last executing test programs: 12.061162634s ago: executing program 3 (id=2607): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x4000, 0x0) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e23}, 0x67) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0xff, 0xb}, 0x800009}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x82000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = clone3$auto(&(0x7f0000000080)={0x10001, 0x9, 0x8000000000000001, 0x2, 0x3, 0x7, 0x1ff, 0x5, 0x3, 0x10000000000, 0x2c}, 0x3) prctl$auto(0x2, 0x9, r1, 0x5, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) fsopen$auto(0x0, 0x1) writev$auto(0x9, &(0x7f0000000300)={0x0, 0x3}, 0x2) capget$auto(0x0, 0x0) sendmsg$auto_NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, 0x0, 0x40000) write$auto(0x3, 0x0, 0xfdef) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 8.169339241s ago: executing program 3 (id=2619): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x513a00, 0x0) (async) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) pidfd_open$auto(0x1, 0x0) (async) socket(0x2b, 0x1, 0x0) (async) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(0x3, 0x0, 0x80) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async, rerun: 64) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb3, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x55, 0x8000000000000000, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc]}, 0x1fe, 0x81) (async, rerun: 64) socket(0x1d, 0x2, 0x2) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) socket(0xa, 0x801, 0x84) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x8004) connect$auto(0x3, 0x0, 0x55) (async) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0xff, 0xa, 0x4, 0xaab, 0x5, 0x4006]}, 0x0, 0x0) (async, rerun: 64) shutdown$auto(0x200000003, 0x2) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) connect$auto(0x3, 0x0, 0x55) (async, rerun: 32) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async, rerun: 32) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) syz_clone3(&(0x7f00000000c0)={0x6080, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) sendmsg$auto_NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x800) (async, rerun: 32) mkdir$auto(0x0, 0x8001) (async, rerun: 32) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x10001, 0x0) (async) write$auto_console_fops_tty_io(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000380), r1) 7.086559491s ago: executing program 3 (id=2624): acct$auto(&(0x7f0000000100)='/sys/bus/usb/driVers/appledisplay/remov~_\xd2\xb4\xa4\xa5\x13\x1b\x8fn%\x8bbQ\x02w;\f\x8b\x19\x97\xc9\x06\xd3\t\xf8\xfd}P\xa7\xf8\x02S\xed\x06\xc8\x0eL&P\xc2\x83\t\xba\x90\x8b\xf7\x16*3\x13\x01\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xcd\xb6\x06\x91\xc7Kd\xd3\xb0\xad\x85\xe3w\x12zF[\xf7\x0e\x03\xa5\xaf\xf8\xff\x0f\x00\x00\x92\x01\xd2\x90\xd6\xc6\xb0\x887 c\xba\x90\x0e!\x92O}io\x02\xfa\xf9\xaf6\xb1\xdfd\xa9\xca\x8c\xc9\x8dt\xd8,\x8f\xec\xd3\x9e\xeac8\fD\xbc,\xaf\x99\x1c!$\xaaM\xd2:C-\xe1\x14O\xcf\x12\xb5\xdf\xdb(\xe84\xb79\xc5\xc0\xda\f\xb9\xdb\xb3\xe8y\xec\x00\xc5.\x96\xd3') acct$auto(&(0x7f0000000200)='/dev/ttyS1\x00') r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r0, 0x110, 0x4, 0x0, 0x7) ioctl$auto(0x3, 0x541b, 0x10000000000402) acct$auto(0x0) acct$auto(&(0x7f0000000000)='/sys/bus/usb/driVers/appledisplay/remov~_\xd2\xb4\xa4\xa5\x13\x1b\x8fn%\x8bbQ\x02w;\f\x8b\x19\x97\xc9\x06\xd3\t\xf8\xfd}P\xa7\xf8\x02S\xed\x06\xc8\x0eL&P\xc2\x83\t\xba\x90\x8b\xf7\x16*3\x13\x01\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xcd\xb6\x06\x91\xc7Kd\xd3\xb0\xad\x85\xe3w\x12zF[\xf7\x0e\x03\xa5\xaf\xf8\xff\x0f\x00\x00\x92\x01\xd2\x90\xd6\xc6\xb0\x887 c\xba\x90\x0e!\x92O}io\x02\xfa\xf9\xaf6\xb1\xdfd\xa9\xca\x8c\xc9\x8dt\xd8,\x8f\xec\xd3\x9e\xeac8\fD\xbc,\xaf\x99\x1c!$\xaaM\xd2:C-\xe1\x14O\xcf\x12\xb5\xdf\xdb(\xe84\xb79\xc5\xc0\xda\f\xb9\xdb\xb3\xe8y\xec\x00\xc5.\x96\xd3') 6.804855661s ago: executing program 3 (id=2626): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vlan0\x00'}) capget$auto(0x0, 0x0) 6.288009227s ago: executing program 1 (id=2628): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x4000, 0x0) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e23}, 0x67) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0xff, 0xb}, 0x800009}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x82000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = clone3$auto(&(0x7f0000000080)={0x10001, 0x9, 0x8000000000000001, 0x2, 0x3, 0x7, 0x1ff, 0x5, 0x3, 0x10000000000, 0x2c}, 0x3) prctl$auto(0x2, 0x9, r1, 0x5, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) fsopen$auto(0x0, 0x1) writev$auto(0x9, &(0x7f0000000300)={0x0, 0x3}, 0x2) capget$auto(0x0, 0x0) sendmsg$auto_NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, 0x0, 0x40000) write$auto(0x3, 0x0, 0xfdef) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 5.633324421s ago: executing program 3 (id=2630): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) select$auto(0x8, &(0x7f0000000240)={[0x8, 0x8, 0x1, 0x4, 0xffffffffffff7dff, 0x8003, 0x4, 0x5, 0xd3b, 0x34, 0x5, 0x0, 0x5, 0x5, 0x3, 0x5]}, 0x0, 0x0, 0x0) dup2$auto(0x0, 0x4) 5.336852213s ago: executing program 3 (id=2632): close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/io\x00', 0x101080, 0x0) ioctl$auto_tracing_buffers_fops_trace(0xffffffffffffffff, 0x6, &(0x7f0000000840)="704bb62bf03ef7dd7c53133dfa7ed6138630111895543973d52f8a069cfa0047a96f71a234e245c0348af758132acb4e11fb2aef3ce61fc86cb41152592768c29d6a065340b6b7e598d938c7737a01f9793502b6c222f22d89a896b943678305d0ceec13bb4c174165e2cfdad454899c4f946272518866c2fda6ba69dfd1729d7099aff1276f8abeb93ef8472bfeac272efe4217e75dfab53343c9f1d0a9c753ec565959a72cbe9a07e353e7fa472d81a871422a72aa56029ee41660b56c26e64b3b0fb2d672f089b47fd40312917d68a8e152e680d8d67ae1a3a2beb76478b7f9839ea9573cb7188bf611c9da4ea3a77fb11fda9269892943d2d1ac8ace1fbfae8f7191d4fd94992acc304cbff70e0ced1f09d9c55a50a727d07c15dd16a60be95bfd39b722b50132f6248f4c6a205d39ada7858a83944da456a8790e97dc80731bbb4f86dd7f0c08bcd0e3342d80a290bfb67293938320354eb994b0788407a0e17d3a426f7271192ac1ef2edc6531ed9d02ea950bfa247988978bfb647b3d396cbdade5064176af43d67d079f2e8ca1a3b90b76e93a07d56f73f3eadb1ee8c8be19637785ba5b1268e9d91692ad116a6273812d498f9e9903911991436c17902b213a7f8e042d3abef6e365249ee3abace328c7eb0d7cb5d65687f67e91240030372a48659d654b64dad124cb2a5003ced195da7e45993b2e39713733fdb3c94be3041c79d1892d96179ba4a7fb0fe5c91e41f53b9010ff8e66cc105bd05378056cb659d764fefe8adfcb908f4b83e30ee6ce67d098fcce608205b83ed8aecdf2e8ddcbc8c8016a4cc3df0d4189df982da490974cd44a695f005462586ef0ed46eaa6b08b700074488cb413878b0a37b2fa128e7ce247a1a4315dea2e240ea15e3f36ccdbcb2eaf71e0aab5c6b38c39645cf99405cfad2ac19530a57062ccf6a7f7f9c22dced3e10e36e76eecd4981eca74dc856ab34304a9222c409a987ee057752fce458bf58168de656d1adfbcabf29d73c2e55102d3f527d6b5d7c10f7c5b9e0b9852aac6bbae1e8186a3a5bf2342481e87421ad1a81455aa7beb1e17a65c2879c199184c7c8e1633b864b5a5240c7656af737c706d43f6cc08cb8d474bf57bf5b4e5c4458fd391785d8ec47834caeced8f2f5246a2a14997300946440682b73d0a1fe824f2e0295d535ce65860eccc7a4755f10cd33cf94ead2d00376e09be798e2be5fe179aacbf4b70655c10f720b001013298d0f05d6acbba93746635ebb134447d153ec6337dc80a8c5ebc48e3c9b96029708558ebee42914726a8f4b3e2d71311d76afba5c95d2512f28bac198a8c454e03229ba3e75ff2f3757a9b05b74bf8dbcd6ec5985009a5cc851ce3410b3ac969047d18f3d9cae957192869a08379045b0145a9732f75e36463b2356614f4d35a7f362fa2095da48b6d7e3ca5c0a4429d2c3a92ee6c3d29fd89791ade55c35137b14f0ea8a777257c46d14646f5e4b3a0b62e63265bf0a7ae39f42e1e43e0c1627a1ce55b88f7eeb3c4a96cf434522d949daa7d726d625b594a13d81791bb4fb823522c516090510fafa344f1e8f418de1fa2ead89df5a93ce6018d4bb3b41e3be58c7e66bc1b1cc4dd617cae798866003122b0bceefa163d76824c035381cc404c75c1cbecbba0b95950a426af92826194bd4837f830cb71df544c854a2eab5e7a376a4f0822cb1600387653ca15fd46c34cae4fb76feafd2b2874ad94332e407c719f23837f2eb46de45b1a0de706f819765ec3a99f7e76907d8563348848b185c3dad9189fd7af5a0aa92f2842c2a63b8e6d1610f5313daa38f3182b2a5886a2d55cbe2f06d6a7dee0ef49ac9a4e47b81a2d7316c156e127396eb909da36b573ac553adc33b2b62b949239b7968a881d293a67e12b9caed606f28a7c776cfe3db2ff28ed59817200a63b51d92ad49c35b2686009c546f733bb199aa05b70894b6299b6e06983f087dc7c82ff997964cbb81ef7c34bdf95f9a84d6a3ea9daaca2d26b48ecf7415a44f83a8a0d7269f0332c9e1e1f48a1f81a461d1f6d05848f35d0b696e4263002dfe913c6137613aa7515e42a9b78872827f8592654cc489517b4aa191a71025f63611326e2d8b1437f42a41deb8e0b8c70b6c825d46d10777d71614d053ae7a51e8530673a489a201c8068a4373eb2c93b072433bc6e91c6c8d631557602e9a7b7463daa63230525f5676eacc8d5d35bc4c121fa83760453c4d10e073eff196f0a90d9f1330d3638fb1d1f85afc097156860fba72d8af00abe4dcb43c486b70a2c12acb22fbf159938cfa06b6516570aeb1a8490142a6286ec435b10d72f418dc879020f7e54fc27b7af89f4a78717bde4b6fac063c0fcf380b014a6eeb2fea33e659d82bc6b3e78561f45d9aa47518b6d1d10cb465d2a8d43607dffaf7057519c5e37051386e4a3321fa8548c8d6217036c34c77a32b1f937f47ba045b73d6589a4a6d3afbacc79b8c870981330af79e2af6467a7ae19fdb8400e91d98b4865dd15dc78b756cfa434c5a85a7dd0abc6f96b0a7b96e6a6145886d070c70254b302b15bef49b9b554137726e9c460ff14cf2cf3d2dd91638296958af22bf68941401fdb2ee18a6e1ec92394b8a7bc75a9ec8ff30e7a7bbfbcfbd5f737248770f21f129024e9f0312b992b63db38f6c462421f2bd7dc8846b76e958ed0723bbe35eada63312b62711ba11ab771d12d1168c636330beab50a70d30de96627593d425177efb157ed491a1cba18f6d18b60d4aa30f01af9286a7b2a564732332cb95131a86fe9f61afa5f40acc087c4f5678b0db6f8d861840f2f06cbd689bd107eeaf380ef3361f4967cb155eb3fec244c370dd70ee47c89676e4c24105d90548bf4711d3a72da119f4d29575e2dd97b8462abfa35497d3be60475eb5c8d80aed38baf0c311df1aa901c2a3cb06be94e2a7cab5cd8afbb914fcc08bd91415ac7c06375e352d6aa8fd5e2c53bb275803783faf70844af9cf201eb8f2b7199f28e61942e1df72e56149cdb3c637a2e75d651abf944464c927bb6fa02cb81d9dd219d7ca880ca8efae2ad3b1edd4156a5469782f70cd5e7a730b536ecaf21f570eb9d1cf9a028661820ed058df2929926bf6ea6a34c1e1d3c47f80767e7fedd7d89958de757e320d90ec1a34bcbc2ad498b36a56bb639831459a1e6a39bbc97b6068330050fc5772d5dabc7df90c07d10d5cd63a0ed4152f45de8162dc6fcdaf1eac88b9caa5aca50ba01bd8e91fdbba5e2e0f91281e980d0059fe2ada7560d9e31cc20c0e3ff49d061df18241d3fe91be3c5d7f8e4d3ac50a3a3c810a5ddf52327b4b420522f886a870b07947956a4720a40a313da4afa84c38d8d22d3cd8b01c99c6010d480fc066b9635b13886ef6a9e555a0039988d14fd29f5610dd44131ca89545d54348f0647d0c97229b4453add366da89c52a8205e6444d1a9cf6d4d2f87d8a2d23ab771154e7f5a8167c9b2e6948aabedafa2e2d7dce8db852ab72196b18eb83370080d6d739133cbc336d341ebd8ad122ebfa81fc63038d99b34e908c12180cfe865e6857442005a0c8ec5c76f4966381aaf2c38ce7ed4c9f6e8d64e171eda909f98403d7705d145bdce6552bf72bc8dc453f3ba362c14d6c431e75f3311a1816bdf9aca65df8e6d2e1b0306bdd9d7b8bc61cddf91e5e3fba6fcf999ceb957e71835a0e61f551dfbe4c91a705ec18c2f37ac11d2f6572ca5d7e6f9fdffb2c04d4c250b2410b7e48101a607862b475a451efd38ec700c200ec5069d3d2a056731568938a51953311278be905c4735b03604ef205514d987036a0f0dfb41ac50fb72fd37f5402a80831f50a4d0297ee0e682d6a97301deaacb1a5a57137bc3a8a31b06b77eb3194c56b49f8e7242abd2ff800384c467765cb4a5a05871be935877a129a1555be40d7a30407b818ab82e55b68f969cbc61f222507d7963e368ea8f9e32d01a3e5c7067621ca744f5bb6bf9addbe03845dfedcf233a57fae0a6ca9fad9e62b55d81f7d6830dbc1e059fc8db047f393bb0087b4b05e5218636c2e99c2fe9bf78a67075a379b7d1c6fd6ea699390c9289fd4d1b19d5d6b3e2fbfa6ce6fa8767138f84e92a607dc9d9f61134a9cd1d2aaa06be5e3b8fa0d8d3a6ec2a5a8eee5f1705952960f7e1ea631422e93bdea62cdb6d29f80f089ce544106887e0be6f772c5da952dda8dc194e9e54869bf5f7c1c48363fd4d0f21194030395261e3894240a9b31630ba84f9ad6e7bfc40313003e07315262198e56a18c69f00068e864b548dda9f10fae07e8fdf6730ab20c187069a2c8edde77d6f02592c8b680c28a5e41c17e25aeb02640eed8f569932800aac0219e19a1f83b258d3aeeedc01ba4853ca78aab006f67c42d38eb8f85f55be29e5965b930b6c157d40856fb041eb05ad7eb16387dacbad91d09dfb034c5c228df77b396b8b4f06e9e5d7fe45317a4a0a8ece93d9e73b297255b888313aed429d3fa45aad5b47dcfdeb98929f8968e78f8a952b8c5792a795ad7da4e7bc5bcdf0fce890d05df17ab81c6c0901707f8d4c308b25ddd8220c44069d97be8cd0416d83894e2ac4a2d918015fa2d3c0011bd27b68e4fff416a745888b7f705f1b75b34ccac1db3758c223b2d6ad53ca69d51c33a5279fe02841b14d77d604f6afdb602d15de091f07dbbf3b2f62a2a857b7c8301ab0ad2e8c4d998139130d3fb69ba6c3c6e2fdb44315dfd19533729fe9ffbec54f70953aadf6f403a5ad6ee0867eb0c9272c4f515f683ad62b06592201ab190ef3108bd386eea0356eda263fd788c20f70d4b305532e91f9ba2d99361c7660e968e39c873394fba451d1ac2112b28fe97b9eb6133f360a191f5835d09da2a01f377addbb1865e19db473971fc2a4989805e130727919de58961ad4d07bd47460718c09872eb87827c305430e03088a9a4ca4fbb48c05083f73839146f3e3d1f16db3aea78d7cd02935086ff0eaac2190daa473a0ccea4e31b3e60d5fbe327b49762ab9bd22bbd7469c118bfaf74542452cb52f3bc56d5219d55794746ddb390980f286e539567a14c1cb58996a1c3a2b2e67bfce48cc7ed3d39af69782f74559d9f79d82aef0845aced664a2a2ca73d3ec70087ba5c5bd9404ac3bf42cda0c8b6838272fcfee47a106d7261baa0745469cd0f808438847cdc1d6e74ee5bca4d9f1cac0b56a621b205054601a41c87979cb0302203a8b67a9932ed3666a657d08932ba5ad8f820998d118b78a8ec688367aca854ad195a5670c64b48324702249fb8dbbfb1f0ae97b539a6631f209cbf09add18598d189d50260837bd590d96592d268c36deff5bc0c7a5bd7f889123754c1a0ff6848a6768bcd592d8d87a36b7bb67fb06476298ccd69aa2692cae2e63da4687aa37dad743509d820a874476cd6a0a8e52470a74efb194e465b5db5fc358aab629bf5257d9b6948b59b43c98a30f2e5bd6768d550a5244fa120d36430f1bb52ff544d2a35a0722a0ce77befe19fa8b5031bc5713356a09a3ebd08c07216972582e0b8f2a7703a9807dd272385ff64aff8456dd0981e1cf169eea8c7f6abbee7f03cb4934b154c2f3491aff8ec9e9613db0162f8f0d56010e59e51b2fa435e37d0416c958359e2b3bb835a8d47b47069e0c3972cb144232a48c0be680921eae920f2ab004a4a9edd082a852f333d336654bee89bcee21d22a4970e8f612f8e439cb6ce8197b19fc765b2228b15bef2ad6275c66271bdc53f4557d70123b98ecd9741f25bb2fe6ab") (async) socket(0x2, 0x80002, 0x73) landlock_create_ruleset$auto(&(0x7f0000000080)={0x2, 0x6}, 0x0, 0x3) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa801, 0x0) socket(0xa, 0x3, 0x6) bind$auto(0x3, &(0x7f0000000040), 0x69) r0 = socket(0x10, 0x2, 0x2) sendmsg$auto_NL802154_CMD_TRIGGER_SCAN(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="ffffbfe5bf1a575049f87243dad84987cdcc76065244a5907c8ce226857605d6cd724782ce28c1c4bf08f060a3b844881b183f6c931c9814ba042bce2ac6169f0f71e98dff7d11c60a968814f058918485a3eb425c42ea9a0d9d67c7b6184751d5b1dd1cd86698952fe6586259702df44fa40287b96496148dd27b3af2dce375d4c393ba92f63a33f1a698dc5c134df35d6b5f0cc546e5c07aee704c400ee295803f8cea29818948afbf715dde63fd7145d154f80908114b21ccbe36d5569fd656324f1cf43994afedf08a3e9d91c94e7580ea", @ANYRES16=0x0, @ANYBLOB="000128bd7000fddbdf2523000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4010000) (async) getsockname$auto(0x3, 0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) ioctl$auto(0x3, 0x80045503, 0x1) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x82000, 0x0) (async) read$auto_safesetid_gid_file_fops_securityfs(r1, &(0x7f0000000000)=""/36, 0x24) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x3, 0x0) (async) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) writev$auto(0x9, &(0x7f0000000300)={0x0, 0x3}, 0x2) (async) r2 = socket(0x23, 0x5, 0x0) write$auto(r2, 0x0, 0xfffffffffffffffe) 2.766995577s ago: executing program 2 (id=2638): mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/ext4/sda1/mb_structs_summary\x00', 0xa000, 0x0) read$auto(r0, &(0x7f0000003a80)='/proc/self/net/rpc/nfs4.nametoid/channel\x00', 0x861) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000080)=""/245, 0xf5) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x101842, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000300)={{@raw=0x1, 0xa, 0xf8, 0x4671, "a401d243991a4dc376cc2bd4dbe3040e3cff152230323227f8d6c24be7ceeed84366bbadec197ea40209a468"}, 0x1ec, 0x80d, 0x1, @raw=0xfffffffc, @reserved="b2089ab0bbaab63c40853405fb772ade9448008d0040560232dbb586cf8f11ca82a2ba37174118952b850ad2099d3a3bc1c77e916330e96e2989bebf719430efe8c9a59c9349eac701c2bbb3122607916561a6da1cfdfc5dc83f4cc979d6dbf96bcb58d1f9042592b39ceec6193960c9a37975bc0153c5fce4d94f329d47f6d4", "2bb2d72b107f03a0ef0c6760e2e1fd64b8ae4a5be70b75810dfa4cc7182ed519d3613ea5b4243440fc9595b760cee784decb284ff015aa97d8f86dd61fd4f929"}) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x88b82, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)='^', 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) socket(0x2c, 0x6, 0xdc63) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f0000000200)=&(0x7f0000000480)=':,\x00\xaf\xef\xb7{9w!