last executing test programs: 17m1.578762121s ago: executing program 1 (id=4011): r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 17m1.385331155s ago: executing program 1 (id=4013): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x79, 0x0, 0x8) 17m0.3343581s ago: executing program 1 (id=4020): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) io_uring_setup$auto(0x23, 0x0) clock_nanosleep$auto(0x2, 0x4, 0x0, 0xffffffffffffffff) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x40341, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200000, 0x0) open(0x0, 0x161342, 0x0) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x6, &(0x7f0000000000)={{0x100000001, 0x3ff}, {0x5a, 0x2}}, 0x0) 16m59.411294425s ago: executing program 1 (id=4027): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 16m59.104639059s ago: executing program 1 (id=4030): mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x7) statmount$auto(0x0, &(0x7f0000000180)={0xfffffffb, 0xd, 0x9, 0x3, 0x400026, 0x940, 0x1ffdb, 0x3, 0x6, 0x7ff, 0xfffffffa, 0x9, 0xfff, 0xfffffffffffffffc, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x6, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x8000, 0x100002, 0x8001, 0x1, 0x0, 0x0, [0x0, 0x0, 0xf73, 0x0, 0x0, 0x2000003, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0, 0x4]}, 0xfffff7fffffffffa, 0x8000081) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x9}, 0x3) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x1c, 0x4, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x20, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x6, 0x8, 0x0, 0x3, @attach_btf_obj_fd, 0x6, 0xffff, 0x8, 0x0, 0xfffffffe}, 0x47) io_setup$auto(0xffff, &(0x7f0000000580)) 16m56.096673424s ago: executing program 1 (id=4051): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_AGE={0x8, 0x4, 0x5}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IFINDEX={0x8}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400400}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x9c0a7fc06f585e63) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 16m56.008628093s ago: executing program 32 (id=4051): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_AGE={0x8, 0x4, 0x5}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IFINDEX={0x8}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400400}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x9c0a7fc06f585e63) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m9.314324758s ago: executing program 3 (id=8790): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x8) r0 = socket(0x22, 0x3, 0x1) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, 0xffffffffffffffff, 0x6) write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58) 3m8.321438765s ago: executing program 3 (id=8791): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) mmap$auto(0x1, 0x202000b, 0x3, 0xeb1, r0, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000480)=""/4096, 0x1000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) readahead$auto(0xffffffffffffffff, 0x6, 0x2) listen$auto(0xffffffffffffffff, 0x5ed) r2 = open(0x0, 0x42842, 0x95) read$auto(r2, 0x0, 0x1) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) write$auto(r3, 0x0, 0x6) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_PPPIOCSPASS(r4, 0x40107447, 0x0) 3m8.048887388s ago: executing program 3 (id=8794): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r0) syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, 0x0, 0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0xffffffffffffffff, 0x7, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) 3m6.834154812s ago: executing program 3 (id=8802): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) io_uring_setup$auto(0x9e6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ADD_UEID(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@SMC_NLA_EID_TABLE_ENTRY={0x5, 0x1, '['}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x8092) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwritev$auto(r0, 0x0, 0xffffffffffffffae, 0x90, 0xfffffffffffffb84) 3m5.35706352s ago: executing program 3 (id=8806): read$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x5, 0x2020009, 0x0, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x6, 0x1, 0x6) setresuid$auto(0x8, 0x0, 0x4) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002ca4706b67dbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004814) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x9, 0x400008, 0x40000000000000df, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xd71, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) fanotify_mark$auto(0x0, 0x9, 0x10000008, 0x4, 0x0) 3m4.396427888s ago: executing program 3 (id=8813): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x147602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) fadvise64$auto_POSIX_FADV_NOREUSE(r2, 0x8, 0x963, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffff7ffffffffffa, 0x8000) setgroups$auto(0xe32, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x4a}]}, 0x1c}}, 0x4000) getsockopt$auto_SO_SNDTIMEO_OLD(r2, 0x6, 0x15, &(0x7f0000000040)='\x00', &(0x7f0000000100)=0x3800) r5 = openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x400100, 0x0) read$auto_stats_seq_fops_netdebug(r5, &(0x7f00000004c0)=""/4096, 0x1000) 2m49.241879227s ago: executing program 33 (id=8813): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x147602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) fadvise64$auto_POSIX_FADV_NOREUSE(r2, 0x8, 0x963, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffff7ffffffffffa, 0x8000) setgroups$auto(0xe32, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x4a}]}, 0x1c}}, 0x4000) getsockopt$auto_SO_SNDTIMEO_OLD(r2, 0x6, 0x15, &(0x7f0000000040)='\x00', &(0x7f0000000100)=0x3800) r5 = openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x400100, 0x0) read$auto_stats_seq_fops_netdebug(r5, &(0x7f00000004c0)=""/4096, 0x1000) 2m31.547499895s ago: executing program 4 (id=8911): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000180), 0x90203, 0x0) write$auto_nvmf_dev_fops_fabrics(r0, 0x0, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fb0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, &(0x7f0000000040)='nbd\x00', 0x4) 2m30.408316166s ago: executing program 4 (id=8914): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x400, 0x8000) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x201, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f00000002c0), 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x100, 0x0) 2m29.303325784s ago: executing program 4 (id=8916): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) close_range$auto(0x2, 0x8, 0x0) timer_settime$auto(0x101, 0x1, &(0x7f0000000080)={{0x6}, {0x3d2, 0x3ff}}, 0x0) 2m26.67757866s ago: executing program 4 (id=8929): socket(0xa, 0x2, 0x73) readv$auto(0x3, 0x0, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x400, 0x8000) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/dynamic_events\x00', 0x201, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) shutdown$auto(0x200000003, 0x2) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x100, 0x0) 2m26.126372672s ago: executing program 4 (id=8922): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000011500), 0x40002, 0x0) socket(0x2, 0x801, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x29, 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/dfscache\x00', 0xc2402, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty17\x00', 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x101880, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) 2m25.342724713s ago: executing program 4 (id=8927): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(&(0x7f0000000000)={0x20, @raw, 0x80000026, 0xd97, 0x2}, 0x0, 0x7ffffffff000, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r1) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf2504000000140001800800020000000000080001"], 0x28}, 0x1, 0x0, 0x0, 0x24000001}, 0x844) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x7, 0x0) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x80000000}, 0x9) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_PLCA_NODE_CNT={0x8, 0x5, 0xffff931f}, @ETHTOOL_A_PLCA_NODE_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x800) r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x4605, 0x0) 2m24.059367454s ago: executing program 2 (id=8931): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x44) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x20000081) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x7ff, 0x9, 0x63, 0x0, 0x0, 0x0, 0x8, 0x200, 0x800000000100002, 0x40000406, 0x2, 0xc, 0x2, 0x11, 0x6, 0x7}) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xee46}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m23.260446872s ago: executing program 2 (id=8933): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x8, 0x6, 0x2) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) socket(0x15, 0x5, 0x0) bind$auto(0x3, 0x0, 0x79) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) setresuid$auto(0x2, 0xffffffffffffffff, 0x200) keyctl$auto(0xb, 0xfffffffd, 0x7, 0xfffffffffff00003, 0x6) syz_clone3(&(0x7f0000000200)={0x186800080, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58) kill$auto(0x0, 0x21) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) openat$auto_deferred_devs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101080, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/dirty_ratio\x00', 0x250c80, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fffe000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) keyctl$auto(0x1e, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) 2m22.805130368s ago: executing program 2 (id=8936): setresgid$auto(0xffffffffffffffff, 0x0, 0xee00) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x101a00, 0x0) migrate_pages$auto(0x0, 0x3, 0x0, 0x0) r0 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_percent\x00', 0x80000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x201, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/kvm/irq_exits\x00', 0x22002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) syz_clone3(&(0x7f0000000200)={0x182000080, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x6, 0x346, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40800, 0x0) utime$auto(0x0, 0x0) readv$auto(r0, &(0x7f0000000040)={0x0, 0x2}, 0x5) 2m20.650792348s ago: executing program 2 (id=8941): mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0xff) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getsockopt$auto_SO_PEERSEC(0xffffffffffffffff, 0x6, 0x1f, 0x0, &(0x7f0000000200)=0x8) r0 = socket(0x2b, 0x1, 0x1) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x15, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) setsockopt$auto(r0, 0x29, 0x20, 0x0, 0x20) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x7ffffffe, 0xa, 0x0, 0x46) 2m17.435088243s ago: executing program 2 (id=8943): sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) unshare$auto(0x40000080) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x202, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0xc2481, 0x0) acct$auto(0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x141000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0xdef, 0x0) 2m16.767119324s ago: executing program 2 (id=8947): r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000240), 0xa002, 0x0) writev$auto(r0, &(0x7f00000000c0)={0x0, 0x10000000001}, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0xad00, 0x0) readv$auto(r1, 0x0, 0x3) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, 0x0, 0x40000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x220840, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0x0, 0x1, 0x1) 2m10.266478902s ago: executing program 34 (id=8927): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(&(0x7f0000000000)={0x20, @raw, 0x80000026, 0xd97, 0x2}, 0x0, 0x7ffffffff000, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r1) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf2504000000140001800800020000000000080001"], 0x28}, 0x1, 0x0, 0x0, 0x24000001}, 0x844) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x7, 0x0) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x80000000}, 0x9) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_PLCA_NODE_CNT={0x8, 0x5, 0xffff931f}, @ETHTOOL_A_PLCA_NODE_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x800) r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x4605, 0x0) 2m1.603663837s ago: executing program 35 (id=8947): r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000240), 0xa002, 0x0) writev$auto(r0, &(0x7f00000000c0)={0x0, 0x10000000001}, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, 0x0, 0xad00, 0x0) readv$auto(r1, 0x0, 0x3) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, 0x0, 0x40000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x220840, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0x0, 0x1, 0x1) 12.259375253s ago: executing program 6 (id=9260): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) r1 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/mac80211_hwsim/hwsim15\x00', 0x80, 0x0) ioctl$auto_XFS_IOC_EXCHANGE_RANGE(r1, 0x40285881, &(0x7f00000001c0)={r0, 0x0, 0x8001, 0x19b0b7ce, 0x3, 0xc}) setsockopt$auto(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x8004) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) r2 = socketcall$auto_SYS_SOCKETPAIR(0x8, 0x0) splice$auto(r2, &(0x7f0000001d00)=0x1, 0xffffffffffffffff, 0x0, 0x6, 0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) ioctl$auto_UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, &(0x7f0000000000)={0x4, 0x10000}) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) sendfile$auto(r3, r3, 0x0, 0x5) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x408440, 0x0) ioctl$auto_SNDCTL_DSP_RESET(r0, 0x5000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x8900, 0x0) timer_create$auto(0x9, 0x0, &(0x7f0000000140)=0x6) r4 = openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x1a3540, 0x0) read$auto_proc_timers_operations_base(r4, &(0x7f0000000080)=""/173, 0xad) write$auto(0x3, 0x0, 0x7ffffffa) 11.468266865s ago: executing program 0 (id=9263): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020008, 0x7, 0xb9, 0xfffffffffffffffa, 0x9) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000ff, 0x400, 0x9}]}) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) 9.897559111s ago: executing program 0 (id=9264): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x2, 0x80002, 0x73) socket(0x10, 0x3, 0x6) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x69) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) shutdown$auto(0x200000003, 0x2) kcmp$auto(0x1, 0x1, 0x7, 0x4, 0xe) 9.897325761s ago: executing program 6 (id=9265): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x87, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0x23, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x3, 0x2, 0x0, 0x3, 0x8, 0x2, {0x2100000000, 0x10000}, 0xfffffffffffffffc, 0x73d, 0xffffffffffffffdd, 0x1008001, 0x0, 0x6, 0x21b, 0xffffffff, 0xa747, 0x7, 0x1000}) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) gettid() kexec_load$auto(0x3, 0x2, &(0x7f0000000040)={@buf=&(0x7f0000000140)="5bafd56c2c122bc0003f91ad0e2963b1259c512c75114cd1bf833777c5f1aa905ac6eaa258e2aca172f1b2fb7932baaa9e6bdd5d4c193da127fe2ae6116f2ad909a5ee204ca4094f82cb444aed85374298875fd1e2c861610242a6b8c01c0e2bb8d7896b6d6286d95dcd06fbd7120d0e562fe7fb9f334d7067ea42", 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b4d", 0x3a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) setrlimit$auto(0x2, &(0x7f0000000040)={0x0, 0x20000000000006}) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) 9.658506561s ago: executing program 5 (id=9266): mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) socket(0x10, 0x2, 0x0) memfd_secret$auto(0x0) getsockopt$auto(r0, 0x84, 0x6c, 0x0, &(0x7f0000000280)=0x1000c0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301001, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) 9.657388941s ago: executing program 0 (id=9267): mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmmsg$auto(r0, 0x0, 0x7, 0x4008) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x200003, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) 9.090196528s ago: executing program 5 (id=9269): r0 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) mmap$auto(0xffffffffffffffff, 0x202000b, 0x3, 0x18, r0, 0x2003) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000040), r2) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40008002}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r3, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@THERMAL_GENL_ATTR_CDEV_NAME={0x14, 0x12, 'syzkaller1\x00'}, @THERMAL_GENL_ATTR_CPU_CAPABILITY_PERFORMANCE={0x8, 0x16, 0xf6c}, @THERMAL_GENL_ATTR_CDEV_MAX_STATE={0x8, 0x11, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x44880}, 0x8800) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x89a3, 0x24) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f00000001c0), 0x8000, 0x0) clone$auto(0x100000000021, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000000140)='0[.