last executing test programs: 10m26.692805837s ago: executing program 0 (id=254): madvise$auto(0xffffffffffffffff, 0x7fffffffffffffff, 0x5) r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/devices\x00', 0x800, 0x0) pread64$auto(r0, &(0x7f0000000000)='/sys/kernel/debug/clear_warn_once\x00=%\xd6d\x00\vFua\x183A^mk\xdd\xa6\xda\x14\x8f\x836h2,\xa6\xb0^\x12\xae\xd5\x00O\r\xb3\xb8\xc3\xb5-&J\xdd\x12>h\xcb@\x8d\xbaG\xb3P\xb4\x8f\xe7`\n\xa2\x99\x99\x92q\xe9b\x0f\x97\xb4T\xea\xb1\x83B\x88\x80\x95\xa8\xab\x14\xb9\x0f\"j\x8f\x8c\x06\xab\x95\xcf\x15\xd5\xdeQhy3\xb7D\x8ee\xea\n\xd5\x1d^\xce\x15\v\xb5\xfd\x7f\xb8\x831\x91\xb3\xbe9\xce\x00\x9eMG\n\x0f\xf1\xda\xf1\x8f`\xf6\x02\xbe\xec!\xb0\xaf\xc59c&\xff\x10\x96\xdb\x8c\xe6\xc8w\x1f\x05{?\x03\x9c\xafE7\x1bH\xa5m', 0x6, 0x81) write$auto(r0, &(0x7f0000000200)='/proc/self/timensCoffse4s\x00%]v\xa8b\xbf\xa6\xf7mK\"\x10\xed\x8a\x84\xed\x06\x83K\xc9\xb9\xaf0v\x84|\xda\x818\xd7\x1a<#N\xbd\xe4\xf8F\xc5\xeb\x03\xaa\xce\xc8+\xccyB\x93\xd6\xd3\xf6\x12%\nG\x058\xd3G\xe8\xb7\xb6\xa0\xdc\x8d#t\xd1\x15\xbd5X\xbfT\xdf\x9d\x0f\a\x12U\x9c\\\xa1\xbcD\x8eh\xcf\xe1\xff\x87\x19t\xda\xcaNg5v\xf5\xd5\x80w\xe2J\x80\x03\xb0,\xdf\xdbU\xee\xc6M\xea\x00\b\xff\xc1\x12Gz\xd4\x04x\x10\x1fz\v\f\xbc\x99j\xbf\xba\xa7l-\xeaNg\b\xe0\xc0\x14\xf1WB*\x87\xc6%\x92\x81\x16\xa2\x9f\x87\xaa\xac\x98\x00\x17/\xce\x95\xb7\x9d`\x1e\x91\x1c<\xc7\xd4\xe3\xa8\xe5\x83\x9fB\x10\xb5^\a\x13\xa6\x1a\xa2\xee\xfeD/\xf4\xd2\x99=.\xfd1\x1e\x9f\xd5\x90f\xc0D\fN\xdf.', 0xd) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r1, 0x64c2, 0x1e2) mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x2) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r3 = openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_DUMPHMAC(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14d450ac95bde0d2ea00afc39df7df41d82d5f9acb283c3fdbbf4d626c433931998aeb4894be44f23f534273d276120fc1f1fec60aa83d6c7e7abb7f9c387e2d3c4a145d85e8d2851b611c223ea6a441c374d2f7e2eb4f3bb3ef52779e0d301e205df62382e9c3c0b6730dc57d", @ANYRES16=r5, @ANYBLOB="01172bbd7000ffdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x844) write$auto(r3, &(0x7f0000000000)='/proc/self/timens_offsets\x00', 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IPVS_CMD_SET_SERVICE(r6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004090}, 0x0) madvise$auto(0x0, 0x108, 0x8) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, r6, 0x8000) 10m26.478057219s ago: executing program 0 (id=255): socket(0x2, 0x5, 0x0) listen$auto(0x3, 0x9) listen$auto(0x3, 0x0) mprotect$auto(0x8000, 0xacd, 0x1ff) getcwd$auto(&(0x7f0000000000)='[]\'\x00', 0x8) listen$auto(0x3, 0x83) 10m26.295972217s ago: executing program 0 (id=258): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0xc00, 0x2c, 0x2c, 0x0, 0x2}) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto(r1, 0xc0306201, 0x9) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x400000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0xfff, 0x107, 0x5, 0x6, 0x1ffde, 0xfffffffa, 0x7f, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x8, 0x8, 0x10006, 0x4000080, 0x0, 0x0, 0xe, 0x22000, 0x1fd, 0x0, 0x84, [0x3, 0x2, 0x0, 0x2, 0x0, 0x80, 0x0, 0x4000000000001, 0x70624ce7, 0x0, 0x5, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8000000000000000, 0x2000000000000004, 0x10000000000004, 0x10000000000, 0xb668, 0x4, 0xfffffffffffffe00, 0x0, 0x0, 0x1005, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x8, 0x804, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x8, 0x7, 0xc567, 0xbb]}, 0x1fe, 0xd) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r2 = socket(0xa, 0x3, 0x3a) bind$auto(r2, &(0x7f0000000180)=@vsock={0x28, 0x0, 0x2711}, 0x3e) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x2c}}, 0x840) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000b40)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000480)={0x64c, r7, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_TIMED_OUT={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_HE_CAPABILITY={0x34, 0x10d, "b2d5fae2f4f0638f2221ce282375edf8ea2a57504ece247c3431c76816f84015288b3e46e839b08152f59272f0f5ddc8"}, @NL80211_ATTR_KEY_SEQ={0xf, 0xa, "2ae2e096d258bf39f6f413"}, @NL80211_ATTR_IE_RIC={0x5df, 0xb2, "722f1ae88547d1beba2d43d1b491140e02605baeeaf54e5411ceb2f4a5c4c1d2a50bedd91e0be70417de65e4dbf3eabba82016e8f903c3cc9a0e0a400b688b9516aee0148562c85dfc39a4b99e835e8fcc8b88ed4a1bdb5c7aeda5026684a1b29fa0dd3c62bff1f5a433d935ccbf51156087ed86c33ba875c0b4fa08f542e0f8376903c431ef1a532640826c42c1bac5a5c1304e82ba7936ed788bed754b0d317bc8ff017948e80e76e4451f1c99b5669b9ce3e204800ddcf5422d6d57e0c8b067faaab4e260a0ec6268a18e30d7b3f454fe7087b8baede46256503e99635d80b412783a1c57345d6155c6d4f0ae380938ebb568d0ae6f9d2fb0ef798722c5b484f598f745d697615e1e08760469a84d53e5467913ae6e7d404afdddb29a50796f78b33a0099e182c021c32bafe8d154ab03a4a6f511e68c789a31d69812ba3f6862e986495ee93248e29998efebda902effeaec1518ea0e59f2054bf4ad8f448a22b38c04d71fa89eab8ee04d94b6889ce305e0e502950e7dbb0b6eced2546deabc472908d180c6d881ca232e5572ca59a2c57446d0ca65961c9a5e4f9a6a44e6aabb6b120dad642952e18a6c63b82088ebae6e204b6e23e6e3d26e43f74a5aeeefb2fbae276ac4933689c68465fbe179bb7f99879370a0b9599f9349d2da03250b9c3b79f649866ef79327a0bffaf13c4b1f9cb812e4e7f73469cb3415ac80cbb8add0b2e4c0a543a4b2a4716f699d5ebff39b42d9896c5b4113f9d9938bca1c7b08bb670c9898d49198cc022fce8240d88eab7a15c16dc00609fddb313bc7e71ef49a83bd35bb43870ae478c2f59bd63bbaa9bf4052fdd18a558e5508854dc048e86f33e7d6a43b9cc4badc08bc91a5e6d19e81532b307751a033a40e665b9489bd23eccd07adede3a0e661b98efd8d00a4402dcb9e1bd4e2c2d68bb9eb887939b74ad70e2dc69f3bd539e2ad2a36cf6f980687ed6a2852ce54470e0d1657c16528102d11401257c0189e2e950caae1db757537569d2b788e3f7e08645e324a7c7fb189a2e796e13bc6e25403977fc455591ef5f32d37fff9e50972aef176ba3b4c99e4a1215acc3d548665ea7b471dae9ab250bfc0b5e770110985391fd0970874d5fbe2c6ebd5fdd044d08c87dfc88c02c17654f1fbee25d032305fb08395b912ab03ae7322c286dbf9ab133a74b39c87c448f35a646b330092063d777a916e33007f57a1b11cda0159f8fe56d83206c2fc1ea16417ee397a76542d812b095820d23763d5eb513b7d4f1c7663125f392fb235d3597f481eba38f81cf8f6607787ee9f16fee6fd6e7bb2c2664a1a886326cc62c11c87b9a586cae771f2b55983fb9ddda69609d4e0afa2dcc495b33bc7460d13c320bece622ee7708302f66729057e47b81c75ac43b26dd47b2fb8d50ff0c58153077db37c9a157cbe477e2a80c06c2ca357578ae083516d2acf796168a96de453c4073d9eac987db0446a36cfaa49d9bb8454ec7137966f801b988b16a2fb696b837f4574901916ab90acea65c77cb7c0da5ff2824c71f12a51edceb555cbbee7966b572c520f0e5794062c606d39a908989e081dd8720170dbd539850a75d909c4fdf32fd3daec83c872543ac22909b73a39a887057ca623b0c20398049be7f9d096f25a385881583e4a3053d3b36f6b8e9d06520332fbeeb8ce311b20472ef114cf7152fdd1ba47b40a6270d359b3396558247d5f63d3a402979b2b227df008d70e5b741453b14220293cf8eb33db1a700da16e4890a0ff8090f70c693249e5d3f1586f193e27c003a9f28c5ac7d4af1aa7b888b67cc3a7f517edc286475a96cbaa26de27915f848291df8979d77f25661bc7563ddb2d895b2646ac45e19f77e6fce32cf040fbceb365140bc72b9e510265bb0b56e41cad2b55024484bd6fe5f7d959d88cbf1fe2a10b281b4e3a6cdf4262a9acb2b8f98a9fb2b4c613bef969be7f0f1a275dac204072deae5b06589ff49afac373a467746391ff57fb387dfab2285f79b935db57a6457b1644074a5b1c931dcd54e36cbcccf1e7b7181ba6cacffad007e4097072684a3d651ba09ed0a330a972abf5cf1020e611256df1fb185154919ef4"}]}, 0x64c}, 0x1, 0x0, 0x0, 0xc0}, 0x10004001) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd0}, 0x840) msgctl$auto(0x0, 0x3, 0x0) sendmsg$auto_BATADV_CMD_SET_MESH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r4, 0x1, 0x70bd28, 0x25dfdbb9, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xfe}]}, 0x24}, 0x1, 0x0, 0x0, 0x44010}, 0x0) 10m25.476440495s ago: executing program 0 (id=261): r0 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/current_tracer\x00', 0x581000, 0x0) close_range$auto(0xffffffffffffffff, r0, 0x80) close_range$auto(r0, r0, 0x0) r1 = inotify_init1$auto(0x0) read$auto_snd_pcm_oss_f_reg_pcm_oss(r1, &(0x7f0000000040)=""/4096, 0x1000) ppoll$auto(&(0x7f0000001040)={r1, 0x0, 0x4}, 0x1, &(0x7f0000001080)={0x4, 0xfffffffffffffff8}, &(0x7f00000010c0)={0x8000}, 0x8) r3 = signalfd4$auto(r2, &(0x7f0000001100)={0x4}, 0x400, 0x1) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0x0) openat$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000001180), 0x103000, 0x0) r5 = fsopen$auto(&(0x7f00000011c0)='/sys/kernel/debug/bluetooth/rfcomm_dlc\x00', 0x3) shmctl$auto(0x46a280, 0x5, &(0x7f0000001400)={{0xb31, 0x0, 0xee01, 0x800, 0xfff, 0x80000001, 0x1}, 0x1, 0x8, 0x400000, 0x5, @inferred=0xffffffffffffffff, @raw=0x5, 0x4, 0x0, &(0x7f0000001240)="333136eb95a0695189bb2dfc250a1e871ead5ad1da84bfc4ba57da4cdecb359816cd815d232a5c9bfecde1d0a300fb46a59f45c60b4f40f77cc70ba67dacdb54345e2a6353ec5d7d60a4a5a1238a647a520c83504b6028f40308b69f5d7ddda1e6c5fc405a1325d995cfeb574b0451e8eca61f709fd8f67f0ce999fd641dd8169c92d66cad9264bdbc8354336434094cd0f8b86f72d9f2d6ce2ac2ecfc8d9ed4172fce7aa1fbdc96447bb00b5f8596855cef03bde00961260e0997bca0de", &(0x7f0000001300)="41e0a288047d0ae37fcc3bda3a011ce676bfa1b724c7d81f1036390db69dce2b3f3d14b736f7ec14c3b418a04431463c10d77ecf39709036fd27ea60752615c02e4dabc16eac494931bbadca1b3a54d5c6c3343b3f3003d4d4418bfbc56fb623d436c1c4484ed2d7e1204075812a21c625cb722ea0e5a15ed115884fedbeed89c8b216000ac04bcf97a136650262b70ffacf0659bdda038a6b74d86c1886f706d97556e5c3d917879937bdb8cb3c3f1df65d6bd8334276fd51be1dbc3133dc24d7b75ed2fd57cfd255d3c236d59c12f0720a"}) lstat$auto(&(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)={0x5, 0x9, 0xc25, 0x1ab8, 0xee00, 0xee00, 0x0, 0xa, 0xc, 0x7f, 0x6, 0xfffffffffffffff9, 0x0, 0x2fa, 0x6, 0x4, 0x9}) newfstatat$auto(r5, &(0x7f0000001200)='./file0\x00', &(0x7f0000001580)={0x4, 0x8, 0x8, 0x401, r6, r8, 0x0, 0x63d, 0x294e, 0xd7, 0x5, 0x180000000000, 0xfffffffffffffffd, 0x1, 0x1, 0x3b0, 0x1}, 0x0) dup2$auto(r5, r4) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001640)={'veth1_macvtap\x00', 0x0}) accept$auto(r1, &(0x7f0000001680)=@can={0x1d, r9}, &(0x7f00000016c0)=0xc6a) prctl$auto(0x5, 0xfdc6, r7, 0x1d1, 0x9a) getpeername$auto(r3, &(0x7f0000001700)=@phonet={0x23, 0x7, 0xbc}, &(0x7f0000001740)=0x80) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000017c0), r5) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r10, &(0x7f0000001980)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001940)={&(0x7f0000001800)={0x11c, r11, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_FILS_DISCOVERY={0xe0, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0xc0}, @NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x80000001}, @NL80211_FILS_DISCOVERY_ATTR_TMPL={0xc4, 0x3, "19077ddc5fb094fdaf49e6d3022d27e4694ab7faa352b3d52bd136c72a8907f828b4d5f37fdceedfdebe32190000e265457e30c2d812a6b589110281169d54b43f3b251eb2d6dc0cc8453be89c5da67000c1ce21bf8b33ae55e8ad746cfbccfefb01ced294366c2d5ae24b76f88e7f3c5a7ff21fe906c7a6c7fa215da65c74a4eeaf8a54827c80aab54135d91c882b6c0de6ecd0c67ca39ac0ea1755f62c7e121173972a3936227b167b6fa79e0c331cb777a6e8c2474a9ad5f9c9f94e5508b3"}, @NL80211_FILS_DISCOVERY_ATTR_INT_MIN={0x8, 0x1, 0x200}]}, @NL80211_ATTR_WIPHY_ANTENNA_TX={0x8, 0x69, 0x10}, @NL80211_ATTR_TIMEOUT_REASON={0x8, 0xf8, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0xb}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0xb}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x9}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4015}, 0x81) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/cec17\x00', 0x181000, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/snd/pcmC0D0c\x00', 0x40c442, 0x0) fcntl$getown(r4, 0x9) r12 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000001a80), r1) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000001bc0)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001b80)={&(0x7f0000001ac0)={0xbc, r12, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0x95, 0x4, "caafb6d8088ed1ef95ec2b8546471ff0c071848951e6e628fc882f1f13aca0e8004de67592a94837200b4390aceb1efa73a1f85448ba39a774ec41f156ecb06f9d166c4ad9636ce334b53e17d87e06e7a569452304d40611f2b21d5e26ea92190cf0d4e0f76cd60df0a6d53cffeebff52a05f187c58660ba18c67b1e5faa57389fd2ba0d000962037fa4a11f527dfc5c96"}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x9}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40000}, 0x10000000) read$auto_proc_loginuid_operations_base(r1, &(0x7f0000001c00)=""/208, 0xd0) socketpair$auto(0x1000, 0x800, 0x1, &(0x7f0000001d00)=0x2) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(r3, &(0x7f0000001ec0)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001e80)={&(0x7f0000001d80)={0xe0, r11, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x3}, @NL80211_ATTR_AUTH_DATA={0xc1, 0x9c, "62e21dda6a6fa1ffb72e24f1d2bf3346ac0911c99724d35acbad3e9f257713d2032cdf45b4797ef61ae48a1d7885627353ffb19fb89b2bb7055cb251089d858c27c282166140d9e3f280d7406f0f6ab212c47fda3f24b949a87fde6c98592cd4f6b65b8fa7ed9b75130dc588226824ce94f07ff4100e4813575818da625c99e7587f817b8f02fae698bcc550c0fa13df415113d9cfd4fbcb953a044d4bd066940b9eeec539a6a7daab31daef0521522c277583c07a91ebb785b23782a4"}]}, 0xe0}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000010) 10m24.550332747s ago: executing program 0 (id=267): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) r0 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) sendto$auto(r0, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x40000000029, 0x19, 0xfffffffffffffffe, 0x0) tkill$auto(0x1, 0x7) 10m24.00481271s ago: executing program 0 (id=271): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x7f) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/options/blk_cgname\x00', 0x80080, 0x0) (async) poll$auto(&(0x7f0000000280)={0xffffffffffffffff, 0x8, 0x27}, 0x400, 0x2) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001a40), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c", @ANYRES16=r1], 0x1c}}, 0x90) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sysfs$auto(0x58, 0xe, 0xe934) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x240400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x502, 0x0) (async) sysfs$auto(0x2, 0x4, 0x4) (async) socket(0x2, 0x5, 0x0) (async) mincore$auto(0x1000, 0x8001, 0x0) r4 = io_uring_setup$auto(0x877, 0x0) io_uring_enter$auto(r4, 0xcd00, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) close_range$auto(r0, r3, 0x10000) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xa, 0x0) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) (async, rerun: 64) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) (async, rerun: 64) socket(0xa, 0x3, 0x3a) (async, rerun: 64) writev$auto(r2, &(0x7f00000001c0)={&(0x7f00000000c0)="0e6069fdffba8de4ac419f82cec247bbecb2ff3fcaf92877df83f4c0cacd0475f4a43a8e6c6bff93e6c1761dfe0290df0b44a7882922cd2dcd96935455eab4c2539586184fd86742f84f1aea74649264b6627525632cdf6a08e4877d13609363fd69df08e898ebf6f28f31fba56656355df3134f632676df8e139823875e0b8b301e12d47702fff06dd873e86315f8aff7120d3f3de8ee4ac11c09492d470490a034f41ce142b753d787a8654543b1d0e039c8a88268828f1d6c99e57873b7528c466cdd5d3013916af8ed4aeb2ef4b56166c60978062da7f14f353795d17d978da9"}, 0x6) (async) socket$nl_generic(0x10, 0x3, 0x10) 10m23.846586621s ago: executing program 32 (id=271): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x7f) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/options/blk_cgname\x00', 0x80080, 0x0) (async) poll$auto(&(0x7f0000000280)={0xffffffffffffffff, 0x8, 0x27}, 0x400, 0x2) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001a40), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c", @ANYRES16=r1], 0x1c}}, 0x90) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sysfs$auto(0x58, 0xe, 0xe934) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x240400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x502, 0x0) (async) sysfs$auto(0x2, 0x4, 0x4) (async) socket(0x2, 0x5, 0x0) (async) mincore$auto(0x1000, 0x8001, 0x0) r4 = io_uring_setup$auto(0x877, 0x0) io_uring_enter$auto(r4, 0xcd00, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) close_range$auto(r0, r3, 0x10000) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xa, 0x0) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) (async, rerun: 64) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) (async, rerun: 64) socket(0xa, 0x3, 0x3a) (async, rerun: 64) writev$auto(r2, &(0x7f00000001c0)={&(0x7f00000000c0)="0e6069fdffba8de4ac419f82cec247bbecb2ff3fcaf92877df83f4c0cacd0475f4a43a8e6c6bff93e6c1761dfe0290df0b44a7882922cd2dcd96935455eab4c2539586184fd86742f84f1aea74649264b6627525632cdf6a08e4877d13609363fd69df08e898ebf6f28f31fba56656355df3134f632676df8e139823875e0b8b301e12d47702fff06dd873e86315f8aff7120d3f3de8ee4ac11c09492d470490a034f41ce142b753d787a8654543b1d0e039c8a88268828f1d6c99e57873b7528c466cdd5d3013916af8ed4aeb2ef4b56166c60978062da7f14f353795d17d978da9"}, 0x6) (async) socket$nl_generic(0x10, 0x3, 0x10) 3.329806754s ago: executing program 2 (id=4581): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2) (async) read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/partitions\x00', 0x200, 0x0) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) madvise$auto(0x0, 0x1fffe0000000, 0xe) r1 = openat$auto_fops_x16_ro_(0xffffffffffffff9c, 0x0, 0x50000, 0x0) close_range$auto(r1, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(0xffffffffffffffff, 0x0, 0x40) openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) (async) r2 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) read$auto_ptdump_curusr_fops_(r2, &(0x7f0000000280)=""/80, 0x50) (async) read$auto_ptdump_curusr_fops_(r2, &(0x7f0000000280)=""/80, 0x50) prctl$auto(0x23, 0x4, 0x7fffffffefff, 0x0, 0x0) (async) prctl$auto(0x23, 0x4, 0x7fffffffefff, 0x0, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) exit$auto(0x7) (async) exit$auto(0x7) poll$auto(0x0, 0x6, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x200006, 0x42, 0x40eb1, 0x602, 0x300000000004) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) (async) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) close_range$auto(0x0, 0xfffffffffffff000, 0x2) pidfd_open$auto(0x1, 0x0) (async) pidfd_open$auto(0x1, 0x0) pidfd_send_signal$auto(r3, 0x4, &(0x7f0000000100)={@siginfo_0_0={0x4, 0x8, 0xffffffc4, @_sigsys={0x0, 0xe, 0x80000001}}}, 0x1) sendmsg$auto_L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x1) mremap$auto(0x0, 0x7, 0x80000000000001d4, 0x3, 0x20000000) syz_open_procfs$namespace(0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x100000) 2.340422874s ago: executing program 1 (id=4590): mmap$auto(0x0, 0x2020009, 0x3, 0x19, 0xfffffffffffffffa, 0x8002) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/dri/vkms/framebuffer\x00', 0x80000, 0x0) pread64$auto(r1, &(0x7f0000000040)='/sys/kernel/debug/multigrain_timestamps\x00', 0x8001, 0x1) exit$auto(0x8) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x103000, 0x0) preadv$auto(r2, &(0x7f0000000140)={&(0x7f0000000040), 0x1}, 0x71, 0x8, 0x1) io_uring_register$auto(0x2, 0x15, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/free_buffer\x00', 0x80c01, 0x0) write$auto_tracing_free_buffer_fops_trace(r3, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/pcm1p/sub2/sw_params\x00', 0x40000, 0x0) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) add_key$auto(&(0x7f0000000700)=':\x00', &(0x7f0000000740)='\x00', 0x0, 0x7aef, 0x5) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_RNDZAPENTCNT2(r0, 0x5204, 0x0) socket(0x2, 0x5, 0x0) r5 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/tracing/options/trace_printk_dest\x00', 0x101000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) pidfd_getfd$auto(r5, r0, 0x6) getsockopt$auto(0x6, 0x40000000029, 0x6, 0xfffffffffffffffe, 0x0) ioctl$auto(r4, 0x1, r4) 1.626937382s ago: executing program 2 (id=4592): open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x84) socket(0xa, 0x801, 0x84) (async) bind$auto(0x3, &(0x7f0000000000), 0x68) (async) connect$auto(0x3, &(0x7f0000000000), 0x55) (async) select$auto(0x87, &(0x7f0000000040)={[0xc71, 0x4f4, 0x7, 0x7, 0x100000001, 0x0, 0xfff, 0x0, 0xfffffffffffffff9, 0x8001, 0x9, 0x7fff, 0x4000000000002, 0x4, 0xffffffffffffffff, 