\x9f\xf2\xdd:\xb7\xd5\x95%\x9b\xa5\xf5\xea\x1e\xf4G\xd8\x1e\x91\xa5\x16\xbf\x99\xaf[\x1cx/') lstat$auto(&(0x7f00000000c0)=':,\x00', &(0x7f0000000340)={0xf1, 0xb, 0xd, 0x5, 0xee01, 0xffffffffffffffff, 0x0, 0x1, 0x8, 0x2, 0xc2, 0x96a, 0x322, 0x5233, 0xffffffff, 0x1000, 0x40}) newfstatat$auto(0xffffffffffffffff, &(0x7f0000000080)=':,\x00', &(0x7f0000000540)={0x6, 0xe6, 0x1d40, 0xfffffff9, 0xee01, r3, 0x0, 0x9, 0x80, 0x4, 0x0, 0x1, 0x0, 0x1, 0xffffffffffffffff}, 0x4) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0) read$auto_evdev_fops_evdev(r4, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4008810}, 0x2000c041) socket(0x2a, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080), 0x6b) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x40) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto(0xffffffffffffffff, 0x4, 0x8001, 0x0, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.701101159s ago: executing program 1 (id=2639): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x800, 0x7, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) capget$auto(0x0, 0x0) 2.561017742s ago: executing program 0 (id=2640): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x101200, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) r0 = pidfd_open$auto(0x0, 0x3) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/query\x00', 0x20840, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r2, 0x40345410, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) flistxattr$auto(0x3, 0x0, 0x3) openat$auto_proc_sessionid_operations_base(0xffffffffffffff9c, 0x0, 0x488400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x3, 0x8000) pipe$auto(0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb701, 0x0) socket(0x10, 0x2, 0xc) r3 = socket(0x28, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, r3) r4 = setfsuid$auto(0xffffffffffffffff) setfsuid$auto(0x0) shmctl$auto(0x1, 0x2, &(0x7f0000000240)={{0x1, r4, 0x0, 0xfffffff8, 0x3, 0x9, 0xfffe}, 0xffffffff, 0x7, 0x9, 0x4, @inferred, @raw=0x3, 0x4, 0x0, 0x0, &(0x7f0000000200)="8e46351246dab7badb3867"}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) 2.223951137s ago: executing program 1 (id=2641): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x20000411, 0x4008000) r0 = socket(0x11, 0x80003, 0x300) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf250200001808003c0002000009050019"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c004}, 0x40080c0) setsockopt$auto(r0, 0x107, 0x13, 0x0, 0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r3 = open(&(0x7f0000000880)='./file0\x00', 0xc3, 0x80) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0b98fcdf17ac824d28aab7604bc6350241", @ANYRES16=0x0, @ANYBLOB="000827bd7000fedbdf2503000000040008000c000b0001000000000000000600090001000000540003804e00f480a4fd4b80d9fe714a5e687dbd3ce43ee39ebcf85a3ca41fe98d0817e8ddffddafbedd3d89aaf90310254e7987b9b6725372b713e2b905f9e93231fbf977b483a06cfa01ed277d0400a08000000600090004000000040008004900028065d37e070d3603bfbb1d528e46fb42994cee6c06cca598a49c7f143d84ac7b0fc0e4c8c07b3ae37317dd246d1f0c00cf0082050000000000000c002500ff0000000000000000000000000100301d4e4b6e4e69d83f82c8ce422200000600090000000000"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x4004045) read$auto_uinput_fops_uinput(r4, &(0x7f0000001400)=""/4112, 0x1010) poll$auto(&(0x7f0000000040)={r3, 0x6, 0x9}, 0x70a6, 0x50316d1c) r5 = socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x5, 0x15) madvise$auto(0x0, 0x200007, 0x19) close_range$auto(r5, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r2) sendmsg$auto_NL80211_CMD_SET_STATION(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRESDEC=r5, @ANYRES8=r0], 0x14}}, 0x44000) 2.16090321s ago: executing program 0 (id=2642): r0 = socket(0xa, 0x801, 0x100) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), r0) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x2b, 0x1, 0x1) (async) socket(0x2b, 0x1, 0x1) recvmmsg$auto(r3, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x80000001}, 0x1}, 0x3, 0x6, 0x0) (async) recvmmsg$auto(r3, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x80000001}, 0x1}, 0x3, 0x6, 0x0) 1.937045347s ago: executing program 0 (id=2643): mount$auto(&(0x7f0000000200)='wlan1\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='\x00', 0x1, &(0x7f0000000340)) mmap$auto(0x1, 0x3, 0x1000008000, 0x1000000eb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) mmap$auto(0x10, 0x40005, 0xdf, 0x9b75, 0x800, 0x28000) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) ioperm$auto(0x800, 0x5, 0xd) epoll_pwait$auto(0x3, 0x0, 0x1, 0xffff0102, 0x0, 0x8) r2 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) read$auto(0x3, 0x0, 0x7ffffffff000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_WRITE(r2, 0xc008551b, &(0x7f0000000440)={0x2, 0x6}) socket(0x11, 0x3, 0x2) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="20002cbd7000fcdb17df2508000000"], 0x14}}, 0x101) 1.558864197s ago: executing program 0 (id=2644): r0 = socket(0x1e, 0x4, 0x0) inotify_add_watch$auto(r0, 0x0, 0x30000000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000040), 0xc00, 0x0) tee$auto(r1, r2, 0x4, 0xe) newfstatat$auto(r1, 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) io_uring_register$auto(0x7ff, 0x80000000, 0x0, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/scsi/drivers/st/fixed_buffer_size\x00', 0x6a040, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x9b6, 0x24e, 0x279, r3, 0x1e0000000) read$auto(0x3, 0x0, 0x80) pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9) 1.220736416s ago: executing program 2 (id=2645): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x1) socket(0xf, 0x3, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@link_create={@prog_fd=0x1, @target_fd=0xa, 0x3, 0x8, @tracing={0x4, 0xffffffff}}, 0xfbf) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x82900, 0x0) write$auto(0x3, 0x0, 0x100082) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x14) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000280), r2) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r3, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_CDEV_MAX_STATE={0x8, 0x12, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1dfd785c35062924}, 0xc0400c4) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) read$auto(r0, 0x0, 0x7) 984.763148ms ago: executing program 1 (id=2646): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x1a12c1, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f0000000080), 0x101043, 0x0) epoll_ctl$auto(r1, 0x7, r2, &(0x7f00000000c0)={0x6, 0x3}) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat2$auto(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x3, 0x9, 0x4}, 0xcfa) r3 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) socket(0x28, 0x1, 0x28) ioctl$auto(r3, 0x5417, 0x38) 873.002994ms ago: executing program 2 (id=2647): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x208040, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x110200, 0x0) r1 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r2, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000084) unshare$auto(0x8000000) syz_clone(0x2040011, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect$auto(0x1fffefff, 0x7f, 0xd) r6 = openat$auto_fops_init_pkru_pkeys(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000001, 0x8e051, 0xffffffffffffffff, 0xe0b) socket(0x21, 0x2, 0x2) mmap$auto(0x0, 0xa, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto(0x3, 0x4, 0xa553) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) bpf$auto(0xc, &(0x7f0000000780)=@link_update={0xffffffffffffffff, @new_map_fd=0x5, 0x7, @old_map_fd=r1}, 0xa3) socket(0x2, 0x1, 0x0) close_range$auto(r8, 0xfffffffffffff000, 0x5) mmap$auto(0x0, 0x2020009, 0x48e, 0x800000000018, 0xfffffffffffffffa, 0x400) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xfff7ffffffff0001, 0x2) mmap$auto(0xe1a4, 0x3, 0x4000000000dc, 0x40eb2, r7, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x1) ioctl$auto(r0, 0x5, 0x7) recvmmsg$auto(r6, 0x0, 0xfffc, 0x1a000, 0x0) rt_sigaction$auto(0x36, 0x0, 0x0, 0x8) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128\x00', 0x2000, 0x0) 871.308247ms ago: executing program 1 (id=2648): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x1c, 0x4, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x4, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x8000000, 0x8, 0x81, 0x3, @attach_btf_obj_fd, 0x6, 0xffff, 0x8, 0x0, 0xfffffffe}, 0x44) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) capget$auto(0x0, 0x0) 600.720028ms ago: executing program 0 (id=2649): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8954, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6b, 0x0, 0x7d, 0xfffffffffffffffd, 0xd4, 0x4, 0x4, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x8000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa744, 0x0, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) r0 = gettid() r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x80a00, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSCOMPRESS(r2, 0x4010744d, &(0x7f00000001c0)={0x0, 0x8, 0x8}) ioctl$auto(r1, 0x4b68, 0x92b6) rt_tgsigqueueinfo$auto(0x0, r0, 0x21, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = socket(0x1e, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) fanotify_mark$auto(r3, 0x180, 0x9, 0xffffffffffffffff, 0x0) r4 = socket(0x2c, 0x3, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000140), r4) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x4, 0x70bd2b, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008010}, 0x80) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) close_range$auto(0x2, 0x8, 0x0) 538.117345ms ago: executing program 2 (id=2650): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vidtv.0/i2c-0/0-0060/uevent\x00', 0xac00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001c00)=""/4111, 0x100f) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010800000000000000254b00000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140), 0x55) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="010029bd700001dcdf2503000000040006000c00018008001000040006"], 0x24}, 0x1, 0x0, 0x0, 0x8000010}, 0x800) 276.909876ms ago: executing program 1 (id=2651): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r1, 0x1, 0x70bd29, 0x2ddfdbfe, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0xc}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x40}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) socket(0x2a, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080)=@l2={0x1f, 0x8, @any, 0xec4, 0x1}, 0x6b) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x40) setsockopt$auto(0xffffffffffffffff, 0x4, 0x8001, 0x0, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) gettid() connect$auto(0xffffffffffffffff, 0x0, 0x55) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x9, 0x8, 0x10006, 0x4000080, 0x0, 0xffff, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x5, 0xfffffffffffffffc, 0x2, 0x8, 0x7, 0xc567]}, 0x1, 0xd) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r2, 0xfffffffffffffd0c, &(0x7f0000001080)="45bd01010000000000001a52b31821e132324ed6d00a2e760d0f50d7631d8a7ecfd05a0a17a8fc2422920c4383ed0301fc99cfc32c6f6c7d283ce244cb4a549e4db2ee7bc7449dd29ad11206f9b511fcbbe5067c9888fce44dad471fbaecff4991ee1207b866cf3d37e31dfe51e008f794aed26f344b3476e74cc8f3") mmap$auto(0x0, 0x5, 0x3, 0x16, 0x3, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0x20200, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = open(&(0x7f0000000200)='./cgroup\x00', 0x400, 0x23) r4 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x20000, 0x0) read$auto_proc_mountinfo_operations_mnt_namespace(r4, &(0x7f0000000080)=""/4096, 0x1000) read$auto(0x3, 0x0, 0x80) fchdir$auto(r3) mkdir$auto(&(0x7f0000000140)='MAC80211_HWSIM\x00', 0x1) 255.848386ms ago: executing program 2 (id=2652): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f00000000c0)="c8051b5d52", 0x5) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYRES32, @ANYRES64=r1, @ANYBLOB="27348a430bfe9301b3a79e9a87cc2b"], 0x1c}, 0x1, 0x0, 0x0, 0x20004041}, 0x40004) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000000000600010000000a0005000000000000000000b3fc010000000000000000000a0001000000000000000000060006000500000008000200", @ANYRES32=0x0, @ANYBLOB="0800040003"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/ext4/sda1/mb_stats\x00', 0x40000, 0x0) read$auto(r2, &(0x7f0000000240)='^)\x00', 0x196d083b) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 31.520424ms ago: executing program 0 (id=2653): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) read$auto(r0, 0x0, 0x7) (fail_nth: 2) 0s ago: executing program 2 (id=2654): mmap$auto(0x40000000100000, 0x401, 0x9, 0x10, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x801, 0x100) setsockopt$auto(r0, 0x6, 0x18, 0x0, 0xfb3) close_range$auto(0x2, 0xfffffffffffff000, 0x2) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x4) setsockopt$auto(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000300)='\b+l\xf1\xef\\%\xe9p\xd1\f#\xa2\x80\x01\x00\x00\x80F\xd1\xff\xf7/0\n\xd3\xc5\x89\xf6;x\xdd\x8aM\xb4\x8f1\x15\x89l\x9b-w\x8e\xf0\xbf\xca|\xce3c1w\x1c(\x8e\x1f\xa4\xb9\xc7gO\xf0\xee\xa5\x11l\xa2w\xbc\xdf\x9d5\xa2\xc6=\x85`\xde\xbcq\x15\xfa\x9c!m\xc0\xb9\xa7T\x90]\x84\xbe\x0e~a\x02\x8fvm\xf9\t\x9d\xbb4[\x81\f\xbc\xe2S\x93\xe1\x89\xb5\xde\xc2\xcc=D\xc1V\xaa', 0x6) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x4, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) prctl$auto(0x23, 0xf, 0x2008, 0xffffffffffffffff, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/smaps_rollup\x00', 0x48000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x2240, 0x154) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) sysfs$auto(0x2, 0x10, 0x0) epoll_ctl$auto(0x5, 0x2, 0x8000000000000000, 0x0) kernel console output (not intermixed with test programs): supported for file /tomoyo/query (pid: 10457 comm: syz.2.1118) [ 350.430158][T10463] random: crng reseeded on system resumption [ 351.426360][T10463] kernel write not supported for file /tomoyo/query (pid: 10463 comm: syz.2.1121) [ 351.737307][T10484] kernel write not supported for file /tomoyo/query (pid: 10484 comm: syz.2.1126) [ 352.121074][T10498] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 352.146679][T10498] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 352.359949][T10499] warn_unsupported: 1 callbacks suppressed [ 352.359972][T10499] kernel write not supported for file /tomoyo/query (pid: 10499 comm: syz.2.1131) [ 352.732948][T10513] lo: entered allmulticast mode [ 352.738878][T10513] lo: left allmulticast mode [ 352.786029][T10513] netlink: 'syz.2.1133': attribute type 10 has an invalid length. [ 352.804323][T10513] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1133'. [ 352.824671][T10513] : renamed from bond_slave_1 (while UP) [ 353.026891][T10513] bond0: (slave ): Releasing backup interface [ 353.075585][T10513] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 353.156773][T10528] HfR: entered promiscuous mode [ 353.334965][T10530] netlink: 'syz.0.1138': attribute type 4 has an invalid length. [ 353.350026][T10530] netlink: 66 bytes leftover after parsing attributes in process `syz.0.1138'. [ 353.501019][T10508] kernel write not supported for file /tomoyo/query (pid: 10508 comm: syz.2.1133) [ 353.673262][T10538] kernel write not supported for file /tomoyo/query (pid: 10538 comm: syz.2.1142) [ 353.885938][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1144'. [ 353.992234][T10544] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 354.026848][T10544] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 354.039598][T10545] kernel write not supported for file /tomoyo/query (pid: 10545 comm: syz.2.1144) [ 354.765458][T10559] kernel write not supported for file /tomoyo/query (pid: 10559 comm: syz.2.1149) [ 355.180167][T10587] kernel write not supported for file /tomoyo/query (pid: 10587 comm: syz.2.1155) [ 355.497104][T10593] kernel write not supported for file /tomoyo/query (pid: 10593 comm: syz.2.1158) [ 356.149305][T10612] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 356.179793][T10612] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 356.791603][T10620] kernel write not supported for file /tomoyo/query (pid: 10620 comm: syz.2.1161) [ 356.935167][T10624] netlink: 'syz.1.1165': attribute type 4 has an invalid length. [ 356.962863][T10624] netlink: 66 bytes leftover after parsing attributes in process `syz.1.1165'. [ 357.074979][T10629] Process accounting resumed [ 357.505810][T10630] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1166'. [ 357.573842][T10630] bridge_slave_1: left allmulticast mode [ 357.621927][T10630] bridge_slave_1: left promiscuous mode [ 357.640862][T10503] kernel write not supported for file /tomoyo/query (pid: 10503 comm: syz.2.1131) [ 357.665980][T10630] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.778724][T10630] bridge_slave_0: left allmulticast mode [ 357.794049][T10630] bridge_slave_0: left promiscuous mode [ 357.820402][T10630] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.301748][T10630] kernel write not supported for file /tomoyo/query (pid: 10630 comm: syz.2.1166) [ 358.590108][T10657] random: crng reseeded on system resumption [ 358.653238][T10658] kernel write not supported for file /tomoyo/query (pid: 10658 comm: syz.2.1180) [ 358.793584][T10654] kernel write not supported for file /tomoyo/query (pid: 10654 comm: syz.2.1180) [ 359.017144][T10664] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 359.029909][T10664] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 359.770081][T10673] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1176'. [ 359.790870][T10674] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1176'. [ 359.799006][T10664] kernel write not supported for file /tomoyo/query (pid: 10664 comm: syz.2.1174) [ 359.979569][T10679] kernel write not supported for file /tomoyo/query (pid: 10679 comm: syz.2.1178) [ 360.289348][T10684] kernel write not supported for file /tomoyo/query (pid: 10684 comm: syz.2.1182) [ 360.979221][T10712] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1188'. [ 361.915487][T10696] kernel write not supported for file /tomoyo/query (pid: 10696 comm: syz.2.1184) [ 362.142886][T10739] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1194'. [ 362.181887][T10731] Invalid ELF header magic: != ELF [ 362.238000][T10739] kernel write not supported for file /tomoyo/query (pid: 10739 comm: syz.2.1194) [ 362.296597][T10728] Process accounting paused [ 362.622027][T10745] kernel write not supported for file /tomoyo/query (pid: 10745 comm: syz.2.1195) [ 362.682064][T10744] kernel write not supported for file /tomoyo/query (pid: 10744 comm: syz.2.1195) [ 362.714542][T10747] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 362.754910][T10747] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1196'. [ 362.771758][T10742] kernel write not supported for file /tomoyo/query (pid: 10742 comm: syz.2.1195) [ 362.899373][T10752] kernel write not supported for file /tomoyo/query (pid: 10752 comm: syz.2.1199) [ 363.384265][T10774] nbd: couldn't find device at index 127 [ 363.428502][T10766] kernel write not supported for file /tomoyo/query (pid: 10766 comm: syz.2.1202) [ 363.620483][T10775] kernel write not supported for file /tomoyo/query (pid: 10775 comm: syz.2.1202) [ 363.692204][T10762] kernel write not supported for file /tomoyo/query (pid: 10762 comm: syz.2.1202) [ 364.080541][T10795] Process accounting resumed [ 364.192732][T10791] kernel write not supported for file /tomoyo/query (pid: 10791 comm: syz.2.1206) [ 