[\x00', 0xcd04) sysfs$auto(0x2, 0x101000000000007, 0x0) r5 = bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) mmap$auto(0x0, 0x20009, 0x20004000010000df, 0xeb2, r5, 0x8000) io_setup$auto(0x80002, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(0xffffffffffffffff, 0x40084149, &(0x7f0000001080)=0x7) mmap$auto(0x0, 0x7, 0x619, 0xeb1, 0xfffffffffffffffa, 0x8007) mmap$auto(0x0, 0x400008, 0x5f, 0x1b5e, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) 7.797962513s ago: executing program 6 (id=9270): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) socket(0x29, 0x801, 0x4) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x200000000, 0xfffdfffffffffffa, 0x1, 0x1, 0x6, 0x0, 0x7, 0x4ec4445, 0x2, {0x100000000, 0x5}, 0x5, 0x1, 0x10000000000009, 0x1008000, 0x0, 0x8, 0x81, 0xdfffffffffff6295, 0x10000000000406, 0x4, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) fchdir$auto(0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x9, 0x9816}, 0x7f, 0x3) 6.268172231s ago: executing program 6 (id=9271): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptysd\x00', 0x101802, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f0000000580)="7fd0a917413f68", 0x7) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x100008000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000007c0)="2996f5d27a440ce9faf71c3508666b2b2a5880a91123e55238bef0342a9c01fd5673f76eee086476bbf8bc71135157887dfb8dc47e175972c8801f2d38564744c698b98be51d174ce142cd13257697c28603f576917d11965970717c8316ed3ff1ba4fbcf65b8cd02c21e40bd93778574472be9fb525a05bdb7d8645b5241633113ff17f478dcb0399ce398d9646663d8ac36cf872ab47483b324c3cf5bb113dd2da7ce81e9ebfaef438830b2d63a1840c031f4690d5b8049aeb22999ea3c95b769d3913af71f4c2053482a04d6dcb76718fae1ae96bf1b9b9f25bd5e3cb17fa2869a8fd884e44d0a1c44deecb0e580c5053adea7195e871583489586056f0f09f90213b72b6d68da0b1c829795dd757a8049a7a664903f04830eae1d32ce0ebed189dace91ba276df7b7138caecdbd7a955b7dcb9e491896dd89b8e4895141f8e54b4b877ed994380cf7af82df38aca6e520725a7325dccce7830d2e9aa356ff9d0ebe28ff2d5957c333ed56c10f1532a4c8cf5dd2fab436467d391e08a175b431e3d43770d8b6595c46d29abfff2d56c23c83a8bef9d2793539e89a12ecd73486769152de0bbdb545925dcb946a7852a38fa1bd26e460454ff488797fde6bf0d3f93ff960fde697b00d739c52fb4d3baf57742c363a9c47c449cb46e1e5e3d161f9cf78c4ff5a4d2f9fd3d3cffcfb77832c87c04b7a24ae09fb62a535c114036dff8ca2e6ebd0127d3acc18748758d4e9e1f0aaae9ed2a9794268124d228d8958b023e562935db8ac7c7575c883e11207c4abb1d5922ed2f889ae9feabd7c779b301c445d60a23b7b695691cc32254c191039e1cff749479ef6566f7bc17b4606424826ab31c58c4eaae383955d660c87a79fc0575440d536c6868716d0e47c622ba7afd41a6663c21d8e6e238139456d1e3bb5bd17f53e6b5f1a67ff244b86d25aeae57a23c7f696067c30039f053763dddfb923e77144bc6d6a9f2a78699407af5f0775f3e7326390b22bf10542a32ccdf4825376bb9e602468c5ddb62c512ab74becf8f664292b6d133fad45ce90182180ea2d39730d71f35f2f84d3ca292f41be61ac465968364abe48df5e11d44552588a0e77357ed4a6c4a6451a4ec2b87b2ce7c9eacf35f193474efef489a6843a6ebaa48e2eecde69dab237383677ac879d2096129c3b17d7765f756b7281b269d735a2d476257400ef5c00cb3c1e5e3cc7555f38d15454219dec3cf14c0b8fbdf8bcb6da46488aecb81641940c37866266318a8eb2488c5a532554d45b89d7dfe735e8fcb133ed8af217cf758a1e90b895aa9f515ff2360ae1e9909bcb30b754b56e0b56f0af79933506e35a9ea23621f6dee68d3f4488a9c42b9e3fab0e6cc6fd22022a3a2dafacaecacd66b98496f105755b09c017d542cf18c4fb0cfe9dbe6ffad6db6fa96303f7361c847a4516b9845ef5eafec89fcfbef38a0d367db8c10ed5460c8ba96cbec43e174b4ee5dd755bc987e50ef58c483327a19245ee2a2c9753225622837fccea3934d2d5fba043a323b9fedb5e7ca23d9aaf22bfb9a42447e89acab0a6268a7cbc20997ee0713f0cce2172f6f360401953e359a026004ed765e421e24a96cc33db0eba7a94cba3a36b501482e2c4f06270aa32a613fc22143bc3a951bac23aea4de2c15be6b9e42434a69b383cad441cbe49f4b1932ecaaa65a1e898eee88c6a6dbb1bd1d1830f7b50afc0d33f4a5d16ca6449671649d5f25e333762761b0f30eb0c82ac0d2a0476d14c689dfc3b2e0ac25c06bc2692d2b6c29d50483b76ffaabe4d0081ef598893ea2e9ec1f5afdf43fad511bbee12f662b836773fbb260a5ed96be3a13e2d07d884d93d4eff3a2edab53359ee6bb3c207bf4043736f29e51e00ddcdf360a576199049867f5df0830c877ef372ee2d213dd05d3cfc4d41dbc1c27e795bdefb5285e42ef432f6f0e4c35c0a326db442d9c90b3556e1db9a34e66e7e221c58912d369150a357e3edee1b22cf9860fedf2a6e47e98ef1614c9fa299b8d0ba529b9952ba5e6fd47982489a6fb955430e509119c7192cc0bc3d9c901d7986030fdff62ff9ae833cfd008678a76f0727618f7bbc322ae6195e2c0273685e7080ed88b0077cdce57feed07e3485bf680c73ed114a6fcdfdac7b773d45da37d6254cef387d4613ed427e3668e94b5a184149340ee6af311f4e4b88d4e6375563b3f20019c5593575bbb854ea25fd0916f20e052a29dabf035aee9be8f9a82becee856cb93762b9105b58b1e8fdd30beacc811f0560e06ba92fd261e7c9190bf9388997a17023bb5bf59c1cf0cf5bcfb4f704a00a37dbf0baadafa5b512da9759284b39ae9340e0444c6e13cd5c87f0b4003685387058f78336c7a0c8174005a5840142825e1836b4dd7e038a3a51cc788a5e76e381ed751f160af40ef4baf93845c44d5d6f4b3a001020fc56f0737729ac035ea75c141b80cdd3c944518751e99be30532d70c56bdd8de5e8e831d9b04848d0f9cebdb162ea04229cabc17571b4eb6680155f0faf62a49bf93eb9fcef979541789ae2f2ebccc3afaa0c6a4573be9c448bf5f9670044e98a8afaf4a70bc8a0dd80267f88097fbd6b795d5328fb5242c128bfb76434d0f961ca6ab45bee8138158137bc4b2f14bd2585c973ad38dca1619a2ef9f8f3d9edfb1b5e2ae3ac7e74b700a59b69aeb072b967bda3b4f70f3140c788f01093fa9e7de807a463485b4dc0d315dd38463b3664321ce2a55e414a5ac9ec8b9ef66d1275aad5f96337893b1227052bb4532f21f49d54cb8cb185785a10cd7a0e1b80606efc75afefd66fc889e0668a4921bdbaa55d2c56e9583724d308548acc77374abb1d467211fc2e86b1d637ac08b481f257e01284bee5557202662574a4aeaa8328ab42a757c9a19af5781c86f1dbbb267e65fb16525d209494a37834ca25ba9dcb1634825ab8e9d794ff4f18a8c89627a9b2c07fdbb01aa02bddf7f34edf086cc44fc1b849a8c39114d5cebb963efb886c35270e32bd434f2b9d5598fa1f56f723b31a7f14324c70e15005220aedd8917b497ed4801fec9e75545539f3c56a36c15cc78e342417f084e36533e14642e35c0c838a633230b119544a406e3efcc655f40f4ca05227533bb1d8f34531f49431f23c66b8f7c022b52a2a41e073adf0f1009311c6dc21cf78fe8d8d85b8f57bbbbf2a1e24825a22627215758e8ee89ff77a26ab612a5c9f775a0ee302ffe3b1573d9247cc6a3c42afd7b7bb17568c612bfa852e4b468a3de03a84fcc5950e5ac317f7f23adb25e66fcb6ccf27f3decaeced6c3288ec1e557f0965baedd703f731102faaa1f377192ac270148386567c1092e49a3024f8eb99fa9ba85639e32b097010362afe942a112934dd6bf9e39781abee24feca5285c8c6804883c7e306a1301d60f2d3ce90fcd6496c224fd6631b753d26e049bfc91e9cd4dd437282d6af1eb0ef8a8667d818439ac967b23fa3adc7c1de78e46a46325011957083fb214c1e68bd857df389ee6aaad1e71f1eefaf901c2013366b77235bc593f091e66758aea34708d50e629701ee9e2080577264c3638e6680d01bf678504ebbc9c44dd1135dcc0aa375b76964e6acda7012595c2c36f67e55a54f69b5026b0f467780ff7fc612e0d0bee44daeb5931845f57c5638c7e7c9aaa4aec7d655b6f1e4ae83281843568bbf11f15ed49431312421be15788240a6cf7a29ef626e79c90478ad5c2216a37f8596fa51bf6e3f5700bc0cd64b176800cb9889a32eaf26b9262061fc7dc140821e5fe62840fa4a6e3e64af1dd6b37718dcaa63904ceef134b9768015dcf519d6fae9eba7169023bd4cdf472570d7f9974d177baee6ff3107633aacd9d5d6f49cbc3496e488e90cb5c67a1fd5669e7defd2edd4d9f38cb5bec0b19a392e649d40ffd5e1cc7995b8595ac7a7c31f3cd86c20c69246fc35d0e46363b47ee74dc7c09732e96f40b8bf8db8901a41e160fd1e32f7b06941582cdecf04444b9992efed3f785b7993f6e3dfbc37698092918cee02a037e2db3b3b4c0dc1b13c8157eb6924cc0721dc4be344da84a5fe4fc4a581e85f894c6db7963115d678fca7bf4fabe2112900a71d85cf5566a3a8e25162ea09c37735d6bb34d4665a7f23ce3e524425b208540ffed61998f10c4e69af492da073def08efae821713596c04c80546b8ff6d525016172778b368613f976253dcee583e542bee65ca077e8b736a701f82b7829a5e3c46b2aebfbbc57c7fad4beee41fc5c64d06dd499cd1c4ff3c79150be63eaab235faf049423cd10775444e600c9f47ea057d82bdb3176c5730ec65fd3f9ded5e1c59d822306117b40c6c5ac2bde653981d6294288dadd38aa9fe67b11bbe51b13123f4bfdbfb4d468b9a52559b69cb73f27e774c6238f1724d99a62fc653738d1795cbba38025749f10be6c393fc37f722b06ad092855b95b1bcf48f69fc9ed321a9207436f32a5329d3ea451327bde03132ccc47d665236ef53133a9ee1025ea69d47acae2b1b7eab508fce8d479dea9c6f0bbc81c192592c03b093f92d2b284bf2c0c432f4a0e438d2623e5b8e637937a2b76f03892a9299cf6abd3c93642548216e718ac4e34cf9ea7cd91b41b5855097e914a4cf73919087cf21dd56a3d57ae3eab3848ebf2026adf6dfb21f4369a1494687b1538a905902b3fd0eb700a0ec314250b2256e79d6da514774fa7c4d412cd00bdd0dfe751346281e0c2c2ed238d8befbda8af43d7278fb968e695d8a7c9d100fc97f8e23905faa5fb3b82154cf880423b6de7ae54fc46ba288fab336ea25dbf1e57ff0cc266d0559e23af043831b8be3e2369371a593a023fa7080a465ef8620b87bacc37218b7d1cacab0ed5e6f3e903b156f7b4fbe334d3e0d1eb6125b5e13b7c1e330ed61e2cc9eff656298d0aca3f6e1a68e937412369c8de3f6a1bf042e2bc2bf2cd923809340fb98d55184a80dd94e175fb8c86006e4bfe0cfe88567c4297d01c7321e3cd7f99082b562c231683579b61e962361d66fcc5f83840d0b0e1cf08377356d66f63d146f5980c8c1f9f012832202bcefa2454d1b3c9f51fb59cf4da8d8e9e65d18ca0f58a893f3db8fb7a28a7e125f250c2dd1e26be906124bdd9f7a20a68784e1c5392b83856cd6523c9a870377eecfa6eefb9236c25235c73b2335bbd1b5c1ab307648cf90b2581c630d33fd38713fc34045d31da617341991b5c14d701d44cbd25c21c1d86aaf521c05c2286dd47e434b864ea36bc5ab90d93c87bd14e5ee0990b19a365bee0596260f1be43cc43586c8d6f6882303b13f295277684b98038c232b51059fd2234b115625e900c37893bafedbca082e5925642b8506a2dc02fef7f71e876d202215ff34fbbd17b1ecba2f978b2f147e8eb329c7c2d21246c75af38af49b7644c14e02bdd4cc49a79bc274909da70c3827d5831ab52cf17d7a2c35b972535dfdc3762ea28a92c366bf685a8f94a9407d18805f3b441b05d1810262c1b76d5fd3c9a6da8ccf90dead5746f108a2ccdccbf487b5c73ae0162bdbde5defac8e6804a2f7fca99d0c8622fd3695bcb399fc60ce352a61725743509f3bef6f180be665131e9485f333b66ba3d3253fe6ae5ee86a68d1aa3952880824220b7ceb0e2b7ff9626f4421d781809876f443e8746c27effb1616db3251422e27b1c91a79a3aef79365ccd42d0bebbc0dfca3dfb6f515f2ebb6be299801b895436e7bec3a2936be843ad3a6d4b4e619310c16bd20e2cb43d9d7d275e92f0a8e7bb984f", 0x1000) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000000)={0x2, 0x500d, 0x2, 0x9, 0xfffffff7, 0xffffffffffffffff}) r3 = prctl$auto(0x1000000003b, 0x1, r2, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r4 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) linkat$auto(r3, &(0x7f0000000080)='./file0\x00', r4, &(0x7f00000000c0)='./file0\x00', 0xffff) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r5, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) syz_clone3(&(0x7f0000000300)={0x28020000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0x0, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x100) madvise$auto(0x0, 0x200007, 0x8) 6.267515077s ago: executing program 7 (id=9272): syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, 0x0) syz_clone3(&(0x7f0000000300)={0x28020000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x7, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) write$auto_force_wakeup_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000080)="305b0a8f34915766fca3fb72133618de834c1d0cbb0bcd7ff19baad4ec1b020bc78d852189f51aafd33a851c1e6de42e41b662cd9d878702c7", 0x39) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) write$auto(0xc8, 0x0, 0x4040f6) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e07251de39066555baed365ef3"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) r2 = socket$nl_generic(0x10, 0x3, 0x10) rseq$auto(&(0x7f0000000000)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x4, 0x400008, 0xdf, 0x80009b72, r2, 0xffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) fsopen$auto(0x0, 0x9) kcmp$auto(0x1, 0x1, 0x0, 0x100000004, 0x100000001) fspick$auto(0xffffffffffffffff, 0x0, 0x3) 5.972175112s ago: executing program 5 (id=9273): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x101001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptywc\x00', 0x2200, 0x0) listmount$auto(&(0x7f0000000100)={0x400, @inferred=r0, 0x9, 0x7f, 0x2a18}, &(0x7f0000000180)=0xfffffffffffffffb, 0x5, 0x3) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r2 = socket(0xa, 0x2, 0x73) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) settimeofday$auto(&(0x7f0000000080)={0x9687, 0x2}, &(0x7f00000000c0)={0x0, 0x9}) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000f9dbdf250100000008000a0008000000050007003b000000080009009c781e01060002000100000008001700", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) close_range$auto(0x2, 0x8, 0x0) 5.060410048s ago: executing program 7 (id=9274): rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) r0 = openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) read$auto_lru_gen_rw_fops_vmscan(r0, 0x0, 0x0) sysfs$auto(0x2, 0x10000000000002a, 0x0) socket(0x27, 0x800, 0xa5) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40040, 0x0) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0xa, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c336389cb57a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba34c4a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88cae099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b45843b5aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da508e0a2e687876fa291e38b7c3ef38643e2c49e0d46d0f2d53352da2f184c4ced2305865ab0ad1435644419773ea82336ffdf62dd325a6a8b2d199d96dba8a13bb5a86ff65b80818ceb37ee8a2b2a8813b33e474e5b110e1ed13dbc4f52efabbce38935a8ada53a0ed5a1a01453a254a1dc528492159591aa192ff6cfa0b372caf236c78d1a0c94dc37916746358b4cf3cc1c0132657818ce6465e58936dbf5991dfb74ff97382c066ba0ceb06ac4f0c005e4c9166e94161bc08e1c23df7ed3419b10ae229aa6bafb19e6af003c9e319956723d839dc50a7edd8d80bce971ba504e0aac811d76e65acffdc4f7e9836396ba98b824be6cc704c59f5849642b191437a5cf902fc1ac491e8c59241586c6791b282b5cfae57eb7e6792048c4769b5b3f21987ec5097e530fd001da5d2999db4ded708225e9a53a2b48d2be3401a063da3c19168769eccaef710d7c2e06818bb05c4a9aa0ce2785a5a6d2846bac9836f1905a9b042029dcc59d918450b6affb522fbf78116941c5cef4ecb82a2134ee8e67ea6091170b67bfc3abec9e2cfc8208d4ba3bb732230fe6a9470c1152ebdc31bbce93cb742b4484bc1cef4298ce897a36c7e8b3ef8bd1b0e3d4dfa46da8bf89b06d67d8a5da465e8f68f999ec38ef8d1b7972125d2d8492680f6698419313afb74b5f715c90aa5ca0a6ea5561acd89a25d0fd066234b1752d6535251be347d8e69afea162f0ae84aa08a1a5475e6860af5956babe0530b6349e918fa97f14e6a83f7e2054c85ec37424757c49c6b76a889cde8473eebc495ac1088fda54f5c70bb17ef4873bf7b524ae892cd8267adfcd1e7054ac0c8b904855f816cbab8a6c5332d2221060b97931130187e1f07b0b9fad917c06f56d3f9fbca9d0ad93c300d88a6025359eb609e86c2b604d6834cde1351ccb0ba238715d6a77953f58b23a78db05bc38cf1e47d5336226a966af0a88fa19b4d992fc82310b7fceee45a202bfdf759dedee618361082881f91f85020e5282fd6a4ff376455f09bd1ca73b165498937eb7396525f9be44e1d5455f2fb0e9b0d79a2b05104239ddb65afabac40f2568353278905243edcffa25dbe93c91fd0982c77eb13c90cde8107888e9891ed1f3fd75b91f275544db3fb132c587243bdd433ad395ec44311df726aa04c20709aa456adebeba0e42ba8be3710f9e8f307febbb8bf1971d6e02b435ec6e209f6d3e3200f51b17e97c7b8eed34b6b297b03db790c857329989e778133d2f9ca40e62aafa5a053d416a09d36a78e1b0716aa049da6fc9fedc96a02d10a13260d6f7cc86a7c681b97ec9987e16bb190e75137bc3e3ce64b51a599f1ebed0683f55240e49eeb6588a13b55c266ee997d1b237f0deefa3bd5670293249c6e79decfc6ee39a08d1ffb71231ed36b9aea01fd0804fc591b7100e6cf5cf97ddb1871afe44a534f2eeafb12d217c6684d474f19bf7d957b11429843723823da2e555a9a9f9d5af6d1ddd40a59a67c459581604f280f4412b0a4b8736bbdd1cd2d4d27cd273ad39d3d52036832e968f93ff343a92f4001c8a2c43ec1f3377c67f3b49f6297de1e2dc5a10abafbf034a029e5d1d89e627fc3741ab5fa68afc24fdf22b6ef215e0927fff8bdb671ef6314ecaa7a8397292e699b693600e49f9e428604fed71f05f2775c224eead65c378539b80ff7f475c68933366da1f76e0542991277c4147358c34ad37a5d81bd1810f39ebf7ece6a0054f4bf5f846bd95f9ba31ea606c226d267d95ad95c29b897fb1fba58f121939ff3c41535d119"}, 0x6, 0x3, 0xff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x27fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8df41, 0x0) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getresuid$auto(&(0x7f0000000080)=0x7, &(0x7f00000000c0)=0x8000, 0xfffffffffffffffc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) 5.055165319s ago: executing program 0 (id=9282): keyctl$auto(0xe, 0x2, 0x76f, 0x9, 0xf13) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) getsockopt$auto(0x2, 0x114, 0x2711, 0xfffffffffffffffc, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/devicetree/base/name\x00', 0x8000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r0, 0x0, 0x9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_open_procfs$namespace(0x0, 0x0) unshare$auto(0x40000080) 3.894996661s ago: executing program 6 (id=9275): unshare$auto(0x40000080) socket(0xa, 0x1, 0x84) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shmdt$auto(0x0) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r1, 0x5509, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0x28, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) close_range$auto(0x2, 0x8, 0x0) listen$auto(0x3, 0x81) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x9, 0x8, 0xc, r0, 0x4, 0x7ff}, 0xee) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) sched_rr_get_interval$auto(0x0, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x28140, 0x0) 3.894416791s ago: executing program 5 (id=9276): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statx$auto(0xffffffffffffffff, 0x0, 0x4, 0x2, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x102, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = gettid() syz_clone3(&(0x7f0000000300)={0x8020000, 0x0, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[r0], 0x1}, 0x58) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_OFF(0x478, 0x0, r0, 0xfe, 0x4) pipe$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x27, 0x0, 0xfffffffc) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/pwc/parameters/power_save\x00', 0x800, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$auto(0x1, 0x3, 0x5, 0x0) ioctl$auto(0x3, 0xc048aec8, r1) 3.831872393s ago: executing program 7 (id=9277): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdd, 0x9b72, 0x7, 0x28000) r2 = socket(0x15, 0x5, 0x0) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000000c0), r2) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r3, 0x20, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_BLA_OWN={0x4}, @BATADV_ATTR_TPMETER_BYTES={0xc, 0xc, 0x4}, @BATADV_ATTR_TT_ADDRESS={0xa, 0x10, @remote}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_DAT_CACHE_HWADDRESS={0xa, 0x24, @broadcast}, @BATADV_ATTR_LOG_LEVEL={0x8, 0x36, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x40) setsockopt$auto(r2, 0x114, 0x8, 0x0, 0x4) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x2080, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/eql/ifalias\x00', 0xb02, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x44) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) read$auto_fops_atomic_t_ro_(r4, 0x0, 0x0) clone$auto(0x8, 0xfffffffffffffff7, 0xffffffffffffffff, 0xfffffffffffffffc, 0x9) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x3c, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) 3.561708341s ago: executing program 0 (id=9278): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3c) pwrite64$auto(0xc8, &(0x7f0000000600)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\r\xaa\x1c\x03\x00\xe0\x00c\x14M>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xdd\xac\x00\x00\x00\x00\x00\x00\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x15\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\xff\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x8bc) mmap$auto(0xff, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x80040, 0x0) openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/environ\x00', 0x88f80, 0x0) openat$auto_fops_u64_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim6/psample/latency_max\x00', 0x18c000, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000180)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x8000}, 0x80) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x109001, 0x0) 3.287278238s ago: executing program 7 (id=9279): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) msgrcv$auto(0x0, 0x0, 0x3, 0x1, 0xf1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto(0xffffffffffffffff, 0x5609, r1) msgrcv$auto(0x3, &(0x7f0000000080)={0x1, 0x5}, 0x8, 0x8, 0x848) 3.14068382s ago: executing program 5 (id=9280): mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto_PR_SET_ENDIAN(0x14, 0x5a4, 0xfffffffffffffffd, 0x5, 0x6) prctl$auto_PR_SET_MDWE(0x41, 0x5, 0x0, 0x4, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mq_open$auto(0x0, 0x5, 0x3, 0x0) sendto$auto(0x3, 0x0, 0x7fff, 0x4, 0x0, 0xfffffffb) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80fffe00"}, 0x1c) r2 = socket(0x2, 0x5, 0x0) getsockopt$auto(r2, 0x84, 0xd, 0x0, 0x0) read$auto(r0, 0x0, 0x0) mknod$auto(&(0x7f0000000080)='}[,&*}\x00', 0xe6c, 0x17) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x482, 0x0) open(0x0, 0x161342, 0x115) 2.285910381s ago: executing program 0 (id=9281): mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x183681, 0x0) writev$auto(r0, &(0x7f0000000140)={&(0x7f00000000c0), 0x2}, 0xa) prctl$auto_PR_SET_MDWE(0x41, 0x5, 0x0, 0x4, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = mq_open$auto(0x0, 0x5, 0x3, 0x0) sendto$auto(0x3, 0x0, 0x7fff, 0x4, 0x0, 0xfffffffb) ioctl$auto_dma_heap_fops_dma_heap(r1, 0x4, &(0x7f00000000c0)="f116762d3ac87e05b04b90feabbfeb7f8416eaa7c5a508398469103583bea0cbf3ec80477d02be5bddc5714f99eafa3cb4e3ef28801db6c71bfcfaa902f9303c5581643a47f21dd87b0e38b2a1f28efb57fb87d4b23b4432c8cc44bde224427f999f08c61b2ee3362d04efcab98954dc3d8892f6c2557c0791f2c6e92ee25ad26c080ee8a0e9fa256d0ef4549a") sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r2 = socket(0xa, 0x5, 0x84) sendto$auto(r2, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80fffe00"}, 0x1c) getsockopt$auto(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mknod$auto(&(0x7f0000000080)='}[,&*}\x00', 0xe6c, 0x17) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x482, 0x0) open(0x0, 0x161342, 0x115) 1.679385685s ago: executing program 6 (id=9283): setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r0, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x70) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) get_mempolicy$auto(0x0, 0x0, 0x7f, 0x8, 0x3) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) r1 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r1, &(0x7f00000000c0)="632d1bfe595046ab5c40bd6163307acb6d16baef6176e669a216aae1834ccafdd80500ffffffffdfff1a0e00"/56, 0x38) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x206, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0xfffff000}}) 1.473219964s ago: executing program 7 (id=9284): mmap$auto(0x0, 0x4020009, 0x5, 0x17, 0xffffffffffffffff, 0x0) acct$auto(&(0x7f0000000380)='/sys/kernel/debug/kcov\x00') statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x8000, 0x1ffde, 0x1, 0x2, 0x1, 0x9, 0x3, 0x5, 0x8, 0x3002, 0x9, 0xb, 0x80010002, 0x80, 0xd8f9, 0x0, 0x7, 0x2, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfc, &(0x7f0000000100)={0x0, 0xfc6}, 0x2, 0x0, 0x7, 0x3}, 0x800}, 0x7, 0x4008) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x1e1180, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r1) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r1, &(0x7f00000006c0)={0x0, 0x34000, &(0x7f0000000680)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7fffffff}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0x4a}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x80) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r4, 0x4010ae67, r5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/use_carrier\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 200.39969ms ago: executing program 7 (id=9285): unshare$auto(0x40000080) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) write$auto(0x3, 0x0, 0x0) r1 = epoll_create$auto(0x3e) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0101, 0x15) r4 = openat$auto_binder_features_fops_(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/features/extended_error\x00', 0x2002, 0x0) ioctl$auto(r3, 0x5386, r4) mmap$auto(0x200000, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x14000000000df, 0x40eb2, r2, 0x300000000000) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4892}, 0x8040) socket(0x10, 0x3, 0x6) setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0xb, 0x0, 0x400) 0s ago: executing program 5 (id=9286): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptysd\x00', 0x101802, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f0000000580)="7fd0a917413f68", 0x7) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) mmap$auto(0x0, 0x8, 0x1000e2, 0xeb1, 0x405, 0x100008000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000007c0)="2996f5d27a440ce9faf71c3508666b2b2a5880a91123e55238bef0342a9c01fd5673f76eee086476bbf8bc71135157887dfb8dc47e175972c8801f2d38564744c698b98be51d174ce142cd13257697c28603f576917d11965970717c8316ed3ff1ba4fbcf65b8cd02c21e40bd93778574472be9fb525a05bdb7d8645b5241633113ff17f478dcb0399ce398d9646663d8ac36cf872ab47483b324c3cf5bb113dd2da7ce81e9ebfaef438830b2d63a1840c031f4690d5b8049aeb22999ea3c95b769d3913af71f4c2053482a04d6dcb76718fae1ae96bf1b9b9f25bd5e3cb17fa2869a8fd884e44d0a1c44deecb0e580c5053adea7195e871583489586056f0f09f90213b72b6d68da0b1c829795dd757a8049a7a664903f04830eae1d32ce0ebed189dace91ba276df7b7138caecdbd7a955b7dcb9e491896dd89b8e4895141f8e54b4b877ed994380cf7af82df38aca6e520725a7325dccce7830d2e9aa356ff9d0ebe28ff2d5957c333ed56c10f1532a4c8cf5dd2fab436467d391e08a175b431e3d43770d8b6595c46d29abfff2d56c23c83a8bef9d2793539e89a12ecd73486769152de0bbdb545925dcb946a7852a38fa1bd26e460454ff488797fde6bf0d3f93ff960fde697b00d739c52fb4d3baf57742c363a9c47c449cb46e1e5e3d161f9cf78c4ff5a4d2f9fd3d3cffcfb77832c87c04b7a24ae09fb62a535c114036dff8ca2e6ebd0127d3acc18748758d4e9e1f0aaae9ed2a9794268124d228d8958b023e562935db8ac7c7575c883e11207c4abb1d5922ed2f889ae9feabd7c779b301c445d60a23b7b695691cc32254c191039e1cff749479ef6566f7bc17b4606424826ab31c58c4eaae383955d660c87a79fc0575440d536c6868716d0e47c622ba7afd41a6663c21d8e6e238139456d1e3bb5bd17f53e6b5f1a67ff244b86d25aeae57a23c7f696067c30039f053763dddfb923e77144bc6d6a9f2a78699407af5f0775f3e7326390b22bf10542a32ccdf4825376bb9e602468c5ddb62c512ab74becf8f664292b6d133fad45ce90182180ea2d39730d71f35f2f84d3ca292f41be61ac465968364abe48df5e11d44552588a0e77357ed4a6c4a6451a4ec2b87b2ce7c9eacf35f193474efef489a6843a6ebaa48e2eecde69dab237383677ac879d2096129c3b17d7765f756b7281b269d735a2d476257400ef5c00cb3c1e5e3cc7555f38d15454219dec3cf14c0b8fbdf8bcb6da46488aecb81641940c37866266318a8eb2488c5a532554d45b89d7dfe735e8fcb133ed8af217cf758a1e90b895aa9f515ff2360ae1e9909bcb30b754b56e0b56f0af79933506e35a9ea23621f6dee68d3f4488a9c42b9e3fab0e6cc6fd22022a3a2dafacaecacd66b98496f105755b09c017d542cf18c4fb0cfe9dbe6ffad6db6fa96303f7361c847a4516b9845ef5eafec89fcfbef38a0d367db8c10ed5460c8ba96cbec43e174b4ee5dd755bc987e50ef58c483327a19245ee2a2c9753225622837fccea3934d2d5fba043a323b9fedb5e7ca23d9aaf22bfb9a42447e89acab0a6268a7cbc20997ee0713f0cce2172f6f360401953e359a026004ed765e421e24a96cc33db0eba7a94cba3a36b501482e2c4f06270aa32a613fc22143bc3a951bac23aea4de2c15be6b9e42434a69b383cad441cbe49f4b1932ecaaa65a1e898eee88c6a6dbb1bd1d1830f7b50afc0d33f4a5d16ca6449671649d5f25e333762761b0f30eb0c82ac0d2a0476d14c689dfc3b2e0ac25c06bc2692d2b6c29d50483b76ffaabe4d0081ef598893ea2e9ec1f5afdf43fad511bbee12f662b836773fbb260a5ed96be3a13e2d07d884d93d4eff3a2edab53359ee6bb3c207bf4043736f29e51e00ddcdf360a576199049867f5df0830c877ef372ee2d213dd05d3cfc4d41dbc1c27e795bdefb5285e42ef432f6f0e4c35c0a326db442d9c90b3556e1db9a34e66e7e221c58912d369150a357e3edee1b22cf9860fedf2a6e47e98ef1614c9fa299b8d0ba529b9952ba5e6fd47982489a6fb955430e509119c7192cc0bc3d9c901d7986030fdff62ff9ae833cfd008678a76f0727618f7bbc322ae6195e2c0273685e7080ed88b0077cdce57feed07e3485bf680c73ed114a6fcdfdac7b773d45da37d6254cef387d4613ed427e3668e94b5a184149340ee6af311f4e4b88d4e6375563b3f20019c5593575bbb854ea25fd0916f20e052a29dabf035aee9be8f9a82becee856cb93762b9105b58b1e8fdd30beacc811f0560e06ba92fd261e7c9190bf9388997a17023bb5bf59c1cf0cf5bcfb4f704a00a37dbf0baadafa5b512da9759284b39ae9340e0444c6e13cd5c87f0b4003685387058f78336c7a0c8174005a5840142825e1836b4dd7e038a3a51cc788a5e76e381ed751f160af40ef4baf93845c44d5d6f4b3a001020fc56f0737729ac035ea75c141b80cdd3c944518751e99be30532d70c56bdd8de5e8e831d9b04848d0f9cebdb162ea04229cabc17571b4eb6680155f0faf62a49bf93eb9fcef979541789ae2f2ebccc3afaa0c6a4573be9c448bf5f9670044e98a8afaf4a70bc8a0dd80267f88097fbd6b795d5328fb5242c128bfb76434d0f961ca6ab45bee8138158137bc4b2f14bd2585c973ad38dca1619a2ef9f8f3d9edfb1b5e2ae3ac7e74b700a59b69aeb072b967bda3b4f70f3140c788f01093fa9e7de807a463485b4dc0d315dd38463b3664321ce2a55e414a5ac9ec8b9ef66d1275aad5f96337893b1227052bb4532f21f49d54cb8cb185785a10cd7a0e1b80606efc75afefd66fc889e0668a4921bdbaa55d2c56e9583724d308548acc77374abb1d467211fc2e86b1d637ac08b481f257e01284bee5557202662574a4aeaa8328ab42a757c9a19af5781c86f1dbbb267e65fb16525d209494a37834ca25ba9dcb1634825ab8e9d794ff4f18a8c89627a9b2c07fdbb01aa02bddf7f34edf086cc44fc1b849a8c39114d5cebb963efb886c35270e32bd434f2b9d5598fa1f56f723b31a7f14324c70e15005220aedd8917b497ed4801fec9e75545539f3c56a36c15cc78e342417f084e36533e14642e35c0c838a633230b119544a406e3efcc655f40f4ca05227533bb1d8f34531f49431f23c66b8f7c022b52a2a41e073adf0f1009311c6dc21cf78fe8d8d85b8f57bbbbf2a1e24825a22627215758e8ee89ff77a26ab612a5c9f775a0ee302ffe3b1573d9247cc6a3c42afd7b7bb17568c612bfa852e4b468a3de03a84fcc5950e5ac317f7f23adb25e66fcb6ccf27f3decaeced6c3288ec1e557f0965baedd703f731102faaa1f377192ac270148386567c1092e49a3024f8eb99fa9ba85639e32b097010362afe942a112934dd6bf9e39781abee24feca5285c8c6804883c7e306a1301d60f2d3ce90fcd6496c224fd6631b753d26e049bfc91e9cd4dd437282d6af1eb0ef8a8667d818439ac967b23fa3adc7c1de78e46a46325011957083fb214c1e68bd857df389ee6aaad1e71f1eefaf901c2013366b77235bc593f091e66758aea34708d50e629701ee9e2080577264c3638e6680d01bf678504ebbc9c44dd1135dcc0aa375b76964e6acda7012595c2c36f67e55a54f69b5026b0f467780ff7fc612e0d0bee44daeb5931845f57c5638c7e7c9aaa4aec7d655b6f1e4ae83281843568bbf11f15ed49431312421be15788240a6cf7a29ef626e79c90478ad5c2216a37f8596fa51bf6e3f5700bc0cd64b176800cb9889a32eaf26b9262061fc7dc140821e5fe62840fa4a6e3e64af1dd6b37718dcaa63904ceef134b9768015dcf519d6fae9eba7169023bd4cdf472570d7f9974d177baee6ff3107633aacd9d5d6f49cbc3496e488e90cb5c67a1fd5669e7defd2edd4d9f38cb5bec0b19a392e649d40ffd5e1cc7995b8595ac7a7c31f3cd86c20c69246fc35d0e46363b47ee74dc7c09732e96f40b8bf8db8901a41e160fd1e32f7b06941582cdecf04444b9992efed3f785b7993f6e3dfbc37698092918cee02a037e2db3b3b4c0dc1b13c8157eb6924cc0721dc4be344da84a5fe4fc4a581e85f894c6db7963115d678fca7bf4fabe2112900a71d85cf5566a3a8e25162ea09c37735d6bb34d4665a7f23ce3e524425b208540ffed61998f10c4e69af492da073def08efae821713596c04c80546b8ff6d525016172778b368613f976253dcee583e542bee65ca077e8b736a701f82b7829a5e3c46b2aebfbbc57c7fad4beee41fc5c64d06dd499cd1c4ff3c79150be63eaab235faf049423cd10775444e600c9f47ea057d82bdb3176c5730ec65fd3f9ded5e1c59d822306117b40c6c5ac2bde653981d6294288dadd38aa9fe67b11bbe51b13123f4bfdbfb4d468b9a52559b69cb73f27e774c6238f1724d99a62fc653738d1795cbba38025749f10be6c393fc37f722b06ad092855b95b1bcf48f69fc9ed321a9207436f32a5329d3ea451327bde03132ccc47d665236ef53133a9ee1025ea69d47acae2b1b7eab508fce8d479dea9c6f0bbc81c192592c03b093f92d2b284bf2c0c432f4a0e438d2623e5b8e637937a2b76f03892a9299cf6abd3c93642548216e718ac4e34cf9ea7cd91b41b5855097e914a4cf73919087cf21dd56a3d57ae3eab3848ebf2026adf6dfb21f4369a1494687b1538a905902b3fd0eb700a0ec314250b2256e79d6da514774fa7c4d412cd00bdd0dfe751346281e0c2c2ed238d8befbda8af43d7278fb968e695d8a7c9d100fc97f8e23905faa5fb3b82154cf880423b6de7ae54fc46ba288fab336ea25dbf1e57ff0cc266d0559e23af043831b8be3e2369371a593a023fa7080a465ef8620b87bacc37218b7d1cacab0ed5e6f3e903b156f7b4fbe334d3e0d1eb6125b5e13b7c1e330ed61e2cc9eff656298d0aca3f6e1a68e937412369c8de3f6a1bf042e2bc2bf2cd923809340fb98d55184a80dd94e175fb8c86006e4bfe0cfe88567c4297d01c7321e3cd7f99082b562c231683579b61e962361d66fcc5f83840d0b0e1cf08377356d66f63d146f5980c8c1f9f012832202bcefa2454d1b3c9f51fb59cf4da8d8e9e65d18ca0f58a893f3db8fb7a28a7e125f250c2dd1e26be906124bdd9f7a20a68784e1c5392b83856cd6523c9a870377eecfa6eefb9236c25235c73b2335bbd1b5c1ab307648cf90b2581c630d33fd38713fc34045d31da617341991b5c14d701d44cbd25c21c1d86aaf521c05c2286dd47e434b864ea36bc5ab90d93c87bd14e5ee0990b19a365bee0596260f1be43cc43586c8d6f6882303b13f295277684b98038c232b51059fd2234b115625e900c37893bafedbca082e5925642b8506a2dc02fef7f71e876d202215ff34fbbd17b1ecba2f978b2f147e8eb329c7c2d21246c75af38af49b7644c14e02bdd4cc49a79bc274909da70c3827d5831ab52cf17d7a2c35b972535dfdc3762ea28a92c366bf685a8f94a9407d18805f3b441b05d1810262c1b76d5fd3c9a6da8ccf90dead5746f108a2ccdccbf487b5c73ae0162bdbde5defac8e6804a2f7fca99d0c8622fd3695bcb399fc60ce352a61725743509f3bef6f180be665131e9485f333b66ba3d3253fe6ae5ee86a68d1aa3952880824220b7ceb0e2b7ff9626f4421d781809876f443e8746c27effb1616db3251422e27b1c91a79a3aef79365ccd42d0bebbc0dfca3dfb6f515f2ebb6be299801b895436e7bec3a2936be843ad3a6d4b4e619310c16bd20e2cb43d9d7d275e92f0a8e7bb984f", 0x1000) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000000)={0x2, 0x500d, 0x2, 0x9, 0xfffffff7, 0xffffffffffffffff}) r3 = prctl$auto(0x1000000003b, 0x1, r2, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r4 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) linkat$auto(r3, &(0x7f0000000080)='./file0\x00', r4, &(0x7f00000000c0)='./file0\x00', 0xffff) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r5, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) syz_clone3(&(0x7f0000000300)={0x28020000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0x0, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x100) madvise$auto(0x0, 0x200007, 0x8) kernel console output (not intermixed with test programs): : Out of memory at tomoyo_memory_ok. [ 1035.536088][T24989] netlink: 'syz.2.6946': attribute type 30 has an invalid length. [ 1035.548836][T24989] netlink: 'syz.2.6946': attribute type 31 has an invalid length. [ 1035.566237][T24989] netlink: 'syz.2.6946': attribute type 32 has an invalid length. [ 1035.586364][T24989] netlink: 'syz.2.6946': attribute type 33 has an invalid length. [ 1035.599147][T24989] netlink: 'syz.2.6946': attribute type 35 has an invalid length. [ 1035.619471][T24989] netlink: 'syz.2.6946': attribute type 37 has an invalid length. [ 1035.628599][T24989] netlink: 18 bytes leftover after parsing attributes in process `syz.2.6946'. [ 1035.919886][T24995] ima: policy update failed [ 1035.924718][ T30] audit: type=1802 audit(4294970050.039:26): pid=24995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.6950" res=0 errno=0 [ 1035.927766][T24995] netlink: 25 bytes leftover after parsing attributes in process `syz.2.6950'. [ 1036.029585][T24997] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6957'. [ 1037.350464][T19087] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 1037.351282][T19087] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 1037.568783][T25029] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6963'. [ 1038.109702][T25044] netlink: 246 bytes leftover after parsing attributes in process `syz.3.6966'. [ 1041.031899][T25091] netlink: 25 bytes leftover after parsing attributes in process `syz.2.6981'. [ 1042.195593][T25117] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6989'. [ 1046.747310][T25172] netlink: 326 bytes leftover after parsing attributes in process `syz.0.7007'. [ 1050.841295][T25215] ERROR: Out of memory at tomoyo_memory_ok. [ 1051.096874][T25223] netlink: 13 bytes leftover after parsing attributes in process `syz.4.7024'. [ 1051.692463][T25232] usb usb36: usbfs: process 25232 (syz.2.7027) did not claim interface 0 before use [ 1052.082222][T25242] FAULT_INJECTION: forcing a failure. [ 1052.082222][T25242] name failslab, interval 1, probability 0, space 0, times 0 [ 1052.096093][T25242] CPU: 0 UID: 0 PID: 25242 Comm: syz.2.7028 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1052.096155][T25242] Tainted: [I]=FIRMWARE_WORKAROUND [ 1052.096168][T25242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1052.096188][T25242] Call Trace: [ 1052.096201][T25242] [ 1052.096214][T25242] dump_stack_lvl+0x16c/0x1f0 [ 1052.096253][T25242] should_fail_ex+0x512/0x640 [ 1052.096306][T25242] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1052.096364][T25242] should_failslab+0xc2/0x120 [ 1052.096399][T25242] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1052.096452][T25242] ? d_instantiate+0x77/0x90 [ 1052.096483][T25242] ? alloc_empty_file+0x55/0x1e0 [ 1052.096528][T25242] alloc_empty_file+0x55/0x1e0 [ 1052.096568][T25242] alloc_file_pseudo+0x13a/0x230 [ 1052.096611][T25242] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1052.096652][T25242] ? do_raw_spin_unlock+0x172/0x230 [ 1052.096714][T25242] __anon_inode_getfile+0xf7/0x3a0 [ 1052.096765][T25242] ? find_held_lock+0x2b/0x80 [ 1052.096803][T25242] anon_inode_getfd+0x52/0xb0 [ 1052.096854][T25242] map_create+0xb68/0x1db0 [ 1052.096921][T25242] ? __pfx_map_create+0x10/0x10 [ 1052.096972][T25242] ? __might_fault+0xe3/0x190 [ 1052.097023][T25242] ? __might_fault+0xe3/0x190 [ 1052.097072][T25242] ? __might_fault+0x13b/0x190 [ 1052.097154][T25242] __sys_bpf+0x47cc/0x4d80 [ 1052.097192][T25242] ? __pfx___sys_bpf+0x10/0x10 [ 1052.097223][T25242] ? errseq_sample+0x53/0x70 [ 1052.097256][T25242] ? file_init_path+0x4fe/0x760 [ 1052.097298][T25242] ? do_futex+0x122/0x350 [ 1052.097342][T25242] ? __pfx_do_futex+0x10/0x10 [ 1052.097402][T25242] ? __sys_socket+0xac/0x260 [ 1052.097451][T25242] ? __pfx___x64_sys_futex+0x10/0x10 [ 1052.097495][T25242] ? xfd_validate_state+0x61/0x180 [ 1052.097538][T25242] ? __pfx___do_sys_close_range+0x10/0x10 [ 1052.097600][T25242] __x64_sys_bpf+0x78/0xc0 [ 1052.097634][T25242] ? lockdep_hardirqs_on+0x7c/0x110 [ 1052.097691][T25242] do_syscall_64+0xcd/0x490 [ 1052.097729][T25242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1052.097765][T25242] RIP: 0033:0x7f120b98e929 [ 1052.097794][T25242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1052.097830][T25242] RSP: 002b:00007f120c8be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1052.097864][T25242] RAX: ffffffffffffffda RBX: 00007f120bbb5fa0 RCX: 00007f120b98e929 [ 1052.097887][T25242] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1052.097909][T25242] RBP: 00007f120ba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1052.097929][T25242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1052.097951][T25242] R13: 0000000000000000 R14: 00007f120bbb5fa0 R15: 00007ffe8c59bdd8 [ 1052.097994][T25242] [ 1052.935860][T25258] netlink: 44 bytes leftover after parsing attributes in process `syz.3.7033'. [ 1053.000002][T25260] netlink: 44 bytes leftover after parsing attributes in process `syz.3.7033'. [ 1054.430020][T25297] netlink: 226 bytes leftover after parsing attributes in process `syz.3.7047'. [ 1054.513913][T25297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7047'. [ 1055.314255][T25320] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7053'. [ 1056.668722][ T30] audit: type=1800 audit(4294970070.773:27): pid=25353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7060" name="dummy_udc" dev="gadgetfs" ino=6312 res=0 errno=0 [ 1058.066959][T25381] ERROR: Out of memory at tomoyo_memory_ok. [ 1059.539098][T25416] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7081'. [ 1060.185530][T25421] ERROR: Out of memory at tomoyo_memory_ok. [ 1061.706442][T25459] netlink: 330 bytes leftover after parsing attributes in process `syz.3.7093'. [ 1061.744292][T25459] veth0_macvtap: left promiscuous mode [ 1061.860697][T25464] netlink: 13 bytes leftover after parsing attributes in process `syz.0.7096'. [ 1061.997404][T25468] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.7099: No space for directory leaf checksum. Please run e2fsck -D. [ 1062.023716][T25468] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.7099: checksumming directory block 0 [ 1062.049396][T25468] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1062.136654][T25468] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.7099: No space for directory leaf checksum. Please run e2fsck -D. [ 1062.200335][T25468] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.7099: checksumming directory block 0 [ 1062.219355][T25468] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1062.231814][T25468] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.7099: No space for directory leaf checksum. Please run e2fsck -D. [ 1062.289970][T25468] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.7099: checksumming directory block 0 [ 1062.455012][T25468] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1062.474969][T25468] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.7099: No space for directory leaf checksum. Please run e2fsck -D. [ 1062.501619][T25468] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.7099: checksumming directory block 0 [ 1062.529344][T25468] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1062.629291][T25468] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1062.669252][T25468] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1063.659837][T25504] netlink: 306 bytes leftover after parsing attributes in process `syz.2.7107'. [ 1065.105219][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1065.111695][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1066.864394][T25567] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7128'. [ 1068.763286][T25613] netlink: 330 bytes leftover after parsing attributes in process `syz.4.7143'. [ 1068.780528][T25613] veth0_macvtap: left promiscuous mode [ 1070.230720][T25640] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7151'. [ 1070.384991][T25645] netlink: 'syz.3.7153': attribute type 10 has an invalid length. [ 1070.403597][T25645] netlink: 230 bytes leftover after parsing attributes in process `syz.3.7153'. [ 1070.432933][T25645] bridge0: port 3(team0) entered disabled state [ 1070.449981][T25645] team0: left allmulticast mode [ 1070.459261][T25645] team_slave_0: left allmulticast mode [ 1070.469470][T25645] team_slave_1: left allmulticast mode [ 1070.480220][T25645] team0: left promiscuous mode [ 1070.490569][T25645] team_slave_0: left promiscuous mode [ 1070.509511][T25645] team_slave_1: left promiscuous mode [ 1070.515544][T25645] bridge0: port 3(team0) entered disabled state [ 1070.542145][T25645] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1070.779194][T25655] sctp: [Deprecated]: syz.4.7155 (pid 25655) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1070.779194][T25655] Use struct sctp_sack_info instead [ 1070.956530][T25657] netlink: 306 bytes leftover after parsing attributes in process `syz.0.7158'. [ 1071.561318][T25673] netlink: 306 bytes leftover after parsing attributes in process `syz.0.7171'. [ 1072.365887][T25695] netlink: 306 bytes leftover after parsing attributes in process `syz.3.7169'. [ 1073.630741][T25724] netlink: 306 bytes leftover after parsing attributes in process `syz.4.7182'. [ 1074.192702][T25743] netlink: 274 bytes leftover after parsing attributes in process `syz.4.7189'. [ 1074.519773][T25751] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7190'. [ 1074.528936][T25751] veth0_macvtap: entered allmulticast mode [ 1077.100462][T25816] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7212'. [ 1079.038900][T25869] netlink: 'syz.0.7241': attribute type 10 has an invalid length. [ 1079.069470][T25869] netlink: 230 bytes leftover after parsing attributes in process `syz.0.7241'. [ 1079.089480][T25869] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1079.607220][T25882] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7236'. [ 1079.633420][T25882] team0: left allmulticast mode [ 1079.645547][T25882] team_slave_0: left allmulticast mode [ 1079.665869][T25882] team_slave_1: left allmulticast mode [ 1079.679014][T25882] team0: left promiscuous mode [ 1079.690785][T25882] team_slave_0: left promiscuous mode [ 1079.703870][T25882] team_slave_1: left promiscuous mode [ 1079.721623][T25882] bridge0: port 3(team0) entered disabled state [ 1079.763032][T25882] bridge_slave_1: left allmulticast mode [ 1079.785615][T25882] bridge_slave_1: left promiscuous mode [ 1079.791864][T25882] bridge0: port 2(bridge_slave_1) entered disabled state [ 1079.806346][T25882] bridge_slave_0: left allmulticast mode [ 1079.814664][T25882] bridge_slave_0: left promiscuous mode [ 1079.836433][T25882] bridge0: port 1(bridge_slave_0) entered disabled state [ 1081.592501][T25915] ERROR: Out of memory at tomoyo_memory_ok. [ 1082.271938][T25932] ERROR: Out of memory at tomoyo_memory_ok. [ 1086.885036][T26015] ERROR: Out of memory at tomoyo_memory_ok. [ 1089.993937][T26051] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7288'. [ 1090.005311][T26051] bridge_slave_0: left allmulticast mode [ 1090.011186][T26051] bridge_slave_0: left promiscuous mode [ 1090.017085][T26051] bridge0: port 1(bridge_slave_0) entered disabled state [ 1090.052957][T26053] netlink: 25 bytes leftover after parsing attributes in process `syz.2.7287'. [ 1094.253930][T26119] netlink: 25 bytes leftover after parsing attributes in process `syz.3.7307'. [ 1097.105211][T26171] netlink: 338 bytes leftover after parsing attributes in process `syz.0.7320'. [ 1097.160312][T26171] netlink: 338 bytes leftover after parsing attributes in process `syz.0.7320'. [ 1097.462771][T26171] netlink: 290 bytes leftover after parsing attributes in process `syz.0.7320'. [ 1097.616621][T26175] ERROR: Out of memory at tomoyo_memory_ok. [ 1099.325493][T26197] netlink: 334 bytes leftover after parsing attributes in process `syz.4.7326'. [ 1102.201720][T26222] netlink: 13 bytes leftover after parsing attributes in process `syz.3.7333'. [ 1103.105972][T26234] : Can't lookup blockdev [ 1104.673320][T26258] netlink: 'syz.0.7346': attribute type 5 has an invalid length. [ 1104.684822][T26258] netlink: 'syz.0.7346': attribute type 1 has an invalid length. [ 1104.703326][T26258] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7346'. [ 1104.728647][T26258] netlink: 'syz.0.7346': attribute type 5 has an invalid length. [ 1104.744889][T26258] netlink: 'syz.0.7346': attribute type 1 has an invalid length. [ 1104.759382][T26258] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7346'. [ 1107.858899][T26296] : Can't lookup blockdev [ 1110.123971][T26307] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7356'. [ 1111.054179][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 1111.812093][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d8c2800: rx timeout, send abort [ 1111.859971][ T5188] ERROR: Out of memory at tomoyo_memory_ok. [ 1112.320561][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805d8c2800: abort rx timeout. Force session deactivation [ 1116.223320][T26398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7387'. [ 1117.288895][T26419] netlink: 294 bytes leftover after parsing attributes in process `syz.2.7392'. [ 1118.899515][T26436] can: request_module (can-proto-0) failed. [ 1123.217161][T26500] netlink: 54 bytes leftover after parsing attributes in process `syz.0.7426'. [ 1125.073791][T26543] netlink: 54 bytes leftover after parsing attributes in process `syz.4.7431'. [ 1125.356728][T19087] Bluetooth: hci0: unexpected event 0x03 length: 17 > 11 [ 1126.546118][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1126.560711][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1127.636134][T26573] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7439'. [ 1127.647634][T26573] netlink: 'syz.2.7439': attribute type 1 has an invalid length. [ 1127.659149][T26573] netlink: 13 bytes leftover after parsing attributes in process `syz.2.7439'. [ 1128.431248][T19087] Bluetooth: hci3: unexpected event 0x03 length: 17 > 11 [ 1129.489904][T26605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7450'. [ 1129.511753][T26605] netlink: 'syz.4.7450': attribute type 1 has an invalid length. [ 1129.523432][T26605] netlink: 13 bytes leftover after parsing attributes in process `syz.4.7450'. [ 1131.690878][T26627] netlink: 326 bytes leftover after parsing attributes in process `syz.3.7458'. [ 1131.804086][T26629] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7457'. [ 1131.900406][T26632] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7459: No space for directory leaf checksum. Please run e2fsck -D. [ 1131.923393][T26632] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7459: checksumming directory block 0 [ 1131.936384][T26632] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1131.950956][T26632] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7459: No space for directory leaf checksum. Please run e2fsck -D. [ 1131.967190][T26632] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7459: checksumming directory block 0 [ 1131.980290][T26632] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1131.993607][T26632] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7459: No space for directory leaf checksum. Please run e2fsck -D. [ 1132.083099][T26632] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7459: checksumming directory block 0 [ 1132.158461][T26632] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1132.186206][T26634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7461'. [ 1132.197421][T26634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7461'. [ 1132.239414][T26632] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7459: No space for directory leaf checksum. Please run e2fsck -D. [ 1132.337957][T26632] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7459: checksumming directory block 0 [ 1132.547435][T26632] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1132.659042][T26632] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1132.673369][T26638] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7462'. [ 1132.729017][T26632] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1134.082759][T26666] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7473'. [ 1134.904201][T26679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7484'. [ 1134.915059][T26679] netlink: 13 bytes leftover after parsing attributes in process `syz.2.7484'. [ 1134.924417][T26671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7474'. [ 1135.280260][T26678] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7476: No space for directory leaf checksum. Please run e2fsck -D. [ 1135.296057][T26678] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7476: checksumming directory block 0 [ 1135.308811][T26678] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1135.323053][T26678] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7476: No space for directory leaf checksum. Please run e2fsck -D. [ 1135.338906][T26678] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7476: checksumming directory block 0 [ 1135.359717][T26678] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1135.399304][T26678] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7476: No space for directory leaf checksum. Please run e2fsck -D. [ 1135.424348][T26678] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7476: checksumming directory block 0 [ 1135.459515][T26678] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1135.489449][T26678] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7476: No space for directory leaf checksum. Please run e2fsck -D. [ 1135.551583][T26678] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7476: checksumming directory block 0 [ 1135.617790][T26678] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1135.659892][T26678] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1135.681241][T26678] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1137.554158][T26711] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7486'. [ 1140.144138][T26742] netlink: 326 bytes leftover after parsing attributes in process `syz.0.7502'. [ 1142.750054][T26788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7506'. [ 1142.800666][T26788] netlink: 13 bytes leftover after parsing attributes in process `syz.3.7506'. [ 1143.221853][T26796] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7509'. [ 1143.960389][T26804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7512'. [ 1144.739562][T26816] netlink: 252 bytes leftover after parsing attributes in process `syz.2.7516'. [ 1145.596005][T26838] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7522'. [ 1146.409851][T26853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7526'. [ 1147.147351][T26870] netlink: 338 bytes leftover after parsing attributes in process `syz.3.7532'. [ 1147.156999][T26871] netlink: 338 bytes leftover after parsing attributes in process `syz.3.7532'. [ 1147.222640][T26871] netlink: 338 bytes leftover after parsing attributes in process `syz.3.7532'. [ 1148.185482][T26891] netlink: 354 bytes leftover after parsing attributes in process `syz.2.7537'. [ 1148.557489][T26904] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7539'. [ 1149.348474][T26925] netlink: 25 bytes leftover after parsing attributes in process `syz.4.7547'. [ 1149.865370][T26936] netlink: 246 bytes leftover after parsing attributes in process `syz.0.7551'. [ 1150.588201][T26945] netlink: 252 bytes leftover after parsing attributes in process `syz.4.7554'. [ 1151.743807][T26976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1151.771516][T26923] delete_channel: no stack [ 1151.776771][T26976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1151.792544][T26976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1151.802354][T26976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1151.810277][T26976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1151.818232][T26976] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1152.011258][T19087] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1152.020003][T19087] Bluetooth: hci0: Invalid handle: 0xe200 > 0x0eff [ 1152.176156][T26988] netlink: 246 bytes leftover after parsing attributes in process `syz.2.7567'. [ 1153.553540][T27010] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1153.562899][T27010] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1153.571639][T27010] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1153.580773][T27010] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1153.837512][T27024] netlink: 'syz.0.7578': attribute type 5 has an invalid length. [ 1153.860617][T27024] netlink: 'syz.0.7578': attribute type 1 has an invalid length. [ 1153.877801][T27024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7578'. [ 1153.898196][T27024] netlink: 'syz.0.7578': attribute type 5 has an invalid length. [ 1153.909600][T27024] netlink: 'syz.0.7578': attribute type 1 has an invalid length. [ 1153.928030][T27024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7578'. [ 1154.732303][T27049] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7585'. [ 1155.448087][T27055] netlink: 186 bytes leftover after parsing attributes in process `syz.2.7588'. [ 1155.474176][T27055] netlink: 186 bytes leftover after parsing attributes in process `syz.2.7588'. [ 1156.819982][T27096] netlink: 342 bytes leftover after parsing attributes in process `syz.3.7600'. [ 1156.990508][T27099] net_ratelimit: 8 callbacks suppressed [ 1156.990533][T27099] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1157.025096][T27099] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1157.032917][T27099] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1157.049516][T27099] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1157.059713][T27099] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1157.092020][T27099] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1158.552726][T27135] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1158.574486][T27135] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1158.589973][T27135] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1158.597867][T27135] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1159.651899][T27062] delete_channel: no stack [ 1160.050963][T27158] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7621'. [ 1160.087134][T27158] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7621'. [ 1160.140807][T27158] netlink: 290 bytes leftover after parsing attributes in process `syz.2.7621'. [ 1160.163046][T27158] netlink: 290 bytes leftover after parsing attributes in process `syz.2.7621'. [ 1160.629211][ T30] audit: type=1800 audit(4294967305.450:28): pid=27166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7622" name="file0" dev="tmpfs" ino=4368 res=0 errno=0 [ 1160.672763][T27172] netlink: 246 bytes leftover after parsing attributes in process `syz.3.7623'. [ 1161.023459][T27176] netlink: 186 bytes leftover after parsing attributes in process `syz.4.7624'. [ 1161.045677][T27176] netlink: 186 bytes leftover after parsing attributes in process `syz.4.7624'. [ 1161.337047][T27183] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7627'. [ 1161.573820][T27185] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7628: No space for directory leaf checksum. Please run e2fsck -D. [ 1161.619065][T27185] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7628: checksumming directory block 0 [ 1161.683686][T27185] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1161.731170][T27185] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7628: No space for directory leaf checksum. Please run e2fsck -D. [ 1161.763118][T27185] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7628: checksumming directory block 0 [ 1161.806458][T27185] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1161.839817][T27185] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7628: No space for directory leaf checksum. Please run e2fsck -D. [ 1161.860208][T27185] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7628: checksumming directory block 0 [ 1161.873862][T27185] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1161.888216][T27185] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7628: No space for directory leaf checksum. Please run e2fsck -D. [ 1161.904474][T27185] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7628: checksumming directory block 0 [ 1161.917837][T27185] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1161.927959][T27185] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1161.949462][T27185] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1162.243590][T27207] netlink: 186 bytes leftover after parsing attributes in process `syz.3.7635'. [ 1162.256617][T27207] netlink: 186 bytes leftover after parsing attributes in process `syz.3.7635'. [ 1163.305618][T27227] netlink: 'syz.4.7640': attribute type 5 has an invalid length. [ 1163.363762][T27227] netlink: 'syz.4.7640': attribute type 1 has an invalid length. [ 1163.387103][T27229] netlink: 'syz.4.7640': attribute type 5 has an invalid length. [ 1163.476735][T27229] netlink: 'syz.4.7640': attribute type 1 has an invalid length. [ 1163.837513][T27240] ERROR: Out of memory at tomoyo_memory_ok. [ 1164.493727][T27254] netlink: 'syz.3.7650': attribute type 10 has an invalid length. [ 1165.132502][ T30] audit: type=1804 audit(4294967309.960:29): pid=27268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.7660" name="file0" dev="tmpfs" ino=8693 res=1 errno=0 [ 1165.172904][ T30] audit: type=1800 audit(4294967309.960:30): pid=27268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7660" name="file0" dev="tmpfs" ino=8693 res=0 errno=0 [ 1168.108550][T27320] __nla_validate_parse: 5 callbacks suppressed [ 1168.108571][T27320] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7668'. [ 1168.210406][T27323] netlink: 93 bytes leftover after parsing attributes in process `syz.3.7668'. [ 1170.254966][T27364] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7681: No space for directory leaf checksum. Please run e2fsck -D. [ 1170.319012][T27364] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7681: checksumming