0xc]}, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) (async) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) socket(0xa, 0x2, 0x0) (async) r0 = getpgid(0x0) (async, rerun: 64) r1 = socket(0x11, 0x80003, 0x300) (rerun: 64) setsockopt$auto(r1, 0x94a, 0xab, 0x0, 0xfffffff7) pidfd_open$auto(r0, 0x0) (async) syz_open_procfs$namespace(r0, &(0x7f00000000c0)='ns/time_for_children\x00') socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x800, 0x23f) (async) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) (async) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) (async, rerun: 32) ioperm$auto(0x8, 0x0, 0x3) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) sendmsg$auto_TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="01002d00000000dbdf25aa0000400800018004000180b1faf2ee54e2f1c3b22fda9f55bd"], 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x0) (async, rerun: 32) lstat$auto(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x2, 0x1000, 0x4, 0x4, 0x0, 0x0, 0x0, 0x5, 0x8, 0x2, 0xfffffffffffffffb, 0xc732, 0x81, 0x3, 0x8, 0x7fffffffffffffff, 0x4}) sendmsg$auto_TIPC_NL_NODE_GET(r2, &(0x7f00000009c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000980)={&(0x7f00000017c0)=ANY=[@ANYBLOB='S\a\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fbdbdf250d0000009602018008001a007f000001ba3d248a629ac456131cc5d443646eb2b11e174925267a242c9bf10fcf1433ebf00e62d2e09b35ad0def0401d192b17fdef2208bcc58b24184e1b946a8605d7cf1b7e9e624ade5a5cbd4adbb8dd4a28a5f271a84bf993845aedd201f4d731970b0592fb4e543f1e9a098cb1eef71f4a3f2cf9b9809d6a1176c22d091f7c89d69f5ba93af54a046a337655f2d4cecc365b2e5902da102af221a48ca9931e55b8920bcc26ca58e01e67f15961c5e2ba5e68a6ede8c046fa487038f3ddf6c8a16777798131a3d35e86cd6aa4e9e01b2af5e5adecf334670eeb0b95104000900770113802f008a00020d73928ab71bec0e307b48dfc9e04e85a0e998312066f5aa796f1c17a69f4935cd4f254f0293b79991160008006600", @ANYRES32=r3, @ANYBLOB="daa5c6d4a0046fa2c3a84d50eeb60490efe85a4b8260f28ae512391e9ab1ae471c7e1bdfb6073073d82710f2ed34f25b9e55c3ff9bcaec6ef1eecdfc0ab4c7c421598afe29089233bcf8a1767071c771e04a69cf7d0ec7f422c5cdd32cd21d6e717f9b3571f6f09a405c0f04bafb9c057352a01acf01855aa9851917f8271f79e894a8d5caf5ae67cfadaf1d0fde40f5588a3883b2cab9166ad44237ef8438c77170501262d62d3d79c1d0cb3e8dc4a7c96c299e0b405082648a1b6c42325d50612061bc5b9893fdf30264cc9ecf542bc0b4a456f870656f0709bf6da17d014f32667793fc1b8b9d3ccfcebf5a7322564dc1a2446e667df59f04393687f5852e6d0820a3c31440214587155ef9e674de0b837d258ef036c1bd0147e6b97633da43eb1a0400268014000f00fe8000000000000000000000000000aa0008000d800400978065a2532b972d3433176e4c4f4e93a5e4524e6ab45d9ab0a973e12423390134d006cb73867b530fb643a93b0d00000c010680df00ea80080017001c000000040049800400a88014007200fe80000000000000000000000000004057cbda2c77af399d3d37311cc31f56be774d356c62f4b115499e7806cb809b698220bc85fcef938fba6b426c4d229ba98f6607f58e344cd2e7bd0af813009272638f75d252569067f9ddbf8caa82fce6706c1e75ca0c5072c9cfe54cd3fb8b62d2e66424fc3848e37ce01216ea5c2fe0be7396f459265a1c2a6eb27cea091185f4de418faca3df9d1818fb37cf718b0a98d4ab6fc1be231a1ba6e31a80877fb67861d73561cdc37f03fcb1d0dcb6905f7a1132a236740d001400ac00fc0000000000000000000000000000001400cc00200100000000000000000000000000027e030880d68e173353602f805e079e877d488c4e2ab9ca702d5488a97fd9589c8bce63d04b5b9faec8a07cca08e376544d0a602c96d0dadf7ee74c5a47105cb977e1f7fa000026795f8558818dfd3f92f10bb9948392b33968545f86a9d031f4eb08d32eb3f9364c65b6cc85000000000000000000009000e8801400e200fc010000000000000000000000000000634e222df2d966e27fb0997518b23c3a863841aaf08303e2fd714ec55f5660f6a70119761aa598a156cfcee967b37711e2abae7d0e88bd639ba6827c24620260594d5aca6ad0a371528c69aad3e9504402c2fbe9dc3753d336e9d051dbdabc60a390a8ac84c62ad5be8f8dbce5e5868204001d80040091800800fe8004004f006f021c8004005280190016006e732f74696d655f666f725f6368696c6472656e000000001b0114808bfb018bc21bed37eebeb15c84e66ce760e0c119eceefc9dad6d467319d8571b2d13f425c778151a70d0c601c5b9ab7bb6dbe0b9952fe31128d636ff574f87e6f78045373d5f02947ee752e354fff126fd380fa0f13dee728e488042f2685d0d152ff6f123177366b4c7642127c2276cdd6c0606c0ce4ee6262079c96d8044cb90ec78f413a49bdb55975f38c635076c584b5d88f0b879caa22cd98d5f66d414fa7c7a1681c7d55896fee4a873dfade6fc4f324e1ed986c51cc48128d0d5f6b7fe8da139003e4c796e86f4ca50625cc4ca28270b263c729633b323d2d5494ad4409f69131cec7ff08f1c3883a2b3907d7724c5f0238668101e61ec07a2007014003b80cd20c1e6e2632000b2e0b51f20a616b50400de000068d14ff587a8c734abf112859a9ad646ac15c57f5cc8686c5c4e22d723df13c945671680ca9480969d21dce0499fadeed6327c1521767cf3765ffe401adc03215fc02b9ddc1798b5d47b7b4e931f89ed0bdfb9fdd7bd10214529bec3699f1abb1d3e992bc0f20ef4d001ef7b4f431d82bd80b4807683cf03961100000000000400838052727c1b71ce88e9732f01f016ef8d202fefe57ce6147f25413b8739e1110d3ef926188cb4ffc25941e311a8df86a77dcfd5f5454497299f18d69789b62ec5da7c93dcbd69c8d13f81cb940f011c9eae6e0b4760f99427d144f6f200a9c001e492a75920b4df360d68bb51277c64aa9c5682cc970334b37908ffedff63ee81a07009e35fac31ccb97c23a342db41353a6423bcd239035e8a504ad5de4c10c36908005a00ac14141004006680000000"], 0x738}, 0x1, 0x0, 0x0, 0x20000004}, 0x40000) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0004, 0x19) close_range$auto(0x2, 0x8, 0x0) (async) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x7, 0x0) 1.516476982s ago: executing program 4 (id=4594): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="b92525bd7000ffdbdf", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4008414}, 0x4) 1.508473231s ago: executing program 4 (id=4596): r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_proc_page_owner_operations_page_owner(r0, &(0x7f0000002080)=""/4096, 0x1000) r1 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0) ioctl$auto_BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000f80)=[{0x3ff, 0x3, 0x8000000000000000}, {0x5, 0x5, 0x2}, {0xa6, 0x1, 0x2}]) read$auto(r0, 0x0, 0x1d01) 1.470575856s ago: executing program 4 (id=4597): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x23, 0x80805, 0x0) (async) socket(0x23, 0x80805, 0x0) epoll_create$auto(0x4) bpf$auto(0x9, &(0x7f0000000280)=@token_create={0xfffffffe}, 0x5) epoll_pwait$auto(r0, 0x0, 0x3, 0x6, &(0x7f00000001c0)={0x100000001}, 0x8) (async) epoll_pwait$auto(r0, 0x0, 0x3, 0x6, &(0x7f00000001c0)={0x100000001}, 0x8) 1.468599277s ago: executing program 1 (id=4598): r0 = timerfd_create$auto(0x9, 0x0) timerfd_settime$auto(r0, 0x0, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/tty/ptyr6/power/runtime_active_time\x00', 0x196b319f02ba5105, 0x0) ppoll$auto(&(0x7f0000000140)={r1, 0x0, 0xde}, 0x0, &(0x7f00000000c0)={0x1, 0x2}, &(0x7f0000000100)={0x3}, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x40000002c55, 0x0) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x84, 0x7f, 0x0, 0x0) fcntl$getown(r0, 0x9) write$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000240)="3747fe370a52938253cb4bb042246ef55d30ac938f2871d572c5badbe6aabc68bb62cbb3ea37a3964b74605669131664beed3c50587f047348bbad5e5fc343332509de3301e11c0076a2852aecd4f4484d7a9ccf268ed9ba4ee7eca1ad8371586b5e52a340ed7acf08cb2b604071c446548a3a7f2793f955b5297c04267fea29a9feaa0bd67888ecf15826c3372c9543ef25c35bfd926ea065836e3bd8470bfed58255370a5ebbdfed3a628795f3423a7cff3210c092518907869a19d03477a885d00f5ade6b485fc57b140843321125117f29dfb6c51f0887bd30ac75d303fc26475eaadc42582e0ecdc25b12279fbe87cc181f", 0xf4) 1.411663887s ago: executing program 4 (id=4599): mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) socket(0x6, 0x2, 0x8005) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xf, 0xe6, 0x19, 0x7, 0x6) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0xd, 0x0, 0x4}, 0x800009}, 0x5, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x200000000001, 0x0, 0x4, 0xb}, 0x100007}, 0x31cd3c7c, 0xb1) syz_genetlink_get_family_id$auto_nlbl_unlbl(0x0, r0) recvfrom$auto(0x3, 0x0, 0x142e, 0x2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = open(0x0, 0x12d341, 0x1d6) socket(0x2, 0x80802, 0x0) r2 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x0, 0x0) setsockopt$auto(r2, 0x1, 0xdf, 0x0, 0x9) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r3, 0x4b4e, r3) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) syz_genetlink_get_family_id$auto_nl802154(0x0, r1) timer_settime$auto(0x0, 0x8, 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa\x00', 0xaa01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x4, &(0x7f0000000080)={0x0, 0x8}, 0x1) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 1.410300814s ago: executing program 3 (id=4600): openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 1.325669555s ago: executing program 3 (id=4601): openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) (fail_nth: 1) 1.252677506s ago: executing program 4 (id=4602): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.6/usb7/power/wakeup_active_count\x00') prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010025bd7000f9dbdf25020000000b0001"], 0x20}, 0x1, 0x0, 0x0, 0x4008014}, 0x10) r1 = socket(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) write$auto(r0, &(0x7f0000000000)='*\x00', 0xfd) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) mmap$auto(0xc, 0x200006, 0x1, 0x11, 0x602, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) open(&(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20) socket(0x2c, 0x3, 0x0) sendfile$auto(0x6, 0x3, 0x0, 0xc01) socket(0x10, 0x2, 0x0) 832.344922ms ago: executing program 3 (id=4603): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x2) socket(0x1d, 0x801, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) getsockopt$auto(0x6, 0x84, 0x7d, 0x0, &(0x7f00000000c0)=0x10000) ioctl$auto(r0, 0x0, r0) openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video30/uevent\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="00008000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x30017, 0x8020000000a, 0x2, 0x5f, 0x20000000000803, 0xffffffffffffffff}, 0x6f0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x40000002c55, 0x0) ioctl$auto(r2, 0x40104d14, 0x8) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/4096, 0x1000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x4, 0x5) 741.34913ms ago: executing program 3 (id=4604): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) getuid() sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0xfffffffffffffda2, &(0x7f00000000c0)={&(0x7f0000000100)={0x24, r1, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x3}]}, 0xfffffeab}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000) sendmsg$auto_NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000040)={&(0x7f0000000ec0)=ANY=[@ANYBLOB='<\b\x00\x00', @ANYRES16=r1, @ANYBLOB="000229bd7000fedbdf254c00000008000c0006000000a0016e805b003080b71811bce9e5250b38173f046eddf3835dd2a8476174682e3062facb647eb30e6480f40ecd2667716bbab15d8d31904e9cf6beef3983f9f83ad0d7c39691758b3e8e8337f55c52fdd98c27ab24bc394f26e5927b297bc1004001f7803c005e0082e271bbe3e32498588a349312ef45cefe3cce8dae65551e3d74354a1817f8596ea77ca784ea59b25ab0bad168f5e6a4a22a0dfb71e040c304001e808b8d7418456640492db9f161cc21fe47219e61ff8428617dafd5341dbd1789777bd8f554ec0ff9dd0570d501bba8b4ee99d2a02bbe7aed6bc94e550bb21b6e4b734d4cd0ef3f70b1ac593cdd25071ae4c0cb8b58186fad933f628596265836df0696d0815a6acdeaf35e1e72560e667db9c30516f28b03444f93404dc0aca2e4c5ca3769063462c673dea18ba76c0d72f2ac816a31a03680050cec145baf469673e8f34c6229f1a06ea7ad2abad86f2060e432473f8d942ea780cfda028fe6082e685edde7e3f38ca04e6ebf7cae2caeb1d24ce78b9ea2c1a21100b9f5f5a75655100331cfd71fabd2bcf93173a02cd5f1ab2819f6058f180400258004005b80080042010600000010002c800c003a00f6ffffffffffffff040021018e009c0054ce3df7de8cb8fe8171b56cb428d58297dcddca1a9bd1c998cd32f965e42787fa2b912ae553b911c692babaa8b63a01b90379f33f4acacd157f79785ff37e39262e7de410bb8e7285c60e8963dea485f680ab8537fddce1c90aad37c92342139720045df1342de360326a44cc73c1027f590efe847968f60f4b9a30878d80b682d54d6178a1886093250000d305238052014a8004004a8076665834878cf78478de4cb262000a5cfecbd08ff649585833a8ff6c6c10a17a4fca1577a384913be2a732b4e21a7007fb858352ea0da5fad930196b3814a52f1d28169d59b81b7ea00ebe69a844aff9868fe8bd8c98f9d699d6f8881d1670c51e4f54079a041d8f51003c34a8e4df2bfb05b16fb4b22c0e2450f60f81dc1af652be94c587e36ea9998d0ed9bb88d6cedd1b313681ab8eedc8fc56f8af20cc88bd3368123194a9f7a01ce9ae5e109a25a1355afdb02a757435f05d329139ba06d12591f895ae9a2b06cd979d54dd7a82e5552dbef13fed0a3a7a88ec3fed7be6d7f4d373f48ae16748be0dbed604aa69082fbb5c862979e55fc8699ffde558dd7c734449e23c3e1aecc740fec52afbfd6d727db9b021c779948c32b4ab9d35a8f74ae551a613784310109091cafd64939bd3f11167bcd1a88a036552000017564fadc3d5f51fc19b781bcfa5594be2ebff3825ab8b8121a15eac7e353f6f6faa4fc3d93c4f91bc28b2f180a954587ebd1b66077492308fb7d7011d8008d7e1a2306f9d0f359ee6bf5307725a1f837bc24f2486c5d2130de153ed2c6cbce8783598fa75675d920bdb0de983d233c25152ff0bf8035bd28739cb8b751f1da9c6bd31b3eb5665a30c3ca07147d6030ccb124419b3331e79dbcea61de4be263069f76dfdfa7cee6c9e025dd6d22e675dc96a92f5d4e08b3312ddf326a96c8d7c7fccc79131133c3daedd881556fd419945d53e823f92f20cb90dae413ea27efc6ada932c4d25953b1d7ec29029966c1965e060d9ae6db2ad6dd928ed90bfcfaa75202aae49f4c1a34ed326a122a881c1a5d5199a76e9422b47586cceaaf8ed3142d8fb494bb612f33c8aa5816e0374d699b9ec052ca6438c63153f388dfd69a45cc0ec92b0dbffd9da5680c4c6418ae7e069249e1e5b73574cdd0c30180b23683d419c3698325c355a88308a4c3a7971cda35946898d118d7d9e35ff42e6a1490e8dd51e512545cd9112588dc64253cb0b6f742d3481276ed6f2f265f1d5c8693dc9d3ffa7360e37b91ed185e01b5b0b16140dd45d5a86fda4db92bac7c4870e9a9205386eebbc5807b9834c6464e50f8dbe23776e2518a9c5daea1f3ea7d4a3ee473a77feee2f49dcf884561981a834fd890f90724c7190df2b2623b66484d79ae56aca39d7e7bf88b5fa5fcd8fcdfda600f501f18008003a00"/1496, @ANYRES32, @ANYBLOB="f2933008b906b4ceb691fe943fd3fd4d88d91db8aa4835beca3bf3502d57a5b1adccc7324e869d2b76e388dc0302b00e7eea004b7290728897b239ad8114bc77dca507dcacf834c47f1c08632b624d4cae9e074b2cf38512c730d19e3218782712c472e41cad471a306f6973c3691aa41214f3d42ee0301175e0b324edef029be7fc63250c61e0536a7f5682b99d22ef1abee02dbabff52e92c6c0c8e2e122cbd0c3e40bd902ce76b50050bb4bb39afbc3e9b6fc1cb691ed2e38f1dbf31cc915e195e3ad567a46f0f15414fd96a09c8c6c66447bd8eea895b9198b45100aadc25df1e343743b0782c1f0ffa30a3b55ff1653faddce87573ea129867e93df401aa2e431ef8dce6b3570d9e608005d000a010102234e890b9dc54e8253fba18e6b8121ac3f4d1e654982d81c4b85672c2b92cbfc4033909f6bf05a1005c392b8fb18369eb5328290defce44f537854e194af4233bda0c59975fbf2040bd7eec34bbf732e0be172f950532c8db9c26e874b210cec612a81041c612f8c3933196abde48493b0c53722b0c8422b337c975c152cfca59777a15395e73406679961d63d989f452142c06fc4e97f34c1699adba8610d8b5a566c02c4da9a52d84d9ae45c15744bcbd00daf1f13abad70eac7ed421fb480635d7ea099e0a20fe5310a000300776c616e30000000000000767d49fd296dda19b71991137acc8552c24ef1811af397cca084400a727c4c0e3f28c4f384009865c0c5a20d43f9d848e8d92d934c287689df324a0e0fbea8b0c4ac3523aba358790a1f79a29dfd9b103d393a68db0399f49b7102cd0454463117d0b2fa32d82c960d8cdce400fdf9941500"], 0x83c}, 0x1, 0x0, 0x0, 0x40800}, 0x40891) 727.557994ms ago: executing program 2 (id=4605): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="b92525bd7000ffdbdf", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x4008414}, 0x4) 662.104053ms ago: executing program 3 (id=4606): openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x532a80, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0) read$auto_dvb_dvr_fops_dmxdev(r0, &(0x7f0000001380)=""/111, 0x6f) (async) close_range$auto(0x2, 0x8, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r1 = bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) (async) r2 = socket(0x10, 0x2, 0x4) (async) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) (async, rerun: 32) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYRESOCT=r1], 0x1ac}}, 0x800) (async) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) (async, rerun: 32) msgget$auto(0x0, 0x5) (rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async) msgget$auto(0x8, 0x8) (async) bpf$auto(0x0, 0x0, 0x6f4) (async) setrlimit$auto(0x1000000007, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r3 = socket(0x2, 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.2/usb3/3-0:1.0/ep_81/bLength\x00', 0x22180, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000003480)=""/247, 0xf7) (async) bind$auto(0x3, 0x0, 0x6a) (async) sendmmsg$auto(r3, 0x0, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) 656.468262ms ago: executing program 2 (id=4607): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/netfilter/nf_conntrack_buckets\x00', 0x101000, 0x0) read$auto(r0, 0x0, 0x1ff) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/cpuid\x00', 0x480003, 0x0) write$auto(0x3, 0x0, 0xfdef) 603.391903ms ago: executing program 2 (id=4608): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/timer_source\x00', 0x208802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x14, r3, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfdbfb}, 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000200), r2) sendmsg$auto_BATADV_CMD_GET_MESH(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x50, r4, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_LAST_SEEN_MSECS={0x8, 0x17, 0x26}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_FLAG_BEST={0x4}, @BATADV_ATTR_TPMETER_COOKIE={0x8, 0xd, 0x100}, @BATADV_ATTR_MCAST_FLAGS={0x8, 0x26, 0x3}]}, 0x50}, 0x1, 0x0, 0x0, 0xc0c8}, 0x40) sendmsg$auto_TCP_METRICS_CMD_GET(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r3, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @remote}, @TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @private=0xa010100}, @TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @ipv4={'\x00', '\xff\xff', @remote}}, @TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @multicast1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040001}, 0xc4) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r5 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cpu/0/msr\x00', 0x412103, 0x0) write$auto_msr_fops_msr(r5, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x4206, r6, 0x0, 0x5) mmap$auto(0x1, 0x0, 0x33e8, 0x10, r0, 0x0) ptrace$auto(0x4f73, r6, 0x8000000000000000, 0x3) r7 = syz_open_procfs$namespace(r6, &(0x7f0000000040)='ns/net\x00') ioctl$NS_GET_PARENT(r7, 0xb701, 0x0) 570.140785ms ago: executing program 1 (id=4609): openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) 496.581822ms ago: executing program 1 (id=4610): r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x32, 0x65f, 0x1ffde, 0x1000, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb1, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x7ff, [0x0, 0x0, 0x0, 0x8050100000000000, 0x3fffffffffffff, 0x100100001, 0x0, 0xa, 0x70624ce7, 0x0, 0x1d6f, 0x9, 0x0, 0x1, 0x3, 0x0, 0xfffffffffffffffd, 0x2, 0x200000000007, 0x8, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x0, 0x400000000005b8, 0xc, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0xfffffffffffffffd, 0x101, 0x2, 0x4000000000, 0x10006, 0xffffffffffffffff]}, 0x1fe, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x2d, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYRESOCT=r0, @ANYRESDEC=r0, @ANYRES8=r0], 0x1ac}}, 0x40000) r1 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_snd_ctl_f_ops_control(r1, 0x0, 0x0) (async) read$auto_snd_ctl_f_ops_control(r1, 0x0, 0x0) mknod$auto(0x0, 0x1, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) (async) r2 = io_uring_setup$auto(0x1, 0x0) socket(0x11, 0x80003, 0x300) (async) r3 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0x1, 0x0, 0x8004) r4 = bpf$auto(0x6, &(0x7f0000000040)=@token_create={0x400, r1}, 0x7) close_range$auto(r4, r2, 0x10000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) socket(0x10, 0x2, 0x0) (async) r5 = socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x12, r6, 0x8003) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x12, r6, 0x8003) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r7, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) (async) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r7, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r7) read$auto(r7, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="1b5722074a636a433212950c9253872af5b5d278e7992e121dc991a34cb1ab4c2860c8dc1e228e4e8d10ba02ee0dd3bcb4df90c31bf4f68e7e9b1d61258af44476a4baf271947e4d132cfd2a312cd66aa1afc31c23a9689bb8c8178c74f541620d49d08cc00ffeff", @ANYRES16=0x0, @ANYBLOB="010325bd7040ffdbdf250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xb00, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000140), 