364.629576][T10807] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 364.669767][T10807] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 364.769161][T10802] kernel write not supported for file /tomoyo/query (pid: 10802 comm: syz.2.1211) [ 364.947920][T10817] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1215'. [ 365.089760][T10822] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1216'. [ 366.115985][T10857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1223'. [ 366.431663][T10861] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 366.460309][T10861] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 367.223964][T10873] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 367.267918][T10873] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 368.194954][T10881] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 368.230858][T10881] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 369.050935][T10900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1232'. [ 369.075936][T10902] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1233'. [ 369.952248][T10915] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 369.962023][T10915] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 370.029633][T10919] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1238'. [ 371.392940][T10938] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1242'. [ 371.594063][T10942] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1252'. [ 372.414342][T10963] lo: entered allmulticast mode [ 372.436693][T10963] lo: left allmulticast mode [ 372.457117][T10958] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 372.476710][T10958] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 373.531151][T10984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1253'. [ 374.204225][T10995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1257'. [ 374.298266][T11001] Process accounting resumed [ 374.703327][T11004] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 374.734408][T11004] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 375.584070][T11011] lo: entered allmulticast mode [ 375.589760][T11011] lo: left allmulticast mode [ 375.646521][T11011] netlink: 'syz.0.1262': attribute type 10 has an invalid length. [ 375.671511][T11011] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1262'. [ 376.217770][T11030] kernel read not supported for file /#)-\&[} (pid: 11030 comm: syz.2.1266) [ 376.276082][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 376.276106][ T29] audit: type=1800 audit(4295165185.048:54): pid=11030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1266" name="#)-\&[}" dev="mqueue" ino=10423 res=0 errno=0 [ 377.396606][T11063] Process accounting resumed [ 377.415214][T11057] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 377.443586][T11057] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 377.714695][T11073] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1276'. [ 378.684389][T11111] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1285'. [ 378.739893][T11111] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1285'. [ 379.925234][T11132] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1289'. [ 379.992092][T11132] ü: renamed from team0 (while UP) [ 380.539499][T11143] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 380.566639][T11143] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 381.354596][T11161] lo: entered allmulticast mode [ 381.367420][T11161] lo: left allmulticast mode [ 381.412877][T11161] netlink: 'syz.0.1296': attribute type 10 has an invalid length. [ 381.433697][T11161] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1296'. [ 381.649947][T11165] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 381.684080][T11165] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 382.410580][T11181] FAULT_INJECTION: forcing a failure. [ 382.410580][T11181] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 382.463931][T11181] CPU: 0 UID: 0 PID: 11181 Comm: syz.3.1304 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 382.474781][T11181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 382.484885][T11181] Call Trace: [ 382.488207][T11181] [ 382.491187][T11181] dump_stack_lvl+0x16c/0x1f0 [ 382.495939][T11181] should_fail_ex+0x497/0x5b0 [ 382.500691][T11181] _copy_from_user+0x2e/0xd0 [ 382.505358][T11181] parse_command+0xa3/0x250 [ 382.509943][T11181] ? __pfx_parse_command+0x10/0x10 [ 382.515247][T11181] ? rcu_is_watching+0x12/0xc0 [ 382.520081][T11181] ? trace_lock_acquire+0x14e/0x1f0 [ 382.525349][T11181] ? ksys_write+0x12b/0x250 [ 382.529914][T11181] bm_entry_write+0x77/0x420 [ 382.534591][T11181] ? __pfx_bm_entry_write+0x10/0x10 [ 382.539863][T11181] vfs_write+0x24c/0x1150 [ 382.544255][T11181] ? __fget_files+0x1fc/0x3a0 [ 382.549081][T11181] ? __pfx___mutex_lock+0x10/0x10 [ 382.554171][T11181] ? __pfx_vfs_write+0x10/0x10 [ 382.559035][T11181] ? __fget_files+0x206/0x3a0 [ 382.563779][T11181] ksys_write+0x12b/0x250 [ 382.568160][T11181] ? __pfx_ksys_write+0x10/0x10 [ 382.573064][T11181] do_syscall_64+0xcd/0x250 [ 382.577619][T11181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.583557][T11181] RIP: 0033:0x7f8d3fd85d29 [ 382.588029][T11181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.607694][T11181] RSP: 002b:00007f8d40b7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 382.616145][T11181] RAX: ffffffffffffffda RBX: 00007f8d3ff75fa0 RCX: 00007f8d3fd85d29 [ 382.624167][T11181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 382.632162][T11181] RBP: 00007f8d40b7b090 R08: 0000000000000000 R09: 0000000000000000 [ 382.640176][T11181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.648191][T11181] R13: 0000000000000000 R14: 00007f8d3ff75fa0 R15: 00007ffef3c17b68 [ 382.656205][T11181] [ 382.793446][T11188] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 382.814222][T11188] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 382.869934][T11191] program syz.3.1308 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 383.265333][ T5837] udevd[5837]: inotify_add_watch(7, /dev/sda1, 10) failed: No such file or directory [ 383.740274][T11200] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1310'. [ 384.084421][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.091420][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.110919][T11210] lo: entered allmulticast mode [ 384.128462][T11210] lo: left allmulticast mode [ 384.201120][T11210] netlink: 'syz.0.1314': attribute type 10 has an invalid length. [ 384.247659][T11210] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1314'. [ 384.648044][T11225] FAULT_INJECTION: forcing a failure. [ 384.648044][T11225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 384.673018][T11225] CPU: 1 UID: 0 PID: 11225 Comm: syz.3.1316 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 384.683900][T11225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 384.694000][T11225] Call Trace: [ 384.697326][T11225] [ 384.700300][T11225] dump_stack_lvl+0x16c/0x1f0 [ 384.705078][T11225] should_fail_ex+0x497/0x5b0 [ 384.709827][T11225] _copy_from_user+0x2e/0xd0 [ 384.714489][T11225] kstrtouint_from_user+0xd7/0x1c0 [ 384.719663][T11225] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 384.725448][T11225] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 384.731133][T11225] proc_fail_nth_write+0x84/0x250 [ 384.736227][T11225] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 384.741938][T11225] ? ksys_write+0x12b/0x250 [ 384.746699][T11225] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 384.752498][T11225] vfs_write+0x24c/0x1150 [ 384.756906][T11225] ? __fget_files+0x1fc/0x3a0 [ 384.761656][T11225] ? __pfx___mutex_lock+0x10/0x10 [ 384.766744][T11225] ? __pfx_vfs_write+0x10/0x10 [ 384.771586][T11225] ? __fget_files+0x206/0x3a0 [ 384.776356][T11225] ksys_write+0x12b/0x250 [ 384.780762][T11225] ? __pfx_ksys_write+0x10/0x10 [ 384.785688][T11225] do_syscall_64+0xcd/0x250 [ 384.790259][T11225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.796235][T11225] RIP: 0033:0x7f8d3fd847df [ 384.800719][T11225] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 384.820384][T11225] RSP: 002b:00007f8d40b5a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 384.828852][T11225] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8d3fd847df [ 384.836873][T11225] RDX: 0000000000000001 RSI: 00007f8d40b5a0a0 RDI: 0000000000000003 [ 384.844997][T11225] RBP: 00007f8d40b5a090 R08: 0000000000000000 R09: 0000000000000000 [ 384.853031][T11225] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 384.861057][T11225] R13: 0000000000000001 R14: 00007f8d3ff76080 R15: 00007ffef3c17b68 [ 384.869116][T11225] [ 385.847731][T11237] svc: failed to register nfsdv3 RPC service (errno 111). [ 385.877969][T11237] svc: failed to register nfsaclv3 RPC service (errno 111). [ 386.437551][T11243] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 386.464989][T11243] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 387.037951][T11251] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1324'. [ 387.057799][T11251] ü: renamed from team0 [ 387.406687][T11253] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 387.426828][T11253] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 387.930531][T11264] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1327'. [ 389.961238][T11289] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1336'. [ 389.980670][T11289] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 389.997338][T11289] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 390.028602][T11289] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 390.040080][T11289] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 390.305701][T11292] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 390.328863][T11292] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 390.981885][T11309] syz.0.1342(11309): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 391.125200][T11312] Invalid ELF header magic: != ELF [ 392.905821][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1352'. [ 395.066105][T11386] Process accounting resumed [ 395.420067][T11397] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1369'. [ 396.417270][T11421] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1379'. [ 397.893032][ T5837] udevd[5837]: inotify_add_watch(7, /dev/sda1, 10) failed: No such file or directory [ 398.528022][T11451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1386'. [ 400.818043][T11493] netlink: 'syz.0.1397': attribute type 1 has an invalid length. [ 400.886898][T11492] netlink: 'syz.0.1397': attribute type 1 has an invalid length. [ 401.191945][T11503] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1398'. [ 401.939598][T11502] workqueue: Failed to create a rescuer kthread for wq "nfc12_nci_tx_wq": -EINTR [ 403.479986][T11555] lo: entered allmulticast mode [ 403.570145][T11554] lo: left allmulticast mode [ 406.104964][T11593] lo: entered allmulticast mode [ 406.122070][T11588] lo: left allmulticast mode [ 406.715006][T11612] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1418'. [ 407.808573][T11643] lo: entered allmulticast mode [ 407.819001][T11642] lo: left allmulticast mode [ 410.206276][T11706] netlink: 130 bytes leftover after parsing attributes in process `syz.0.1444'. [ 410.344923][T11693] syz.2.1440: vmalloc error: size 2711552, failed to allocated page array size 5296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 410.396754][T11693] CPU: 1 UID: 0 PID: 11693 Comm: syz.2.1440 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 410.407612][T11693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 410.417716][T11693] Call Trace: [ 410.421036][T11693] [ 410.424010][T11693] dump_stack_lvl+0x16c/0x1f0 [ 410.428754][T11693] warn_alloc+0x24d/0x3a0 [ 410.433158][T11693] ? __pfx_warn_alloc+0x10/0x10 [ 410.438103][T11693] ? __get_vm_area_node+0x1b0/0x2f0 [ 410.443377][T11693] ? __get_vm_area_node+0x1dc/0x2f0 [ 410.448643][T11693] __vmalloc_node_range_noprof+0x1105/0x1530 [ 410.454690][T11693] ? __lruvec_stat_mod_folio+0xa0/0x360 [ 410.460317][T11693] ? lock_acquire+0x2f/0xb0 [ 410.464879][T11693] ? bpf_check+0x206/0xc870 [ 410.469450][T11693] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 410.475843][T11693] ? rcu_is_watching+0x12/0xc0 [ 410.480671][T11693] ? trace_kmalloc+0x2d/0xd0 [ 410.485492][T11693] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 410.491304][T11693] ? __kvmalloc_node_noprof+0x6f/0x1a0 [ 410.496830][T11693] ? ktime_get+0x206/0x300 [ 410.501323][T11693] ? bpf_check+0x206/0xc870 [ 410.505896][T11693] vzalloc_noprof+0x6b/0x90 [ 410.510466][T11693] ? bpf_check+0x206/0xc870 [ 410.515052][T11693] bpf_check+0x206/0xc870 [ 410.519448][T11693] ? hlock_class+0x4e/0x130 [ 410.524058][T11693] ? __lock_acquire+0x15a9/0x3c40 [ 410.529216][T11693] ? __pfx___lock_acquire+0x10/0x10 [ 410.534509][T11693] ? __pfx_bpf_check+0x10/0x10 [ 410.539353][T11693] ? find_held_lock+0x2d/0x110 [ 410.544190][T11693] ? bpf_prog_load+0xd45/0x2670 [ 410.549365][T11693] ? __pfx_lock_release+0x10/0x10 [ 410.554454][T11693] ? trace_lock_acquire+0x14e/0x1f0 [ 410.559735][T11693] ? bpf_prog_load+0xd45/0x2670 [ 410.564647][T11693] ? ktime_get_with_offset+0x273/0x3a0 [ 410.570209][T11693] ? lockdep_hardirqs_on+0x7c/0x110 [ 410.575483][T11693] ? read_tsc+0x9/0x20 [ 410.579797][T11693] ? ktime_get_with_offset+0x20f/0x3a0 [ 410.585329][T11693] ? bpf_obj_name_cpy+0x156/0x1b0 [ 410.590438][T11693] bpf_prog_load+0xe3f/0x2670 [ 410.595180][T11693] ? __pfx_bpf_prog_load+0x10/0x10 [ 410.600356][T11693] ? find_held_lock+0x2d/0x110 [ 410.605200][T11693] ? __might_fault+0x13b/0x190 [ 410.610256][T11693] ? __might_fault+0xe3/0x190 [ 410.615020][T11693] __sys_bpf+0x5677/0x57a0 [ 410.619501][T11693] ? __pfx___sys_bpf+0x10/0x10 [ 410.624336][T11693] ? do_user_addr_fault+0xdc7/0x13f0 [ 410.629674][T11693] ? reacquire_held_locks+0x20b/0x4c0 [ 410.635109][T11693] ? do_futex+0x123/0x350 [ 410.639521][T11693] ? __pfx_do_futex+0x10/0x10 [ 410.644298][T11693] ? xfd_validate_state+0x5d/0x180 [ 410.649472][T11693] ? rcu_is_watching+0x12/0xc0 [ 410.654309][T11693] __x64_sys_bpf+0x78/0xc0 [ 410.658784][T11693] ? lockdep_hardirqs_on+0x7c/0x110 [ 410.664047][T11693] do_syscall_64+0xcd/0x250 [ 410.668628][T11693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.674600][T11693] RIP: 0033:0x7f3170f85d29 [ 410.679065][T11693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.698746][T11693] RSP: 002b:00007f316edf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 410.707224][T11693] RAX: ffffffffffffffda RBX: 00007f3171175fa0 RCX: 00007f3170f85d29 [ 410.715277][T11693] RDX: 000000000000000a RSI: 0000000020001080 RDI: 0000000000000005 [ 410.723315][T11693] RBP: 00007f3171001aa8 R08: 0000000000000000 R09: 0000000000000000 [ 410.731358][T11693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 410.739384][T11693] R13: 0000000000000000 R14: 00007f3171175fa0 R15: 00007ffe3e47ba38 [ 410.747430][T11693] [ 410.794092][T11693] Mem-Info: [ 410.804726][T11693] active_anon:44249 inactive_anon:26 isolated_anon:0 [ 410.804726][T11693] active_file:7741 inactive_file:51860 isolated_file:0 [ 410.804726][T11693] unevictable:768 dirty:291 writeback:0 [ 410.804726][T11693] slab_reclaimable:10673 slab_unreclaimable:97479 [ 410.804726][T11693] mapped:37500 shmem:34431 pagetables:946 [ 410.804726][T11693] sec_pagetables:0 bounce:0 [ 410.804726][T11693] kernel_misc_reclaimable:0 [ 410.804726][T11693] free:1286762 free_pcp:7292 free_cma:0 [ 410.887427][T11693] Node 0 active_anon:179496kB inactive_anon:104kB active_file:30964kB inactive_file:207368kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:151400kB dirty:1164kB writeback:0kB shmem:138888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11332kB pagetables:3684kB sec_pagetables:0kB all_unreclaimable? no [ 410.943453][T11693] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 410.974692][T11693] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 411.002512][T11693] lowmem_reserve[]: 0 2491 2492 0 0 [ 411.007941][T11693] Node 0 DMA32 free:1245784kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:182856kB inactive_anon:104kB active_file:30964kB inactive_file:206544kB unevictable:1536kB writepending:1164kB present:3129332kB managed:2551336kB mlocked:0kB bounce:0kB free_pcp:2248kB local_pcp:464kB free_cma:0kB [ 411.050125][T11693] lowmem_reserve[]: 0 0 0 0 0 [ 411.074539][T11693] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 411.142424][T11693] lowmem_reserve[]: 0 0 0 0 0 [ 411.147349][T11693] Node 1 Normal free:3885664kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21540kB local_pcp:14352kB free_cma:0kB [ 411.282035][T11693] lowmem_reserve[]: 0 0 0 0 0 [ 411.287163][T11693] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 411.361358][T11693] Node 0 DMA32: 221*4kB (UME) 307*8kB (UE) 337*16kB (UE) 9*32kB (UME) 276*64kB (UME) 396*128kB (UME) 296*256kB (UME) 140*512kB (UME) 63*1024kB (UME) 14*2048kB (UME) 223*4096kB (UM) = 1231420kB [ 411.411575][T11693] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 411.447657][T11693] Node 1 Normal: 72*4kB (UME) 7*8kB (E) 10*16kB (E) 213*32kB (UME) 103*64kB (UE) 28*128kB (UE) 18*256kB (UME) 9*512kB (UE) 5*1024kB (UE) 2*2048kB (U) 940*4096kB (UM) = 3886168kB [ 411.496643][T11693] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 411.516572][T11693] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 411.543992][T11693] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 411.564469][T11693] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 411.584824][T11693] 99929 total pagecache pages [ 411.599492][T11693] 292 pages in swap cache [ 411.620194][T11693] Free swap = 107348kB [ 411.627139][T11693] Total swap = 124996kB [ 411.631360][T11693] 2097051 pages RAM [ 411.647421][T11693] 0 pages HighMem/MovableOnly [ 411.657090][T11693] 427367 pages reserved [ 411.679065][T11693] 0 pages cma reserved [ 413.045374][T11757] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1455'. [ 