directory block 0 [ 1170.356057][T27364] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1170.443919][T27364] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7681: No space for directory leaf checksum. Please run e2fsck -D. [ 1170.459941][T27364] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7681: checksumming directory block 0 [ 1170.472642][T27364] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1170.483069][T27364] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7681: No space for directory leaf checksum. Please run e2fsck -D. [ 1170.499750][T27364] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7681: checksumming directory block 0 [ 1170.512472][T27364] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1170.569830][T27364] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.4.7681: No space for directory leaf checksum. Please run e2fsck -D. [ 1170.609525][T27364] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.4.7681: checksumming directory block 0 [ 1170.638643][T27364] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1170.653066][T27364] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1170.666799][T27364] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1172.086072][T27394] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7698'. [ 1172.107537][T27394] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7698'. [ 1174.830492][T27447] netlink: 338 bytes leftover after parsing attributes in process `syz.3.7703'. [ 1174.853144][T27447] netlink: 338 bytes leftover after parsing attributes in process `syz.3.7703'. [ 1174.873999][T27447] netlink: 290 bytes leftover after parsing attributes in process `syz.3.7703'. [ 1175.034160][T27433] kexec: Could not allocate control_code_buffer [ 1175.040821][T27447] netlink: 290 bytes leftover after parsing attributes in process `syz.3.7703'. [ 1175.083716][T27441] netlink: 342 bytes leftover after parsing attributes in process `syz.4.7702'. [ 1175.240199][T27441] netlink: 298 bytes leftover after parsing attributes in process `syz.4.7702'. [ 1176.274392][T27464] ERROR: Out of memory at tomoyo_memory_ok. [ 1176.719890][T27473] netlink: 330 bytes leftover after parsing attributes in process `syz.2.7713'. [ 1176.863714][T27477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7715'. [ 1176.912327][T27477] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7715'. [ 1178.130499][T27507] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7721'. [ 1179.383737][T27516] ERROR: Out of memory at tomoyo_memory_ok. [ 1180.574654][T27534] __nla_validate_parse: 1 callbacks suppressed [ 1180.574685][T27534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7730'. [ 1180.648222][T27537] netlink: 13 bytes leftover after parsing attributes in process `syz.2.7730'. [ 1182.573159][T27558] netlink: 342 bytes leftover after parsing attributes in process `syz.0.7736'. [ 1182.591648][T27558] netlink: 298 bytes leftover after parsing attributes in process `syz.0.7736'. [ 1184.489727][T27590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7745'. [ 1184.529514][T27590] netlink: 354 bytes leftover after parsing attributes in process `syz.0.7745'. [ 1185.343492][ T30] audit: type=1800 audit(4294967311.950:31): pid=27597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.7744" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 1185.459570][T27613] netlink: 246 bytes leftover after parsing attributes in process `syz.0.7751'. [ 1186.852900][T27629] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7755'. [ 1186.873965][T27629] netlink: 354 bytes leftover after parsing attributes in process `syz.2.7755'. [ 1187.247428][T27642] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7759'. [ 1187.288236][T27642] netlink: 93 bytes leftover after parsing attributes in process `syz.4.7759'. [ 1187.360340][T27644] netlink: 338 bytes leftover after parsing attributes in process `syz.3.7761'. [ 1187.986105][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1187.999605][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1190.318155][T27672] kexec: Could not allocate control_code_buffer [ 1190.501456][T27690] netlink: 246 bytes leftover after parsing attributes in process `syz.3.7773'. [ 1192.866756][T26983] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1194.024399][T27746] netlink: 246 bytes leftover after parsing attributes in process `syz.2.7785'. [ 1194.677748][T27733] kexec: Could not allocate control_code_buffer [ 1197.133784][T27789] kexec: Could not allocate control_code_buffer [ 1198.540705][T26983] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 1198.540751][T26983] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 1198.556908][T26983] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 1198.556946][T26983] Bluetooth: hci3: adv larger than maximum supported [ 1198.564808][T26983] Bluetooth: hci3: adv larger than maximum supported [ 1198.571707][T26983] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1199.580946][T26983] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1200.245679][T27839] kexec: Could not allocate control_code_buffer [ 1201.640083][T27875] netlink: 86 bytes leftover after parsing attributes in process `syz.2.7830'. [ 1203.345355][ C1] net_ratelimit: 2 callbacks suppressed [ 1203.345385][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.370233][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.382560][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.396868][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.413061][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.430306][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.449188][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.464239][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.477483][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1203.492081][ C1] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:33, vlan:0) [ 1204.715094][T27915] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7844'. [ 1210.461539][T27996] ERROR: Out of memory at tomoyo_memory_ok. [ 1213.444703][T28020] netlink: 186 bytes leftover after parsing attributes in process `syz.0.7880'. [ 1213.521172][T28029] ERROR: Out of memory at tomoyo_memory_ok. [ 1213.554459][T28026] ERROR: Out of memory at tomoyo_memory_ok. [ 1213.846158][T28036] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7882'. [ 1214.413084][T28045] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7885'. [ 1216.134275][T28066] netlink: 186 bytes leftover after parsing attributes in process `syz.2.7891'. [ 1216.796393][T28075] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7893: No space for directory leaf checksum. Please run e2fsck -D. [ 1216.851793][T28075] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7893: checksumming directory block 0 [ 1216.893014][T28075] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1216.927551][T28075] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7893: No space for directory leaf checksum. Please run e2fsck -D. [ 1216.969993][T28075] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7893: checksumming directory block 0 [ 1217.003057][T28075] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1217.043942][T28075] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7893: No space for directory leaf checksum. Please run e2fsck -D. [ 1217.075090][T28075] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7893: checksumming directory block 0 [ 1217.107756][T28075] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1217.135300][T28075] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.7893: No space for directory leaf checksum. Please run e2fsck -D. [ 1217.176215][T28075] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.7893: checksumming directory block 0 [ 1217.210102][T28075] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1217.239045][T28075] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1217.259941][T28075] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1220.403386][T28112] ERROR: Out of memory at tomoyo_memory_ok. [ 1228.587284][T28211] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7931'. [ 1233.964518][T28261] ERROR: Out of memory at tomoyo_memory_ok. [ 1234.117052][T28267] ERROR: Out of memory at tomoyo_memory_ok. [ 1235.746834][ T30] audit: type=1804 audit(4294967336.950:32): pid=28296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.7952" name="file0" dev="tmpfs" ino=10558 res=1 errno=0 [ 1235.809938][ T30] audit: type=1800 audit(4294967336.950:33): pid=28296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.7952" name="file0" dev="tmpfs" ino=10558 res=0 errno=0 [ 1235.871863][ T30] audit: type=1804 audit(4294967336.980:34): pid=28295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.7952" name="file0" dev="tmpfs" ino=10558 res=1 errno=0 [ 1239.048999][T28350] nbd1: detected capacity change from 0 to 68719476736 [ 1239.072672][T27967] block nbd1: Send control failed (result -22) [ 1239.083151][T27967] block nbd1: Request send failed, requeueing [ 1239.094604][ T5838] block nbd1: Receive control failed (result -32) [ 1239.109402][ T55] block nbd1: Dead connection, failed to find a fallback [ 1239.117698][ T55] block nbd1: shutting down sockets [ 1239.124966][ T55] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.135761][ T55] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.144110][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.154989][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.163174][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.172597][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.180813][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.190389][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.198393][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.207711][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.216322][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.226528][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.234964][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.243313][T28350] net_ratelimit: 199 callbacks suppressed [ 1239.243344][T28350] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 1239.244641][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.268232][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.279310][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.288377][T27967] ldm_validate_partition_table(): Disk read failed. [ 1239.295897][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.309041][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.327347][T27967] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1239.336852][T27967] Buffer I/O error on dev nbd1, logical block 0, async page read [ 1239.356035][T27967] Dev nbd1: unable to read RDB block 0 [ 1239.367776][T27967] nbd1: unable to read partition table [ 1239.402736][T27967] ldm_validate_partition_table(): Disk read failed. [ 1239.417241][T27967] Dev nbd1: unable to read RDB block 0 [ 1239.435958][T27967] nbd1: unable to read partition table [ 1239.620372][T28362] nbd2: detected capacity change from 0 to 68719476736 [ 1239.699311][T27967] block nbd2: Send control failed (result -22) [ 1239.726938][T27967] block nbd2: Request send failed, requeueing [ 1239.750493][T28362] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 1239.766813][ T5838] block nbd2: Receive control failed (result -32) [ 1239.766984][ T11] block nbd2: Dead connection, failed to find a fallback [ 1239.782396][ T11] block nbd2: shutting down sockets [ 1239.790050][T27967] ldm_validate_partition_table(): Disk read failed. [ 1239.804268][T27967] Dev nbd2: unable to read RDB block 0 [ 1239.815374][T27967] nbd2: unable to read partition table [ 1239.870898][T27967] ldm_validate_partition_table(): Disk read failed. [ 1239.884764][T27967] Dev nbd2: unable to read RDB block 0 [ 1239.905396][T27967] nbd2: unable to read partition table [ 1240.608367][T28381] netlink: 330 bytes leftover after parsing attributes in process `syz.3.7976'. [ 1240.751330][T28383] ERROR: Out of memory at tomoyo_memory_ok. [ 1241.581755][T28400] ERROR: Out of memory at tomoyo_memory_ok. [ 1241.661546][T28402] nbd3: detected capacity change from 0 to 68719476736 [ 1241.673855][T27967] block nbd3: Send control failed (result -22) [ 1241.723517][T27967] block nbd3: Request send failed, requeueing [ 1241.742110][ T5838] block nbd3: Receive control failed (result -32) [ 1241.742207][ T11] block nbd3: Dead connection, failed to find a fallback [ 1241.756620][ T11] block nbd3: shutting down sockets [ 1241.767467][T27967] ldm_validate_partition_table(): Disk read failed. [ 1241.807502][T27967] Dev nbd3: unable to read RDB block 0 [ 1241.815816][T27967] nbd3: unable to read partition table [ 1241.832460][T27967] ldm_validate_partition_table(): Disk read failed. [ 1241.842170][T27967] Dev nbd3: unable to read RDB block 0 [ 1241.848542][T27967] nbd3: unable to read partition table [ 1244.018647][T28431] ERROR: Out of memory at tomoyo_memory_ok. [ 1244.713374][T28450] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7995'. [ 1244.724942][T28450] netlink: 338 bytes leftover after parsing attributes in process `syz.2.7995'. [ 1244.737982][T28450] netlink: 210 bytes leftover after parsing attributes in process `syz.2.7995'. [ 1244.749632][T28450] netlink: 290 bytes leftover after parsing attributes in process `syz.2.7995'. [ 1245.582692][T28470] netlink: 'syz.4.8001': attribute type 4 has an invalid length. [ 1245.595794][T28470] netlink: 'syz.4.8001': attribute type 5 has an invalid length. [ 1245.611912][T28470] netlink: 10 bytes leftover after parsing attributes in process `syz.4.8001'. [ 1249.425289][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1249.432643][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1250.157334][T28549] netlink: 25 bytes leftover after parsing attributes in process `syz.3.8026'. [ 1250.739881][T28561] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8027'. [ 1250.750987][T28561] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8027'. [ 1254.710478][ T30] audit: type=1804 audit(4294967355.920:35): pid=28615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.8040" name="file0" dev="tmpfs" ino=9205 res=1 errno=0 [ 1254.790319][ T30] audit: type=1804 audit(4294967355.950:36): pid=28618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.8040" name="file0" dev="tmpfs" ino=9205 res=1 errno=0 [ 1255.502126][T28636] netlink: 338 bytes leftover after parsing attributes in process `syz.4.8046'. [ 1255.528994][T28639] netlink: 338 bytes leftover after parsing attributes in process `syz.4.8046'. [ 1255.596567][T28636] netlink: 210 bytes leftover after parsing attributes in process `syz.4.8046'. [ 1255.720386][T28636] netlink: 290 bytes leftover after parsing attributes in process `syz.4.8046'. [ 1257.316652][T28681] netlink: 338 bytes leftover after parsing attributes in process `syz.0.8060'. [ 1257.329790][T28684] netlink: 338 bytes leftover after parsing attributes in process `syz.0.8060'. [ 1257.382295][T28681] netlink: 210 bytes leftover after parsing attributes in process `syz.0.8060'. [ 1257.409477][T28681] veth0_macvtap: left promiscuous mode [ 1257.456711][T28684] netlink: 290 bytes leftover after parsing attributes in process `syz.0.8060'. [ 1259.043447][T28713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8072'. [ 1259.081028][T28713] netlink: 'syz.4.8072': attribute type 1 has an invalid length. [ 1259.109164][T28713] netlink: 13 bytes leftover after parsing attributes in process `syz.4.8072'. [ 1259.307079][T28715] netlink: 'syz.2.8073': attribute type 4 has an invalid length. [ 1259.325414][T28715] netlink: 'syz.2.8073': attribute type 5 has an invalid length. [ 1259.339875][T28715] netlink: 10 bytes leftover after parsing attributes in process `syz.2.8073'. [ 1259.449421][T28722] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8075'. [ 1259.465433][T28721] overlayfs: missing 'lowerdir' [ 1259.589123][T28724] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8077'. [ 1259.602901][T28724] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8077'. [ 1261.967895][T28752] netlink: 'syz.4.8082': attribute type 33 has an invalid length. [ 1264.532126][T28794] netlink: 'syz.3.8099': attribute type 1 has an invalid length. [ 1265.014628][T28802] __nla_validate_parse: 3 callbacks suppressed [ 1265.014655][T28802] netlink: 25 bytes leftover after parsing attributes in process `syz.3.8094'. [ 1266.809978][T28834] overlayfs: missing 'lowerdir' [ 1267.649393][T28851] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8107'. [ 1267.732775][T28851] veth1_macvtap: entered promiscuous mode [ 1267.739322][T28851] macsec0: entered promiscuous mode [ 1267.744941][T28851] macsec0: entered allmulticast mode [ 1267.750475][T28851] veth1_macvtap: entered allmulticast mode [ 1267.785918][T28848] could not allocate digest TFM handle [ 1268.564165][T28874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8113'. [ 1268.607936][T28874] netlink: 'syz.0.8113': attribute type 1 has an invalid length. [ 1268.635040][T28874] netlink: 13 bytes leftover after parsing attributes in process `syz.0.8113'. [ 1269.342296][T28889] overlayfs: missing 'lowerdir' [ 1269.379030][T28892] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8119'. [ 1269.760994][T28900] netlink: 338 bytes leftover after parsing attributes in process `syz.2.8120'. [ 1269.770378][T28900] macsec0: entered promiscuous mode [ 1269.775834][T28900] macsec0: entered allmulticast mode [ 1269.795012][T28894] could not allocate digest TFM handle [ 1269.801827][T28900] veth1_macvtap: entered allmulticast mode [ 1270.369242][T28914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8125'. [ 1270.392172][T28914] netlink: 'syz.3.8125': attribute type 1 has an invalid length. [ 1270.403647][T28914] netlink: 13 bytes leftover after parsing attributes in process `syz.3.8125'. [ 1271.253288][T28936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8131'. [ 1273.397491][T28966] netlink: 338 bytes leftover after parsing attributes in process `syz.0.8136'. [ 1273.536186][T28954] could not allocate digest TFM handle [ 1273.718459][T28974] overlayfs: missing 'lowerdir' [ 1273.750635][T28966] macsec0: entered promiscuous mode [ 1273.778006][T28966] macsec0: entered allmulticast mode [ 1273.818708][T28966] veth1_macvtap: entered allmulticast mode [ 1277.629816][T29014] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8151'. [ 1277.985407][T29022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8153'. [ 1278.059336][T29024] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8153'. [ 1280.057293][T29062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8168'. [ 1280.098439][T29062] netlink: 354 bytes leftover after parsing attributes in process `syz.4.8168'. [ 1281.627186][T29100] netlink: 'syz.2.8176': attribute type 5 has an invalid length. [ 1281.660969][T29100] netlink: 10 bytes leftover after parsing attributes in process `syz.2.8176'. [ 1281.872285][T29104] netlink: set zone limit has 8 unknown bytes [ 1283.118664][ T5838] Bluetooth: hci0: unexpected subevent 0x01 length: 122 > 18 [ 1285.980137][ T30] audit: type=1804 audit(4294975187.184:37): pid=29183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.8196" name="file0" dev="tmpfs" ino=9443 res=1 errno=0 [ 1286.029023][ T30] audit: type=1800 audit(4294975187.214:38): pid=29183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.8196" name="file0" dev="tmpfs" ino=9443 res=0 errno=0 [ 1286.443665][T29188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8198'. [ 1286.475478][T29188] netlink: 354 bytes leftover after parsing attributes in process `syz.3.8198'. [ 1289.810030][T29237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8209'. [ 1289.873940][T29237] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8209'. [ 1290.362165][T29248] netlink: 'syz.3.8214': attribute type 4 has an invalid length. [ 1290.371907][T29248] netlink: 314 bytes leftover after parsing attributes in process `syz.3.8214'. [ 1291.109956][T29264] netlink: set zone limit has 8 unknown bytes [ 1291.440028][T29259] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8217'. [ 1292.020692][T29259] team0: Port device team_slave_0 removed [ 1294.872740][T29305] netlink: 330 bytes leftover after parsing attributes in process `syz.3.8227'. [ 1298.479116][T29355] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8243'. [ 1298.705304][T29361] netlink: 13 bytes leftover after parsing attributes in process `syz.3.8244'. [ 1299.003847][T29365] ERROR: Out of memory at tomoyo_memory_ok. [ 1302.365123][T26983] Bluetooth: Frame is too long (len 5, expected len 4) [ 1302.462593][T29444] ERROR: Out of memory at tomoyo_memory_ok. [ 1303.583086][T29464] netlink: set zone limit has 8 unknown bytes [ 1304.097470][T29477] ERROR: Out of memory at tomoyo_memory_ok. [ 1307.133014][T29502] kexec: Could not allocate control_code_buffer [ 1307.636872][T29516] netlink: set zone limit has 8 unknown bytes [ 1310.001500][T29544] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8295'. [ 1310.012366][T29544] hsr_slave_0: left promiscuous mode [ 1310.019040][T29544] hsr_slave_1: left promiscuous mode [ 1310.543616][T29555] netlink: set zone limit has 8 unknown bytes [ 1310.857899][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1310.865962][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1312.376003][T29600] netlink: 206 bytes leftover after parsing attributes in process `syz.4.8312'. [ 1317.153298][T29691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8344'. [ 1317.163627][T29691] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8344'. [ 1318.463660][T29723] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8341'. [ 1318.811798][T29728] netlink: 206 bytes leftover after parsing attributes in process `syz.3.8342'. [ 1328.070132][T29871] hugetlbfs: syz.4.8373 (29871): Using mlock ulimits for SHM_HUGETLB is obsolete [ 1330.576151][T29907] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8382'. [ 1330.617058][T29907] hsr_slave_0: left promiscuous mode [ 1330.641422][T29907] hsr_slave_1: left promiscuous mode [ 1338.866302][T26983] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1338.873804][T26983] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1344.408590][T30114] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8437'. [ 1344.636880][T30114] team0: Port device team_slave_0 removed [ 1345.636305][T30141] netlink: 44 bytes leftover after parsing attributes in process `syz.4.8451'. [ 1350.981071][T30249] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8468'. [ 1352.047434][T30258] ERROR: Out of memory at tomoyo_memory_ok. [ 1352.606713][T30267] svc: failed to register nfsdv3 RPC service (errno 111). [ 1352.623838][T30267] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1353.187652][T30281] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8476'. [ 1353.463152][T30281] team0: Port device team_slave_0 removed [ 1356.165486][ C1] vcan0: j1939_tp_rxtimer: 0xffff888028935c00: rx timeout, send abort [ 1356.174224][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888028935c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1356.189684][ T5188] ERROR: Out of memory at tomoyo_memory_ok. [ 1356.223486][ C1] vcan0: j1939_tp_rxtimer: 0xffff888063d08c00: rx timeout, send abort [ 1356.233205][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888063d08c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 1357.370434][T30365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8500'. [ 1357.394319][T30365] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8500'. [ 1359.132718][ T5838] Bluetooth: hci3: unexpected subevent 0x01 length: 122 > 18 [ 1367.150012][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.163252][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.182527][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.194719][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.207914][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.220029][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.241027][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.256786][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.280253][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.293017][ C0] bridge0: received packet on macvlan0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 1367.654190][T30526] netlink: 326 bytes leftover after parsing attributes in process `syz.4.8543'. [ 1372.267464][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1372.274264][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1373.853357][T30628] Malformed UNC in devname [ 1373.853357][T30628] [ 1373.877701][T30628] CIFS: VFS: Malformed UNC in devname [ 1376.512805][T30691] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8584'. [ 1377.724952][T30715] ERROR: Out of memory at tomoyo_memory_ok. [ 1381.655632][T30799] netlink: 25 bytes leftover after parsing attributes in process `syz.3.8616'. [ 1382.148296][T30813] netlink: 330 bytes leftover after parsing attributes in process `syz.0.8620'. [ 1384.539715][ T30] audit: type=1800 audit(4294967302.081:39): pid=30857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8631" name="ram7" dev="tmpfs" ino=10893 res=0 errno=0 [ 1386.453957][T30884] futex_wake_op: syz.0.8637 tries to shift op by -9; fix this program [ 1388.009631][T30889] Process accounting resumed [ 1390.924218][T30943] netlink: 342 bytes leftover after parsing attributes in process `syz.3.8653'. [ 1392.244876][T30980] netlink: 'syz.0.8656': attribute type 1 has an invalid length. [ 1392.683656][T30974] Invalid ELF header magic: != ELF [ 1394.105750][T31004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8667'. [ 1398.054522][T31073] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8688'. [ 1398.136765][T31073] netlink: 338 bytes leftover after parsing attributes in process `syz.3.8688'. [ 1398.177945][T31073] netlink: 290 bytes leftover after parsing attributes in process `syz.3.8688'. [ 1398.215645][T31073] netlink: 290 bytes leftover after parsing attributes in process `syz.3.8688'. [ 1398.428057][T31083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8689'. [ 1402.104145][T31138] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.8705: No space for directory leaf checksum. Please run e2fsck -D. [ 1402.120544][T31138] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.8705: checksumming directory block 0 [ 1402.137924][T31138] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1402.184724][T31138] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.8705: No space for directory leaf checksum. Please run e2fsck -D. [ 1402.204473][T31138] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.8705: checksumming directory block 0 [ 1402.271533][T31138] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1402.312508][T31138] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.8705: No space for directory leaf checksum. Please run e2fsck -D. [ 1402.332735][T31138] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.8705: checksumming directory block 0 [ 1402.376681][T31138] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1402.430680][T31138] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.3.8705: No space for directory leaf checksum. Please run e2fsck -D. [ 1402.447728][T31138] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.3.8705: checksumming directory block 0 [ 1402.502325][T31138] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1402.521013][T31138] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1402.534391][T31138] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1407.423285][T31216] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8723'. [ 1418.342281][T31343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8755'. [ 1418.398483][T31343] netlink: 354 bytes leftover after parsing attributes in process `syz.4.8755'. [ 1418.536996][T31324] Invalid ELF header magic: != ELF [ 1421.706455][T31395] netlink: 326 bytes leftover after parsing attributes in process `syz.4.8768'. [ 1422.513369][T31417] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.8774: No space for directory leaf checksum. Please run e2fsck -D. [ 1422.539923][T31417] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.8774: checksumming directory block 0 [ 1422.554813][T31417] platform regulatory.0: loading /lib/firmware/updates/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1422.648703][T31417] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.8774: No space for directory leaf checksum. Please run e2fsck -D. [ 1422.665923][T31417] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.8774: checksumming directory block 0 [ 1422.678915][T31417] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1422.689377][T31417] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.8774: No space for directory leaf checksum. Please run e2fsck -D. [ 1422.756961][T31406] Invalid ELF header magic: != ELF [ 1422.772687][T31417] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.8774: checksumming directory block 0 [ 1422.812465][T31417] platform regulatory.0: loading /lib/firmware/6.15.0-syzkaller-13655-gbdc7f8c5adad/regulatory.db failed with error -74 [ 1422.849962][T31417] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #274: comm syz.0.8774: No space for directory leaf checksum. Please run e2fsck -D. [ 1422.866958][T31417] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #274: comm syz.0.8774: checksumming directory block 0 [ 1422.908147][T31417] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1422.939593][T31417] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1422.952357][T31417] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1424.937621][T31454] can: request_module (can-proto-3) failed. [ 1425.129405][T31465] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8793'. [ 1427.028084][T31493] netlink: 186 bytes leftover after parsing attributes in process `syz.2.8801'. [ 1429.791748][T31553] netlink: 338 bytes leftover after parsing attributes in process `syz.0.8805'. [ 1432.329850][T31599] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8818'. [ 1432.353878][T31599] bridge0: port 2(bridge_slave_1) entered disabled state [ 1432.409234][T31599] bridge_slave_1 (unregistering): left allmulticast mode [ 1432.416459][T31599] bridge_slave_1 (unregistering): left promiscuous mode [ 1432.439606][T31599] bridge0: port 2(bridge_slave_1) entered disabled state [ 1433.212662][T31616] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8822'. [ 1433.673458][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1433.680247][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1434.295743][T31634] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8829'. [ 1435.941056][T31668] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8836'. [ 1436.399926][T31678] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8837'. [ 1441.067983][T31745] ERROR: Out of memory at tomoyo_memory_ok. [ 1446.255992][T26983] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1446.267154][T26983] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1446.276512][T26983] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1446.287866][T26983] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1446.298170][T26983] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1446.655144][T31761] chnl_net:caif_netlink_parms(): no params data found [ 1446.821214][T31780] netlink: 338 bytes leftover after parsing attributes in process `syz.4.8863'. [ 1446.903915][T31761] bridge0: port 1(bridge_slave_0) entered blocking state [ 1446.918862][T31761] bridge0: port 1(bridge_slave_0) entered disabled state [ 1446.927112][T31761] bridge_slave_0: entered allmulticast mode [ 1446.935900][T31761] bridge_slave_0: entered promiscuous mode [ 1446.960222][T31761] bridge0: port 2(bridge_slave_1) entered blocking state [ 1446.969005][T31761] bridge0: port 2(bridge_slave_1) entered disabled state [ 1446.977115][T31761] bridge_slave_1: entered allmulticast mode [ 1446.986986][T31761] bridge_slave_1: entered promiscuous mode [ 1447.061226][T31761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1447.077231][T31761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1447.175854][T31761] team0: Port device team_slave_0 added [ 1447.191818][T31761] team0: Port device team_slave_1 added [ 1447.261434][T31761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1447.273082][T31761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1447.309938][T31761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1447.384399][T31761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1447.391436][T31761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1447.456177][T31761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1447.873843][T31761] hsr_slave_0: entered promiscuous mode [ 1447.902908][T31761] hsr_slave_1: entered promiscuous mode [ 1448.381810][ T5838] Bluetooth: hci4: command tx timeout [ 1448.445394][T31805] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8867'. [ 1449.041141][T31761] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1449.236019][T31761] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1449.272867][T31761] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1449.314012][T31761] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1449.947681][T31761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1450.007442][T31761] 8021q: adding VLAN 0 to HW filter on device team0 [ 1450.037395][ T4588] bridge0: port 1(bridge_slave_0) entered blocking state [ 1450.044793][ T4588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1450.074953][ T4588] bridge0: port 2(bridge_slave_1) entered blocking state [ 1450.082269][ T4588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1450.460780][ T5838] Bluetooth: hci4: command tx timeout [ 1450.482846][T31761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1450.909561][T31761] veth0_vlan: entered promiscuous mode [ 1450.928174][T31761] veth1_vlan: entered promiscuous mode [ 1450.970711][T31761] veth0_macvtap: entered promiscuous mode [ 1450.982078][T31761] veth1_macvtap: entered promiscuous mode [ 1451.004031][T31761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1451.019387][T31761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1451.033641][T31761] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.044650][T31761] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.053859][T31761] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.063275][T31761] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1451.158648][T21507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1451.176922][T21507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1451.215295][T16716] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1451.223796][T16716] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1451.817081][T31841] netlink: 186 bytes leftover after parsing attributes in process `syz.4.8879'. [ 1452.539772][ T5838] Bluetooth: hci4: command tx timeout [ 1454.124366][T31867] netlink: 186 bytes leftover after parsing attributes in process `syz.0.8873'. [ 1454.618388][ T5838] Bluetooth: hci4: command tx timeout [ 1454.872520][T31882] netlink: 186 bytes leftover after parsing attributes in process `syz.4.8881'. [ 1455.273828][T31889] netlink: 'syz.4.8886': attribute type 15 has an invalid length. [ 1455.292192][T31889] netlink: 252 bytes leftover after parsing attributes in process `syz.4.8886'. [ 1455.320790][T31889] netlink: 'syz.4.8886': attribute type 15 has an invalid length. [ 1455.351649][T31889] netlink: 252 bytes leftover after parsing attributes in process `syz.4.8886'. [ 1455.904597][T31898] ERROR: Out of memory at tomoyo_memory_ok. [ 1461.989574][T31979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8906'. [ 1462.016409][T31979] netlink: 354 bytes leftover after parsing attributes in process `syz.2.8906'. [ 1469.764928][T32072] netlink: 25 bytes leftover after parsing attributes in process `syz.0.8926'. [ 1470.081185][T32077] netlink: 338 bytes leftover after parsing attributes in process `syz.4.8927'. [ 1470.112346][T32077] netlink: 338 bytes leftover after parsing attributes in process `syz.4.8927'. [ 1470.310658][T32070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8925'. [ 1470.987021][T32079] Invalid ELF header magic: != ELF [ 1470.992706][T32083] netlink: 330 bytes leftover after parsing attributes in process `syz.2.8930'. [ 1471.365455][T32090] netlink: 186 bytes leftover after parsing attributes in process `syz.2.8931'. [ 1473.788129][T32111] Invalid ELF header magic: != ELF [ 1483.044286][T32202] FAULT_INJECTION: forcing a failure. [ 1483.044286][T32202] name failslab, interval 1, probability 0, space 0, times 0 [ 1483.061453][T32202] CPU: 0 UID: 0 PID: 32202 Comm: syz.5.8959 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1483.061498][T32202] Tainted: [I]=FIRMWARE_WORKAROUND [ 1483.061511][T32202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1483.061532][T32202] Call Trace: [ 1483.061589][T32202] [ 1483.061609][T32202] dump_stack_lvl+0x16c/0x1f0 [ 1483.061640][T32202] should_fail_ex+0x512/0x640 [ 1483.061679][T32202] ? __kmalloc_noprof+0xbf/0x510 [ 1483.061720][T32202] ? xfrm_hash_alloc+0xd1/0x100 [ 1483.061760][T32202] should_failslab+0xc2/0x120 [ 1483.061786][T32202] __kmalloc_noprof+0xd2/0x510 [ 1483.061835][T32202] ? xfrm_nat_keepalive_net_init+0x101/0x140 [ 1483.061870][T32202] xfrm_hash_alloc+0xd1/0x100 [ 1483.061908][T32202] xfrm_state_init+0x11e/0x630 [ 1483.061950][T32202] ? __pfx_xfrm_net_init+0x10/0x10 [ 1483.061972][T32202] xfrm_net_init+0x210/0xcc0 [ 1483.062000][T32202] ? __pfx_xfrm_net_init+0x10/0x10 [ 1483.062023][T32202] ops_init+0x1df/0x5f0 [ 1483.062059][T32202] setup_net+0x1ff/0x510 [ 1483.062085][T32202] ? lockdep_init_map_type+0x5c/0x280 [ 1483.062120][T32202] ? __pfx_setup_net+0x10/0x10 [ 1483.062149][T32202] ? debug_mutex_init+0x37/0x70 [ 1483.062176][T32202] copy_net_ns+0x2a6/0x5f0 [ 1483.062208][T32202] create_new_namespaces+0x3ea/0xa90 [ 1483.062242][T32202] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1483.062273][T32202] ksys_unshare+0x45b/0xa40 [ 1483.062307][T32202] ? __pfx_ksys_unshare+0x10/0x10 [ 1483.062352][T32202] __x64_sys_unshare+0x31/0x40 [ 