0x10002, 0x0) (async) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000140), 0x10002, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0xfd72) (async) setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0xfd72) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) 463.380481ms ago: executing program 2 (id=4611): io_setup$auto(0x10000, &(0x7f0000000040)) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0) r1 = prctl$auto(0x7, 0x4000000000000004, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) socket(0x2, 0x1, 0x106) listen$auto(r1, 0x81) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) ioctl$auto(0x3, 0x5411, 0x26) getpgrp(0xffffffffffffffff) msgget$auto(0x6, 0x200) socket(0x5, 0x6, 0x9) socket(0xa, 0x2, 0x88) futex_wake$auto(0x0, 0x4, 0x4, 0x9) r2 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/net\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x3, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0xb, 0x3, 0x6) r4 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010426bd7000fedbdf2502000000080002008f030000080001000700000008000700", @ANYRES32=r2, @ANYBLOB="e5a8ede0465cbe96db4e4f5a4c1ef286fe42a4996cf38eb8bba766d6b729c7319a360ae6af5e8bf828d350f5065177d1a549b221f28705eadc5c70b588747a62e55f47a707ce5798c805f2a38d6e984b25c47a20ea8bf94472a018ceab81858a2e5aaf64f5e2583000c7bd63b5dc6059c6b9214494b64725a375056bada4e40e78a4e54152c2a98586c540bad7d0f472b89e976eb0efe3e2cb7e"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8014) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x40000002c55, 0x0) mknod$auto(&(0x7f0000000b00)='X))\x00', 0x8000, 0x7ff) creat$auto(&(0x7f0000000040)='X))\x00', 0x5) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) open(&(0x7f0000000040)='./file1\x00', 0x3, 0x104) rseq$auto(&(0x7f00000000c0)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2, "33fcc6d787a5a479ccb4de9508000000e62a39af822516ba19ed5a6f17"}, 0x8000, 0x0, 0x6) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto(r0, 0x40104d14, 0x8) 380.550811ms ago: executing program 3 (id=4612): openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) (fail_nth: 2) 351.090567ms ago: executing program 1 (id=4613): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), 0xffffffffffffffff) r4 = mq_open$auto(&(0x7f0000000000)='-U,\x00', 0x4, 0xfffd, &(0x7f0000000040)={0xfffffffffffffb36, 0x7, 0x10, 0x7}) ioctl$auto_TIOCSSERIAL(r4, 0x541e, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_NEW_KEY(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000024c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="13040bbd7066cf07fda677ffff0008000300", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x4804}, 0x80) r6 = socket$nl_generic(0x10, 0x3, 0x10) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) syz_clone(0x2040011, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) sendmsg$auto_OVS_METER_CMD_SET(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_METER_ATTR_ID={0x8, 0x1, 0x7}, @OVS_METER_ATTR_CLEAR={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x8}, @OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x8004) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) getdents64$auto(0x0, 0xfffffffffffffffc, 0x131) r7 = socket(0x1e, 0x1, 0x0) getsockname$auto(r7, 0x0, 0x0) listen$auto(r7, 0x9) openat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x2) accept$auto(r7, 0x0, 0x0) ioctl$auto(r6, 0x4, r0) 182.033376ms ago: executing program 4 (id=4614): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x20001000, 0x4) connect$auto(0x3, 0x0, 0x54) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mincore$auto(0x1000, 0x8, 0x0) madvise$auto(0xfffffffffffffffd, 0xffffffffffff0005, 0x19) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000) socket(0x0, 0x800, 0x92d) r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x2, 0x0) write$auto_ecryptfs_miscdev_fops_miscdev(r1, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r2 = socket(0xb, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0xc0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x10001, 0x3, 0x8001) madvise$auto(0x0, 0x80000001, 0xa) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) copy_file_range$auto(0x2, 0x0, 0x2, 0x0, 0x8001, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0xb812, 0x89ce, 0xc) sendmsg$auto_NBD_CMD_CONNECT(r0, 0x0, 0x8880) 0s ago: executing program 1 (id=4615): r0 = socket(0xa, 0x1, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f0000000080)=ANY=[@ANYRESDEC=r0, @ANYRES16=r0, @ANYBLOB="210026bd7000f5dbdf2514000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008105}, 0x4000040) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = io_uring_setup$auto(0x6, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r2) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x14, r3, 0x100, 0x70bd2a, 0x25dfdbff}, 0xfffc}, 0x1, 0x0, 0x0, 0x800}, 0x40) r4 = open(&(0x7f0000000000)='./file0\x00', 0x40440, 0x40) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000000)='./file0\x00', 0xe63e, 0x20) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) socket(0x2b, 0x1, 0x1) getsockname$auto(r4, &(0x7f0000000280)=@in={0x2, 0x0, @private=0xa010102}, &(0x7f0000000180)=0x4) setsockopt$auto(0x3, 0x29, 0x40, 0x0, 0x10001) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r0) sendmsg$auto_NL80211_CMD_DEL_KEY(r1, &(0x7f0000000780)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000740)={&(0x7f00000007c0)=ANY=[], 0x49c}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) close_range$auto(0x2, 0x8, 0x0) r5 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) syz_genetlink_get_family_id$auto_nl802154(0x0, r5) timer_settime$auto(0x0, 0x8, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) kernel console output (not intermixed with test programs): tadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 404.756633][T16806] Process accounting resumed [ 404.796930][T16773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.903690][T16773] hsr_slave_0: entered promiscuous mode [ 404.915925][T16773] hsr_slave_1: entered promiscuous mode [ 405.026616][T16773] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.108111][T16773] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.157864][T16819] netlink: 'syz.1.2367': attribute type 33 has an invalid length. [ 405.173578][T16819] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2367'. [ 405.276858][T16773] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.544023][ T5844] Bluetooth: hci0: command tx timeout [ 406.182850][T16773] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.030789][T16773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 407.090442][T16773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 407.114522][T16773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 407.127871][T16773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 407.226788][T16773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.305013][T16773] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.349645][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.357485][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.389427][ T8645] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.397281][ T8645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.623330][ T5844] Bluetooth: hci0: command tx timeout [ 407.657858][T16773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 407.731460][T16773] veth0_vlan: entered promiscuous mode [ 407.774296][T16773] veth1_vlan: entered promiscuous mode [ 407.802301][T16773] veth0_macvtap: entered promiscuous mode [ 407.814292][T16773] veth1_macvtap: entered promiscuous mode [ 407.840294][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 407.863596][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 407.874970][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 407.892996][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 407.913607][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 407.926927][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 407.947084][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 407.973124][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 407.985264][T16773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.018794][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.030727][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.053086][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.065098][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.082797][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.132550][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.143793][T16773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.162754][T16773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.174461][T16773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.184391][T16773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.194009][T16773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.203860][T16773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.213619][T16773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.411623][T10427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.452898][T10427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.486747][T16862] ptrace attach of "./syz-executor exec"[7049] was attempted by "./syz-executor exec"[16862] [ 408.530067][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.548357][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.970880][T16880] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[16880] [ 409.383265][T16895] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? [ 409.704327][ T5844] Bluetooth: hci0: command tx timeout [ 409.791257][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 409.803670][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 409.825017][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 409.855837][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 409.883299][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 409.898363][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 410.078213][T16900] chnl_net:caif_netlink_parms(): no params data found [ 410.300222][T16900] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.324505][T16900] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.345509][T16900] bridge_slave_0: entered allmulticast mode [ 410.353168][T16900] bridge_slave_0: entered promiscuous mode [ 410.367537][T16900] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.377852][T16900] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.386197][T16900] bridge_slave_1: entered allmulticast mode [ 410.394530][T16900] bridge_slave_1: entered promiscuous mode [ 410.438168][T16900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 410.450685][T16900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 410.494578][T16900] team0: Port device team_slave_0 added [ 410.502985][T16900] team0: Port device team_slave_1 added [ 410.543945][T16900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.563842][T16900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.606701][T16900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.631696][T16900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.639598][T16900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.669385][T16900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.776776][T16900] hsr_slave_0: entered promiscuous mode [ 410.784132][T16900] hsr_slave_1: entered promiscuous mode [ 410.792147][T16900] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 410.810424][T16900] Cannot create hsr debugfs directory [ 410.987798][T16900] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.105121][T16900] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.191724][T16900] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.301270][T16900] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.469645][T16949] tipc: Started in network mode [ 411.476493][T16949] tipc: Node identity ee00, cluster identity 4711 [ 411.495325][T16949] tipc: Node number set to 60928 [ 411.557416][T16900] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 411.609914][T16900] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 411.636591][T16900] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 411.694842][T16900] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 411.783796][ T54] Bluetooth: hci0: command tx timeout [ 411.808137][T16900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 411.822744][T16900] 8021q: adding VLAN 0 to HW filter on device team0 [ 411.849646][T10316] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.857486][T10316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 411.906331][T10316] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.914188][T10316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.943169][ T54] Bluetooth: hci3: command tx timeout [ 412.137411][T16900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 412.189362][T16900] veth0_vlan: entered promiscuous mode [ 412.211465][T16900] veth1_vlan: entered promiscuous mode [ 412.279066][T16900] veth0_macvtap: entered promiscuous mode [ 412.315042][T16900] veth1_macvtap: entered promiscuous mode [ 412.339144][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.372981][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.412566][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.444430][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.466197][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.491200][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.525363][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.562631][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.583139][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.620401][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.651109][T16900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 412.700456][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.728513][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.744544][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.799054][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.819652][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.847795][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.878121][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.928481][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.972982][T16900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 413.018575][T16900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 413.064599][T16900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 413.210452][T16900] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.238284][T16900] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.270472][T16900] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.290995][T16900] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.390906][T16980] Ignoring unsupported numa_zonelist_order value: [ 413.390906][T16980] [ 413.446545][T14411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.467048][T14411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.532132][T14411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.562625][T14411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.629168][T16996] : Can't lookup blockdev [ 414.022853][ T54] Bluetooth: hci3: command tx timeout [ 414.050913][T17011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2381'. [ 415.245078][T17022] can0: slcan on pty250. [ 415.454640][T17022] can0 (unregistered): slcan off pty250. [ 415.825507][T17047] futex_wake_op: syz.3.2409 tries to shift op by 64; fix this program [ 416.104577][ T54] Bluetooth: hci3: command tx timeout [ 417.681135][T17096] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[17096] [ 418.182625][ T54] Bluetooth: hci3: command tx timeout [ 419.133100][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 419.141350][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 419.151934][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 419.162283][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 419.170426][ T5844] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 419.178400][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 419.277072][T17136] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2427'. [ 419.401871][T17141] tmpfs: Unknown parameter ':' [ 419.481880][T17133] chnl_net:caif_netlink_parms(): no params data found [ 419.693833][T17133] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.701647][T17133] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.747110][T17133] bridge_slave_0: entered allmulticast mode [ 419.759454][T17150] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[17150] [ 419.770326][T17133] bridge_slave_0: entered promiscuous mode [ 419.824484][T17133] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.832893][T17133] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.840801][T17133] bridge_slave_1: entered allmulticast mode [ 419.863352][T17133] bridge_slave_1: entered promiscuous mode [ 419.899130][T17133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 419.911359][T17133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 420.031360][T17133] team0: Port device team_slave_0 added [ 420.173806][T17133] team0: Port device team_slave_1 added [ 420.211739][T17133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.226388][T17133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.268015][T17133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.342599][T17133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.363591][T17133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.456090][T17133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.645757][T17133] hsr_slave_0: entered promiscuous mode [ 420.748652][T17133] hsr_slave_1: entered promiscuous mode [ 420.778248][T17133] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 420.812643][T17133] Cannot create hsr debugfs directory [ 421.179942][T17133] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.224838][ T54] Bluetooth: hci4: command tx timeout [ 421.384176][T17162] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2431'. [ 421.410873][T17166] can: request_module (can-proto-0) failed. [ 421.603785][T17162] team0: Port device team_slave_0 removed [ 421.831185][T17170] zswap: compressor not available [ 421.906492][T17133] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.009825][T17133] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.231364][T17133] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.349021][ T29] audit: type=1800 audit(8277292038.130:18): pid=17185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2436" name="features" dev="configfs" ino=56932 res=0 errno=0 [ 422.499609][T17133] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 422.531456][T17133] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 422.566197][T17133] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 422.590895][T17133] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 422.736561][T17133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 422.784996][T17133] 8021q: adding VLAN 0 to HW filter on device team0 [ 422.827973][T10316] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.835829][T10316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 422.873871][T10316] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.881687][T10316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.180030][T17133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 423.247400][T17133] veth0_vlan: entered promiscuous mode [ 423.269698][T17133] veth1_vlan: entered promiscuous mode [ 423.302924][ T54] Bluetooth: hci4: command tx timeout [ 423.319532][T17133] veth0_macvtap: entered promiscuous mode [ 423.352001][T17133] veth1_macvtap: entered promiscuous mode [ 423.435924][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.477101][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.502609][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.532554][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.552818][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.566450][T17204] ptrace attach of "./syz-executor exec"[7049] was attempted by "./syz-executor exec"[17204] [ 423.584890][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.624211][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.642586][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.669249][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.704540][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.722651][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.754213][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.771927][T17133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 423.817845][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.842857][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.859735][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.882670][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.897698][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.922872][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.934617][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.946881][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.957941][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.969926][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.981486][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 423.995856][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.008228][T17133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.050360][T17133] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.063271][T17133] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.084429][T17133] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.105217][T17133] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.319897][T14418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.333522][T14411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.364542][T14418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 424.377549][T14411] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.382975][ T54] Bluetooth: hci4: command tx timeout [ 425.539540][T17225] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 425.554449][T17225] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 425.594573][T17225] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 425.611161][T17225] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 425.633270][T17225] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 425.653898][T17225] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 425.686257][T17225] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 425.701492][T17225] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 425.715300][T17225] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 425.728074][T17225] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 425.745984][T17225] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 425.753157][T17225] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 425.764404][T17225] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 426.046395][T17247] futex_wake_op: syz.4.2447 tries to shift op by 64; fix this program [ 426.912757][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 427.299137][T17273] ptrace attach of "./syz-executor exec"[7049] was attempted by "./syz-executor exec"[17273] [ 427.361079][T17233] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[17233] [ 427.622856][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 427.702687][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 427.709468][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 427.782842][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 428.084518][T17293] openvswitch: netlink: Duplicate key (type 15). [ 428.555105][T17309] futex_wake_op: syz.1.2461 tries to shift op by 64; fix this program [ 428.996321][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 429.706684][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 429.763959][T17311] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[17311] [ 429.785535][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 429.792178][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 429.863444][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 430.013894][T17327] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2464'. [ 430.189798][T17327] ip6gre0: entered promiscuous mode [ 430.464932][T17360] netlink: 1204 bytes leftover after parsing attributes in process `syz.4.2472'. [ 430.518524][T17362] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2472'. [ 431.862639][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 431.869367][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 431.942614][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 431.990604][T17401] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[17401] [ 432.375952][T17419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2485'. [ 432.995135][T17449] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2489'. [ 433.033864][T17451] futex_wake_op: syz.2.2491 tries to shift op by 64; fix this program [ 433.505429][T17462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2493'. [ 433.630454][T17462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2493'. [ 433.676652][T17462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2493'. [ 433.865905][T17462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2493'. [ 434.027333][T17462] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2493'. [ 434.102734][T17473] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[17473] [ 435.018170][T17500] futex_wake_op: syz.3.2501 tries to shift op by 64; fix this program [ 438.199467][T17615] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2526'. [ 438.321195][T17619] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2527'. [ 438.345709][T17621] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[17621] [ 438.361759][T17625] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2527'. [ 439.214151][T17646] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2535'. [ 439.232311][T17646] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2535'. [ 439.245312][T17646] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2535'. [ 439.280122][T17646] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2535'. [ 439.306574][T17644] Process accounting resumed [ 439.416298][T17664] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2537'. [ 439.806614][T17681] HfR: entered promiscuous mode [ 439.820801][T17675] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2542'. [ 439.842418][T17675] HfR: left promiscuous mode [ 439.914916][T17684] Line length is too long: Should be less than 4094 [ 440.140971][T17695] netlink: 'syz.2.2547': attribute type 4 has an invalid length. [ 440.150482][T17695] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2547'. [ 440.162185][T17694] netlink: 'syz.2.2547': attribute type 4 has an invalid length. [ 440.266016][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.273825][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.631664][T17708] ip6gre0: entered promiscuous mode [ 443.039482][T17773] tipc: Started in network mode [ 443.077787][T17773] tipc: Node identity ee00, cluster identity 4711 [ 443.127955][T17773] tipc: Node number set to 60928 [ 443.168771][T17782] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[17782] [ 443.984635][T17802] futex_wake_op: syz.3.2574 tries to shift op by 64; fix this program [ 445.108250][T17807] kexec: Could not allocate control_code_buffer syzkaller syzkaller login: [ 445.603542][T17868] erspan0: entered allmulticast mode [ 446.685175][T17903] Process accounting resumed [ 446.776446][T17911] __nla_validate_parse: 3 callbacks suppressed [ 446.776466][T17911] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2588'. [ 447.042838][T17927] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[17927] [ 447.071475][T17926] can: request_module (can-proto-5) failed. [ 447.600062][T17945] futex_wake_op: syz.1.2595 tries to shift op by 64; fix this program [ 447.688949][T17949] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[17949] [ 447.832721][T17954] block nbd0: not configured, cannot reconfigure [ 448.829873][T17970] Process accounting resumed [ 448.855277][T17979] futex_wake_op: syz.4.2602 tries to shift op by 64; fix this program [ 449.322395][T17973] Process accounting resumed [ 449.451939][T17987] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[17987] [ 449.630162][T18013] sd 0:0:1:0: PR command failed: 1026 [ 449.660041][T18013] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 449.682459][T18013] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 450.651031][T18068] Process accounting resumed [ 450.753909][T18074] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(4.1024.4294967293), cmd(2) [ 450.834042][T18078] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(4.1024.4294967293), cmd(2) [ 451.224157][T18091] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[18091] [ 452.276730][T18111] Process accounting resumed [ 453.219885][T18141] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[18141] [ 453.686988][T18150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2636'. [ 454.526255][T18197] QAT: failed to copy from user cfg_data. [ 455.874790][T18244] futex_wake_op: syz.2.2661 tries to shift op by 64; fix this program [ 456.197557][T18240] can: request_module (can-proto-0) failed. [ 457.503775][T18283] netlink: 306 bytes leftover after parsing attributes in process `syz.1.2668'. [ 458.204928][T18287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2669'. [ 458.297839][T18287] mac80211_hwsim hwsim35 wlan1: entered allmulticast mode [ 459.017885][T18295] Process accounting resumed [ 459.875491][T18318] ptrace attach of "./syz-executor exec"[7049] was attempted by "./syz-executor exec"[18318] [ 460.720752][T18326] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 460.738431][T18326] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 460.762757][T18326] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 460.769460][T18326] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 462.263279][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 462.743016][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 462.822638][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 462.822998][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 463.529823][T18421] Process accounting resumed [ 464.245703][T18461] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[18461] [ 464.259929][T18479] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2713'. [ 464.287613][T18479] ip6gre0: entered promiscuous mode [ 464.421404][T18488] Process accounting resumed [ 464.467021][T18492] Invalid ELF header magic: != ELF [ 464.683024][T18499] futex_wake_op: syz.4.2717 tries to shift op by 64; fix this program [ 464.803942][T18501] tty tty17: ldisc open failed (-12), clearing slot 16 [ 464.887039][T18512] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2720'. [ 464.916060][T18508] Process accounting resumed [ 464.949250][T18505] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2719'. [ 464.999492][T18517] netlink: 'syz.3.2722': attribute type 1 has an invalid length. [ 465.422421][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 465.438522][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 465.449120][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 465.460902][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 465.483443][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 465.494291][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 465.787145][T18544] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[18544] [ 465.826414][T18538] chnl_net:caif_netlink_parms(): no params data found [ 465.920600][T18559] futex_wake_op: syz.3.2729 tries to shift op by 64; fix this program [ 465.979826][T18538] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.987819][T18538] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.008965][T18538] bridge_slave_0: entered allmulticast mode [ 466.018598][T18538] bridge_slave_0: entered promiscuous mode [ 466.027073][T18538] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.035781][T18538] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.044002][T18538] bridge_slave_1: entered allmulticast mode [ 466.051792][T18538] bridge_slave_1: entered promiscuous mode [ 466.104208][T18538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 466.121289][T18538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 466.207236][T18538] team0: Port device team_slave_0 added [ 466.219297][T18538] team0: Port device team_slave_1 added [ 466.269199][T18538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 466.277569][T18538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.310463][T18538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 466.365560][T18538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 466.382672][T18538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 466.419010][T18538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 466.534417][T18538] hsr_slave_0: entered promiscuous mode [ 466.545518][T18538] hsr_slave_1: entered promiscuous mode [ 466.552357][T18538] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.570441][T18538] Cannot create hsr debugfs directory [ 466.767829][T18538] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.846831][T18538] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.920093][T18538] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.978989][T18538] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.003341][T18595] vivid-013: ================= START STATUS ================= [ 467.011770][T18595] vivid-013: Generate PTS: true [ 467.038059][T18595] vivid-013: Generate SCR: true [ 467.054408][T18595] tpg source WxH: 640x360 (Y'CbCr) [ 467.069762][T18595] tpg field: 1 [ 467.087100][T18595] tpg crop: 640x360@0x0 [ 467.091699][T18595] tpg compose: 640x360@0x0 [ 467.097196][T18595] tpg colorspace: 8 [ 467.106205][T18595] tpg transfer function: 0/0 [ 467.109120][T18538] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 467.116813][T18595] tpg Y'CbCr encoding: 0/0 [ 467.127644][T18595] tpg quantization: 0/0 [ 467.130178][T18538] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 467.132697][T18595] tpg RGB range: 0/2 [ 467.144586][T18595] vivid-013: ================== END STATUS ================== [ 467.183203][T18538] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 467.203986][T18538] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 467.301173][T18538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.332998][T18538] 8021q: adding VLAN 0 to HW filter on device team0 [ 467.356135][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.363983][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.404247][ T1151] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.412090][ T1151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.546886][ T54] Bluetooth: hci1: command tx timeout [ 467.740613][T18538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.104039][T18538] veth0_vlan: entered promiscuous mode [ 468.145734][T18538] veth1_vlan: entered promiscuous mode [ 468.193127][T18538] veth0_macvtap: entered promiscuous mode [ 468.210193][T18538] veth1_macvtap: entered promiscuous mode [ 468.228899][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.245275][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.266583][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.285523][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.301561][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.322590][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.343136][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.364306][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.386022][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.408176][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.428002][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.452568][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.474769][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.499747][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.523355][T18538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.551574][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.569517][T18626] Process accounting resumed [ 468.582873][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.594166][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.615495][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.626905][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.642579][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.675102][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.693921][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.712571][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.742611][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.753491][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.768565][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.780237][T18538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.792137][T18538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.817082][T18538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 468.844582][T18538] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.872033][T18538] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.892567][T18538] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.912681][T18538] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.972551][T14418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.994775][T14418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.030571][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.059621][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.376985][T18653] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[18653] [ 469.622900][ T54] Bluetooth: hci1: command tx timeout [ 471.035536][T18710] Invalid ELF header magic: != ELF [ 471.435516][T18725] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[18725] [ 471.702746][ T54] Bluetooth: hci1: command tx timeout [ 471.918004][T18714] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2765'. [ 472.183800][T18737] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2771'. [ 473.017481][T18772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2776'. [ 473.422686][T18786] futex_wake_op: syz.1.2780 tries to shift op by 64; fix this program [ 473.782661][ T54] Bluetooth: hci1: command tx timeout [ 473.851526][T18794] nbd: must specify at least one socket [ 474.456061][T18823] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2791'. [ 474.505392][T18823] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2791'. [ 474.773898][T18833] futex_wake_op: syz.4.2793 tries to shift op by 64; fix this program [ 475.615586][T18852] vivid-013: ================= START STATUS ================= [ 475.636291][T18852] vivid-013: Generate PTS: true [ 475.648022][T18852] vivid-013: Generate SCR: true [ 475.656871][T18852] tpg source WxH: 640x360 (Y'CbCr) [ 475.669415][T18852] tpg field: 1 [ 475.678699][T18852] tpg crop: 640x360@0x0 [ 475.699477][T18852] tpg compose: 640x360@0x0 [ 475.712177][T18852] tpg colorspace: 8 [ 475.739954][T18852] tpg transfer function: 0/0 [ 475.755284][T18852] tpg Y'CbCr encoding: 0/0 [ 475.770129][T18852] tpg quantization: 0/0 [ 475.784185][T18852] tpg RGB range: 0/2 [ 475.791880][T18852] vivid-013: ================== END STATUS ================== [ 476.018115][T18878] futex_wake_op: syz.4.2803 tries to shift op by 64; fix this program [ 477.392238][T18901] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[18901] [ 