413.845995][T11769] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1459'. [ 413.894523][T11771] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1459'. [ 415.408974][T11815] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1471'. [ 416.898785][T11832] lo: entered allmulticast mode [ 416.924427][T11832] lo: left allmulticast mode [ 416.954812][T11829] netlink: 'syz.2.1475': attribute type 10 has an invalid length. [ 416.979890][T11829] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1475'. [ 418.289192][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1480'. [ 419.169244][T11873] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1485'. [ 419.174328][T11867] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[11867] [ 419.998919][T11896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1491'. [ 420.115726][T11898] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[11898] [ 420.733050][T11914] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1496'. [ 420.978270][T11923] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1498'. [ 421.015366][T11923] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1498'. [ 422.503617][T11964] lo: entered allmulticast mode [ 422.523606][T11964] lo: left allmulticast mode [ 422.547061][T11964] netlink: 'syz.3.1509': attribute type 10 has an invalid length. [ 422.563994][T11964] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1509'. [ 424.457264][T12041] lo: entered allmulticast mode [ 424.482770][T12041] lo: left allmulticast mode [ 424.496741][T12041] netlink: 'syz.2.1520': attribute type 10 has an invalid length. [ 424.511890][T12041] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1520'. [ 425.520307][T12062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'. [ 425.536730][T12062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'. [ 426.797184][T12099] lo: entered allmulticast mode [ 426.807846][T12099] lo: left allmulticast mode [ 426.848570][T12099] netlink: 'syz.3.1532': attribute type 10 has an invalid length. [ 426.877480][T12099] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1532'. [ 427.144297][T12104] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1533'. [ 429.209471][T12148] usb usb15: usbfs: interface 0 claimed by hub while 'syz.3.1548' sets config #0 [ 430.572670][T12176] ecryptfs_miscdev_write: Invalid packet size [0] [ 430.667848][T12178] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 430.698093][T12178] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 430.971662][T12158] kexec: Could not allocate control_code_buffer [ 433.325167][T12244] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 433.338186][T12244] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 433.354325][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 433.394292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 434.597144][T12267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1576'. [ 435.548964][T12286] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 435.587521][T12286] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 436.629977][T12296] nfs: Bad value for 'source' [ 438.100183][T12312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1589'. [ 439.372521][T12328] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 439.390122][T12328] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 439.756255][T12339] netlink: 'syz.3.1595': attribute type 11 has an invalid length. [ 439.784144][T12339] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1595'. [ 440.375051][T12349] netlink: 'syz.2.1599': attribute type 4 has an invalid length. [ 440.703134][T12354] netlink: 'syz.3.1601': attribute type 10 has an invalid length. [ 440.711254][T12354] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1601'. [ 440.731893][T12354] : renamed from bond_slave_1 (while UP) [ 440.790651][T12354] bond0: (slave ): Releasing backup interface [ 440.835269][T12354] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 441.085170][T12370] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 441.109440][T12370] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 442.009088][T12389] netlink: 'syz.2.1612': attribute type 1 has an invalid length. [ 442.388793][T12391] capability: warning: `syz.2.1613' uses deprecated v2 capabilities in a way that may be insecure [ 442.394220][T12394] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1614'. [ 443.481955][T12411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1618'. [ 443.579058][T12413] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1620'. [ 444.722802][T12444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1629'. [ 445.276690][T12444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 445.297776][T12444] bond0 (unregistering): Released all slaves [ 445.518651][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.525352][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.538837][T12478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1636'. [ 447.781067][T12480] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1637'. [ 452.383530][T12531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1648'. [ 452.971087][T12539] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1650'. [ 454.123128][T12550] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1655'. [ 455.095180][T12551] 0}^: entered promiscuous mode [ 455.577213][T12578] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1660'. [ 455.844372][T12587] openvswitch: HfR: Dropping previously announced user features [ 455.888742][T12587] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1663'. [ 455.956482][T12589] netlink: 'syz.3.1664': attribute type 10 has an invalid length. [ 455.968334][T12589] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1664'. [ 457.892619][T12622] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1672'. [ 459.001432][T12635] netlink: 'syz.0.1670': attribute type 11 has an invalid length. [ 459.544220][T12661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1680'. [ 460.451054][T12682] netlink: 'syz.3.1688': attribute type 10 has an invalid length. [ 460.464629][T12682] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1688'. [ 460.775151][T12697] netlink: 286 bytes leftover after parsing attributes in process `syz.1.1691'. [ 461.375976][ T29] audit: type=1804 audit(4295165270.150:55): pid=12708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1694" name="/newroot/sys/kernel/tracing/free_buffer" dev="tracefs" ino=1165 res=1 errno=0 [ 461.903967][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1698'. [ 462.125635][T12729] netlink: 286 bytes leftover after parsing attributes in process `syz.1.1700'. [ 462.348468][T12733] netlink: 'syz.1.1702': attribute type 10 has an invalid length. [ 462.362577][T12733] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1702'. [ 462.372852][T12733] : renamed from bond_slave_1 (while UP) [ 462.398741][T12733] bond0: (slave ): Releasing backup interface [ 462.412418][T12733] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check. [ 463.293960][T12761] netlink: 286 bytes leftover after parsing attributes in process `syz.2.1710'. [ 463.329605][T12759] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1709'. [ 463.355649][T12759] ipvlan0: entered allmulticast mode [ 463.361033][T12759] veth0_vlan: entered allmulticast mode [ 463.621354][T12772] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 463.641333][T12772] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 463.940985][T12767] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1712'. [ 465.013065][T12807] netlink: 286 bytes leftover after parsing attributes in process `syz.2.1721'. [ 465.457483][T12820] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1725'. [ 465.709685][T12828] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 465.744009][T12828] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 466.538248][T12841] netlink: 78 bytes leftover after parsing attributes in process `syz.0.1731'. [ 470.119548][T12886] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 470.146778][T12886] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 470.443137][T12889] netlink: 78 bytes leftover after parsing attributes in process `syz.3.1741'. [ 471.295012][T12891] netlink: 'syz.3.1743': attribute type 10 has an invalid length. [ 471.345953][T12891] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1743'. [ 472.431574][T12917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1749'. [ 472.698118][T12920] netlink: 4577 bytes leftover after parsing attributes in process `syz.1.1751'. [ 472.921360][T12925] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 472.958598][T12925] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 473.487523][T12930] nbd3: detected capacity change from 0 to 68719476736 [ 473.547439][T12775] block nbd3: Send control failed (result -22) [ 473.568368][T12775] block nbd3: Request send failed, requeueing [ 473.597072][T11846] block nbd3: Receive control failed (result -32) [ 473.602855][ T8939] block nbd3: Dead connection, failed to find a fallback [ 473.614810][ T8939] block nbd3: shutting down sockets [ 473.620776][ T8939] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.631926][ T8939] Buffer I/O error on dev nbd3, logical block 0, async page read [ 473.651752][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.704080][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 473.712311][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.786836][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 473.814076][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.853910][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 473.863510][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.893643][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 473.912303][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.931902][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 473.950561][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 473.982707][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 474.023133][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.073959][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 474.093606][T12775] ldm_validate_partition_table(): Disk read failed. [ 474.111352][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.135600][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 474.164098][T12775] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.173253][T12775] Buffer I/O error on dev nbd3, logical block 0, async page read [ 474.212794][T12775] Dev nbd3: unable to read RDB block 0 [ 474.229878][T12775] nbd3: unable to read partition table [ 474.280914][T12775] ldm_validate_partition_table(): Disk read failed. [ 474.325636][T12775] Dev nbd3: unable to read RDB block 0 [ 474.331718][T12775] nbd3: unable to read partition table [ 479.409527][T12992] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 479.432902][T12992] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 479.518231][T13002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1766'. [ 480.298764][T13013] netlink: 'syz.0.1768': attribute type 10 has an invalid length. [ 480.363433][T13013] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1768'. [ 482.931023][T13047] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 482.973949][T13047] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 483.959919][T13060] netlink: 'syz.1.1778': attribute type 10 has an invalid length. [ 484.053895][T13060] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1778'. [ 484.436361][T13055] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1779'. [ 485.057630][T13076] bridge0: port 3(ü) entered blocking state [ 485.063778][T13076] bridge0: port 3(ü) entered disabled state [ 485.092453][T13076] ü: entered allmulticast mode [ 485.104344][T13076] team_slave_1: entered allmulticast mode [ 485.138581][T13076] ü: entered promiscuous mode [ 485.143521][T13076] team_slave_1: entered promiscuous mode [ 486.561606][T13102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1789'. [ 486.644502][T13107] netlink: 'syz.3.1790': attribute type 10 has an invalid length. [ 486.663394][T13107] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1790'. [ 487.904918][T13129] Process accounting resumed [ 489.189237][T13154] netlink: 'syz.0.1801': attribute type 10 has an invalid length. [ 489.207853][T13154] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1801'. [ 489.248163][T13157] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1802'. [ 490.491576][T13175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1804'. [ 491.574329][T13198] netlink: 'syz.3.1812': attribute type 10 has an invalid length. [ 491.605925][T13198] netlink: 230 bytes leftover after parsing attributes in process `syz.3.1812'. [ 492.013330][T13208] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 492.033470][T13208] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 493.154960][T13240] netlink: del zone limit has 8 unknown bytes [ 493.191159][ T29] audit: type=1800 audit(4295165301.960:56): pid=13240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1824" name="features" dev="configfs" ino=37420 res=0 errno=0 [ 493.444430][T13252] netlink: 'syz.2.1825': attribute type 10 has an invalid length. [ 493.471007][T13252] netlink: 230 bytes leftover after parsing attributes in process `syz.2.1825'. [ 493.749258][T13260] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 493.779829][T13260] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 494.260273][T13269] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1831'. [ 494.800570][T13286] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1836'. [ 494.978556][T13294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1838'. [ 495.236918][T13305] netlink: 'syz.0.1841': attribute type 2 has an invalid length. [ 495.245758][T13300] netlink: 'syz.1.1840': attribute type 10 has an invalid length. [ 495.254417][T13300] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1840'. [ 495.351756][T13309] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 495.362654][T13309] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 496.006809][T13320] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1846'. [ 496.513061][T13335] netlink: 223 bytes leftover after parsing attributes in process `syz.1.1851'. [ 496.669555][T13340] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1852'. [ 496.977988][T13344] netlink: 'syz.1.1855': attribute type 10 has an invalid length. [ 496.988496][T13344] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1855'. [ 497.168603][T13354] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 497.179207][T13354] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 498.086740][T13382] netlink: 'syz.0.1865': attribute type 10 has an invalid length. [ 498.115438][T13382] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1865'. [ 498.633451][T13398] can: request_module (can-proto-5) failed. [ 498.649384][T13405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1869'. [ 499.939378][T13427] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1875'. [ 500.164551][T13429] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1876'. [ 500.512951][T13413] kexec: Could not allocate control_code_buffer [ 500.531527][T13441] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1878'. [ 500.557135][T13442] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1878'. [ 500.574091][T13441] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 500.584071][T13441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 500.609182][T13441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 500.617001][T13441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 500.700362][T13432] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1877'. [ 500.873725][T13453] netlink: 'syz.0.1880': attribute type 10 has an invalid length. [ 500.885689][T13453] netlink: 230 bytes leftover after parsing attributes in process `syz.0.1880'. [ 501.856071][T13503] netlink: 'syz.1.1892': attribute type 10 has an invalid length. [ 501.886849][T13503] __nla_validate_parse: 1 callbacks suppressed [ 501.886875][T13503] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1892'. [ 502.119485][T13505] Process accounting resumed [ 502.324623][T13520] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1896'. [ 503.469468][T13558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1903'. [ 503.777801][T13567] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1907'. [ 503.928397][T13578] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 504.973976][T13595] can: request_module (can-proto-0) failed. [ 505.314339][T13609] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1917'. [ 506.168144][T13635] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1921'. [ 506.541080][T13644] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1923'. [ 506.957450][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.969569][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.477137][T13653] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1927'. [ 508.363753][T13678] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1934'. [ 508.436694][T13676] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1933'. [ 509.184409][T13697] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1938'. [ 509.206526][T13698] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 509.547275][T13704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1942'. [ 509.770340][T13713] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1944'. [ 509.818840][T13714] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 509.859302][T13714] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 509.971572][T13713] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1944'. [ 510.011195][T13713] bridge_slave_1: left allmulticast mode [ 510.027417][T13713] bridge_slave_1: left promiscuous mode [ 