1483.062384][T32202] do_syscall_64+0xcd/0x490 [ 1483.062411][T32202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1483.062438][T32202] RIP: 0033:0x7f0fea98e929 [ 1483.062459][T32202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1483.062484][T32202] RSP: 002b:00007f0feb7e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1483.062518][T32202] RAX: ffffffffffffffda RBX: 00007f0feabb5fa0 RCX: 00007f0fea98e929 [ 1483.062535][T32202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1483.062551][T32202] RBP: 00007f0feaa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1483.062567][T32202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1483.062582][T32202] R13: 0000000000000000 R14: 00007f0feabb5fa0 R15: 00007fffe7aae6c8 [ 1483.062613][T32202] [ 1483.610600][T32211] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8962'. [ 1483.621097][T32211] netlink: 'syz.5.8962': attribute type 1 has an invalid length. [ 1483.629543][T32211] netlink: 'syz.5.8962': attribute type 6 has an invalid length. [ 1485.718359][T26983] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1485.735483][T26983] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1485.744241][T26983] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1485.756028][T26983] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1485.772931][T26983] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1486.598826][T32232] chnl_net:caif_netlink_parms(): no params data found [ 1487.018272][T32232] bridge0: port 1(bridge_slave_0) entered blocking state [ 1487.044491][T32232] bridge0: port 1(bridge_slave_0) entered disabled state [ 1487.062457][T32232] bridge_slave_0: entered allmulticast mode [ 1487.082909][T32232] bridge_slave_0: entered promiscuous mode [ 1487.103423][T32232] bridge0: port 2(bridge_slave_1) entered blocking state [ 1487.115137][T32232] bridge0: port 2(bridge_slave_1) entered disabled state [ 1487.134403][T32232] bridge_slave_1: entered allmulticast mode [ 1487.144747][T32232] bridge_slave_1: entered promiscuous mode [ 1487.322851][T32232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1487.375909][T32232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1487.476913][T32232] team0: Port device team_slave_0 added [ 1487.489504][T32232] team0: Port device team_slave_1 added [ 1487.549754][T32232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1487.571719][T32232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1487.617819][T32232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1487.644599][T32232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1487.664359][T32232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1487.701287][T32232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1487.799774][T32232] hsr_slave_0: entered promiscuous mode [ 1487.805633][T26983] Bluetooth: hci5: command tx timeout [ 1487.817915][T32232] hsr_slave_1: entered promiscuous mode [ 1487.824657][T32232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1487.833245][T32232] Cannot create hsr debugfs directory [ 1488.458846][T32256] net_ratelimit: 199 callbacks suppressed [ 1488.458866][T32256] netlink: zone id is out of range [ 1488.479578][T32256] netlink: zone id is out of range [ 1488.496606][T32256] netlink: zone id is out of range [ 1488.519923][T32256] netlink: zone id is out of range [ 1488.594252][T32256] netlink: zone id is out of range [ 1488.599435][T32256] netlink: zone id is out of range [ 1488.651735][T32256] netlink: zone id is out of range [ 1488.661300][T32256] netlink: zone id is out of range [ 1488.682135][T32256] netlink: zone id is out of range [ 1488.701466][T32256] netlink: zone id is out of range [ 1488.748554][T32232] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1488.795787][T32232] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1488.816686][T32232] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1488.827172][T32232] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1489.415538][T32232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1489.606823][T32232] 8021q: adding VLAN 0 to HW filter on device team0 [ 1489.685779][ T4588] bridge0: port 1(bridge_slave_0) entered blocking state [ 1489.693066][ T4588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1489.735595][ T4588] bridge0: port 2(bridge_slave_1) entered blocking state [ 1489.742901][ T4588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1489.847329][T32232] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1489.880854][T26983] Bluetooth: hci5: command tx timeout [ 1490.189388][T32282] netlink: 338 bytes leftover after parsing attributes in process `syz.5.8974'. [ 1490.399580][T32232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1490.885043][T32232] veth0_vlan: entered promiscuous mode [ 1490.917850][T32232] veth1_vlan: entered promiscuous mode [ 1490.969650][T32286] Invalid ELF header magic: != ELF [ 1490.972277][T32232] veth0_macvtap: entered promiscuous mode [ 1490.997576][T32232] veth1_macvtap: entered promiscuous mode [ 1491.035626][T32232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1491.063618][T32232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1491.083518][T32232] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1491.096696][T32232] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1491.111023][T32232] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1491.122710][T32232] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1491.343059][T16716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1491.361220][T16716] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1491.542916][ T4588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1491.577019][ T4588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1491.934694][T32306] netlink: 'syz.6.8966': attribute type 1 has an invalid length. [ 1491.959780][T26983] Bluetooth: hci5: command tx timeout [ 1492.858197][T32324] netlink: 186 bytes leftover after parsing attributes in process `syz.0.8983'. [ 1494.038753][T26983] Bluetooth: hci5: command tx timeout [ 1494.370591][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1494.384104][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1494.393543][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1494.419539][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1494.428469][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1495.085429][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1495.092016][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1495.100368][ T30] audit: type=1800 audit(4294967412.696:40): pid=32356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8991" name="dummy_udc" dev="gadgetfs" ino=149029 res=0 errno=0 [ 1495.697283][T32362] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 1495.778967][T32364] netlink: 338 bytes leftover after parsing attributes in process `syz.5.8993'. [ 1495.940924][T32362] could not allocate digest TFM handle [ 1495.970227][T32342] chnl_net:caif_netlink_parms(): no params data found [ 1495.997226][T32364] veth1_macvtap: left promiscuous mode [ 1496.004488][T32364] macsec0: entered allmulticast mode [ 1496.528359][ T5838] Bluetooth: hci6: command tx timeout [ 1496.624377][T32342] bridge0: port 1(bridge_slave_0) entered blocking state [ 1496.656155][T32342] bridge0: port 1(bridge_slave_0) entered disabled state [ 1496.664516][T32342] bridge_slave_0: entered allmulticast mode [ 1496.674566][T32342] bridge_slave_0: entered promiscuous mode [ 1496.691257][T32342] bridge0: port 2(bridge_slave_1) entered blocking state [ 1496.699214][T32342] bridge0: port 2(bridge_slave_1) entered disabled state [ 1496.706519][T32342] bridge_slave_1: entered allmulticast mode [ 1496.715361][T32342] bridge_slave_1: entered promiscuous mode [ 1496.872777][T32373] FAULT_INJECTION: forcing a failure. [ 1496.872777][T32373] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1496.898518][T32373] CPU: 1 UID: 0 PID: 32373 Comm: syz.5.8995 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1496.898576][T32373] Tainted: [I]=FIRMWARE_WORKAROUND [ 1496.898590][T32373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1496.898611][T32373] Call Trace: [ 1496.898621][T32373] [ 1496.898635][T32373] dump_stack_lvl+0x16c/0x1f0 [ 1496.898675][T32373] should_fail_ex+0x512/0x640 [ 1496.898734][T32373] should_fail_alloc_page+0xe7/0x130 [ 1496.898772][T32373] prepare_alloc_pages+0x3c2/0x610 [ 1496.898814][T32373] ? rcu_is_watching+0x12/0xc0 [ 1496.898853][T32373] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1496.898913][T32373] ? rcu_is_watching+0x12/0xc0 [ 1496.898946][T32373] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1496.898987][T32373] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 1496.899038][T32373] ? stack_trace_save+0x8e/0xc0 [ 1496.899077][T32373] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1496.899145][T32373] ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 1496.899197][T32373] ? __get_vm_area_node+0x1ca/0x330 [ 1496.899238][T32373] ? __vmalloc_node_noprof+0xad/0xf0 [ 1496.899294][T32373] ? pcpu_mem_zalloc+0x54/0xb0 [ 1496.899334][T32373] ? pcpu_create_chunk+0x432/0x730 [ 1496.899376][T32373] ? pcpu_alloc_noprof+0x11e3/0x1470 [ 1496.899420][T32373] ? bpf_map_alloc_percpu+0x9a/0x4b0 [ 1496.899465][T32373] ? htab_map_alloc+0x10ca/0x1570 [ 1496.899515][T32373] ? map_create+0x58f/0x1db0 [ 1496.899580][T32373] alloc_pages_bulk_noprof+0x71c/0x1410 [ 1496.899634][T32373] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1496.899692][T32373] ? policy_nodemask+0xea/0x4e0 [ 1496.899732][T32373] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1496.899790][T32373] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1496.899846][T32373] kasan_populate_vmalloc+0xf1/0x1f0 [ 1496.899907][T32373] alloc_vmap_area+0x959/0x29c0 [ 1496.899966][T32373] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1496.900019][T32373] __get_vm_area_node+0x1ca/0x330 [ 1496.900070][T32373] __vmalloc_node_range_noprof+0x271/0x14b0 [ 1496.900120][T32373] ? pcpu_mem_zalloc+0x54/0xb0 [ 1496.900177][T32373] ? pcpu_mem_zalloc+0x54/0xb0 [ 1496.900231][T32373] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1496.900305][T32373] ? pcpu_mem_zalloc+0x54/0xb0 [ 1496.900349][T32373] __vmalloc_node_noprof+0xad/0xf0 [ 1496.900396][T32373] ? pcpu_mem_zalloc+0x54/0xb0 [ 1496.900444][T32373] pcpu_mem_zalloc+0x54/0xb0 [ 1496.900490][T32373] pcpu_create_chunk+0x432/0x730 [ 1496.900544][T32373] pcpu_alloc_noprof+0x11e3/0x1470 [ 1496.900615][T32373] bpf_map_alloc_percpu+0x9a/0x4b0 [ 1496.900670][T32373] htab_map_alloc+0x10ca/0x1570 [ 1496.900735][T32373] ? ns_capable+0xd7/0x110 [ 1496.900775][T32373] map_create+0x58f/0x1db0 [ 1496.900843][T32373] ? __pfx_map_create+0x10/0x10 [ 1496.900893][T32373] ? __might_fault+0xe3/0x190 [ 1496.900943][T32373] ? __might_fault+0xe3/0x190 [ 1496.900993][T32373] ? __might_fault+0x13b/0x190 [ 1496.901063][T32373] __sys_bpf+0x47cc/0x4d80 [ 1496.901103][T32373] ? __pfx___sys_bpf+0x10/0x10 [ 1496.901136][T32373] ? do_writev+0x218/0x340 [ 1496.901191][T32373] ? do_futex+0x122/0x350 [ 1496.901235][T32373] ? __pfx_do_futex+0x10/0x10 [ 1496.901305][T32373] ? fput+0x70/0xf0 [ 1496.901340][T32373] ? __pfx___x64_sys_futex+0x10/0x10 [ 1496.901384][T32373] ? __pfx_do_writev+0x10/0x10 [ 1496.901440][T32373] __x64_sys_bpf+0x78/0xc0 [ 1496.901474][T32373] ? lockdep_hardirqs_on+0x7c/0x110 [ 1496.901530][T32373] do_syscall_64+0xcd/0x490 [ 1496.901569][T32373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.901605][T32373] RIP: 0033:0x7f0fea98e929 [ 1496.901634][T32373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1496.901671][T32373] RSP: 002b:00007f0feb7e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1496.901704][T32373] RAX: ffffffffffffffda RBX: 00007f0feabb5fa0 RCX: 00007f0fea98e929 [ 1496.901728][T32373] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 1496.901749][T32373] RBP: 00007f0feaa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1496.901770][T32373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1496.901790][T32373] R13: 0000000000000000 R14: 00007f0feabb5fa0 R15: 00007fffe7aae6c8 [ 1496.901834][T32373] [ 1497.404697][T32342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1497.855395][T32342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1497.978073][T32342] team0: Port device team_slave_0 added [ 1498.003433][T32342] team0: Port device team_slave_1 added [ 1498.073193][T32342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1498.086480][T32342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1498.114082][T32342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1498.138310][T32342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1498.145362][T32342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1498.196730][T32342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1498.380586][T32342] hsr_slave_0: entered promiscuous mode [ 1498.388086][T32342] hsr_slave_1: entered promiscuous mode [ 1498.395018][T32342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1498.417073][T32342] Cannot create hsr debugfs directory [ 1498.597509][ T5838] Bluetooth: hci6: command tx timeout [ 1499.542277][T32342] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1499.600028][T32342] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1499.663501][T32342] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1499.718473][T32342] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1499.914901][T32404] tc_dump_action: action bad kind [ 1500.675399][ T5838] Bluetooth: hci6: command tx timeout [ 1500.951418][T32342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1501.115583][T32415] sysfs_service_op_show: Client not running :-5: [ 1501.162520][T32342] 8021q: adding VLAN 0 to HW filter on device team0 [ 1501.303035][T31548] bridge0: port 1(bridge_slave_0) entered blocking state [ 1501.310586][T31548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1501.322173][T32411] nvme_fcloop: unknown parameter or missing value '7' [ 1501.462149][T31548] bridge0: port 2(bridge_slave_1) entered blocking state [ 1501.469470][T31548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1501.762295][T32342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1502.472600][T32342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1502.755733][ T5838] Bluetooth: hci6: command tx timeout [ 1503.691271][T32441] nvme_fabrics: missing parameter 'transport=%s' [ 1503.742852][T32441] nvme_fabrics: missing parameter 'nqn=%s' [ 1503.750152][T32444] nvme_fabrics: unknown parameter or missing value 'òÿÿÿò' in ctrl creation request [ 1503.885403][T32342] veth0_vlan: entered promiscuous mode [ 1503.932818][T32342] veth1_vlan: entered promiscuous mode [ 1504.007647][T32342] veth0_macvtap: entered promiscuous mode [ 1504.022830][T32342] veth1_macvtap: entered promiscuous mode [ 1504.102433][T32342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1504.126218][T32342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1504.149322][T32342] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1504.158814][T32342] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1504.168325][T32342] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1504.198627][T32342] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1504.500216][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1504.534856][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1504.625023][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1504.659231][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1507.216553][T32481] netlink: 186 bytes leftover after parsing attributes in process `syz.5.9014'. [ 1507.378417][T32476] can0: slcan on pty233. [ 1507.573054][T32474] can0 (unregistered): slcan off pty233. [ 1510.629937][T32524] ERROR: Out of memory at tomoyo_memory_ok. [ 1514.531734][T32576] FAULT_INJECTION: forcing a failure. [ 1514.531734][T32576] name failslab, interval 1, probability 0, space 0, times 0 [ 1514.545574][T32576] CPU: 1 UID: 0 PID: 32576 Comm: syz.6.9035 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1514.545631][T32576] Tainted: [I]=FIRMWARE_WORKAROUND [ 1514.545645][T32576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1514.545666][T32576] Call Trace: [ 1514.545678][T32576] [ 1514.545691][T32576] dump_stack_lvl+0x16c/0x1f0 [ 1514.545741][T32576] should_fail_ex+0x512/0x640 [ 1514.545795][T32576] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1514.545850][T32576] should_failslab+0xc2/0x120 [ 1514.545886][T32576] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1514.545935][T32576] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 1514.545990][T32576] drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 1514.546037][T32576] drm_atomic_get_connector_state+0x388/0x740 [ 1514.546086][T32576] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 1514.546136][T32576] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 1514.546178][T32576] ? ww_mutex_lock+0x37/0x160 [ 1514.546213][T32576] ? modeset_lock+0x114/0x6e0 [ 1514.546275][T32576] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 1514.546324][T32576] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 1514.546375][T32576] ? drm_client_rotation+0x4da/0x6a0 [ 1514.546422][T32576] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 1514.546478][T32576] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1514.546564][T32576] drm_client_modeset_commit_locked+0x14d/0x580 [ 1514.546615][T32576] drm_client_modeset_commit+0x4f/0x80 [ 1514.546658][T32576] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 1514.546705][T32576] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1514.546760][T32576] drm_fbdev_client_restore+0x2c/0x40 [ 1514.546811][T32576] drm_client_dev_restore+0x1f6/0x2a0 [ 1514.546858][T32576] drm_release+0x2c4/0x360 [ 1514.546899][T32576] ? __pfx_drm_release+0x10/0x10 [ 1514.546934][T32576] __fput+0x3ff/0xb70 [ 1514.546980][T32576] task_work_run+0x150/0x240 [ 1514.547035][T32576] ? __pfx_task_work_run+0x10/0x10 [ 1514.547075][T32576] ? __pfx___do_sys_close_range+0x10/0x10 [ 1514.547120][T32576] exit_to_user_mode_loop+0xeb/0x110 [ 1514.547161][T32576] do_syscall_64+0x3f6/0x490 [ 1514.547189][T32576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1514.547215][T32576] RIP: 0033:0x7f970cb8e929 [ 1514.547235][T32576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1514.547261][T32576] RSP: 002b:00007f970daa0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1514.547285][T32576] RAX: 0000000000000000 RBX: 00007f970cdb6080 RCX: 00007f970cb8e929 [ 1514.547302][T32576] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1514.547317][T32576] RBP: 00007f970cc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1514.547333][T32576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1514.547349][T32576] R13: 0000000000000000 R14: 00007f970cdb6080 R15: 00007ffc0a767a18 [ 1514.547382][T32576] [ 1515.139469][T32580] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9038'. [ 1522.383307][T32684] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9061'. [ 1524.110800][T32710] FAULT_INJECTION: forcing a failure. [ 1524.110800][T32710] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.178389][T32710] CPU: 