477.797542][T18917] usb usb15: usbfs: interface 0 claimed by hub while 'syz.1.2813' sets config #0 [ 478.234430][T18930] openvswitch: netlink: Multiple metadata blocks provided [ 478.256829][T18930] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2816'. [ 479.833920][T18982] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2828'. [ 480.528315][T19023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2837'. [ 480.610363][T19014] sp0: Synchronizing with TNC [ 480.686653][T19025] zswap: compressor not available [ 480.711969][T19013] [U] è [ 480.840654][T19025] zswap: compressor not available [ 481.269781][T19066] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2849'. [ 481.281099][T19066] ip6gre0: entered promiscuous mode [ 481.409184][T19068] Process accounting resumed [ 481.774759][T19081] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[19081] [ 481.943524][T19088] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[19088] [ 482.168385][T19103] futex_wake_op: syz.4.2860 tries to shift op by 64; fix this program [ 482.896700][T19123] Process accounting resumed [ 483.193416][T19136] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2869'. [ 483.608046][T19134] [U] [ 483.611060][T19134] [U] [ 483.614038][T19134] [U] [ 483.617017][T19134] [U] [ 483.631360][T19134] [U] [ 483.634357][T19134] [U] [ 483.637339][T19134] [U] [ 483.640318][T19134] [U] [ 483.655933][T19134] [U] [ 483.658938][T19134] [U] [ 483.661915][T19134] [U] [ 483.664897][T19134] [U] [ 483.683330][T19137] [U] [ 484.179123][T19154] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[19154] [ 484.769354][T19194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2880'. [ 485.559993][T19210] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2883'. [ 485.623017][T19210] ip6gre0: entered promiscuous mode [ 487.232600][T19263] vivid-013: ================= START STATUS ================= [ 487.261579][T19263] vivid-013: Generate PTS: true [ 487.291366][T19263] vivid-013: Generate SCR: true [ 487.309768][T19263] tpg source WxH: 640x360 (Y'CbCr) [ 487.330062][T19263] tpg field: 1 [ 487.342824][T19267] Invalid ELF header magic: != ELF [ 487.357638][T19263] tpg crop: 640x360@0x0 [ 487.373564][T19263] tpg compose: 640x360@0x0 [ 487.378460][T19263] tpg colorspace: 8 [ 487.404922][T19263] tpg transfer function: 0/0 [ 487.436826][T19263] tpg Y'CbCr encoding: 0/0 [ 487.441730][T19263] tpg quantization: 0/0 [ 487.461012][T19273] Invalid ELF header magic: != ELF [ 487.492572][T19263] tpg RGB range: 0/2 [ 487.522579][T19263] vivid-013: ================== END STATUS ================== [ 488.437135][T19293] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2899'. [ 489.023406][T19303] futex_wake_op: syz.3.2901 tries to shift op by 64; fix this program [ 489.892796][T19327] netlink: 'syz.3.2908': attribute type 72 has an invalid length. [ 490.122031][T19308] Process accounting resumed [ 490.360685][T19346] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 490.693179][T19371] netlink: 'syz.2.2918': attribute type 72 has an invalid length. [ 490.918696][T19392] netlink: 'syz.2.2924': attribute type 2 has an invalid length. [ 491.187180][T19404] futex_wake_op: syz.2.2926 tries to shift op by 64; fix this program [ 491.315417][T19394] Process accounting resumed [ 491.491239][T19418] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2930'. [ 491.676437][T19425] Invalid ELF header magic: != ELF [ 492.404919][T19433] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[19433] [ 493.161089][T19457] Process accounting resumed [ 493.409256][T19449] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[19449] [ 493.438058][T19476] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2943'. [ 494.125362][T19495] can: request_module (can-proto-5) failed. [ 494.295647][T19507] futex_wake_op: syz.2.2952 tries to shift op by 64; fix this program [ 494.768791][T19502] Process accounting resumed [ 495.164002][T19537] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2962'. [ 495.473856][T19541] futex_wake_op: syz.1.2963 tries to shift op by 64; fix this program [ 495.911769][T19558] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 495.921529][T19555] Process accounting resumed [ 496.032576][T19558] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 496.575671][T19575] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2970'. [ 496.692253][T19591] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2973'. [ 496.863007][T19600] futex_wake_op: syz.3.2976 tries to shift op by 64; fix this program [ 497.162778][T19597] Process accounting resumed [ 497.384214][T19625] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2984'. [ 498.162603][T19630] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 498.186090][T19630] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 498.209083][T19630] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 498.232726][T19630] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 498.239315][T19630] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 498.268489][T19630] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 499.166700][T19657] Process accounting resumed [ 499.705018][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 500.262663][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 500.272746][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 500.279617][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 500.684744][T19705] Process accounting resumed [ 500.784515][T19712] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3002'. [ 501.704902][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.712276][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.867747][T19738] futex_wake_op: syz.4.3012 tries to shift op by 64; fix this program [ 502.342726][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 502.359755][T19752] futex_wake_op: syz.4.3024 tries to shift op by 64; fix this program [ 502.385630][T19737] Process accounting resumed [ 502.776740][T19765] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3017'. [ 503.678553][T19783] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[19783] [ 504.422757][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 504.473293][T19825] random: crng reseeded on system resumption [ 504.605709][T19829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3038'. [ 504.785768][T19841] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3039'. [ 504.819016][T19838] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 504.863566][T19840] Process accounting resumed [ 506.688994][T19952] futex_wake_op: syz.2.3057 tries to shift op by 64; fix this program [ 507.292675][T19906] netlink: 306 bytes leftover after parsing attributes in process `syz.4.3047'. [ 507.740206][T19982] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3062'. [ 508.494117][T20002] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3069'. [ 508.561776][T20001] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3069'. [ 508.586063][T20001] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3069'. [ 508.658279][T20006] futex_wake_op: syz.4.3067 tries to shift op by 64; fix this program [ 509.426152][T20031] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3076'. [ 509.655732][T20035] mkiss: ax0: crc mode is auto. [ 509.799776][T20033] vivid-013: ================= START STATUS ================= [ 509.823428][T20033] vivid-013: Generate PTS: true [ 509.837419][T20033] vivid-013: Generate SCR: true [ 509.843766][T20029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3075'. [ 509.856303][T20033] tpg source WxH: 640x360 (Y'CbCr) [ 509.861952][T20033] tpg field: 1 [ 509.875880][T20033] tpg crop: 640x360@0x0 [ 509.885902][T20033] tpg compose: 640x360@0x0 [ 509.899946][T20033] tpg colorspace: 8 [ 509.910056][T20033] tpg transfer function: 0/0 [ 509.920205][T20033] tpg Y'CbCr encoding: 0/0 [ 509.937789][T20033] tpg quantization: 0/0 [ 509.956707][T20033] tpg RGB range: 0/2 [ 509.978069][T20033] vivid-013: ================== END STATUS ================== [ 511.130086][T20041] Process accounting resumed [ 512.079396][T20085] FAULT_INJECTION: forcing a failure. [ 512.079396][T20085] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 512.152901][T20085] CPU: 0 UID: 0 PID: 20085 Comm: syz.3.3089 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 512.164790][T20085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 512.175862][T20085] Call Trace: [ 512.179472][T20085] [ 512.182693][T20085] dump_stack_lvl+0x16c/0x1f0 [ 512.187847][T20085] should_fail_ex+0x497/0x5b0 [ 512.193004][T20085] _copy_from_user+0x2e/0xd0 [ 512.198058][T20085] __sys_bpf+0x215/0x57a0 [ 512.202815][T20085] ? __pfx_lock_release+0x10/0x10 [ 512.208334][T20085] ? __pfx___sys_bpf+0x10/0x10 [ 512.213569][T20085] ? vfs_write+0x306/0x1150 [ 512.218524][T20085] ? __mutex_unlock_slowpath+0x164/0x690 [ 512.224725][T20085] ? fput+0x67/0x440 [ 512.229009][T20085] ? ksys_write+0x1ba/0x250 [ 512.233961][T20085] ? __pfx_ksys_write+0x10/0x10 [ 512.239295][T20085] __x64_sys_bpf+0x78/0xc0 [ 512.244146][T20085] do_syscall_64+0xcd/0x250 [ 512.249097][T20085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.255578][T20085] RIP: 0033:0x7f7544785d29 [ 512.260427][T20085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.281992][T20085] RSP: 002b:00007f75425f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 512.291238][T20085] RAX: ffffffffffffffda RBX: 00007f7544975fa0 RCX: 00007f7544785d29 [ 512.299999][T20085] RDX: 00000000000000a3 RSI: 0000000020000000 RDI: 0000000000000000 [ 512.308756][T20085] RBP: 00007f75425f6090 R08: 0000000000000000 R09: 0000000000000000 [ 512.317515][T20085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.326271][T20085] R13: 0000000000000000 R14: 00007f7544975fa0 R15: 00007ffc6554b878 [ 512.335037][T20085] [ 513.098864][T20098] Process accounting resumed [ 513.423212][T20127] futex_wake_op: syz.3.3095 tries to shift op by 64; fix this program [ 513.545737][T20103] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[20103] [ 513.618071][T20106] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[20106] [ 513.948118][ T29] audit: type=1804 audit(8277292040.500:19): pid=20136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3100" name="/newroot/sys/kernel/tracing/dynamic_events" dev="tracefs" ino=1068 res=1 errno=0 [ 514.625762][T20132] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 514.639269][T20132] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.656245][T20132] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 514.672660][T20132] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 515.234676][T20156] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3104'. [ 515.453007][T20165] futex_wake_op: syz.1.3106 tries to shift op by 64; fix this program [ 516.025600][T20174] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3109'. [ 516.262581][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 516.662763][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 516.669420][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 516.742570][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 516.998846][T20193] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[20193] [ 517.178774][T20189] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 517.190522][T20189] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 517.197402][T20189] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 517.212375][T20189] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 517.368240][T20201] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[20201] [ 517.445827][T20216] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3117'. [ 517.596890][T20224] lo: entered allmulticast mode [ 517.611057][T20228] lo: left allmulticast mode [ 517.633620][T20230] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 518.583078][ T54] Bluetooth: hci0: command 0x0c1a tx timeout [ 519.030294][T20280] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[20280] [ 519.234676][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 519.234696][ T5836] Bluetooth: hci4: command 0x0c1a tx timeout [ 519.241310][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 519.753682][T20305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3136'. [ 519.774698][T20302] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3135'. [ 520.305620][T20294] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 520.313036][T20294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 520.330769][T20294] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 520.353629][T20294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 520.881825][T20338] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3144'. [ 521.102103][T20345] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3146'. [ 521.112592][T20345] ip6gre0: entered promiscuous mode [ 521.476914][T20356] Invalid ELF header magic: != ELF [ 522.342598][ T5836] Bluetooth: hci4: command 0x0c1a tx timeout [ 522.350577][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 522.422588][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 522.759623][T20367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 522.766550][T20367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 522.782879][T20367] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 522.800619][T20367] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 523.399672][T20412] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3159'. [ 523.722815][T20418] futex_wake_op: syz.4.3162 tries to shift op by 64; fix this program [ 524.022648][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 524.150719][T20434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3165'. [ 524.259370][T20434] ipvlan0: entered allmulticast mode [ 524.284148][T20434] veth0_vlan: entered allmulticast mode [ 524.317237][T20439] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3168'. [ 524.332615][T20440] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3168'. [ 524.824490][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 524.831371][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 524.831656][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 525.176754][T20457] futex_wake_op: syz.3.3174 tries to shift op by 64; fix this program [ 525.886670][T20490] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[20490] [ 527.045885][T20515] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3186'. [ 527.638862][T20540] netlink: 184 bytes leftover after parsing attributes in process `syz.4.3194'. [ 528.225040][ T29] audit: type=1326 audit(8277292054.770:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20562 comm="syz.4.3198" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7e0b385d29 code=0x0 [ 528.377145][T20547] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[20547] [ 528.762825][T20575] futex_wake_op: syz.3.3201 tries to shift op by 64; fix this program [ 528.955828][T20580] netlink: 'syz.3.3203': attribute type 27 has an invalid length. [ 528.981317][T20580] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3203'. [ 529.006866][T20579] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3202'. [ 529.297377][T20594] Invalid ELF header magic: != ELF [ 529.910020][T20603] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3209'. [ 530.272174][T20611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3211'. [ 531.109125][T20632] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[20632] [ 531.562955][T20639] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3217'. [ 531.596647][T20630] Process accounting resumed [ 531.993261][T20656] Process accounting resumed [ 531.999882][T20656] bridge0: port 3(team0) entered blocking state [ 532.015990][T20656] bridge0: port 3(team0) entered disabled state [ 532.027540][T20656] team0: entered allmulticast mode [ 532.034596][T20656] team_slave_0: entered allmulticast mode [ 532.040925][T20656] team_slave_1: entered allmulticast mode [ 532.050299][T20656] team0: entered promiscuous mode [ 532.057713][T20656] team_slave_0: entered promiscuous mode [ 532.066198][T20656] team_slave_1: entered promiscuous mode [ 532.084624][T20656] bridge0: port 3(team0) entered blocking state [ 532.091606][T20656] bridge0: port 3(team0) entered forwarding state [ 533.350308][T20684] Process accounting resumed [ 533.670281][T20715] Process accounting resumed [ 533.723892][T20717] Process accounting resumed [ 533.763374][T20715] Process accounting resumed [ 533.768464][T20715] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20715 comm: syz.3.3231) [ 533.855666][T20715] Process accounting resumed [ 533.865449][T20715] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20715 comm: syz.3.3231) [ 533.878393][T20715] Process accounting resumed [ 533.883518][T20715] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20715 comm: syz.3.3231) [ 533.895769][T20715] Process accounting resumed [ 533.900837][T20715] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20715 comm: syz.3.3231) [ 533.915924][T20715] Process accounting resumed [ 533.921013][T20725] vmstat_refresh: nr_hugetlb -22016 [ 533.942169][T20715] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20715 comm: syz.3.3231) [ 534.014221][T20715] Process accounting resumed [ 534.019308][T20715] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20715 comm: syz.3.3231) [ 534.244525][T20709] Process accounting resumed [ 534.249982][T20709] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20709 comm: syz.3.3231) [ 535.077036][T20754] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[20754] [ 535.436877][T20738] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20738 comm: syz.3.3237) [ 535.643674][ T54] Bluetooth: hci3: unexpected event 0x06 length: 4 > 3 [ 536.386740][T20794] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3249'. [ 536.432913][T20794] unsupported nla_type 65535 [ 536.877512][T20783] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20783 comm: syz.3.3246) [ 536.941764][T20810] Process accounting resumed [ 537.874645][T20812] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20812 comm: syz.3.3255) [ 538.402864][T20857] FAULT_INJECTION: forcing a failure. [ 538.402864][T20857] name failslab, interval 1, probability 0, space 0, times 0 [ 538.476343][T20857] CPU: 1 UID: 0 PID: 20857 Comm: syz.2.3267 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 538.488256][T20857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 538.499333][T20857] Call Trace: [ 538.502948][T20857] [ 538.506178][T20857] dump_stack_lvl+0x16c/0x1f0 [ 538.511373][T20857] should_fail_ex+0x497/0x5b0 [ 538.516549][T20857] should_failslab+0xc2/0x120 [ 538.521722][T20857] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 538.527661][T20857] ? skb_clone+0x190/0x3f0 [ 538.532545][T20857] skb_clone+0x190/0x3f0 [ 538.537237][T20857] netlink_deliver_tap+0xafd/0xca0 [ 538.542881][T20857] netlink_unicast+0x5e1/0x7f0 [ 538.548138][T20857] ? __pfx_netlink_unicast+0x10/0x10 [ 538.553976][T20857] ? __phys_addr_symbol+0x30/0x80 [ 538.559528][T20857] ? __check_object_size+0x488/0x710 [ 538.565376][T20857] netlink_sendmsg+0x8b8/0xd70 [ 538.570637][T20857] ? __pfx_netlink_sendmsg+0x10/0x10 [ 538.576473][T20857] ____sys_sendmsg+0x9ae/0xb40 [ 538.581730][T20857] ? copy_msghdr_from_user+0x10b/0x160 [ 538.587775][T20857] ? __pfx_____sys_sendmsg+0x10/0x10 [ 538.593615][T20857] ? rcu_is_watching+0x12/0xc0 [ 538.598887][T20857] ? lock_release+0x4e2/0x6f0 [ 538.604053][T20857] ? get_pid_task+0xfc/0x250 [ 538.609157][T20857] ___sys_sendmsg+0x135/0x1e0 [ 538.614322][T20857] ? get_pid_task+0x35/0x250 [ 538.619391][T20857] ? __pfx____sys_sendmsg+0x10/0x10 [ 538.625140][T20857] ? lock_release+0x4e2/0x6f0 [ 538.630304][T20857] ? __pfx_lock_release+0x10/0x10 [ 538.635845][T20857] ? trace_lock_acquire+0x14e/0x1f0 [ 538.641595][T20857] ? __fget_files+0x206/0x3a0 [ 538.646795][T20857] __sys_sendmsg+0x16e/0x220 [ 538.651871][T20857] ? __pfx___sys_sendmsg+0x10/0x10 [ 