510.035643][T13713] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.262161][T13713] bridge_slave_0: left allmulticast mode [ 510.268481][T13713] bridge_slave_0: left promiscuous mode [ 510.274580][T13713] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.655776][T13728] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1947'. [ 510.799696][T13732] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1949'. [ 511.209311][T13744] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1958'. [ 512.075052][T13765] lo: entered allmulticast mode [ 512.185111][T13767] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 512.684357][T13757] lo: left allmulticast mode [ 513.867328][T13781] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1960'. [ 514.369884][T13788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1962'. [ 514.633115][T13793] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 514.660065][T13793] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 515.988865][T13809] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1970'. [ 517.389462][T13839] ubi0: attaching mtd0 [ 517.446325][T13839] ubi0: scanning is finished [ 517.485257][T13839] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 517.810434][T13839] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 518.272170][T13662] udevd[13662]: inotify_add_watch(7, /dev/sda1, 10) failed: No such file or directory [ 518.342438][T13855] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1980'. [ 519.211760][T13875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1984'. [ 519.238841][T13877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1986'. [ 520.124920][T13895] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2000'. [ 520.603616][T13909] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1993'. [ 520.746716][T13911] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 520.776503][T13911] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 521.508267][T13916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1996'. [ 521.899810][T13918] nfsd: Unknown parameter '' [ 523.011128][T13662] udevd[13662]: inotify_add_watch(7, /dev/sda1, 10) failed: No such file or directory [ 523.562349][T13937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2005'. [ 523.900123][T13943] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2004'. [ 524.474950][T13947] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2006'. [ 524.688068][T13954] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 524.692517][T13952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2007'. [ 524.720899][T13954] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 525.212676][T13971] scsi_dev_info_list_add_str: bad dev info string ';íÙ/&cŒõ›ú $3' '' '' [ 527.610297][T14022] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 527.630469][T14022] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 528.880716][T14050] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 528.890725][T14050] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 529.854871][T14081] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2043'. [ 531.636648][T14113] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2053'. [ 531.744132][T14120] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 531.784004][T14120] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 532.130048][T14124] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2057'. [ 532.658141][T14131] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2067'. [ 534.481266][T14172] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 534.529308][T14172] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 535.421023][T14184] netlink: 'syz.2.2072': attribute type 10 has an invalid length. [ 535.440520][T14184] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2072'. [ 536.655122][T14189] kexec: Could not allocate control_code_buffer [ 537.562514][T14226] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 537.580545][T14226] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 539.926408][T14245] kexec: Could not allocate control_code_buffer [ 540.449169][T14280] nfs: Bad value for 'source' [ 540.680347][T14282] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 540.713989][T14282] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 541.058149][T14293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2101'. [ 541.096813][T14294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2103'. [ 542.129864][T14312] nfs: Bad value for 'source' [ 542.554646][T14322] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 542.585348][T14322] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 543.178825][T14334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2115'. [ 543.514873][T14336] netlink: 'syz.1.2117': attribute type 4 has an invalid length. [ 543.966578][T14344] netlink: 'syz.0.2120': attribute type 10 has an invalid length. [ 543.985612][T14344] netlink: 230 bytes leftover after parsing attributes in process `syz.0.2120'. [ 545.164858][T14366] netlink: 'syz.0.2127': attribute type 4 has an invalid length. [ 545.862708][T14377] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 545.872452][T14377] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 546.001618][T14378] netlink: 'syz.0.2130': attribute type 10 has an invalid length. [ 546.011639][T14378] netlink: 230 bytes leftover after parsing attributes in process `syz.0.2130'. [ 547.186737][T14402] netlink: 'syz.0.2136': attribute type 10 has an invalid length. [ 547.218358][T14402] netlink: 230 bytes leftover after parsing attributes in process `syz.0.2136'. [ 547.637466][T14418] netlink: 'syz.0.2141': attribute type 10 has an invalid length. [ 547.654689][T14418] netlink: 230 bytes leftover after parsing attributes in process `syz.0.2141'. [ 547.870498][T14424] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 547.907774][T14424] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 550.236342][T14457] netlink: 'syz.2.2150': attribute type 10 has an invalid length. [ 550.264029][T14457] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2150'. [ 550.516238][T14463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2151'. [ 551.090468][T14469] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2152'. [ 551.960243][T14483] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 552.004126][T14483] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 552.425930][T14493] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2154'. [ 552.751299][T14493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.771270][T14493] bond0 (unregistering): Released all slaves [ 552.882206][T14500] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2159'. [ 553.046686][T14500] hsr_slave_1 (unregistering): left promiscuous mode [ 553.526861][T14515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2162'. [ 553.609138][T14520] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[14520] [ 554.334160][T14533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2165'. [ 554.477270][T14535] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 554.531506][T14535] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 555.332275][T14554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2172'. [ 555.544203][T14554] hsr_slave_1 (unregistering): left promiscuous mode [ 555.619196][T14562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2174'. [ 556.220535][T14570] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2176'. [ 556.446058][T14575] erspan0: entered allmulticast mode [ 557.448261][T14569] syz.0.2176: vmalloc error: size 3411968, failed to allocated page array size 6664, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 557.466058][T14569] CPU: 0 UID: 0 PID: 14569 Comm: syz.0.2176 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 557.476892][T14569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 557.487006][T14569] Call Trace: [ 557.490341][T14569] [ 557.493328][T14569] dump_stack_lvl+0x16c/0x1f0 [ 557.498095][T14569] warn_alloc+0x24d/0x3a0 [ 557.502515][T14569] ? __pfx_warn_alloc+0x10/0x10 [ 557.507464][T14569] ? __get_vm_area_node+0x1b0/0x2f0 [ 557.512733][T14569] ? __get_vm_area_node+0x1dc/0x2f0 [ 557.518014][T14569] __vmalloc_node_range_noprof+0x1105/0x1530 [ 557.524082][T14569] ? ip_set_sockfn_get+0x185/0xc50 [ 557.529268][T14569] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 557.535666][T14569] ? __get_vm_area_node+0x1b0/0x2f0 [ 557.540908][T14569] ? __get_vm_area_node+0x1dc/0x2f0 [ 557.546148][T14569] __vmalloc_node_range_noprof+0xd85/0x1530 [ 557.552080][T14569] ? ip_set_sockfn_get+0x185/0xc50 [ 557.557227][T14569] ? __pfx___lock_acquire+0x10/0x10 [ 557.562480][T14569] ? ip_set_sockfn_get+0x185/0xc50 [ 557.567631][T14569] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 557.574011][T14569] ? apparmor_capable+0x114/0x1d0 [ 557.579077][T14569] ? ip_set_sockfn_get+0x185/0xc50 [ 557.584222][T14569] vmalloc_noprof+0x6b/0x90 [ 557.588803][T14569] ? ip_set_sockfn_get+0x185/0xc50 [ 557.593951][T14569] ip_set_sockfn_get+0x185/0xc50 [ 557.598955][T14569] ? __pfx_lock_release+0x10/0x10 [ 557.604008][T14569] ? __pfx_ip_set_sockfn_get+0x10/0x10 [ 557.609515][T14569] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 557.615552][T14569] nf_getsockopt+0x79/0xe0 [ 557.620022][T14569] ip_getsockopt+0x18e/0x1e0 [ 557.624730][T14569] ? __pfx_ip_getsockopt+0x10/0x10 [ 557.629879][T14569] ? __schedule+0xe60/0x5ad0 [ 557.634503][T14569] ? __pfx___lock_acquire+0x10/0x10 [ 557.639756][T14569] ipv6_getsockopt+0x230/0x280 [ 557.644584][T14569] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 557.649905][T14569] ? __pfx_mark_lock+0x10/0x10 [ 557.654723][T14569] sctp_getsockopt+0x1d2/0x7ae0 [ 557.659614][T14569] ? hlock_class+0x4e/0x130 [ 557.664150][T14569] ? mark_lock+0xb5/0xc60 [ 557.668522][T14569] ? aa_label_sk_perm+0x19d/0x5a0 [ 557.673591][T14569] ? __pfx_sctp_getsockopt+0x10/0x10 [ 557.678914][T14569] ? __lock_acquire+0x15a9/0x3c40 [ 557.683996][T14569] ? __pfx___lock_acquire+0x10/0x10 [ 557.689337][T14569] ? find_held_lock+0x2d/0x110 [ 557.694146][T14569] ? __might_fault+0x13b/0x190 [ 557.699041][T14569] ? __pfx_lock_release+0x10/0x10 [ 557.704180][T14569] ? trace_lock_acquire+0x14e/0x1f0 [ 557.709427][T14569] ? lock_acquire+0x2f/0xb0 [ 557.713964][T14569] ? __might_fault+0xe3/0x190 [ 557.718734][T14569] ? __might_fault+0xe3/0x190 [ 557.723472][T14569] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 557.729432][T14569] ? do_sock_getsockopt+0x3fe/0x870 [ 557.734688][T14569] do_sock_getsockopt+0x3fe/0x870 [ 557.739751][T14569] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 557.745354][T14569] ? lock_acquire+0x2f/0xb0 [ 557.749887][T14569] ? __fget_files+0x40/0x3a0 [ 557.754517][T14569] ? __fget_files+0x206/0x3a0 [ 557.759234][T14569] __sys_getsockopt+0x12f/0x260 [ 557.764145][T14569] __x64_sys_getsockopt+0xbd/0x160 [ 557.769381][T14569] ? do_syscall_64+0x91/0x250 [ 557.774110][T14569] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.779344][T14569] do_syscall_64+0xcd/0x250 [ 557.783909][T14569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.789841][T14569] RIP: 0033:0x7f39c3f85d29 [ 557.794303][T14569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.813958][T14569] RSP: 002b:00007f39c4d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 557.822428][T14569] RAX: ffffffffffffffda RBX: 00007f39c4175fa0 RCX: 00007f39c3f85d29 [ 557.830432][T14569] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000089 [ 557.838441][T14569] RBP: 00007f39c4001aa8 R08: 0000000020000040 R09: 0000000000000000 [ 557.846530][T14569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.854525][T14569] R13: 0000000000000000 R14: 00007f39c4175fa0 R15: 00007fffb7611c88 [ 557.862548][T14569] [ 557.866747][T14569] Mem-Info: [ 557.869911][T14569] active_anon:27106 inactive_anon:58 isolated_anon:0 [ 557.869911][T14569] active_file:5806 inactive_file:53958 isolated_file:0 [ 557.869911][T14569] unevictable:778 dirty:303 writeback:0 [ 557.869911][T14569] slab_reclaimable:10866 slab_unreclaimable:96446 [ 557.869911][T14569] mapped:26999 shmem:5695 pagetables:958 [ 557.869911][T14569] sec_pagetables:0 bounce:0 [ 557.869911][T14569] kernel_misc_reclaimable:0 [ 557.869911][T14569] free:1254464 free_pcp:5256 free_cma:0 [ 557.916312][T14569] Node 0 active_anon:108624kB inactive_anon:232kB active_file:23224kB inactive_file:215760kB unevictable:1576kB isolated(anon):0kB isolated(file):0kB mapped:107996kB dirty:1212kB writeback:0kB shmem:21344kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11908kB pagetables:3832kB sec_pagetables:0kB all_unreclaimable? no [ 557.949900][T14569] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 557.980331][T14569] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 558.007924][T14569] lowmem_reserve[]: 0 2491 2492 0 0 [ 558.013272][T14569] Node 0 DMA32 free:1104524kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:108384kB inactive_anon:232kB active_file:23224kB inactive_file:214936kB unevictable:1576kB writepending:1212kB present:3129332kB managed:2551336kB mlocked:64kB bounce:0kB free_pcp:11336kB local_pcp:10552kB free_cma:0kB [ 558.045004][T14569] lowmem_reserve[]: 0 0 0 0 0 [ 558.049833][T14569] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB [ 558.077009][T14569] lowmem_reserve[]: 0 0 0 0 0 [ 558.081840][T14569] Node 1 Normal free:3899828kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:9408kB local_pcp:0kB free_cma:0kB [ 558.111942][T14569] lowmem_reserve[]: 0 0 0 0 0 [ 558.117225][T14569] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 558.130535][T14569] Node 0 DMA32: 19*4kB (UE) 1106*8kB (UME) 1686*16kB (UME) 1412*32kB (UME) 1055*64kB (UME) 506*128kB (UME) 209*256kB (UME) 58*512kB (ME) 15*1024kB (M) 3*2048kB (UME) 191*4096kB (UM) = 1100412kB [ 558.150279][T14569] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 558.152984][T14594] netlink: 'syz.1.2182': attribute type 10 has an invalid length. [ 558.163077][T14569] Node 1 Normal: 235*4kB (UME) 71*8kB (UM) 49*16kB (UM) 214*32kB (UME) 102*64kB (UE) 35*128kB (UME) 21*256kB (UME) 11*512kB (UME) 6*1024kB (UME) 4*2048kB (UM) 941*4096kB (UM) = 3899828kB [ 558.189504][T14569] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 558.190823][T14594] netlink: 230 bytes leftover after parsing attributes in process `syz.1.2182'. [ 558.199213][T14569] Node 0 hugepages_total=3 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 558.199258][T14569] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 558.199287][T14569] Node 1 hugepages_total=1 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 558.199317][T14569] 66803 total pagecache pages [ 558.199331][T14569] 276 pages in swap cache [ 558.199342][T14569] Free swap = 112080kB [ 558.199355][T14569] Total swap = 124996kB [ 558.199369][T14569] 2097051 pages RAM [ 558.199380][T14569] 0 pages HighMem/MovableOnly [ 558.199392][T14569] 427367 pages reserved [ 558.199405][T14569] 0 pages cma reserved [ 558.366134][T14596] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 558.414021][T14596] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 559.137499][T14599] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2185'. [ 559.190673][T14607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2184'. [ 559.333721][T14599] hsr_slave_1 (unregistering): left promiscuous mode [ 559.361994][T14602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2186'. [ 560.793371][T14640] netlink: 'syz.3.2194': attribute type 10 has an invalid length. [ 560.837371][T14640] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2194'. [ 561.258891][T14651] blk_print_req_error: 24 callbacks suppressed [ 561.258922][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.394069][T14651] buffer_io_error: 23 callbacks suppressed [ 561.394097][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.485089][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.523711][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.554982][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.582596][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.628543][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.694794][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.715403][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.741520][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.804194][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.864636][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.894160][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.933147][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 561.956061][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 561.980698][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 562.023359][T14651] ldm_validate_partition_table(): Disk read failed. [ 562.050822][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 562.082246][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 562.094957][T14651] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 562.104656][T14651] Buffer I/O error on dev nbd3, logical block 0, async page read [ 562.112763][T14651] Dev nbd3: unable to read RDB block 0 [ 562.120305][T14651] nbd3: unable to read partition table [ 562.996526][T14681] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[14681] [ 563.179888][T14695] netlink: 'syz.1.2208': attribute type 11 has an invalid length. [ 563.202424][T14703] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2209'. [ 563.648884][T14704] 0}^: entered promiscuous mode [ 564.407698][T14730] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 564.424332][T14730] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 564.642810][T14736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2221'. [ 564.995067][T14751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2224'. [ 565.214486][T14744] ptrace attach of "./syz-executor exec"[5838] was attempted by "./syz-executor exec"[14744] [ 565.409041][T14758] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2234'. [ 