xb0 [ 664.069823][T17110] ? sock_cmsg_send+0x1a0/0x280 [ 664.074717][T17110] packet_sendmsg+0x1f70/0x5660 [ 664.079614][T17110] ? __pfx___might_resched+0x10/0x10 [ 664.084922][T17110] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 664.090858][T17110] ? __pfx_packet_sendmsg+0x10/0x10 [ 664.096088][T17110] ? __pfx_aa_move_mount+0x10/0x10 [ 664.101235][T17110] ? __might_fault+0xe3/0x190 [ 664.105938][T17110] ? __might_fault+0xe3/0x190 [ 664.110632][T17110] ____sys_sendmsg+0x9ae/0xb40 [ 664.115401][T17110] ? __pfx_____sys_sendmsg+0x10/0x10 [ 664.120706][T17110] ? __lock_acquire+0xcc5/0x3c40 [ 664.125666][T17110] ___sys_sendmsg+0x135/0x1e0 [ 664.130357][T17110] ? __pfx____sys_sendmsg+0x10/0x10 [ 664.135585][T17110] ? trace_lock_acquire+0x14e/0x1f0 [ 664.140817][T17110] __sys_sendmmsg+0x201/0x420 [ 664.145516][T17110] ? __pfx___sys_sendmmsg+0x10/0x10 [ 664.150747][T17110] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 664.156745][T17110] ? fput+0x67/0x440 [ 664.160649][T17110] ? ksys_write+0x1ba/0x250 [ 664.165156][T17110] ? __pfx_ksys_write+0x10/0x10 [ 664.170013][T17110] __x64_sys_sendmmsg+0x9c/0x100 [ 664.174960][T17110] ? lockdep_hardirqs_on+0x7c/0x110 [ 664.180162][T17110] do_syscall_64+0xcd/0x250 [ 664.184674][T17110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.190582][T17110] RIP: 0033:0x7fc09d185d29 [ 664.195001][T17110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.214611][T17110] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 664.223026][T17110] RAX: ffffffffffffffda RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 664.230995][T17110] RDX: 0000000000000002 RSI: 00000000200001c0 RDI: 0000000000000004 [ 664.238966][T17110] RBP: 00007fc09deeb090 R08: 0000000000000000 R09: 0000000000000000 [ 664.246934][T17110] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 664.254903][T17110] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 664.262886][T17110] [ 664.782497][T17127] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 664.866323][T17131] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 665.885257][T17137] ------------[ cut here ]------------ [ 665.891130][T17137] WARNING: CPU: 1 PID: 17137 at io_uring/io_uring.h:140 io_lockdep_assert_cq_locked+0x1e9/0x320 [ 665.901777][T17137] Modules linked in: [ 665.905743][T17137] CPU: 1 UID: 0 PID: 17137 Comm: syz.4.2926 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 665.916615][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 665.926769][T17137] RIP: 0010:io_lockdep_assert_cq_locked+0x1e9/0x320 [ 665.933724][T17137] Code: 44 89 e6 e8 e9 8e 0c fd 45 85 e4 0f 84 13 ff ff ff e8 db 93 0c fd e8 b6 3b d5 fc 48 85 c0 0f 85 00 ff ff ff e8 c8 93 0c fd 90 <0f> 0b 90 e9 f2 fe ff ff e8 ba 93 0c fd 31 ff 89 ee e8 b1 8e 0c fd [ 665.953711][T17137] RSP: 0018:ffffc90005b97820 EFLAGS: 00010293 [ 665.959817][T17137] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8161faba [ 665.968039][T17137] RDX: ffff88802e3bda00 RSI: ffffffff848cbea8 RDI: 0000000000000005 [ 665.976203][T17137] RBP: ffff88802e3bda00 R08: 0000000000000005 R09: 0000000000000000 [ 665.984505][T17137] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 665.992680][T17137] R13: 0000000000000000 R14: ffff88806d90e138 R15: ffff888046da2a78 [ 666.000858][T17137] FS: 00007fc09deeb6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 666.009858][T17137] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 666.016616][T17137] CR2: 0000001b32c12ff8 CR3: 0000000033412000 CR4: 00000000003526f0 [ 666.024647][T17137] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 666.032919][T17137] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 666.041220][T17137] Call Trace: [ 