538.657549][T20857] ? rcu_is_watching+0x12/0xc0 [ 538.662808][T20857] ? rcu_is_watching+0x12/0xc0 [ 538.668147][T20857] do_syscall_64+0xcd/0x250 [ 538.673122][T20857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.679629][T20857] RIP: 0033:0x7f4c5a185d29 [ 538.684497][T20857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.706090][T20857] RSP: 002b:00007f4c5aeee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 538.715371][T20857] RAX: ffffffffffffffda RBX: 00007f4c5a375fa0 RCX: 00007f4c5a185d29 [ 538.724150][T20857] RDX: 0000000020000000 RSI: 00000000200008c0 RDI: 0000000000000003 [ 538.732930][T20857] RBP: 00007f4c5aeee090 R08: 0000000000000000 R09: 0000000000000000 [ 538.741710][T20857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 538.750510][T20857] R13: 0000000000000000 R14: 00007f4c5a375fa0 R15: 00007ffec9ec88c8 [ 538.759326][T20857] [ 538.955413][T20839] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20839 comm: syz.3.3261) [ 540.317526][T20877] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20877 comm: syz.3.3271) [ 540.324525][T20903] futex_wake_op: syz.2.3276 tries to shift op by 64; fix this program [ 540.497483][T20906] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20906 comm: syz.3.3277) [ 540.749920][T20913] FAULT_INJECTION: forcing a failure. [ 540.749920][T20913] name failslab, interval 1, probability 0, space 0, times 0 [ 540.817757][T20913] CPU: 0 UID: 0 PID: 20913 Comm: syz.2.3279 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 540.829647][T20913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 540.840714][T20913] Call Trace: [ 540.844318][T20913] [ 540.847541][T20913] dump_stack_lvl+0x16c/0x1f0 [ 540.852701][T20913] should_fail_ex+0x497/0x5b0 [ 540.857855][T20913] ? fs_reclaim_acquire+0xae/0x150 [ 540.863492][T20913] should_failslab+0xc2/0x120 [ 540.868657][T20913] __kmalloc_noprof+0xce/0x4f0 [ 540.873908][T20913] ? rcu_is_watching+0x12/0xc0 [ 540.879158][T20913] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 540.887184][T20913] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 540.895016][T20913] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 540.901027][T20913] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 540.907721][T20913] ? genl_get_cmd+0x195/0x580 [ 540.912885][T20913] ? bpf_lsm_capable+0x9/0x10 [ 540.918050][T20913] ? security_capable+0x7e/0x260 [ 540.923500][T20913] ? ns_capable+0xd7/0x110 [ 540.928397][T20913] genl_rcv_msg+0x565/0x800 [ 540.933371][T20913] ? __pfx_genl_rcv_msg+0x10/0x10 [ 540.938906][T20913] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 540.944849][T20913] ? __pfx_nl80211_tdls_oper+0x10/0x10 [ 540.950881][T20913] ? __pfx_nl80211_post_doit+0x10/0x10 [ 540.956906][T20913] netlink_rcv_skb+0x165/0x410 [ 540.962154][T20913] ? __pfx_genl_rcv_msg+0x10/0x10 [ 540.967700][T20913] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 540.973545][T20913] ? down_read+0xc9/0x330 [ 540.978326][T20913] ? __pfx_down_read+0x10/0x10 [ 540.983576][T20913] ? netlink_deliver_tap+0x1ae/0xca0 [ 540.989396][T20913] genl_rcv+0x28/0x40 [ 540.993786][T20913] netlink_unicast+0x53c/0x7f0 [ 540.999037][T20913] ? __pfx_netlink_unicast+0x10/0x10 [ 541.004854][T20913] ? __phys_addr_symbol+0x30/0x80 [ 541.010395][T20913] ? __check_object_size+0x488/0x710 [ 541.016228][T20913] netlink_sendmsg+0x8b8/0xd70 [ 541.021474][T20913] ? __pfx_netlink_sendmsg+0x10/0x10 [ 541.027298][T20913] ____sys_sendmsg+0x9ae/0xb40 [ 541.032545][T20913] ? copy_msghdr_from_user+0x10b/0x160 [ 541.038563][T20913] ? __pfx_____sys_sendmsg+0x10/0x10 [ 541.044385][T20913] ? rcu_is_watching+0x12/0xc0 [ 541.049639][T20913] ? lock_release+0x4e2/0x6f0 [ 541.054785][T20913] ? get_pid_task+0xfc/0x250 [ 541.059847][T20913] ___sys_sendmsg+0x135/0x1e0 [ 541.065003][T20913] ? get_pid_task+0x35/0x250 [ 541.070063][T20913] ? __pfx____sys_sendmsg+0x10/0x10 [ 541.075794][T20913] ? lock_release+0x4e2/0x6f0 [ 541.080946][T20913] ? __pfx_lock_release+0x10/0x10 [ 541.086482][T20913] ? trace_lock_acquire+0x14e/0x1f0 [ 541.092236][T20913] ? __fget_files+0x206/0x3a0 [ 541.097398][T20913] __sys_sendmsg+0x16e/0x220 [ 541.102466][T20913] ? __pfx___sys_sendmsg+0x10/0x10 [ 541.108109][T20913] ? rcu_is_watching+0x12/0xc0 [ 541.113370][T20913] ? rcu_is_watching+0x12/0xc0 [ 541.118641][T20913] do_syscall_64+0xcd/0x250 [ 541.123624][T20913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.130128][T20913] RIP: 0033:0x7f4c5a185d29 [ 541.135006][T20913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.156588][T20913] RSP: 002b:00007f4c5aeee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 541.165862][T20913] RAX: ffffffffffffffda RBX: 00007f4c5a375fa0 RCX: 00007f4c5a185d29 [ 541.174650][T20913] RDX: 0000000020000000 RSI: 00000000200008c0 RDI: 0000000000000003 [ 541.183427][T20913] RBP: 00007f4c5aeee090 R08: 0000000000000000 R09: 0000000000000000 [ 541.192198][T20913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.200978][T20913] R13: 0000000000000000 R14: 00007f4c5a375fa0 R15: 00007ffec9ec88c8 [ 541.209766][T20913] [ 541.526693][T20911] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20911 comm: syz.3.3278) [ 541.651664][T20827] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20827 comm: syz.3.3255) [ 542.345058][T20919] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[20919] [ 542.724104][T20959] FAULT_INJECTION: forcing a failure. [ 542.724104][T20959] name failslab, interval 1, probability 0, space 0, times 0 [ 542.759726][T20959] CPU: 0 UID: 0 PID: 20959 Comm: syz.2.3290 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 542.771621][T20959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 542.782701][T20959] Call Trace: [ 542.786331][T20959] [ 542.789567][T20959] dump_stack_lvl+0x16c/0x1f0 [ 542.794738][T20959] should_fail_ex+0x497/0x5b0 [ 542.799904][T20959] ? fs_reclaim_acquire+0xae/0x150 [ 542.805544][T20959] should_failslab+0xc2/0x120 [ 542.810690][T20959] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 542.817082][T20959] ? __alloc_skb+0x2b3/0x380 [ 542.822131][T20959] ? bpf_lsm_capable+0x9/0x10 [ 542.827270][T20959] __alloc_skb+0x2b3/0x380 [ 542.832128][T20959] ? __pfx___alloc_skb+0x10/0x10 [ 542.837553][T20959] ? genl_rcv_msg+0x510/0x800 [ 542.842693][T20959] ? genl_rcv_msg+0x4bd/0x800 [ 542.847832][T20959] netlink_ack+0x164/0xb20 [ 542.852688][T20959] netlink_rcv_skb+0x327/0x410 [ 542.857918][T20959] ? __pfx_genl_rcv_msg+0x10/0x10 [ 542.863438][T20959] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 542.869246][T20959] ? down_read+0xc9/0x330 [ 542.874013][T20959] ? __pfx_down_read+0x10/0x10 [ 542.879252][T20959] ? netlink_deliver_tap+0x1ae/0xca0 [ 542.885060][T20959] genl_rcv+0x28/0x40 [ 542.889430][T20959] netlink_unicast+0x53c/0x7f0 [ 542.894662][T20959] ? __pfx_netlink_unicast+0x10/0x10 [ 542.900466][T20959] ? __phys_addr_symbol+0x30/0x80 [ 542.905990][T20959] ? __check_object_size+0x488/0x710 [ 542.911803][T20959] netlink_sendmsg+0x8b8/0xd70 [ 542.917040][T20959] ? __pfx_netlink_sendmsg+0x10/0x10 [ 542.922852][T20959] ____sys_sendmsg+0x9ae/0xb40 [ 542.928085][T20959] ? copy_msghdr_from_user+0x10b/0x160 [ 542.934086][T20959] ? __pfx_____sys_sendmsg+0x10/0x10 [ 542.939892][T20959] ? rcu_is_watching+0x12/0xc0 [ 542.945127][T20959] ? lock_release+0x4e2/0x6f0 [ 542.950260][T20959] ? get_pid_task+0xfc/0x250 [ 542.955331][T20959] ___sys_sendmsg+0x135/0x1e0 [ 542.960489][T20959] ? get_pid_task+0x35/0x250 [ 542.965554][T20959] ? __pfx____sys_sendmsg+0x10/0x10 [ 542.971277][T20959] ? lock_release+0x4e2/0x6f0 [ 542.976425][T20959] ? __pfx_lock_release+0x10/0x10 [ 542.981939][T20959] ? trace_lock_acquire+0x14e/0x1f0 [ 542.987663][T20959] ? __fget_files+0x206/0x3a0 [ 542.992806][T20959] __sys_sendmsg+0x16e/0x220 [ 542.997854][T20959] ? __pfx___sys_sendmsg+0x10/0x10 [ 543.003476][T20959] ? rcu_is_watching+0x12/0xc0 [ 543.008712][T20959] ? rcu_is_watching+0x12/0xc0 [ 543.013946][T20959] do_syscall_64+0xcd/0x250 [ 543.018899][T20959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.025379][T20959] RIP: 0033:0x7f4c5a185d29 [ 543.030223][T20959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.051786][T20959] RSP: 002b:00007f4c5aeee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 543.061034][T20959] RAX: ffffffffffffffda RBX: 00007f4c5a375fa0 RCX: 00007f4c5a185d29 [ 543.069793][T20959] RDX: 0000000020000000 RSI: 00000000200008c0 RDI: 0000000000000003 [ 543.078549][T20959] RBP: 00007f4c5aeee090 R08: 0000000000000000 R09: 0000000000000000 [ 543.087309][T20959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.096064][T20959] R13: 0000000000000000 R14: 00007f4c5a375fa0 R15: 00007ffec9ec88c8 [ 543.104830][T20959] [ 543.572765][ T29] audit: type=1804 audit(8277292070.120:21): pid=20980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3296" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=82 res=1 errno=0 [ 543.658081][ T29] audit: type=1804 audit(8277292070.120:22): pid=20980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3296" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=82 res=1 errno=0 [ 544.227976][T20926] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 20926 comm: syz.3.3284) [ 544.297740][T21003] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[21003] [ 544.689608][T21008] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3304'. [ 544.785966][T21001] Process accounting resumed [ 544.997555][T21027] FAULT_INJECTION: forcing a failure. [ 544.997555][T21027] name failslab, interval 1, probability 0, space 0, times 0 [ 545.011961][T21027] CPU: 1 UID: 0 PID: 21027 Comm: syz.2.3309 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 545.023828][T21027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 545.034906][T21027] Call Trace: [ 545.038526][T21027] [ 545.041763][T21027] dump_stack_lvl+0x16c/0x1f0 [ 545.046937][T21027] should_fail_ex+0x497/0x5b0 [ 545.052114][T21027] should_failslab+0xc2/0x120 [ 545.057297][T21027] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 545.063231][T21027] ? skb_clone+0x190/0x3f0 [ 545.068098][T21027] skb_clone+0x190/0x3f0 [ 545.072766][T21027] netlink_deliver_tap+0xafd/0xca0 [ 545.078383][T21027] netlink_unicast+0x6b4/0x7f0 [ 545.083616][T21027] ? __pfx_netlink_unicast+0x10/0x10 [ 545.089421][T21027] ? genl_rcv_msg+0x4bd/0x800 [ 545.094563][T21027] netlink_ack+0x6a5/0xb20 [ 545.099415][T21027] netlink_rcv_skb+0x327/0x410 [ 545.104649][T21027] ? __pfx_genl_rcv_msg+0x10/0x10 [ 545.110175][T21027] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 545.115985][T21027] ? down_read+0xc9/0x330 [ 545.120744][T21027] ? __pfx_down_read+0x10/0x10 [ 545.125982][T21027] ? netlink_deliver_tap+0x1ae/0xca0 [ 545.131788][T21027] genl_rcv+0x28/0x40 [ 545.136165][T21027] netlink_unicast+0x53c/0x7f0 [ 545.141396][T21027] ? __pfx_netlink_unicast+0x10/0x10 [ 545.147203][T21027] ? __phys_addr_symbol+0x30/0x80 [ 545.152725][T21027] ? __check_object_size+0x488/0x710 [ 545.158537][T21027] netlink_sendmsg+0x8b8/0xd70 [ 545.163963][T21027] ? __pfx_netlink_sendmsg+0x10/0x10 [ 545.169773][T21027] ____sys_sendmsg+0x9ae/0xb40 [ 545.175009][T21027] ? copy_msghdr_from_user+0x10b/0x160 [ 545.181012][T21027] ? __pfx_____sys_sendmsg+0x10/0x10 [ 545.186819][T21027] ? rcu_is_watching+0x12/0xc0 [ 545.192055][T21027] ? lock_release+0x4e2/0x6f0 [ 545.197189][T21027] ? get_pid_task+0xfc/0x250 [ 545.202235][T21027] ___sys_sendmsg+0x135/0x1e0 [ 545.207376][T21027] ? get_pid_task+0x35/0x250 [ 545.212421][T21027] ? __pfx____sys_sendmsg+0x10/0x10 [ 545.218139][T21027] ? lock_release+0x4e2/0x6f0 [ 545.223277][T21027] ? __pfx_lock_release+0x10/0x10 [ 545.228791][T21027] ? trace_lock_acquire+0x14e/0x1f0 [ 545.234508][T21027] ? __fget_files+0x206/0x3a0 [ 545.239650][T21027] __sys_sendmsg+0x16e/0x220 [ 545.244702][T21027] ? __pfx___sys_sendmsg+0x10/0x10 [ 545.250322][T21027] ? rcu_is_watching+0x12/0xc0 [ 545.255559][T21027] ? rcu_is_watching+0x12/0xc0 [ 545.260793][T21027] do_syscall_64+0xcd/0x250 [ 545.265744][T21027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.272224][T21027] RIP: 0033:0x7f4c5a185d29 [ 545.277070][T21027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.298627][T21027] RSP: 002b:00007f4c5aeee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 545.307877][T21027] RAX: ffffffffffffffda RBX: 00007f4c5a375fa0 RCX: 00007f4c5a185d29 [ 545.316637][T21027] RDX: 0000000020000000 RSI: 00000000200008c0 RDI: 0000000000000003 [ 545.325397][T21027] RBP: 00007f4c5aeee090 R08: 0000000000000000 R09: 0000000000000000 [ 545.334153][T21027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 545.342910][T21027] R13: 0000000000000000 R14: 00007f4c5a375fa0 R15: 00007ffec9ec88c8 [ 545.351678][T21027] [ 545.793501][T21024] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21024 comm: syz.3.3303) [ 545.889792][T21043] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[21043] [ 545.923555][T21053] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21053 comm: syz.3.3317) [ 545.939189][T21057] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3318'. [ 546.038230][T21064] FAULT_INJECTION: forcing a failure. [ 546.038230][T21064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 546.054629][T21064] CPU: 1 UID: 0 PID: 21064 Comm: syz.1.3320 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 546.066497][T21064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 546.077550][T21064] Call Trace: [ 546.081141][T21064] [ 546.084354][T21064] dump_stack_lvl+0x16c/0x1f0 [ 546.089497][T21064] should_fail_ex+0x497/0x5b0 [ 546.094646][T21064] _copy_to_user+0x32/0xd0 [ 546.099499][T21064] simple_read_from_buffer+0xd0/0x160 [ 546.105396][T21064] proc_fail_nth_read+0x198/0x270 [ 546.110923][T21064] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 546.117022][T21064] ? bpf_lsm_file_permission+0x9/0x10 [ 546.122935][T21064] ? security_file_permission+0x71/0x210 [ 546.129126][T21064] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 546.135226][T21064] vfs_read+0x1df/0xbe0 [ 546.139791][T21064] ? __fget_files+0x1fc/0x3a0 [ 546.144928][T21064] ? __pfx___mutex_lock+0x10/0x10 [ 546.150452][T21064] ? __pfx_vfs_read+0x10/0x10 [ 546.155612][T21064] ? __fget_files+0x206/0x3a0 [ 546.160774][T21064] ksys_read+0x12b/0x250 [ 546.165451][T21064] ? __pfx_ksys_read+0x10/0x10 [ 546.170686][T21064] ? rcu_is_watching+0x12/0xc0 [ 546.175923][T21064] ? rcu_is_watching+0x12/0xc0 [ 546.181156][T21064] do_syscall_64+0xcd/0x250 [ 546.186106][T21064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.192582][T21064] RIP: 0033:0x7fbb5838473c [ 546.197432][T21064] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 546.218990][T21064] RSP: 002b:00007fbb5917e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 546.228237][T21064] RAX: ffffffffffffffda RBX: 00007fbb58575fa0 RCX: 00007fbb5838473c [ 546.237000][T21064] RDX: 000000000000000f RSI: 00007fbb5917e0a0 RDI: 0000000000000004 [ 546.245757][T21064] RBP: 00007fbb5917e090 R08: 0000000000000000 R09: 0000000000000000 [ 546.254515][T21064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 546.263272][T21064] R13: 0000000000000000 R14: 00007fbb58575fa0 R15: 00007ffd2e010c18 [ 546.272033][T21064] [ 546.275460][ C1] vkms_vblank_simulate: vblank timer overrun [ 546.327835][T21061] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21061 comm: syz.3.3319) [ 546.395737][T21074] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3323'. [ 546.416327][T21074] bond0: (slave bond_slave_1): Releasing backup interface [ 546.611456][T21068] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21068 comm: syz.3.3322) [ 546.806617][T21093] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3327'. [ 546.829676][T21087] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3326'. [ 546.850198][T21087] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 547.449108][T21126] netlink: 'syz.2.3335': attribute type 1 has an invalid length. [ 547.523329][T21129] ptrace attach of "./syz-executor exec"[16900] was attempted by "./syz-executor exec"[21129] [ 547.560010][T21090] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21090 comm: syz.3.3327) [ 547.768863][T21131] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21131 comm: syz.3.3336) [ 547.930662][T21140] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21140 comm: syz.3.3337) [ 548.256783][T21160] openvswitch: netlink: Key 4 has unexpected len 20 expected 12 [ 548.510746][T21167] futex_wake_op: syz.2.3345 tries to shift op by 64; fix this program [ 548.863472][T21141] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21141 comm: syz.3.3338) [ 548.930488][T21173] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21173 comm: syz.3.3348) [ 549.280547][T21176] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21176 comm: syz.3.3349) [ 549.618975][T21184] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21184 comm: syz.3.3350) [ 550.151867][T21197] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21197 comm: syz.3.3355) [ 551.772728][T21244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3365'. [ 552.043428][T21211] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21211 comm: syz.3.3359) [ 552.397092][T21256] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21256 comm: syz.3.3368) [ 552.588392][T21276] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21276 comm: syz.3.3373) [ 553.185028][T21288] kernel write not supported for file net/rpc/nfs4.idtoname/channel (pid: 21288 comm: syz.3.3376) [ 553.225305][T21288] Process accounting resumed [ 553.275173][T21298] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3378'. [ 553.285562][T21298] ip6gre0: entered promiscuous mode [ 553.615512][T21306] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3380'. [ 553.782004][T21314] random: crng reseeded on system resumption [ 554.626791][T21363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3388'. [ 554.977706][ T29] audit: type=1800 audit(8277292081.530:23): pid=21375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3389" name="features" dev="configfs" ino=77161 res=0 errno=0 [ 555.027601][T21352] cgroup: fork rejected by pids controller in /syz1 [ 556.418010][T21427] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3393'. [ 557.736509][T21483] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[21483] [ 558.814452][T21632] futex_wake_op: syz.3.3403 tries to shift op by 64; fix this program [ 559.345584][T21671] Invalid ELF header magic: != ELF [ 559.625729][T21700] Process accounting resumed [ 560.194257][T21725] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3417'. [ 560.242716][T21725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3417'. [ 560.956230][T21738] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3420'. [ 562.112608][T20451] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 562.130302][T20451] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 562.141269][T20451] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 562.153916][T20451] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 562.162203][T20451] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 562.170579][T20451] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 562.283956][T21768] chnl_net:caif_netlink_parms(): no params data found [ 562.455043][T21768] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.476487][T21768] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.505430][T21768] bridge_slave_0: entered allmulticast mode [ 562.533935][T21768] bridge_slave_0: entered promiscuous mode [ 562.552321][T21768] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.562703][T21768] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.570856][T21768] bridge_slave_1: entered allmulticast mode [ 562.578709][T21768] bridge_slave_1: entered promiscuous mode [ 562.620904][T21768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.643612][T21768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.698648][T21768] team0: Port device team_slave_0 added [ 562.723380][T21768] team0: Port device team_slave_1 added [ 562.751372][T21768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 