566.247558][T14782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2235'. [ 566.476217][T14788] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 566.494101][T14788] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 566.991106][T14806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2241'. [ 567.004340][T14805] netlink: 448 bytes leftover after parsing attributes in process `syz.2.2243'. [ 567.831381][T14820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 567.846288][T14820] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 567.859678][T14820] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 567.870119][T14820] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 567.878953][T14820] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 567.886716][T14820] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 568.332261][T14819] chnl_net:caif_netlink_parms(): no params data found [ 568.397591][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.404906][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.568310][T14819] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.583120][T14819] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.602961][T14819] bridge_slave_0: entered allmulticast mode [ 568.615522][T14819] bridge_slave_0: entered promiscuous mode [ 568.637576][T14819] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.650750][T14819] bridge0: port 2(bridge_slave_1) entered disabled state [ 568.660294][T14819] bridge_slave_1: entered allmulticast mode [ 568.670588][T14819] bridge_slave_1: entered promiscuous mode [ 568.730140][T14819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 568.756789][T14819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 568.820573][T14819] team0: Port device team_slave_0 added [ 568.830185][T14819] team0: Port device team_slave_1 added [ 568.863352][T14819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 568.872012][T14819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 568.903725][T14819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 568.927328][T14819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 568.935642][T14819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 568.963335][T14819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 569.023445][T14819] hsr_slave_0: entered promiscuous mode [ 569.031721][T14819] hsr_slave_1: entered promiscuous mode [ 569.048352][T14819] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 569.060054][T14819] Cannot create hsr debugfs directory [ 569.272841][T14819] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.406687][T14819] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.495952][T14819] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.558755][T14819] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.748091][T14819] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 569.761255][T14819] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 569.772028][T14819] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 569.786740][T14819] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 569.893122][T14819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 569.915979][T14820] Bluetooth: hci0: command tx timeout [ 569.937309][T14819] 8021q: adding VLAN 0 to HW filter on device team0 [ 569.952343][T10127] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.959562][T10127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.000428][T14819] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 570.011277][T14819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 570.030966][T14481] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.038188][T14481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 570.248514][T14819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 570.288217][T14819] veth0_vlan: entered promiscuous mode [ 570.302399][T14819] veth1_vlan: entered promiscuous mode [ 570.333035][T14819] veth0_macvtap: entered promiscuous mode [ 570.342655][T14819] veth1_macvtap: entered promiscuous mode [ 570.361781][T14819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 570.372378][T14819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.385094][T14819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 570.400918][T14819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.412283][T14819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.424195][T14819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 570.438741][T14819] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.448224][T14819] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.459645][T14819] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.468613][T14819] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.564491][T12023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.587280][T12023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.626527][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.635415][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.840203][T14859] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2263'. [ 572.010785][T14820] Bluetooth: hci0: command tx timeout [ 572.296756][T14888] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2265'. [ 572.522387][T14895] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2266'. [ 573.430230][T14916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2271'. [ 574.084410][T14820] Bluetooth: hci0: command tx timeout [ 574.388334][T14932] netlink: 'syz.0.2278': attribute type 1 has an invalid length. [ 574.662964][T14943] netlink: 'syz.0.2283': attribute type 10 has an invalid length. [ 574.683935][T14943] netlink: 230 bytes leftover after parsing attributes in process `syz.0.2283'. [ 575.108078][T14958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2287'. [ 575.468077][T14974] FAULT_INJECTION: forcing a failure. [ 575.468077][T14974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 575.495555][T14974] CPU: 1 UID: 0 PID: 14974 Comm: syz.1.2291 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 575.506425][T14974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 575.516542][T14974] Call Trace: [ 575.519918][T14974] [ 575.522898][T14974] dump_stack_lvl+0x16c/0x1f0 [ 575.527648][T14974] should_fail_ex+0x497/0x5b0 [ 575.532663][T14974] _copy_from_user+0x2e/0xd0 [ 575.537337][T14974] restore_sigcontext+0xcc/0x6a0 [ 575.542353][T14974] ? __pfx_restore_sigcontext+0x10/0x10 [ 575.548006][T14974] ? __pfx_restore_altstack+0x10/0x10 [ 575.553465][T14974] ? _raw_spin_unlock_irq+0x23/0x50 [ 575.558740][T14974] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.564016][T14974] __do_sys_rt_sigreturn+0x1bd/0x240 [ 575.569385][T14974] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 575.575282][T14974] do_syscall_64+0xcd/0x250 [ 575.579865][T14974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.585831][T14974] RIP: 0033:0x7f2c8e321f29 [ 575.590300][T14974] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 575.610356][T14974] RSP: 002b:00007f2c8f1c1a80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 575.618930][T14974] RAX: ffffffffffffffda RBX: 00007f2c8e575fa0 RCX: 00007f2c8e321f29 [ 575.626931][T14974] RDX: 00007f2c8f1c1a80 RSI: 00007f2c8f1c1bb0 RDI: 0000000000000011 [ 575.634964][T14974] RBP: 00007f2c8f1c2090 R08: 0000000000000000 R09: 0000000000000000 [ 575.642971][T14974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 575.651072][T14974] R13: 0000000000000000 R14: 00007f2c8e575fa0 R15: 00007ffc58bb7dc8 [ 575.659088][T14974] [ 575.861770][T14982] netlink: 'syz.1.2293': attribute type 10 has an invalid length. [ 575.894502][T14982] netlink: 230 bytes leftover after parsing attributes in process `syz.1.2293'. [ 576.225419][T14820] Bluetooth: hci0: command tx timeout [ 577.029221][T15009] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 577.073911][T15009] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 577.396520][T15025] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2302'. [ 578.084397][T15039] netlink: 'syz.3.2308': attribute type 10 has an invalid length. [ 578.102885][T15039] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2308'. [ 578.399079][T15036] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2306'. [ 579.059477][T15052] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 579.082697][T15052] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 579.155058][ T29] audit: type=1800 audit(4295165387.920:57): pid=15056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2312" name="dbroot" dev="configfs" ino=45454 res=0 errno=0 [ 579.188866][T15056] db_root: cannot open: initcall:initcall_finish [ 579.188866][T15056] initcall:initcall_start [ 579.188866][T15056] initcall:initcall_level [ 579.188866][T15056] vsyscall:emulate_vsyscall [ 579.188866][T15056] kvm:kvm_test_age_hva [ 579.188866][T15056] kvm:kvm_age_hva [ 579.188866][T15056] kvm:kvm_unmap_hva_range [ 579.188866][T15056] kvm:kvm_dirty_ring_exit [ 579.188866][T15056] kvm:kvm_dirty_ring_reset [ 579.188866][T15056] kvm:kvm_dirty_ring_push [ 579.188866][T15056] kvm:kvm_halt_poll_ns [ 579.188866][T15056] kvm:kvm_async_pf_completed [ 579.188866][T15056] kvm:kvm_async_pf_ready [ 579.188866][T15056] kvm:kvm_async_pf_not_present [ 579.188866][T15056] kvm:kvm_async_pf_repeated_fault [ 579.188866][T15056] kvm:kvm_try_async_get_page [ 579.188866][T15056] kvm:kvm_fpu [ 579.188866][T15056] kvm:kvm_iocsr [ 579.188866][T15056] kvm:kvm_mmio [ 579.188866][T15056] kvm:kvm_ack_irq [ 579.188866][T15056] kvm:kvm_msi_set_irq [ 579.188866][T15056] kvm:kvm_ioapic_delayed_eoi_inj [ 579.188866][T15056] kvm:kvm_ioapic_set_irq [ 579.188866][T15056] kvm:kvm_set_irq [ 579.188866][T15056] kvm:kvm_vcpu_wakeup [ 579.188866][T15056] kvm:kvm_userspace_exit [ 579.188866][T15056] kvm:kvm_rmp_fault [ 579.188866][T15056] kvm:kvm_vmgexit_msr_protocol_exit [ 579.188866][T15056] kvm:kvm_vmgexit_msr_protocol_enter [ 579.188866][T15056] kvm:kvm_vmgexit_exit [ 579.188866][T15056] kvm:kvm_vmgexit_enter [ 579.188866][T15056] kvm:kvm_hv_syndbg_get_msr [ 579.188866][T15056] kvm:kvm_hv_syndbg_set_msr [ 579.188866][T15056] kvm:kvm_nested_vmenter_failed [ 579.188866][T15056] kvm:kvm_pv_tlb_flush [ 579.188866][T15056] kvm:kvm_hv_send_ipi_ex [ 579.188866][T15056] kvm:kvm_hv_send_ipi [ 579.188866][T15056] kvm:kvm_hv_flush_tlb_ex [ 579.188866][T15056] kvm:kvm_hv_flush_tlb [ 579.188866][T15056] kvm:kvm_hv_timer_state [ 579.188866][T15056] kvm:kvm_avic_doorbell [ 579.188866][T15056] kvm:kvm_avic_kick_vcpu_slowpath [ 579.188866][T15056] kvm:kvm_avic_ga_log [ 579.188866][T15056] k [ 580.142828][T15067] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 580.377059][T15067] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 581.173751][T15082] netlink: 'syz.2.2319': attribute type 10 has an invalid length. [ 581.205437][T15082] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2319'. [ 581.708644][T15087] mkiss: ax0: crc mode is auto. [ 582.134840][T15089] netlink: 'syz.2.2323': attribute type 10 has an invalid length. [ 582.163690][T15089] netlink: 230 bytes leftover after parsing attributes in process `syz.2.2323'. [ 583.472970][T15122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2331'. [ 583.753993][T15126] netlink: 'syz.1.2332': attribute type 10 has an invalid length. [ 583.776543][T15126] netlink: 230 bytes leftover after parsing attributes in process `syz.1.2332'. [ 584.886857][T15144] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 584.934029][T15144] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 586.057607][T15166] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2345'. [ 587.106350][T15193] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 587.134421][T15193] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 587.326355][T15194] openvswitch: HfR: Dropping previously announced user features [ 587.364738][T15194] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2355'. [ 587.387918][T15194] HfR: left promiscuous mode [ 587.934399][T11846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 587.947191][T11846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 587.965532][T11846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 588.000184][T11846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 588.018823][T11846] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 588.027490][T11846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 588.140286][T15178] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 588.209558][T15204] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2358'. [ 588.562585][T15201] chnl_net:caif_netlink_parms(): no params data found [ 589.295239][T15201] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.302488][T15201] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.314139][T15201] bridge_slave_0: entered allmulticast mode [ 589.321367][T15201] bridge_slave_0: entered promiscuous mode [ 589.353305][T15201] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.379785][T15201] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.396667][T15201] bridge_slave_1: entered allmulticast mode [ 589.411627][T15201] bridge_slave_1: entered promiscuous mode [ 589.566750][T15201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.601235][T15201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 589.725148][T15201] team0: Port device team_slave_0 added [ 589.733700][T15201] team0: Port device team_slave_1 added [ 589.819420][T15201] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.843840][T15201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.903967][T15201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 589.937363][T15201] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 589.953850][T15201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.995746][T15201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 590.052169][T15229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2365'. [ 590.074107][T11846] Bluetooth: hci1: command tx timeout [ 590.085975][T15201] hsr_slave_0: entered promiscuous mode [ 590.094475][T15201] hsr_slave_1: entered promiscuous mode [ 590.103638][T15201] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 590.111975][T15201] Cannot create hsr debugfs directory [ 590.397711][T15201] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.460875][T15235] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2362'. [ 590.531159][T15201] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.632008][T15201] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.691216][T15231] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2366'. [ 590.727338][T15201] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.969353][T15201] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 590.992924][T15201] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 591.010376][T15201] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 591.027672][T15201] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 591.316435][T15201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.368590][T15201] 8021q: adding VLAN 0 to HW filter on device team0 [ 591.380557][T12023] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.387755][T12023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 591.534631][T10127] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.541962][T10127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 591.813277][T15201] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 591.855291][T15201] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 592.163854][T11846] Bluetooth: hci1: command tx timeout [ 592.240117][T15201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 592.392804][T15201] veth0_vlan: entered promiscuous mode [ 592.460219][T15201] veth1_vlan: entered promiscuous mode [ 592.607656][T15201] veth0_macvtap: entered promiscuous mode [ 592.638334][T15201] veth1_macvtap: entered promiscuous mode [ 592.786417][T15201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.823958][T15201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.844261][T15201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.861069][T15271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2374'. [ 592.863876][T15201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.901723][T15201] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 592.935475][T15201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.960155][T15201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.980818][T15201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.002847][T15201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.024553][T15201] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 593.058292][T15201] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.074067][T15201] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.093857][T15201] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.102723][T15201] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.396219][T14480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.410979][T14480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.517168][T14480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.540850][T14480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.892036][T15280] block nbd12: NBD_DISCONNECT [ 594.245328][T11846] Bluetooth: hci1: command tx timeout [ 594.274418][T15287] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 595.324697][T14820] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 595.353348][T15297] svc: failed to register nfsdv3 RPC service (errno 111). [ 595.719414][ T29] audit: type=1800 audit(4295165404.480:58): pid=15302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2384" name="discovery_nqn" dev="configfs" ino=47182 res=0 errno=0 [ 595.740724][ T29] audit: type=1804 audit(4295165404.480:59): pid=15304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2384" name="/newroot/sys/kernel/config/nvmet/discovery_nqn" dev="configfs" ino=47182 res=1 errno=0 [ 595.806572][T15297] svc: failed to register