666.044657][T17137] [ 666.047617][T17137] ? __warn+0xea/0x3c0 [ 666.051729][T17137] ? io_lockdep_assert_cq_locked+0x1e9/0x320 [ 666.057843][T17137] ? report_bug+0x3c0/0x580 [ 666.062382][T17137] ? handle_bug+0x54/0xa0 [ 666.066828][T17137] ? exc_invalid_op+0x17/0x50 [ 666.071547][T17137] ? asm_exc_invalid_op+0x1a/0x20 [ 666.076700][T17137] ? current_work+0x6a/0xe0 [ 666.081248][T17137] ? io_lockdep_assert_cq_locked+0x1e8/0x320 [ 666.087403][T17137] ? io_lockdep_assert_cq_locked+0x1e9/0x320 [ 666.093580][T17137] __io_submit_flush_completions+0x131/0x1fd0 [ 666.099715][T17137] __io_run_local_work+0x13d/0x560 [ 666.104960][T17137] ? __pfx___io_run_local_work+0x10/0x10 [ 666.110647][T17137] io_uring_try_cancel_requests+0x89a/0xd50 [ 666.116677][T17137] ? xa_find+0x1ca/0x370 [ 666.120965][T17137] ? __pfx_io_uring_try_cancel_requests+0x10/0x10 [ 666.127590][T17137] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 666.133502][T17137] ? __percpu_counter_sum+0x1ee/0x270 [ 666.139167][T17137] io_uring_cancel_generic+0x651/0x8e0 [ 666.144999][T17137] ? __pfx_io_uring_cancel_generic+0x10/0x10 [ 666.151035][T17137] ? do_exit+0x313/0x2d70 [ 666.155490][T17137] ? __pfx_lock_release+0x10/0x10 [ 666.160544][T17137] ? __pfx_autoremove_wake_function+0x10/0x10 [ 666.166742][T17137] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 666.172154][T17137] ? io_uring_unreg_ringfd+0xbc/0x130 [ 666.177638][T17137] do_exit+0x53c/0x2d70 [ 666.181838][T17137] ? get_signal+0x8f7/0x2610 [ 666.186516][T17137] ? __pfx_do_exit+0x10/0x10 [ 666.191252][T17137] ? do_raw_spin_lock+0x12d/0x2c0 [ 666.196544][T17137] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 666.201961][T17137] do_group_exit+0xd3/0x2a0 [ 666.206579][T17137] get_signal+0x2576/0x2610 [ 666.211126][T17137] ? __pfx_get_signal+0x10/0x10 [ 666.216098][T17137] ? kick_process+0xf6/0x1b0 [ 666.220787][T17137] ? task_work_add+0x1ca/0x3b0 [ 666.225694][T17137] arch_do_signal_or_restart+0x90/0x7e0 [ 666.231281][T17137] ? __fget_files+0x206/0x3a0 [ 666.236107][T17137] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 666.242571][T17137] ? ksys_read+0x1ba/0x250 [ 666.247413][T17137] ? __pfx_ksys_read+0x10/0x10 [ 666.252226][T17137] syscall_exit_to_user_mode+0x150/0x2a0 [ 666.258023][T17137] do_syscall_64+0xda/0x250 [ 666.262566][T17137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.268553][T17137] RIP: 0033:0x7fc09d185d29 [ 666.272993][T17137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.292825][T17137] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 666.301494][T17137] RAX: fffffffffffffe00 RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 666.309584][T17137] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 666.317673][T17137] RBP: 00007fc09d201b08 R08: 0000000000000000 R09: 0000000000000000 [ 666.325780][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.333834][T17137] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 666.342084][T17137] [ 666.345566][T17137] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 666.352863][T17137] CPU: 1 UID: 0 PID: 17137 Comm: syz.4.2926 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0 [ 666.363641][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 666.373735][T17137] Call Trace: [ 666.377011][T17137] [ 666.379941][T17137] dump_stack_lvl+0x3d/0x1f0 [ 666.384548][T17137] panic+0x71d/0x800 [ 666.388480][T17137] ? __pfx_panic+0x10/0x10 [ 666.392915][T17137] ? show_trace_log_lvl+0x29d/0x3d0 [ 666.398220][T17137] ? check_panic_on_warn+0x1f/0xb0 [ 666.403357][T17137] ? io_lockdep_assert_cq_locked+0x1e9/0x320 [ 666.409400][T17137] check_panic_on_warn+0xab/0xb0 [ 666.414367][T17137] __warn+0xf6/0x3c0 [ 666.418280][T17137] ? io_lockdep_assert_cq_locked+0x1e9/0x320 [ 666.424279][T17137] report_bug+0x3c0/0x580 [ 666.428624][T17137] handle_bug+0x54/0xa0 [ 666.432788][T17137] exc_invalid_op+0x17/0x50 [ 666.437300][T17137] asm_exc_invalid_op+0x1a/0x20 [ 666.442160][T17137] RIP: 0010:io_lockdep_assert_cq_locked+0x1e9/0x320 [ 666.448763][T17137] Code: 44 89 e6 e8 e9 8e 0c fd 45 85 e4 0f 84 13 ff ff ff e8 db 93 0c fd e8 b6 3b d5 fc 48 85 c0 0f 85 00 ff ff ff e8 c8 93 0c fd 90 <0f> 0b 90 e9 f2 fe ff ff e8 ba 93 0c fd 31 ff 89 ee e8 b1 8e 0c fd [ 666.468375][T17137] RSP: 0018:ffffc90005b97820 EFLAGS: 00010293 [ 666.474445][T17137] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8161faba [ 666.482412][T17137] RDX: ffff88802e3bda00 RSI: ffffffff848cbea8 RDI: 0000000000000005 [ 666.490383][T17137] RBP: ffff88802e3bda00 R08: 0000000000000005 R09: 0000000000000000 [ 666.498356][T17137] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 666.506326][T17137] R13: 0000000000000000 R14: ffff88806d90e138 R15: ffff888046da2a78 [ 666.514311][T17137] ? current_work+0x6a/0xe0 [ 666.518825][T17137] ? io_lockdep_assert_cq_locked+0x1e8/0x320 [ 666.524824][T17137] __io_submit_flush_completions+0x131/0x1fd0 [ 666.530903][T17137] __io_run_local_work+0x13d/0x560 [ 666.536024][T17137] ? __pfx___io_run_local_work+0x10/0x10 [ 666.541667][T17137] io_uring_try_cancel_requests+0x89a/0xd50 [ 666.547568][T17137] ? xa_find+0x1ca/0x370 [ 666.551816][T17137] ? __pfx_io_uring_try_cancel_requests+0x10/0x10 [ 666.558256][T17137] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 666.564073][T17137] ? __percpu_counter_sum+0x1ee/0x270 [ 666.569468][T17137] io_uring_cancel_generic+0x651/0x8e0 [ 666.574944][T17137] ? __pfx_io_uring_cancel_generic+0x10/0x10 [ 666.580932][T17137] ? do_exit+0x313/0x2d70 [ 666.585283][T17137] ? __pfx_lock_release+0x10/0x10 [ 666.590344][T17137] ? __pfx_autoremove_wake_function+0x10/0x10 [ 666.596432][T17137] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 666.601812][T17137] ? io_uring_unreg_ringfd+0xbc/0x130 [ 666.607192][T17137] do_exit+0x53c/0x2d70 [ 666.611359][T17137] ? get_signal+0x8f7/0x2610 [ 666.615957][T17137] ? __pfx_do_exit+0x10/0x10 [ 666.620556][T17137] ? do_raw_spin_lock+0x12d/0x2c0 [ 666.625597][T17137] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 666.630984][T17137] do_group_exit+0xd3/0x2a0 [ 666.635495][T17137] get_signal+0x2576/0x2610 [ 666.640013][T17137] ? __pfx_get_signal+0x10/0x10 [ 666.644872][T17137] ? kick_process+0xf6/0x1b0 [ 666.649474][T17137] ? task_work_add+0x1ca/0x3b0 [ 666.654259][T17137] arch_do_signal_or_restart+0x90/0x7e0 [ 666.659826][T17137] ? __fget_files+0x206/0x3a0 [ 666.664517][T17137] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 666.670695][T17137] ? ksys_read+0x1ba/0x250 [ 666.675117][T17137] ? __pfx_ksys_read+0x10/0x10 [ 666.679893][T17137] syscall_exit_to_user_mode+0x150/0x2a0 [ 666.685542][T17137] do_syscall_64+0xda/0x250 [ 666.690060][T17137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.695960][T17137] RIP: 0033:0x7fc09d185d29 [ 666.700390][T17137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.720011][T17137] RSP: 002b:00007fc09deeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 666.728437][T17137] RAX: fffffffffffffe00 RBX: 00007fc09d375fa0 RCX: 00007fc09d185d29 [ 666.736411][T17137] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 666.744380][T17137] RBP: 00007fc09d201b08 R08: 0000000000000000 R09: 0000000000000000 [ 666.752354][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.760332][T17137] R13: 0000000000000000 R14: 00007fc09d375fa0 R15: 00007fff46ffcf28 [ 666.768334][T17137] [ 666.771599][T17137] Kernel Offset: disabled [ 666.775972][T17137] Rebooting in 86400 seconds..