562.762298][T21768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.790863][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.822587][T21768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 562.841776][T21768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 562.852527][T21768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.907356][T21768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 563.015110][T21768] hsr_slave_0: entered promiscuous mode [ 563.027205][T21768] hsr_slave_1: entered promiscuous mode [ 563.034172][T21768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 563.052592][T21768] Cannot create hsr debugfs directory [ 563.145562][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.153019][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.170255][T21768] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.316743][T21768] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.398661][T21768] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.497957][T21768] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.693524][T21768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 563.717945][T21768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 563.757686][T21768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 563.785544][T21768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 563.914216][T21768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 563.937509][T21796] kexec: Could not allocate control_code_buffer [ 563.953372][T21768] 8021q: adding VLAN 0 to HW filter on device team0 [ 563.979054][ T8649] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.986891][ T8649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 564.026109][ T8649] bridge0: port 2(bridge_slave_1) entered blocking state [ 564.033960][ T8649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 564.119852][T21813] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3439'. [ 564.183865][ T54] Bluetooth: hci2: command tx timeout [ 564.347180][T21768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 564.393736][T21768] veth0_vlan: entered promiscuous mode [ 564.404418][T21768] veth1_vlan: entered promiscuous mode [ 564.442031][T21768] veth0_macvtap: entered promiscuous mode [ 564.480302][T21768] veth1_macvtap: entered promiscuous mode [ 564.538632][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.551937][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.564548][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.576181][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.587643][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.599225][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.610187][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.621768][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.633060][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.663044][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.675289][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.687798][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.699151][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.720866][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.742173][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.762539][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.778995][T21768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 564.806023][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.835607][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.849734][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.861931][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.873290][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.884900][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.896199][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.911591][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.925517][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.929225][T21841] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3443'. [ 564.947865][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.959173][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.971207][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.982156][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.994224][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.005392][T21768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.017041][T21768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.029367][T21768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.083976][T21768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.100189][T21768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.109998][T21768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.120169][T21768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.218983][T14418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.245050][T14418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.319081][ T8649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.340588][ T8649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 566.277544][ T54] Bluetooth: hci2: command tx timeout [ 567.096346][T21899] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[21899] [ 567.250221][T21895] Process accounting resumed [ 568.280842][T21932] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3462'. [ 568.352713][ T54] Bluetooth: hci2: command tx timeout [ 568.408274][T21932] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3462'. [ 568.457684][T21932] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 570.250220][T21951] Process accounting resumed [ 570.372023][T21960] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3468'. [ 570.415051][T21960] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.422944][ T54] Bluetooth: hci2: command tx timeout [ 570.423396][T21960] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.684075][T21973] delete_channel: no stack [ 571.219332][T21993] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3479'. [ 571.295884][T21961] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[21961] [ 571.902049][T22010] netlink: 'syz.3.3484': attribute type 19 has an invalid length. [ 571.912185][T22010] netlink: 310 bytes leftover after parsing attributes in process `syz.3.3484'. [ 572.585492][T22026] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3487'. [ 572.644395][T22026] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 572.779467][T22037] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3491'. [ 572.821681][T22037] veth1_macvtap: left promiscuous mode [ 573.754630][T22073] netlink: 'syz.4.3502': attribute type 10 has an invalid length. [ 573.763872][T22073] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3502'. [ 574.992030][T22077] kexec: Could not allocate control_code_buffer [ 575.211943][T22120] openvswitch: netlink: Flow actions attr not present in new flow. syzkaller syzkaller login: [ 575.796448][T22142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3521'. [ 575.871623][T22142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3521'. [ 576.052152][T22132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3517'. [ 576.347163][T22156] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[22156] [ 576.978307][T22177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3530'. [ 577.194804][T22183] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3532'. [ 577.878301][T22202] tipc: Started in network mode [ 577.883841][T22202] tipc: Node identity ee00, cluster identity 4711 [ 577.890902][T22202] tipc: Node number set to 60928 [ 578.440835][T22206] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[22206] [ 578.684782][T22213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3540'. [ 578.825978][T22219] can: request_module (can-proto-5) failed. [ 579.195663][T22242] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3548'. [ 579.212376][T22242] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3548'. [ 579.709908][T22263] openvswitch: netlink: Flow actions attr not present in new flow. [ 580.296058][T22274] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[22274] [ 580.524474][T22292] nfsd: Unknown parameter 'IPVS' [ 580.864941][T22309] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3569'. [ 581.403450][T22316] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[22316] [ 582.888462][T22367] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 583.784542][T22379] futex_wake_op: syz.4.3586 tries to shift op by 64; fix this program [ 583.990739][T22391] RDS: rds_bind could not find a transport for 86a4:131b:e300:1000::, load rds_tcp or rds_rdma? [ 584.034893][T22391] RDS: rds_bind could not find a transport for 86a4:131b:e300:1000::, load rds_tcp or rds_rdma? [ 584.161687][T22396] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 584.829349][T22410] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 585.602677][T22431] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 585.700369][T22436] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[22436] [ 587.825431][T22469] netlink: 242 bytes leftover after parsing attributes in process `syz.2.3611'. [ 589.223838][T22498] nbd: socks must be embedded in a SOCK_ITEM attr [ 589.460313][T22485] kexec: Could not allocate control_code_buffer [ 590.383119][T22543] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3636'. [ 590.415564][T22543] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3636'. [ 590.632216][T22557] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[22557] [ 590.644572][T22558] futex_wake_op: syz.3.3639 tries to shift op by 64; fix this program [ 590.856009][T22552] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 591.088511][T22556] HSR: entered promiscuous mode [ 592.430002][T22655] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[22655] [ 592.558609][T22685] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3665'. [ 592.650429][T22689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3665'. [ 592.989669][T22697] netlink: 'syz.1.3668': attribute type 2 has an invalid length. [ 593.680451][T22715] Invalid ELF header magic: != ELF [ 594.361345][T22728] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3675'. [ 594.425185][T22728] ip6gre0: entered promiscuous mode [ 595.547914][T22764] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3684'. [ 596.568535][T22769] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3686'. [ 596.624660][T22778] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3688'. [ 598.104384][T22798] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[22798] [ 600.390253][T22881] cgroup: fork rejected by pids controller in /syz4 [ 602.443859][T22992] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[22992] [ 602.707600][T22997] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3723'. [ 603.253420][T23014] Invalid ELF header magic: != ELF [ 604.106695][T23032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3733'. [ 605.220933][T23060] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input136 [ 606.963198][T23115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 608.171975][T23137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3755'. [ 608.467588][T23135] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3756'. [ 608.495688][T23135] ip6gre0: entered promiscuous mode [ 609.904181][T23170] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3764'. [ 609.975692][T23170] gretap0: entered promiscuous mode [ 610.412054][T23182] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3767'. [ 611.588798][T23212] openvswitch: netlink: Flow actions attr not present in new flow. [ 611.715563][T23215] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3776'. [ 611.774014][T23215] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3776'. [ 612.303793][T23245] netlink: 'syz.2.3773': attribute type 11 has an invalid length. [ 613.843567][T23286] netlink: 'syz.3.3791': attribute type 21 has an invalid length. [ 613.901084][T23286] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3791'. [ 614.734681][T23324] scsi_dev_info_list_add_str: bad dev info string '/dev/udmabuf' '' '' [ 615.342251][T23340] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[23340] [ 619.781872][T23417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3825'. [ 620.604496][T23447] netlink: 326 bytes leftover after parsing attributes in process `syz.3.3833'. [ 620.898068][T23461] WARNING! power/level is deprecated; use power/control instead [ 621.708298][T23472] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[23472] [ 621.797121][T23487] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3840'. [ 622.256548][T23494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3842'. [ 622.436811][T23504] Invalid ELF header magic: != ELF [ 624.609190][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.616226][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.837895][T23536] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3852'. [ 624.861606][T23536] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3852'. [ 626.062772][T23570] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input137 [ 626.144130][T23574] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input138 [ 626.935140][T23582] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3862'. [ 627.156220][T23589] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3865'. [ 627.323107][T23589] gretap0: entered promiscuous mode [ 627.822049][T23606] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input139 [ 627.829300][T23607] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3868'. [ 627.925765][T23611] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input140 [ 628.869828][T23634] futex_wake_op: syz.3.3874 tries to shift op by 64; fix this program [ 629.097374][T23641] sctp: [Deprecated]: syz.2.3877 (pid 23641) Use of int in maxseg socket option. [ 629.097374][T23641] Use struct sctp_assoc_value instead [ 629.936956][T23670] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input141 [ 630.163495][T23675] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input142 [ 630.699879][T23692] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[23692] [ 630.998049][T23713] futex_wake_op: syz.3.3895 tries to shift op by 64; fix this program [ 631.500183][T23725] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3897'. [ 632.298323][T23746] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3901'. [ 632.610388][T23753] futex_wake_op: syz.1.3905 tries to shift op by 64; fix this program [ 633.527770][T23794] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 633.863868][T23782] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[23782] [ 635.133238][T23833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3924'. [ 635.209077][T23835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3924'. [ 635.515627][T23847] futex_wake_op: syz.3.3927 tries to shift op by 64; fix this program [ 635.653854][T23846] mkiss: ax0: crc mode is auto. [ 637.446763][T23898] netlink: 504 bytes leftover after parsing attributes in process `syz.3.3940'. [ 638.433009][T23929] random: crng reseeded on system resumption [ 638.654667][T23938] nbd: must specify a device to reconfigure [ 638.806997][T23942] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input143 [ 638.950640][T23955] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3954'. [ 638.975949][T23955] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 639.006310][T23947] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input144 [ 639.976915][T23995] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3965'. [ 640.152823][T23995] vcan0: entered promiscuous mode [ 640.922917][T24014] futex_wake_op: syz.4.3970 tries to shift op by 64; fix this program [ 641.045791][T24009] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[24009] [ 642.047557][T24045] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3977'. [ 642.144603][T24057] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3980'. [ 642.942165][T24071] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3984'. [ 642.983268][T24071] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3984'. [ 643.239798][T24064] Process accounting resumed [ 645.804576][T24131] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3998'. [ 645.833232][T24131] veth1_to_team: entered allmulticast mode [ 645.990361][T24140] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3999'. [ 646.495188][T24155] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4004'. [ 648.453447][T24189] Process accounting resumed [ 648.468159][T24188] bridge0: port 3(team0) entered blocking state [ 648.487608][T24188] bridge0: port 3(team0) entered disabled state [ 648.506533][T24188] team0: entered allmulticast mode [ 648.519735][T24188] team_slave_1: entered allmulticast mode [ 648.538186][T24188] team0: entered promiscuous mode [ 648.550548][T24188] team_slave_1: entered promiscuous mode [ 648.566490][T24188] bridge0: port 3(team0) entered blocking state [ 648.573490][T24188] bridge0: port 3(team0) entered listening state [ 648.942164][T24208] futex_wake_op: syz.3.4016 tries to shift op by 64; fix this program [ 650.311925][T24239] netlink: 252 bytes leftover after parsing attributes in process `syz.3.4026'. [ 650.389555][T24241] openvswitch: netlink: nsh attr 1 has unexpected len 14 expected 8 [ 650.475970][T24245] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4028'. [ 650.532024][T24249] futex_wake_op: syz.4.4030 tries to shift op by 64; fix this program [ 651.016674][T24265] Process accounting resumed [ 651.105517][T24280] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4039'. [ 651.119554][T24280] ipvlan0: entered allmulticast mode [ 651.129341][T24280] veth0_vlan: entered allmulticast mode [ 651.173281][ T29] audit: type=1800 audit(8277292035.000:24): pid=24283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4038" name="trace_pipe" dev="tracefs" ino=83 res=0 errno=0 [ 651.174970][T24280] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4039'. [ 651.334608][T24288] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4041'. [ 651.345671][T24289] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4041'. [ 651.381634][T24275] ptrace attach of "./syz-executor exec"[18538] was attempted by "./syz-executor exec"[24275] [ 652.643405][T24340] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 653.647512][T24364] Process accounting resumed [ 653.687893][T24374] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4064'. [ 654.256085][T24393] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[24393] [ 654.570880][T24403] futex_wake_op: syz.1.4072 tries to shift op by 64; fix this program [ 656.331587][T24420] Process accounting resumed [ 656.492975][T24456] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[24456] [ 657.320036][T24474] HfR: entered promiscuous mode [ 657.371935][T24474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4087'. [ 657.432459][T24474] HfR: left promiscuous mode [ 657.450996][T24476] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4087'. [ 659.824762][T24525] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4101'. [ 659.859823][T24527] futex_wake_op: syz.4.4102 tries to shift op by 64; fix this program [ 659.884551][T24525] can: request_module (can-proto-0) failed. [ 661.700485][T24574] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4118'. [ 663.201536][T24662] futex_wake_op: syz.1.4137 tries to shift op by 64; fix this program [ 663.456058][T24670] nbd: must specify an index to disconnect [ 663.622558][ C1] bridge0: port 3(team0) entered learning state [ 664.123636][ T29] audit: type=1326 audit(8277292047.950:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24680 comm="syz.2.4144" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4c5a185d29 code=0x0 [ 664.193648][ T29] audit: type=1326 audit(8277292047.950:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24680 comm="syz.2.4144" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4c5a185d29 code=0x0 [ 