nfsaclv3 RPC service (errno 111). [ 595.891069][T14820] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 595.928488][T14820] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 595.940084][T14820] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 595.951907][T14820] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 595.961631][T14820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 596.369344][T14820] Bluetooth: hci1: command tx timeout [ 596.638254][T15299] chnl_net:caif_netlink_parms(): no params data found [ 596.908345][T10932] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 596.941901][T15314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2385'. [ 597.307759][T15299] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.370130][T15299] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.382725][T15299] bridge_slave_0: entered allmulticast mode [ 597.393122][T15299] bridge_slave_0: entered promiscuous mode [ 597.408390][T15299] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.418457][T15299] bridge0: port 2(bridge_slave_1) entered disabled state [ 597.430601][T15299] bridge_slave_1: entered allmulticast mode [ 597.443433][T15299] bridge_slave_1: entered promiscuous mode [ 597.513333][T15299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.552990][T15299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.710751][T15299] team0: Port device team_slave_0 added [ 597.722831][T15299] team0: Port device team_slave_1 added [ 597.886487][T15299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.899278][T15299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.934749][T15299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.991606][T15299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 598.004070][T15299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.071714][T15299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 598.074748][T11846] Bluetooth: hci4: command tx timeout [ 598.248721][T15299] hsr_slave_0: entered promiscuous mode [ 598.286664][T15299] hsr_slave_1: entered promiscuous mode [ 598.312664][T15299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 598.323847][T15299] Cannot create hsr debugfs directory [ 598.747010][T15299] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.860126][T15299] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.986304][T15299] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.034389][T15355] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2395'. [ 599.166674][T15299] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.323214][T15352] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2394'. [ 599.441762][T15299] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 599.467440][T15299] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 599.481552][T15299] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 599.496583][T15299] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 599.822314][T15370] random: crng reseeded on system resumption [ 599.956201][T15299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 600.077175][T15299] 8021q: adding VLAN 0 to HW filter on device team0 [ 600.154032][T11846] Bluetooth: hci4: command tx timeout [ 600.202013][T14481] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.209231][T14481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.503316][T10127] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.510564][T10127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.904169][T15299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 601.384965][T15299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.496728][T15299] veth0_vlan: entered promiscuous mode [ 601.530666][T15299] veth1_vlan: entered promiscuous mode [ 601.624821][T15299] veth0_macvtap: entered promiscuous mode [ 601.646322][T15299] veth1_macvtap: entered promiscuous mode [ 601.669952][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.682907][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.698740][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.712210][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.733965][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.764767][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.788733][T15299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 601.821249][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.847985][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.869880][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.892786][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.909819][T15299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 601.921269][T15299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.933683][T15299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 601.976511][T15299] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.987307][T15299] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.005388][T15299] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.018528][T15299] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.234177][T11846] Bluetooth: hci4: command tx timeout [ 602.384154][T12030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 602.413380][T12030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 602.539533][T10127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 602.577083][T10127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 603.446763][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2408'. [ 604.324418][T11846] Bluetooth: hci4: command tx timeout [ 604.376102][T15441] Invalid ELF header magic: != ELF [ 605.502534][T15454] FAULT_INJECTION: forcing a failure. [ 605.502534][T15454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 605.565194][T15454] CPU: 0 UID: 0 PID: 15454 Comm: syz.1.2420 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 605.576069][T15454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 605.586264][T15454] Call Trace: [ 605.589595][T15454] [ 605.592571][T15454] dump_stack_lvl+0x16c/0x1f0 [ 605.597320][T15454] should_fail_ex+0x497/0x5b0 [ 605.602075][T15454] _copy_to_user+0x32/0xd0 [ 605.606572][T15454] simple_read_from_buffer+0xd0/0x160 [ 605.612032][T15454] proc_fail_nth_read+0x198/0x270 [ 605.617153][T15454] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 605.622779][T15454] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 605.628409][T15454] vfs_read+0x1df/0xbe0 [ 605.632636][T15454] ? __fget_files+0x1fc/0x3a0 [ 605.637383][T15454] ? __pfx___mutex_lock+0x10/0x10 [ 605.642473][T15454] ? __pfx_vfs_read+0x10/0x10 [ 605.647227][T15454] ? __fget_files+0x206/0x3a0 [ 605.651986][T15454] ksys_read+0x12b/0x250 [ 605.656301][T15454] ? __pfx_ksys_read+0x10/0x10 [ 605.661136][T15454] do_syscall_64+0xcd/0x250 [ 605.665705][T15454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.671663][T15454] RIP: 0033:0x7fc78bf8473c [ 605.676129][T15454] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 605.695798][T15454] RSP: 002b:00007fc78ce1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 605.704271][T15454] RAX: ffffffffffffffda RBX: 00007fc78c175fa0 RCX: 00007fc78bf8473c [ 605.712295][T15454] RDX: 000000000000000f RSI: 00007fc78ce1c0a0 RDI: 0000000000000004 [ 605.720438][T15454] RBP: 00007fc78ce1c090 R08: 0000000000000000 R09: 0000000000000000 [ 605.728465][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 605.736484][T15454] R13: 0000000000000000 R14: 00007fc78c175fa0 R15: 00007ffe3e4f94f8 [ 605.744532][T15454] [ 605.887779][ T29] audit: type=1326 audit(4295165414.660:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15460 comm="syz.0.2422" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f37f6985d29 code=0x0 [ 606.189036][T15473] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2425'. [ 607.035459][T15491] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 607.055455][T15491] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 607.454647][T15478] delete_channel: no stack [ 608.791400][T15508] syz.0.2435 (15508) used greatest stack depth: 20320 bytes left [ 608.998930][T15531] Invalid ELF header magic: != ELF [ 609.414913][T15532] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2439'. [ 609.415252][T15543] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2442'. [ 609.471958][T15532] geneve1: entered allmulticast mode [ 611.176935][T15563] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2456'. [ 611.195166][T15563] bridge_slave_1: left allmulticast mode [ 611.201019][T15563] bridge_slave_1: left promiscuous mode [ 611.211336][T15563] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.237638][T15563] bridge_slave_0: left allmulticast mode [ 611.243365][T15563] bridge_slave_0: left promiscuous mode [ 611.275164][T15563] bridge0: port 1(bridge_slave_0) entered disabled state syzkaller syzkaller login: [ 612.278786][T15584] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2452'. [ 614.901860][T15631] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2465'. [ 615.030494][T15637] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2466'. syzkaller syzkaller login: [ 615.931054][T15661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2473'. [ 618.201476][T15719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2490'. [ 619.214310][T15733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2496'. [ 619.349344][T15733] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2496'. [ 619.372771][T15736] netlink: 'syz.2.2497': attribute type 4 has an invalid length. [ 619.524725][T15733] veth0_macvtap: left promiscuous mode [ 619.777261][T15750] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2500'. [ 619.967651][T15752] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 620.007627][T15752] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 620.334338][T15759] netlink: 'syz.3.2504': attribute type 4 has an invalid length. [ 620.746805][T15769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2505'. [ 622.134458][T15796] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 622.196420][T15796] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 622.584506][T15802] netlink: 'syz.1.2525': attribute type 4 has an invalid length. [ 622.691243][T15807] ubi13: attaching mtd0 [ 622.750106][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 622.795329][T15811] FAULT_INJECTION: forcing a failure. [ 622.795329][T15811] name failslab, interval 1, probability 0, space 0, times 0 [ 622.818040][T15807] ubi13: attaching mtd0 [ 622.820380][T15811] CPU: 0 UID: 0 PID: 15811 Comm: syz.1.2519 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 622.833049][T15811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 622.843149][T15811] Call Trace: [ 622.846478][T15811] [ 622.849433][T15811] dump_stack_lvl+0x16c/0x1f0 [ 622.854149][T15811] should_fail_ex+0x497/0x5b0 [ 622.858864][T15811] ? fs_reclaim_acquire+0xae/0x150 [ 622.864026][T15811] should_failslab+0xc2/0x120 [ 622.868750][T15811] __kmalloc_noprof+0xce/0x4f0 [ 622.873549][T15811] ? d_absolute_path+0x137/0x1b0 [ 622.878525][T15811] ? tomoyo_encode2+0x100/0x3e0 [ 622.883410][T15811] tomoyo_encode2+0x100/0x3e0 [ 622.888124][T15811] tomoyo_realpath_from_path+0x1a7/0x710 [ 622.893810][T15811] tomoyo_path_number_perm+0x248/0x5b0 [ 622.899318][T15811] ? tomoyo_path_number_perm+0x235/0x5b0 [ 622.905003][T15811] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 622.911057][T15811] ? __pfx_lock_release+0x10/0x10 [ 622.916110][T15811] ? trace_lock_acquire+0x14e/0x1f0 [ 622.921351][T15811] ? lock_acquire+0x2f/0xb0 [ 622.925887][T15811] ? __fget_files+0x40/0x3a0 [ 622.930532][T15811] ? __fget_files+0x206/0x3a0 [ 622.935251][T15811] security_file_ioctl+0x9b/0x240 [ 622.940310][T15811] __x64_sys_ioctl+0xb7/0x200 [ 622.945022][T15811] do_syscall_64+0xcd/0x250 [ 622.949659][T15811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.955592][T15811] RIP: 0033:0x7fc78bf85d29 [ 622.960040][T15811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.979770][T15811] RSP: 002b:00007fc78ce1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 622.988216][T15811] RAX: ffffffffffffffda RBX: 00007fc78c175fa0 RCX: 00007fc78bf85d29 [ 622.996218][T15811] RDX: fffffffffffff4e0 RSI: 000000000000541b RDI: 0000000000000003 [ 623.004216][T15811] RBP: 00007fc78ce1c090 R08: 0000000000000000 R09: 0000000000000000 [ 623.012213][T15811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.020209][T15811] R13: 0000000000000000 R14: 00007fc78c175fa0 R15: 00007ffe3e4f94f8 [ 623.028229][T15811] [ 623.062683][T15811] ERROR: Out of memory at tomoyo_realpath_from_path. [ 623.066888][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.154055][T15807] ubi13: attaching mtd0 [ 623.201245][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.284248][T15807] ubi13: attaching mtd0 [ 623.298449][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.337329][T15807] ubi13: attaching mtd0 [ 623.364245][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.389043][T15807] ubi13: attaching mtd0 [ 623.404038][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.435465][T15807] ubi13: attaching mtd0 [ 623.439806][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.473472][T15807] ubi13: attaching mtd0 [ 623.496604][T15807] ubi13 error: ubi_attach_mtd_dev: bad VID header (13) or data offsets (77) [ 623.549741][T15819] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2521'. [ 624.289641][T15835] FAULT_INJECTION: forcing a failure. [ 624.289641][T15835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 624.329509][T15835] CPU: 0 UID: 0 PID: 15835 Comm: syz.2.2529 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 624.340377][T15835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 624.350489][T15835] Call Trace: [ 624.353822][T15835] [ 624.356798][T15835] dump_stack_lvl+0x16c/0x1f0 [ 624.361546][T15835] should_fail_ex+0x497/0x5b0 [ 624.366316][T15835] _copy_from_user+0x2e/0xd0 [ 624.370983][T15835] copy_msghdr_from_user+0x99/0x160 [ 624.376253][T15835] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 624.382133][T15835] ? __lock_acquire+0xcc5/0x3c40 [ 624.387170][T15835] ___sys_sendmsg+0xff/0x1e0 [ 624.391842][T15835] ? __pfx____sys_sendmsg+0x10/0x10 [ 624.397132][T15835] ? trace_lock_acquire+0x14e/0x1f0 [ 624.402427][T15835] __sys_sendmmsg+0x201/0x420 [ 624.407183][T15835] ? __pfx___sys_sendmmsg+0x10/0x10 [ 624.412554][T15835] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 624.418641][T15835] ? fput+0x67/0x440 [ 624.422614][T15835] ? ksys_write+0x1ba/0x250 [ 624.427179][T15835] ? __pfx_ksys_write+0x10/0x10 [ 624.432094][T15835] __x64_sys_sendmmsg+0x9c/0x100 [ 624.437138][T15835] ? lockdep_hardirqs_on+0x7c/0x110 [ 624.442400][T15835] do_syscall_64+0xcd/0x250 [ 624.446977][T15835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.452935][T15835] RIP: 0033:0x7f3377385d29 [ 624.457399][T15835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 624.477154][T15835] RSP: 002b:00007f3378105038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 624.485633][T15835] RAX: ffffffffffffffda RBX: 00007f3377575fa0 RCX: 00007f3377385d29 [ 624.493654][T15835] RDX: 0000000000000003 RSI: 0000000020000080 RDI: 0000000000000003 [ 624.501677][T15835] RBP: 00007f3378105090 R08: 0000000000000000 R09: 0000000000000000 [ 624.509699][T15835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 624.517721][T15835] R13: 0000000000000000 R14: 00007f3377575fa0 R15: 00007ffc5acd1108 [ 624.525759][T15835] [ 624.615281][T15841] FAULT_INJECTION: forcing a failure. [ 624.615281][T15841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 624.659140][T15841] CPU: 0 UID: 0 PID: 15841 Comm: syz.3.2532 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 624.670004][T15841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 624.680118][T15841] Call Trace: [ 624.683451][T15841] [ 624.686430][T15841] dump_stack_lvl+0x16c/0x1f0 [ 624.691186][T15841] should_fail_ex+0x497/0x5b0 [ 624.696021][T15841] _copy_to_user+0x32/0xd0 [ 624.700511][T15841] simple_read_from_buffer+0xd0/0x160 [ 624.706057][T15841] proc_fail_nth_read+0x198/0x270 [ 624.711252][T15841] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 624.716877][T15841] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 624.722502][T15841] vfs_read+0x1df/0xbe0 [ 624.726728][T15841] ? __fget_files+0x1fc/0x3a0 [ 624.731476][T15841] ? __pfx___mutex_lock+0x10/0x10 [ 624.736590][T15841] ? __pfx_vfs_read+0x10/0x10 [ 624.741339][T15841] ? __fget_files+0x206/0x3a0 [ 624.746094][T15841] ksys_read+0x12b/0x250 [ 624.750486][T15841] ? __pfx_ksys_read+0x10/0x10 [ 624.755324][T15841] do_syscall_64+0xcd/0x250 [ 624.759900][T15841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.765861][T15841] RIP: 0033:0x7f8d3fd8473c [ 624.770335][T15841] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 624.790004][T15841] RSP: 002b:00007f8d40b7b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 624.798522][T15841] RAX: ffffffffffffffda RBX: 00007f8d3ff75fa0 RCX: 00007f8d3fd8473c [ 624.806548][T15841] RDX: 000000000000000f RSI: 00007f8d40b7b0a0 RDI: 0000000000000004 [ 624.814563][T15841] RBP: 00007f8d40b7b090 R08: 0000000000000000 R09: 0000000000000000 [ 624.822583][T15841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 624.830599][T15841] R13: 0000000000000000 R14: 00007f8d3ff75fa0 R15: 00007ffef3c17b68 [ 624.838637][T15841] [ 625.217507][T15852] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2534'. [ 628.137032][T15911] could not allocate digest TFM handle [ 629.851910][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.858552][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.546684][T15944] netlink: 286 bytes leftover after parsing attributes in process `syz.0.2557'. [ 630.778969][T15946] Invalid ELF header magic: != ELF [ 631.190807][T15960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2562'. [ 631.406681][T15951] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2559'. [ 634.834823][T16012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2575'. [ 638.797592][T16074] netlink: 146 bytes