664.230245][T24697] futex_wake_op: syz.4.4148 tries to shift op by 64; fix this program [ 664.472920][T24709] netlink: 50 bytes leftover after parsing attributes in process `syz.1.4152'. [ 664.901418][T24732] futex_wake_op: syz.2.4159 tries to shift op by 64; fix this program [ 665.474343][T24747] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[24747] [ 665.890895][T24757] netlink: 172 bytes leftover after parsing attributes in process `syz.4.4166'. [ 666.564590][T24775] Invalid ELF header magic: != ELF [ 667.069133][T24786] futex_wake_op: syz.2.4172 tries to shift op by 64; fix this program [ 667.672076][T24797] ovs_: entered promiscuous mode [ 668.062778][T24818] futex_wake_op: syz.1.4182 tries to shift op by 64; fix this program [ 668.617234][T24849] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input151 [ 668.806681][T24857] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input152 [ 668.916599][T24864] futex_wake_op: syz.4.4193 tries to shift op by 64; fix this program [ 670.388260][T24893] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input153 [ 670.606678][T24908] futex_wake_op: syz.1.4205 tries to shift op by 64; fix this program [ 670.644627][T24899] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input154 [ 671.797507][T24933] ptrace attach of "./syz-executor exec"[16773] was attempted by "./syz-executor exec"[24933] [ 671.960583][T24948] futex_wake_op: syz.1.4215 tries to shift op by 64; fix this program [ 672.040873][T24946] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4214'. [ 672.065318][T24946] ip6gre0: entered promiscuous mode [ 673.346348][T24992] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[24992] [ 673.487585][T24999] futex_wake_op: syz.2.4228 tries to shift op by 64; fix this program [ 674.004626][T25009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4231'. [ 674.149861][T25009] ip6gre0: entered promiscuous mode [ 674.446386][T25008] Process accounting resumed [ 675.149726][T25036] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4239'. [ 676.280218][T25061] Process accounting resumed [ 676.766337][T25083] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4250'. [ 676.850544][T25080] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4251'. [ 677.854557][T25122] futex_wake_op: syz.2.4261 tries to shift op by 64; fix this program [ 678.043961][T25129] Invalid ELF header magic: != ELF [ 678.873052][T25159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4270'. [ 678.992571][ C1] bridge0: port 3(team0) entered forwarding state [ 678.999787][ C1] bridge0: topology change detected, propagating [ 679.175767][T25160] Invalid ELF header magic: != ELF [ 679.371605][T25176] futex_wake_op: syz.2.4273 tries to shift op by 64; fix this program [ 680.567956][T25200] openvswitch: netlink: Message has 4 unknown bytes. [ 680.616128][T25220] futex_wake_op: syz.3.4283 tries to shift op by 64; fix this program [ 680.906799][T25226] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4285'. [ 680.922773][T25227] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4285'. [ 680.994798][T25226] hsr_slave_0: left promiscuous mode [ 681.044703][T25226] hsr_slave_1: left promiscuous mode [ 682.550271][T25278] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4295'. [ 683.881500][T25304] cgroup: fork rejected by pids controller in /syz3 [ 684.239551][T25304] KVM: debugfs: duplicate directory 25304-4 [ 684.406418][T25304] KVM: debugfs: duplicate directory 25304-4 [ 685.435678][T25383] Invalid ELF header magic: != ELF [ 686.026529][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.034292][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.581523][T25410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4316'. [ 686.709405][T25422] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[25422] [ 686.972025][T25425] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input157 [ 687.037374][T25426] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input158 [ 687.267993][T25430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4322'. [ 687.319997][T25428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4321'. [ 687.394080][T25431] futex_wake_op: syz.2.4321 tries to shift op by 64; fix this program [ 687.526876][T25437] netlink: 352 bytes leftover after parsing attributes in process `syz.2.4325'. [ 688.102786][T20451] Bluetooth: hci2: command 0x0406 tx timeout [ 688.145729][T25472] openvswitch: netlink: IP tunnel dst address not specified [ 688.164766][T25472] openvswitch: netlink: IP tunnel dst address not specified [ 688.186534][T25474] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4335'. [ 688.241583][T25474] futex_wake_op: syz.1.4335 tries to shift op by 64; fix this program [ 688.697598][T25493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4340'. [ 689.027140][T25513] HfR: entered promiscuous mode [ 689.586031][T25541] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4354'. [ 689.659246][T25541] team0: Port device team_slave_1 removed [ 689.996986][T25564] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[25564] [ 690.821473][T25587] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4363'. [ 692.470961][T25622] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[25622] [ 693.651549][T25668] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4380'. [ 693.689321][T25675] Invalid ELF header magic: != ELF [ 694.089388][T25679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4382'. [ 694.190239][T25681] openvswitch: HfR: Dropping previously announced user features [ 694.215261][T25682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4383'. [ 694.246108][T25682] HfR: left promiscuous mode [ 694.882026][T25702] netlink: 130 bytes leftover after parsing attributes in process `syz.2.4389'. [ 695.039638][T25715] program syz.3.4393 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 695.063372][T25715] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 695.063845][T25698] ptrace attach of "./syz-executor exec"[21768] was attempted by "./syz-executor exec"[25698] [ 695.111356][T25718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4394'. [ 696.826198][T25766] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[25766] [ 697.862665][T25813] netlink: 'syz.2.4420': attribute type 1 has an invalid length. [ 697.902435][T25813] nbd: error processing sock list [ 698.279277][T25823] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input159 [ 698.429421][T25824] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input160 [ 698.715029][T25829] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4424'. [ 698.764581][T25829] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4424'. [ 699.224769][T25843] futex_wake_op: syz.2.4429 tries to shift op by 64; fix this program [ 699.879083][T25858] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input161 [ 700.024196][T25859] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input162 [ 700.315949][T25866] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(5) [ 700.328913][T25866] lo: entered allmulticast mode [ 700.448020][T25864] lo: left allmulticast mode [ 700.837751][T25885] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4440'. [ 701.347127][T25891] futex_wake_op: syz.3.4441 tries to shift op by 64; fix this program [ 701.616597][T25900] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input163 [ 701.697127][T25903] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input164 [ 702.703406][T25920] futex_wake_op: syz.2.4450 tries to shift op by 64; fix this program [ 702.896530][T25926] Invalid ELF header magic: != ELF [ 705.483972][T25971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4459'. [ 705.519847][T25971] lo: entered promiscuous mode [ 708.070541][T26069] netlink: zone id is out of range [ 708.101560][T26069] netlink: set zone limit has 8 unknown bytes [ 709.056344][T26097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4498'. [ 709.109157][T26097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4498'. [ 709.196368][T26118] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4503'. [ 709.963865][T26149] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4512'. [ 709.991064][T26148] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4512'. [ 712.556361][T26251] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4533'. [ 713.353182][T26262] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4537'. [ 713.807469][T26264] ptrace attach of "./syz-executor exec"[17133] was attempted by "./syz-executor exec"[26264] [ 714.509556][T26309] kAFS: No cell specified [ 714.537567][T26295] : Can't lookup blockdev [ 715.162836][T26318] Invalid ELF header magic: != ELF [ 715.533704][T26318] Invalid ELF header magic: != ELF [ 715.948315][T26318] Invalid ELF header magic: != ELF [ 716.332080][T26318] Invalid ELF header magic: != ELF [ 716.390705][T26318] Invalid ELF header magic: != ELF [ 716.643009][T26386] random: crng reseeded on system resumption [ 717.618528][T26408] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4575'. [ 718.052452][T26407] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4576'. [ 718.858941][T26441] nbd: must specify at least one socket [ 720.601026][T26507] FAULT_INJECTION: forcing a failure. [ 720.601026][T26507] name failslab, interval 1, probability 0, space 0, times 0 [ 720.601810][T26505] Invalid ELF header magic: != ELF [ 720.618949][T26507] CPU: 0 UID: 0 PID: 26507 Comm: syz.3.4601 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 720.632647][T26507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 720.643725][T26507] Call Trace: [ 720.647339][T26507] [ 720.650565][T26507] dump_stack_lvl+0x16c/0x1f0 [ 720.655732][T26507] should_fail_ex+0x497/0x5b0 [ 720.660890][T26507] ? fs_reclaim_acquire+0xae/0x150 [ 720.666512][T26507] should_failslab+0xc2/0x120 [ 720.671651][T26507] __kmalloc_node_noprof+0xd1/0x520 [ 720.677368][T26507] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 720.684135][T26507] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 720.690132][T26507] ? kernel_text_address+0x8d/0x100 [ 720.695835][T26507] __kvmalloc_node_noprof+0xad/0x1a0 [ 720.701639][T26507] traverse.part.0.constprop.0+0x392/0x640 [ 720.708016][T26507] ? __pfx_lock_release+0x10/0x10 [ 720.713530][T26507] ? trace_lock_acquire+0x14e/0x1f0 [ 720.719240][T26507] seq_read_iter+0x934/0x12b0 [ 720.724376][T26507] ? lock_release+0x4e2/0x6f0 [ 720.729503][T26507] seq_read+0x39f/0x4e0 [ 720.734058][T26507] ? __pfx_seq_read+0x10/0x10 [ 720.739194][T26507] ? copy_iovec_from_user+0x138/0x170 [ 720.745110][T26507] ? iovec_from_user.part.0+0x7e/0x130 [ 720.751120][T26507] ? apparmor_file_permission+0x251/0x400 [ 720.757404][T26507] full_proxy_read+0xfb/0x1b0 [ 720.762539][T26507] ? __pfx_full_proxy_read+0x10/0x10 [ 720.768352][T26507] vfs_readv+0x6bf/0x890 [ 720.773004][T26507] ? __pfx_lock_release+0x10/0x10 [ 720.778515][T26507] ? __pfx_vfs_readv+0x10/0x10 [ 720.783765][T26507] ? __fget_files+0x1fc/0x3a0 [ 720.788913][T26507] ? __pfx_lock_release+0x10/0x10 [ 720.794426][T26507] ? __fget_files+0x206/0x3a0 [ 720.799556][T26507] ? do_preadv+0x1b1/0x270 [ 720.804396][T26507] do_preadv+0x1b1/0x270 [ 720.809049][T26507] ? __pfx_do_preadv+0x10/0x10 [ 720.814274][T26507] ? rcu_is_watching+0x12/0xc0 [ 720.819518][T26507] ? rcu_is_watching+0x12/0xc0 [ 720.824775][T26507] do_syscall_64+0xcd/0x250 [ 720.829741][T26507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.836212][T26507] RIP: 0033:0x7f7544785d29 [ 720.841079][T26507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.862659][T26507] RSP: 002b:00007f75425f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 720.871905][T26507] RAX: ffffffffffffffda RBX: 00007f7544975fa0 RCX: 00007f7544785d29 [ 720.880664][T26507] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0040000000000003 [ 720.889425][T26507] RBP: 00007f75425f6090 R08: 0000000000000005 R09: 0000000000000000 [ 720.898182][T26507] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 720.906939][T26507] R13: 0000000000000000 R14: 00007f7544975fa0 R15: 00007ffc6554b878 [ 720.915710][T26507] [ 721.395092][T26534] lo: entered allmulticast mode [ 721.414922][T26533] lo: left allmulticast mode [ 721.446506][T26538] FAULT_INJECTION: forcing a failure. [ 721.446506][T26538] name failslab, interval 1, probability 0, space 0, times 0 [ 721.482594][T26538] CPU: 0 UID: 0 PID: 26538 Comm: syz.3.4612 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 721.494497][T26538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 721.505587][T26538] Call Trace: [ 721.509212][T26538] [ 721.512455][T26538] dump_stack_lvl+0x16c/0x1f0 [ 721.517643][T26538] should_fail_ex+0x497/0x5b0 [ 721.517769][T26541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4613'. [ 721.522796][T26538] ? fs_reclaim_acquire+0xae/0x150 [ 721.522829][T26538] should_failslab+0xc2/0x120 [ 721.522861][T26538] __kmalloc_cache_noprof+0x68/0x420 [ 721.549182][T26538] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 721.555987][T26538] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 721.562021][T26538] ? kernel_text_address+0x8d/0x100 [ 721.567757][T26538] gpiolib_seq_start+0x69/0x270 [ 721.573123][T26538] traverse.part.0.constprop.0+0xac/0x640 [ 721.579431][T26538] ? __pfx_lock_release+0x10/0x10 [ 721.584977][T26538] ? trace_lock_acquire+0x14e/0x1f0 [ 721.590721][T26538] seq_read_iter+0x934/0x12b0 [ 721.595894][T26538] ? lock_release+0x4e2/0x6f0 [ 721.601059][T26538] seq_read+0x39f/0x4e0 [ 721.605650][T26538] ? __pfx_seq_read+0x10/0x10 [ 721.610813][T26538] ? copy_iovec_from_user+0x138/0x170 [ 721.616748][T26538] ? iovec_from_user.part.0+0x7e/0x130 [ 721.622782][T26538] ? apparmor_file_permission+0x251/0x400 [ 721.629107][T26538] full_proxy_read+0xfb/0x1b0 [ 721.634297][T26538] ? __pfx_full_proxy_read+0x10/0x10 [ 721.640133][T26538] vfs_readv+0x6bf/0x890 [ 721.644825][T26538] ? __pfx_lock_release+0x10/0x10 [ 721.650379][T26538] ? __pfx_vfs_readv+0x10/0x10 [ 721.655636][T26538] ? __fget_files+0x1fc/0x3a0 [ 721.660799][T26538] ? __pfx_lock_release+0x10/0x10 [ 721.666348][T26538] ? __fget_files+0x206/0x3a0 [ 721.671523][T26538] ? do_preadv+0x1b1/0x270 [ 721.676410][T26538] do_preadv+0x1b1/0x270 [ 721.681091][T26538] ? __pfx_do_preadv+0x10/0x10 [ 721.686347][T26538] ? rcu_is_watching+0x12/0xc0 [ 721.691615][T26538] ? rcu_is_watching+0x12/0xc0 [ 721.696875][T26538] do_syscall_64+0xcd/0x250 [ 721.701867][T26538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.708371][T26538] RIP: 0033:0x7f7544785d29 [ 721.713249][T26538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.734837][T26538] RSP: 002b:00007f75425f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 721.744114][T26538] RAX: ffffffffffffffda RBX: 00007f7544975fa0 RCX: 00007f7544785d29 [ 721.752902][T26538] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0040000000000003 [ 721.761691][T26538] RBP: 00007f75425f6090 R08: 0000000000000005 R09: 0000000000000000 [ 721.770485][T26538] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 721.779271][T26538] R13: 0000000000000000 R14: 00007f7544975fa0 R15: 00007ffc6554b878 [ 721.788066][T26538] [ 721.803643][T26538] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 721.817554][T26538] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 721.826822][T26538] CPU: 0 UID: 0 PID: 26538 Comm: syz.3.4612 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 721.838679][T26538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 721.849756][T26538] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 721.855791][T26538] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 721.877369][T26538] RSP: 0018:ffffc900055579a0 EFLAGS: 00010247 [ 721.884035][T26538] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888050f44018 [ 721.892794][T26538] RDX: 0000000000000000 RSI: ffffffff84cccf7e RDI: 0000000000000004 [ 721.901557][T26538] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff2039d5a [ 721.910315][T26538] R10: ffffffff901cead7 R11: 0000000000000000 R12: ffffffff8bb59ba0 [ 721.919074][T26538] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90005557b88 [ 721.927829][T26538] FS: 00007f75425f66c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 721.937649][T26538] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 721.944899][T26538] CR2: 0000001b32b11ff8 CR3: 0000000032394000 CR4: 00000000003526f0 [ 721.953689][T26538] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 721.962458][T26538] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 721.971220][T26538] Call Trace: [ 721.974815][T26538] [ 721.978030][T26538] ? die_addr+0x3b/0xa0 [ 721.982597][T26538] ? exc_general_protection+0x155/0x230 [ 721.988703][T26538] ? asm_exc_general_protection+0x26/0x30 [ 721.994993][T26538] ? gpiolib_seq_stop+0xe/0xe0 [ 722.000236][T26538] ? gpiolib_seq_stop+0x4c/0xe0 [ 722.005570][T26538] traverse.part.0.constprop.0+0x2bd/0x640 [ 722.011950][T26538] ? __pfx_lock_release+0x10/0x10 [ 722.017476][T26538] seq_read_iter+0x934/0x12b0 [ 722.022619][T26538] ? lock_release+0x4e2/0x6f0 [ 722.027754][T26538] seq_read+0x39f/0x4e0 [ 722.032319][T26538] ? __pfx_seq_read+0x10/0x10 [ 722.037455][T26538] ? copy_iovec_from_user+0x138/0x170 [ 722.043364][T26538] ? iovec_from_user.part.0+0x7e/0x130 [ 722.049369][T26538] ? apparmor_file_permission+0x251/0x400 [ 722.055666][T26538] full_proxy_read+0xfb/0x1b0 [ 722.060807][T26538] ? __pfx_full_proxy_read+0x10/0x10 [ 722.066621][T26538] vfs_readv+0x6bf/0x890 [ 722.071278][T26538] ? __pfx_lock_release+0x10/0x10 [ 722.076798][T26538] ? __pfx_vfs_readv+0x10/0x10 [ 722.082033][T26538] ? __fget_files+0x1fc/0x3a0 [ 722.087171][T26538] ? __pfx_lock_release+0x10/0x10 [ 722.092692][T26538] ? __fget_files+0x206/0x3a0 [ 722.097832][T26538] ? do_preadv+0x1b1/0x270 [ 722.102681][T26538] do_preadv+0x1b1/0x270 [ 722.107341][T26538] ? __pfx_do_preadv+0x10/0x10 [ 722.112579][T26538] ? rcu_is_watching+0x12/0xc0 [ 722.117816][T26538] ? rcu_is_watching+0x12/0xc0 [ 722.123054][T26538] do_syscall_64+0xcd/0x250 [ 722.128006][T26538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.134507][T26538] RIP: 0033:0x7f7544785d29 [ 722.139364][T26538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 722.160930][T26538] RSP: 002b:00007f75425f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 722.170178][T26538] RAX: ffffffffffffffda RBX: 00007f7544975fa0 RCX: 00007f7544785d29 [ 722.178938][T26538] RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0040000000000003 [ 722.187697][T26538] RBP: 00007f75425f6090 R08: 0000000000000005 R09: 0000000000000000 [ 722.196456][T26538] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 722.205215][T26538] R13: 0000000000000000 R14: 00007f7544975fa0 R15: 00007ffc6554b878 [ 722.213978][T26538] [ 722.217295][T26538] Modules linked in: [ 722.222753][T26538] ---[ end trace 0000000000000000 ]--- [ 722.262462][T26538] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 722.309241][T26538] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 722.357167][T26538] RSP: 0018:ffffc900055579a0 EFLAGS: 00010247 [ 722.387850][T26538] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888050f44018 [ 722.399373][T26538] RDX: 0000000000000000 RSI: ffffffff84cccf7e RDI: 0000000000000004 [ 722.434366][T26538] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff2039d5a [ 722.451268][T26538] R10: ffffffff901cead7 R11: 0000000000000000 R12: ffffffff8bb59ba0 [ 722.472159][T26538] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90005557b88 [ 722.482301][T26538] FS: 00007f75425f66c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 722.495343][T26538] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 722.504211][T26538] CR2: 00007fd61f5452d8 CR3: 0000000032394000 CR4: 00000000003526f0 [ 722.520009][T26538] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 722.529255][T26538] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 722.541566][T26538] Kernel panic - not syncing: Fatal exception [ 722.548511][T26538] Kernel Offset: disabled [ 722.553257][T26538] Rebooting in 86400 seconds..