leftover after parsing attributes in process `syz.3.2594'. [ 639.054805][T16080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2595'. [ 639.734965][T16098] program syz.2.2601 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 639.796113][T16101] netlink: 286 bytes leftover after parsing attributes in process `syz.3.2602'. [ 639.923361][T16105] Process accounting resumed [ 639.943093][T16105] i8042 kbd 00:01: in use; can't configure [ 640.191525][T15989] udevd[15989]: inotify_add_watch(7, /dev/sda1, 10) failed: No such file or directory [ 640.523416][T16124] netlink: 286 bytes leftover after parsing attributes in process `syz.2.2606'. [ 640.703013][T16107] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2603'. [ 641.393344][T16144] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2610'. [ 642.107881][T16149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2612'. [ 642.952326][T16157] FAULT_INJECTION: forcing a failure. [ 642.952326][T16157] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 643.003881][T16157] CPU: 0 UID: 0 PID: 16157 Comm: syz.2.2615 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 643.014747][T16157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 643.024943][T16157] Call Trace: [ 643.028273][T16157] [ 643.031253][T16157] dump_stack_lvl+0x16c/0x1f0 [ 643.036013][T16157] should_fail_ex+0x497/0x5b0 [ 643.040754][T16157] ? fs_reclaim_acquire+0xae/0x150 [ 643.046118][T16157] should_fail_alloc_page+0xe7/0x130 [ 643.051566][T16157] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 643.057794][T16157] __alloc_pages_noprof+0x190/0x25b0 [ 643.063158][T16157] ? __pfx_mark_lock+0x10/0x10 [ 643.068013][T16157] ? __pfx___lock_acquire+0x10/0x10 [ 643.073386][T16157] ? mark_lock+0xb5/0xc60 [ 643.077799][T16157] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 643.083603][T16157] ? hlock_class+0x4e/0x130 [ 643.088174][T16157] ? __lock_acquire+0xcc5/0x3c40 [ 643.093203][T16157] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 643.099181][T16157] ? policy_nodemask+0xea/0x4e0 [ 643.104118][T16157] alloc_pages_mpol_noprof+0x2c9/0x610 [ 643.109660][T16157] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 643.115731][T16157] ? find_held_lock+0x2d/0x110 [ 643.120567][T16157] folio_alloc_mpol_noprof+0x36/0xd0 [ 643.125935][T16157] shmem_alloc_folio+0x135/0x160 [ 643.130985][T16157] shmem_alloc_and_add_folio+0x48b/0xc00 [ 643.136684][T16157] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 643.142644][T16157] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 643.148858][T16157] ? shmem_huge_global_enabled+0x176/0x250 [ 643.154736][T16157] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 643.160699][T16157] shmem_get_folio_gfp+0x689/0x1530 [ 643.165965][T16157] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 643.171660][T16157] ? filemap_map_pages+0xf92/0x16b0 [ 643.176929][T16157] shmem_fault+0x200/0xae0 [ 643.181409][T16157] ? __pfx_shmem_fault+0x10/0x10 [ 643.186413][T16157] ? do_pte_missing+0xdd7/0x3e00 [ 643.191421][T16157] ? __pfx_lock_release+0x10/0x10 [ 643.196531][T16157] __do_fault+0x10a/0x490 [ 643.200933][T16157] do_pte_missing+0xebd/0x3e00 [ 643.205834][T16157] __handle_mm_fault+0x103c/0x2a40 [ 643.211024][T16157] ? __pfx___handle_mm_fault+0x10/0x10 [ 643.216555][T16157] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 643.222274][T16157] ? find_vma+0xc0/0x140 [ 643.226568][T16157] ? __pfx_find_vma+0x10/0x10 [ 643.231304][T16157] handle_mm_fault+0x3fa/0xaa0 [ 643.236143][T16157] do_user_addr_fault+0x7a3/0x13f0 [ 643.241316][T16157] exc_page_fault+0x5c/0xc0 [ 643.245871][T16157] asm_exc_page_fault+0x26/0x30 [ 643.250779][T16157] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 643.256659][T16157] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 643.276323][T16157] RSP: 0018:ffffc90003ddf7e8 EFLAGS: 00050206 [ 643.282443][T16157] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000000c4 [ 643.290463][T16157] RDX: ffffed10129704f9 RSI: 0000000000000000 RDI: ffff888094b82700 [ 643.298500][T16157] RBP: ffffc90003ddfd60 R08: 0000000000000001 R09: ffffed10129704f8 [ 643.306524][T16157] R10: ffff888094b827c3 R11: 0000000000000000 R12: 00000000000000c4 [ 643.314541][T16157] R13: 00007ffffffff000 R14: ffff888094b82700 R15: 00000000000000c4 [ 643.322581][T16157] _copy_from_iter+0x384/0x1400 [ 643.327502][T16157] ? trace_lock_acquire+0x14e/0x1f0 [ 643.332760][T16157] ? __alloc_skb+0x200/0x380 [ 643.337416][T16157] ? __pfx__copy_from_iter+0x10/0x10 [ 643.342773][T16157] ? __virt_addr_valid+0x1a4/0x590 [ 643.347960][T16157] ? __virt_addr_valid+0x5e/0x590 [ 643.353053][T16157] ? __phys_addr_symbol+0x30/0x80 [ 643.358145][T16157] ? __check_object_size+0x488/0x710 [ 643.363526][T16157] netlink_sendmsg+0x813/0xd70 [ 643.368356][T16157] ? __pfx_netlink_sendmsg+0x10/0x10 [ 643.373716][T16157] ____sys_sendmsg+0x9ae/0xb40 [ 643.378624][T16157] ? copy_msghdr_from_user+0x10b/0x160 [ 643.384157][T16157] ? __pfx_____sys_sendmsg+0x10/0x10 [ 643.389500][T16157] ? __lock_acquire+0xcc5/0x3c40 [ 643.394537][T16157] ___sys_sendmsg+0x135/0x1e0 [ 643.399286][T16157] ? __pfx____sys_sendmsg+0x10/0x10 [ 643.404570][T16157] ? trace_lock_acquire+0x14e/0x1f0 [ 643.409864][T16157] __sys_sendmmsg+0x201/0x420 [ 643.414612][T16157] ? __pfx___sys_sendmmsg+0x10/0x10 [ 643.419896][T16157] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 643.425954][T16157] ? fput+0x67/0x440 [ 643.429917][T16157] ? ksys_write+0x1ba/0x250 [ 643.434476][T16157] ? __pfx_ksys_write+0x10/0x10 [ 643.439393][T16157] __x64_sys_sendmmsg+0x9c/0x100 [ 643.444412][T16157] ? lockdep_hardirqs_on+0x7c/0x110 [ 643.449671][T16157] do_syscall_64+0xcd/0x250 [ 643.454244][T16157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.460203][T16157] RIP: 0033:0x7f3377385d29 [ 643.464663][T16157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.484330][T16157] RSP: 002b:00007f3378105038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 643.492804][T16157] RAX: ffffffffffffffda RBX: 00007f3377575fa0 RCX: 00007f3377385d29 [ 643.500912][T16157] RDX: 0000000000000003 RSI: 0000000020000080 RDI: 0000000000000003 [ 643.508936][T16157] RBP: 00007f3378105090 R08: 0000000000000000 R09: 0000000000000000 [ 643.516988][T16157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 643.525012][T16157] R13: 0000000000000000 R14: 00007f3377575fa0 R15: 00007ffc5acd1108 [ 643.533059][T16157] [ 643.536203][ C0] vkms_vblank_simulate: vblank timer overrun [ 644.261717][T16164] netlink: 286 bytes leftover after parsing attributes in process `syz.2.2618'. [ 644.519823][T16172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2619'. [ 644.558697][T16172] vcan0: entered promiscuous mode [ 644.595615][T16172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2619'. [ 644.668909][T16172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2619'. [ 644.683299][T16172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2619'. [ 645.433058][T11846] Bluetooth: hci0: ACL packet too small [ 645.442431][T16189] Invalid input. Must be >= 4608 [ 645.469239][T16189] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2622'. [ 645.627791][T16200] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2623'. [ 645.926997][T16206] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 645.990172][T16206] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 646.946056][T16219] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 646.965239][T16219] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 647.072705][T16223] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2631'. [ 647.172447][T16227] netlink: 286 bytes leftover after parsing attributes in process `syz.2.2631'. [ 648.295094][T14820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 648.338308][T14820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 648.364079][T14820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 648.379541][T14820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 648.403744][T14820] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 648.424240][T14820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 648.887917][T16247] chnl_net:caif_netlink_parms(): no params data found [ 649.408179][T16247] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.431423][T16247] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.460400][T16247] bridge_slave_0: entered allmulticast mode [ 649.482055][T16247] bridge_slave_0: entered promiscuous mode [ 649.525230][T16247] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.532507][T16247] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.559034][T16247] bridge_slave_1: entered allmulticast mode [ 649.581571][T16247] bridge_slave_1: entered promiscuous mode [ 649.652802][ T29] audit: type=1800 audit(4295165458.420:61): pid=16269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2637" name="dbroot" dev="configfs" ino=51012 res=0 errno=0 [ 649.761429][T16247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 649.809828][T16247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 649.926909][T16247] team0: Port device team_slave_0 added [ 649.961666][T16247] team0: Port device team_slave_1 added [ 650.102295][T16247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 650.115899][T16247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 650.171648][T16247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 650.192239][T16247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 650.212547][T16247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 650.246409][T16247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 650.441726][T16247] hsr_slave_0: entered promiscuous mode [ 650.462986][T16247] hsr_slave_1: entered promiscuous mode [ 650.473423][T16247] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 650.483500][T16247] Cannot create hsr debugfs directory [ 650.490410][T14820] Bluetooth: hci3: command tx timeout [ 651.126748][T16247] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.260923][T16247] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.431221][T16247] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.547741][T16247] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.768478][T16247] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 651.787307][T16247] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 651.798626][T16247] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 651.819508][T16247] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 652.058543][T16247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 652.111334][T16247] 8021q: adding VLAN 0 to HW filter on device team0 [ 652.154906][T14480] bridge0: port 1(bridge_slave_0) entered blocking state [ 652.162076][T14480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 652.207425][T10131] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.214637][T10131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 652.360049][T16247] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 652.391704][T16315] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2652'. [ 652.559393][T14820] Bluetooth: hci3: command tx timeout [ 652.595337][T16321] FAULT_INJECTION: forcing a failure. [ 652.595337][T16321] name failslab, interval 1, probability 0, space 0, times 0 [ 652.621343][T16321] CPU: 1 UID: 0 PID: 16321 Comm: syz.0.2653 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 652.632199][T16321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 652.642303][T16321] Call Trace: [ 652.645636][T16321] [ 652.648610][T16321] dump_stack_lvl+0x16c/0x1f0 [ 652.653373][T16321] should_fail_ex+0x497/0x5b0 [ 652.658118][T16321] ? fs_reclaim_acquire+0xae/0x150 [ 652.663286][T16321] should_failslab+0xc2/0x120 [ 652.668029][T16321] __kmalloc_cache_noprof+0x68/0x420 [ 652.673382][T16321] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 652.678924][T16321] ? __pfx_lock_release+0x10/0x10 [ 652.684015][T16321] gpiolib_seq_start+0x69/0x270 [ 652.688956][T16321] seq_read_iter+0x2ab/0x12b0 [ 652.693715][T16321] seq_read+0x39f/0x4e0 [ 652.697936][T16321] ? __pfx_seq_read+0x10/0x10 [ 652.702701][T16321] full_proxy_read+0xfb/0x1b0 [ 652.707468][T16321] ? __pfx_full_proxy_read+0x10/0x10 [ 652.712818][T16321] vfs_read+0x1df/0xbe0 [ 652.717038][T16321] ? __fget_files+0x1fc/0x3a0 [ 652.721774][T16321] ? __pfx___mutex_lock+0x10/0x10 [ 652.726858][T16321] ? __pfx_vfs_read+0x10/0x10 [ 652.731683][T16321] ? __fget_files+0x206/0x3a0 [ 652.736408][T16321] ksys_read+0x12b/0x250 [ 652.740686][T16321] ? __pfx_ksys_read+0x10/0x10 [ 652.745495][T16321] do_syscall_64+0xcd/0x250 [ 652.750040][T16321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.755981][T16321] RIP: 0033:0x7f37f6985d29 [ 652.760423][T16321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.780062][T16321] RSP: 002b:00007f37f77ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 652.788520][T16321] RAX: ffffffffffffffda RBX: 00007f37f6b75fa0 RCX: 00007f37f6985d29 [ 652.796517][T16321] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 652.804508][T16321] RBP: 00007f37f77ae090 R08: 0000000000000000 R09: 0000000000000000 [ 652.812502][T16321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.820495][T16321] R13: 0000000000000000 R14: 00007f37f6b75fa0 R15: 00007ffd6401d068 [ 652.828509][T16321] [ 652.844158][T16313] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(16891205.0.1377435648), cmd(12) [ 652.916065][T16321] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 652.928729][T16321] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 652.930286][T16247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 652.937153][T16321] CPU: 0 UID: 0 PID: 16321 Comm: syz.0.2653 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 652.937193][T16321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 652.937212][T16321] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 652.937269][T16321] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 652.937302][T16321] RSP: 0018:ffffc90003257ae0 EFLAGS: 00010247 [ 652.937330][T16321] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 [ 652.937353][T16321] RDX: 0000000000000000 RSI: ffffffff84cca6be RDI: 0000000000000004 [ 652.937375][T16321] RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 653.020191][T16321] R10: ffffffff8df7cc53 R11: 0000000000000001 R12: 0000000000000000 [ 653.028183][T16321] R13: ffffffff8bb599a0 R14: 0000000000000000 R15: ffffc90003257c48 [ 653.036172][T16321] FS: 00007f37f77ae6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 653.045131][T16321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 653.051835][T16321] CR2: 0000000000000000 CR3: 000000006aeb6000 CR4: 00000000003526f0 [ 653.059825][T16321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 653.067815][T16321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 653.075808][T16321] Call Trace: [ 653.079095][T16321] [ 653.082039][T16321] ? die_addr+0x3b/0xa0 [ 653.086221][T16321] ? exc_general_protection+0x155/0x230 [ 653.091806][T16321] ? asm_exc_general_protection+0x26/0x30 [ 653.097560][T16321] ? gpiolib_seq_stop+0xe/0xe0 [ 653.102361][T16321] ? gpiolib_seq_stop+0x4c/0xe0 [ 653.107255][T16321] seq_read_iter+0x5ff/0x12b0 [ 653.111959][T16321] seq_read+0x39f/0x4e0 [ 653.116134][T16321] ? __pfx_seq_read+0x10/0x10 [ 653.120854][T16321] full_proxy_read+0xfb/0x1b0 [ 653.125559][T16321] ? __pfx_full_proxy_read+0x10/0x10 [ 653.130876][T16321] vfs_read+0x1df/0xbe0 [ 653.135059][T16321] ? __fget_files+0x1fc/0x3a0 [ 653.139762][T16321] ? __pfx___mutex_lock+0x10/0x10 [ 653.144948][T16321] ? __pfx_vfs_read+0x10/0x10 [ 653.149651][T16321] ? __fget_files+0x206/0x3a0 [ 653.154354][T16321] ksys_read+0x12b/0x250 [ 653.158639][T16321] ? __pfx_ksys_read+0x10/0x10 [ 653.163428][T16321] do_syscall_64+0xcd/0x250 [ 653.167962][T16321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.173889][T16321] RIP: 0033:0x7f37f6985d29 [ 653.178336][T16321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.198061][T16321] RSP: 002b:00007f37f77ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 653.206494][T16321] RAX: ffffffffffffffda RBX: 00007f37f6b75fa0 RCX: 00007f37f6985d29 [ 653.214484][T16321] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 653.222470][T16321] RBP: 00007f37f77ae090 R08: 0000000000000000 R09: 0000000000000000 [ 653.230456][T16321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.238442][T16321] R13: 0000000000000000 R14: 00007f37f6b75fa0 R15: 00007ffd6401d068 [ 653.246438][T16321] [ 653.249465][T16321] Modules linked in: [ 653.254472][T16321] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 653.323923][T16321] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 653.371067][T16321] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 653.383603][T16247] veth0_vlan: entered promiscuous mode [ 653.417132][T16321] RSP: 0018:ffffc90003257ae0 EFLAGS: 00010247 [ 653.424462][T16321] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 [ 653.432492][T16321] RDX: 0000000000000000 RSI: ffffffff84cca6be RDI: 0000000000000004 [ 653.457757][T16247] veth1_vlan: entered promiscuous mode [ 653.472243][T16321] RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 653.493667][T16321] R10: ffffffff8df7cc53 R11: 0000000000000001 R12: 0000000000000000 [ 653.503335][T16321] R13: ffffffff8bb599a0 R14: 0000000000000000 R15: ffffc90003257c48 [ 653.512800][T16321] FS: 00007f37f77ae6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 653.540804][T16247] veth0_macvtap: entered promiscuous mode [ 653.546786][T16321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 653.553423][T16321] CR2: 0000001b2fedfff8 CR3: 000000006aeb6000 CR4: 00000000003526f0 [ 653.562921][T16247] veth1_macvtap: entered promiscuous mode [ 653.571564][T16321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 653.580096][T16321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 653.590705][T16321] Kernel panic - not syncing: Fatal exception [ 653.597055][T16321] Kernel Offset: disabled [ 653.601387][T16321] Rebooting in 86400 seconds..