0 UID: 0 PID: 32710 Comm: syz.6.9068 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1524.178449][T32710] Tainted: [I]=FIRMWARE_WORKAROUND [ 1524.178462][T32710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1524.178483][T32710] Call Trace: [ 1524.178496][T32710] [ 1524.178509][T32710] dump_stack_lvl+0x16c/0x1f0 [ 1524.178549][T32710] should_fail_ex+0x512/0x640 [ 1524.178602][T32710] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1524.178657][T32710] should_failslab+0xc2/0x120 [ 1524.178695][T32710] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1524.178745][T32710] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1524.178806][T32710] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1524.178858][T32710] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1524.178907][T32710] ? snd_pcm_oss_change_params_locked+0x958/0x3a30 [ 1524.178963][T32710] snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 1524.179029][T32710] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1524.179079][T32710] ? snd_pcm_oss_sync+0x30c/0x840 [ 1524.179151][T32710] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1524.179199][T32710] snd_pcm_oss_sync+0x32e/0x840 [ 1524.179248][T32710] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1524.179293][T32710] snd_pcm_oss_release+0x28b/0x310 [ 1524.179341][T32710] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1524.179384][T32710] __fput+0x3ff/0xb70 [ 1524.179431][T32710] task_work_run+0x150/0x240 [ 1524.179485][T32710] ? __pfx_task_work_run+0x10/0x10 [ 1524.179539][T32710] ? __pfx___do_sys_close_range+0x10/0x10 [ 1524.179602][T32710] exit_to_user_mode_loop+0xeb/0x110 [ 1524.179655][T32710] do_syscall_64+0x3f6/0x490 [ 1524.179693][T32710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.179729][T32710] RIP: 0033:0x7f970cb8e929 [ 1524.179757][T32710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1524.179792][T32710] RSP: 002b:00007f970dac1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1524.179839][T32710] RAX: 0000000000000000 RBX: 00007f970cdb5fa0 RCX: 00007f970cb8e929 [ 1524.179862][T32710] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1524.179884][T32710] RBP: 00007f970cc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1524.179906][T32710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1524.179926][T32710] R13: 0000000000000000 R14: 00007f970cdb5fa0 R15: 00007ffc0a767a18 [ 1524.179970][T32710] [ 1526.771848][T32736] Invalid ELF header magic: != ELF [ 1526.898444][T32740] WARNING! power/level is deprecated; use power/control instead [ 1526.962042][T32740] ICMPv6: process `syz.5.9074' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 1531.485470][ T324] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9088'. [ 1531.525054][ T324] netlink: 354 bytes leftover after parsing attributes in process `syz.7.9088'. [ 1531.991268][ T314] kexec: Could not allocate control_code_buffer [ 1534.501605][ T344] kexec: Could not allocate control_code_buffer [ 1534.935934][ T360] net_ratelimit: 77 callbacks suppressed [ 1534.935960][ T360] netlink: zone id is out of range [ 1534.987153][ T360] netlink: zone id is out of range [ 1535.034121][ T360] netlink: zone id is out of range [ 1535.080970][ T360] netlink: zone id is out of range [ 1535.134830][ T360] netlink: zone id is out of range [ 1535.165910][ T360] netlink: zone id is out of range [ 1535.214740][ T360] netlink: zone id is out of range [ 1535.219975][ T360] netlink: zone id is out of range [ 1535.251166][ T360] netlink: zone id is out of range [ 1535.265269][ T360] netlink: zone id is out of range [ 1536.395565][ T382] ERROR: Out of memory at tomoyo_memory_ok. [ 1536.497691][ T385] netlink: 338 bytes leftover after parsing attributes in process `syz.6.9099'. [ 1537.318789][ T403] syz.0.9103 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1537.467201][ T402] bridge0: port 3(dummy0) entered blocking state [ 1537.536680][ T402] bridge0: port 3(dummy0) entered disabled state [ 1537.545875][ T402] dummy0: entered allmulticast mode [ 1537.557886][ T402] dummy0: entered promiscuous mode [ 1537.570450][ T402] bridge0: port 3(dummy0) entered blocking state [ 1537.577046][ T402] bridge0: port 3(dummy0) entered forwarding state [ 1541.788812][ T465] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9119'. [ 1542.443797][ T476] ERROR: Out of memory at tomoyo_memory_ok. [ 1544.011788][ T496] Invalid ELF header magic: != ELF [ 1544.613593][ T506] netlink: 28 bytes leftover after parsing attributes in process `syz.7.9130'. [ 1544.706336][ T506] bridge_slave_1: left allmulticast mode [ 1544.736308][ T506] bridge_slave_1: left promiscuous mode [ 1544.766475][ T506] bridge0: port 2(bridge_slave_1) entered disabled state [ 1544.822551][ T506] bridge_slave_0: left allmulticast mode [ 1544.845655][ T506] bridge_slave_0: left promiscuous mode [ 1544.869007][ T506] bridge0: port 1(bridge_slave_0) entered disabled state [ 1548.584395][ T559] FAULT_INJECTION: forcing a failure. [ 1548.584395][ T559] name failslab, interval 1, probability 0, space 0, times 0 [ 1548.651040][ T559] CPU: 1 UID: 0 PID: 559 Comm: syz.5.9138 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1548.651102][ T559] Tainted: [I]=FIRMWARE_WORKAROUND [ 1548.651116][ T559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1548.651137][ T559] Call Trace: [ 1548.651148][ T559] [ 1548.651162][ T559] dump_stack_lvl+0x16c/0x1f0 [ 1548.651206][ T559] should_fail_ex+0x512/0x640 [ 1548.651261][ T559] ? fs_reclaim_acquire+0xae/0x150 [ 1548.651310][ T559] should_failslab+0xc2/0x120 [ 1548.651346][ T559] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1548.651402][ T559] ? security_inode_alloc+0x3b/0x2b0 [ 1548.651450][ T559] security_inode_alloc+0x3b/0x2b0 [ 1548.651493][ T559] inode_init_always_gfp+0xce4/0x1030 [ 1548.651557][ T559] alloc_inode+0x86/0x240 [ 1548.651605][ T559] new_inode+0x22/0x1c0 [ 1548.651647][ T559] tracefs_get_inode+0x19/0x80 [ 1548.651693][ T559] eventfs_get_inode+0x53/0x520 [ 1548.651747][ T559] eventfs_root_lookup+0x6f4/0xa50 [ 1548.651799][ T559] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 1548.651851][ T559] ? getname_kernel+0x2d0/0x370 [ 1548.651890][ T559] ? security_inode_permission+0xbf/0x260 [ 1548.651935][ T559] ? inode_permission+0x156/0x630 [ 1548.651977][ T559] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 1548.652026][ T559] lookup_open.isra.0+0x4d7/0x1580 [ 1548.652082][ T559] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1548.652151][ T559] ? __pfx_down_write+0x10/0x10 [ 1548.652188][ T559] ? mnt_get_write_access+0x20c/0x300 [ 1548.652235][ T559] path_openat+0x893/0x2cb0 [ 1548.652302][ T559] ? __pfx_path_openat+0x10/0x10 [ 1548.652357][ T559] ? __lock_acquire+0xb8a/0x1c90 [ 1548.652410][ T559] do_filp_open+0x20b/0x470 [ 1548.652463][ T559] ? __pfx_do_filp_open+0x10/0x10 [ 1548.652548][ T559] ? alloc_fd+0x471/0x7d0 [ 1548.652618][ T559] do_sys_openat2+0x11b/0x1d0 [ 1548.652658][ T559] ? __pfx_do_sys_openat2+0x10/0x10 [ 1548.652715][ T559] __x64_sys_openat+0x174/0x210 [ 1548.652758][ T559] ? __pfx___x64_sys_openat+0x10/0x10 [ 1548.652807][ T559] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 1548.652873][ T559] do_syscall_64+0xcd/0x490 [ 1548.652912][ T559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1548.652947][ T559] RIP: 0033:0x7f0fea98e929 [ 1548.652978][ T559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1548.653013][ T559] RSP: 002b:00007f0feb7c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1548.653047][ T559] RAX: ffffffffffffffda RBX: 00007f0feabb6080 RCX: 00007f0fea98e929 [ 1548.653071][ T559] RDX: 0000000000109041 RSI: 0000200000007380 RDI: ffffffffffffff9c [ 1548.653093][ T559] RBP: 00007f0feaa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1548.653116][ T559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1548.653137][ T559] R13: 0000000000000000 R14: 00007f0feabb6080 R15: 00007fffe7aae6c8 [ 1548.653184][ T559] [ 1548.945124][ C1] vkms_vblank_simulate: vblank timer overrun [ 1550.553007][ T570] FAULT_INJECTION: forcing a failure. [ 1550.553007][ T570] name failslab, interval 1, probability 0, space 0, times 0 [ 1550.565986][ T570] CPU: 1 UID: 0 PID: 570 Comm: syz.6.9149 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1550.566037][ T570] Tainted: [I]=FIRMWARE_WORKAROUND [ 1550.566049][ T570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1550.566067][ T570] Call Trace: [ 1550.566079][ T570] [ 1550.566091][ T570] dump_stack_lvl+0x16c/0x1f0 [ 1550.566126][ T570] should_fail_ex+0x512/0x640 [ 1550.566193][ T570] ? fs_reclaim_acquire+0xae/0x150 [ 1550.566232][ T570] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1550.566274][ T570] should_failslab+0xc2/0x120 [ 1550.566302][ T570] __kmalloc_noprof+0xd2/0x510 [ 1550.566366][ T570] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1550.566419][ T570] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1550.566457][ T570] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1550.566492][ T570] ? d_add+0x404/0x780 [ 1550.566554][ T570] ? find_held_lock+0x2b/0x80 [ 1550.566593][ T570] tomoyo_file_open+0x6b/0x90 [ 1550.566622][ T570] security_file_open+0x84/0x1e0 [ 1550.566669][ T570] do_dentry_open+0x596/0x1c10 [ 1550.566727][ T570] vfs_open+0x82/0x3f0 [ 1550.566764][ T570] path_openat+0x1de4/0x2cb0 [ 1550.566827][ T570] ? __pfx_path_openat+0x10/0x10 [ 1550.566879][ T570] ? __lock_acquire+0xb8a/0x1c90 [ 1550.566926][ T570] do_filp_open+0x20b/0x470 [ 1550.566973][ T570] ? __pfx_do_filp_open+0x10/0x10 [ 1550.567041][ T570] ? alloc_fd+0x471/0x7d0 [ 1550.567090][ T570] do_sys_openat2+0x11b/0x1d0 [ 1550.567122][ T570] ? __pfx_do_sys_openat2+0x10/0x10 [ 1550.567169][ T570] __x64_sys_openat+0x174/0x210 [ 1550.567203][ T570] ? __pfx___x64_sys_openat+0x10/0x10 [ 1550.567252][ T570] do_syscall_64+0xcd/0x490 [ 1550.567284][ T570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.567314][ T570] RIP: 0033:0x7f970cb8e929 [ 1550.567347][ T570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1550.567377][ T570] RSP: 002b:00007f970dac1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1550.567405][ T570] RAX: ffffffffffffffda RBX: 00007f970cdb5fa0 RCX: 00007f970cb8e929 [ 1550.567425][ T570] RDX: 0000000000109041 RSI: 0000200000007380 RDI: ffffffffffffff9c [ 1550.567445][ T570] RBP: 00007f970cc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1550.567463][ T570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1550.567481][ T570] R13: 0000000000000000 R14: 00007f970cdb5fa0 R15: 00007ffc0a767a18 [ 1550.567519][ T570] [ 1550.829808][ T570] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1553.471188][ T607] FAULT_INJECTION: forcing a failure. [ 1553.471188][ T607] name failslab, interval 1, probability 0, space 0, times 0 [ 1553.520883][ T607] CPU: 0 UID: 0 PID: 607 Comm: syz.6.9146 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1553.520925][ T607] Tainted: [I]=FIRMWARE_WORKAROUND [ 1553.520935][ T607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1553.520950][ T607] Call Trace: [ 1553.520958][ T607] [ 1553.520967][ T607] dump_stack_lvl+0x16c/0x1f0 [ 1553.520995][ T607] should_fail_ex+0x512/0x640 [ 1553.521038][ T607] should_failslab+0xc2/0x120 [ 1553.521064][ T607] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1553.521098][ T607] ? __sctp_v6_cmp_addr+0x206/0x530 [ 1553.521126][ T607] ? sctp_add_bind_addr+0xae/0x3f0 [ 1553.521169][ T607] sctp_add_bind_addr+0xae/0x3f0 [ 1553.521212][ T607] sctp_copy_local_addr_list+0x39d/0x5a0 [ 1553.521246][ T607] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 1553.521279][ T607] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 1553.521314][ T607] ? sctp_bind_addr_copy+0xe0/0x530 [ 1553.521337][ T607] sctp_bind_addr_copy+0xe0/0x530 [ 1553.521375][ T607] sctp_connect_new_asoc+0x1d7/0x790 [ 1553.521412][ T607] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1553.521454][ T607] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 1553.521486][ T607] sctp_sendmsg+0x15f9/0x1ee0 [ 1553.521520][ T607] ? __futex_wait+0x24c/0x2f0 [ 1553.521563][ T607] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1553.521610][ T607] ? __might_fault+0xe3/0x190 [ 1553.521648][ T607] ? __pfx_aa_sk_perm+0x10/0x10 [ 1553.521682][ T607] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1553.521717][ T607] inet_sendmsg+0x119/0x140 [ 1553.521756][ T607] __sys_sendto+0x43c/0x520 [ 1553.521795][ T607] ? __pfx___sys_sendto+0x10/0x10 [ 1553.521830][ T607] ? do_sys_openat2+0x1b0/0x1d0 [ 1553.521884][ T607] ? xfd_validate_state+0x61/0x180 [ 1553.521927][ T607] __x64_sys_sendto+0xe0/0x1c0 [ 1553.521963][ T607] ? do_syscall_64+0x91/0x490 [ 1553.521986][ T607] ? lockdep_hardirqs_on+0x7c/0x110 [ 1553.522024][ T607] do_syscall_64+0xcd/0x490 [ 1553.522051][ T607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1553.522075][ T607] RIP: 0033:0x7f970cb8e929 [ 1553.522095][ T607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1553.522119][ T607] RSP: 002b:00007f970daa0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1553.522141][ T607] RAX: ffffffffffffffda RBX: 00007f970cdb6080 RCX: 00007f970cb8e929 [ 1553.522157][ T607] RDX: 000000000002000f RSI: 0000000000000000 RDI: 0000000000000003 [ 1553.522172][ T607] RBP: 00007f970cc10b39 R08: 0000200000000000 R09: 000000000000001c [ 1553.522187][ T607] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000 [ 1553.522202][ T607] R13: 0000000000000000 R14: 00007f970cdb6080 R15: 00007ffc0a767a18 [ 1553.522232][ T607] [ 1556.522873][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1556.529348][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1557.145596][ T660] vivid-007: ================= START STATUS ================= [ 1557.213695][ T660] vivid-007: Generate PTS: true [ 1557.313364][ T660] vivid-007: Generate SCR: true [ 1557.318505][ T660] tpg source WxH: 320x240 (Y'CbCr) [ 1557.326800][ T660] tpg field: 1 [ 1557.337048][ T660] tpg crop: (0,0)/320x240 [ 1557.347451][ T660] tpg compose: (0,0)/320x240 [ 1557.352190][ T660] tpg colorspace: 8 [ 1557.357606][ T660] tpg transfer function: 0/0 [ 1557.362450][ T660] tpg Y'CbCr encoding: 0/0 [ 1557.369674][ T660] tpg quantization: 0/0 [ 1557.379703][ T660] tpg RGB range: 0/2 [ 1557.395854][ T660] vivid-007: ================== END STATUS ================== [ 1559.199083][ T683] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9164'. [ 1559.309877][ T683] netlink: 354 bytes leftover after parsing attributes in process `syz.5.9164'. [ 1560.880273][ T707] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9167'. [ 1560.890201][ T707] netlink: 'syz.7.9167': attribute type 1 has an invalid length. [ 1560.898293][ T707] netlink: 'syz.7.9167': attribute type 6 has an invalid length. [ 1561.326333][T32504] Bluetooth: hci6: unexpected event 0x1d length: 10 > 5 [ 1561.513445][ T718] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1561.567902][ T718] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 1561.618384][ T718] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1561.649513][ T718] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 1562.041813][ T722] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.082574][ T722] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 1562.099521][ T722] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.121321][ T722] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 1562.238558][ T723] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.302342][ T723] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 1562.337504][ T723] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.394974][ T723] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 1562.547701][ T724] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.607388][ T724] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 1562.649374][ T724] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.708766][ T724] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 1562.912914][ T725] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1562.953375][ T725] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum [ 1562.996183][ T725] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 1563.051035][ T725] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0 [ 1563.194865][ T730] tipc: Started in network mode [ 1563.209141][ T730] tipc: Node identity ee00, cluster identity 4711 [ 1563.257765][ T730] tipc: Node number set to 60928 [ 1563.407255][ T726] Process accounting resumed [ 1565.778143][ T765] FAULT_INJECTION: forcing a failure. [ 1565.778143][ T765] name failslab, interval 1, probability 0, space 0, times 0 [ 1565.805348][ T765] CPU: 0 UID: 0 PID: 765 Comm: syz.7.9180 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1565.805408][ T765] Tainted: [I]=FIRMWARE_WORKAROUND [ 1565.805422][ T765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1565.805443][ T765] Call Trace: [ 1565.805455][ T765] [ 1565.805468][ T765] dump_stack_lvl+0x16c/0x1f0 [ 1565.805508][ T765] should_fail_ex+0x512/0x640 [ 1565.805562][ T765] ? __kmalloc_noprof+0xbf/0x510 [ 1565.805617][ T765] ? constrain_params_by_rules+0x175/0xca0 [ 1565.805660][ T765] should_failslab+0xc2/0x120 [ 1565.805694][ T765] __kmalloc_noprof+0xd2/0x510 [ 1565.805745][ T765] ? unwind_get_return_address+0x59/0xa0 [ 1565.805801][ T765] ? arch_stack_walk+0xa6/0x100 [ 1565.805862][ T765] constrain_params_by_rules+0x175/0xca0 [ 1565.805918][ T765] ? stack_trace_save+0x8e/0xc0 [ 1565.805960][ T765] ? stack_depot_save_flags+0x28/0xa40 [ 1565.806017][ T765] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1565.806062][ T765] ? kfree+0x2b4/0x4d0 [ 1565.806102][ T765] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1565.806155][ T765] ? __kasan_kmalloc+0xaa/0xb0 [ 1565.806214][ T765] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1565.806257][ T765] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 1565.806299][ T765] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1565.806366][ T765] ? snd_interval_refine+0x2fa/0x580 [ 1565.806435][ T765] snd_pcm_hw_refine+0x7de/0xad0 [ 1565.806488][ T765] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1565.806551][ T765] ? _snd_pcm_hw_param_min+0x259/0x630 [ 1565.806600][ T765] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 1565.806652][ T765] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1565.806697][ T765] ? __asan_memset+0x23/0x50 [ 1565.806742][ T765] ? calc_src_frames.isra.0+0x187/0x1d0 [ 1565.806786][ T765] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 1565.806844][ T765] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 1565.806909][ T765] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1565.806957][ T765] ? snd_pcm_oss_sync+0x30c/0x840 [ 1565.807028][ T765] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1565.807074][ T765] snd_pcm_oss_sync+0x32e/0x840 [ 1565.807123][ T765] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1565.807166][ T765] snd_pcm_oss_release+0x28b/0x310 [ 1565.807230][ T765] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1565.807272][ T765] __fput+0x3ff/0xb70 [ 1565.807320][ T765] task_work_run+0x150/0x240 [ 1565.807378][ T765] ? __pfx_task_work_run+0x10/0x10 [ 1565.807432][ T765] ? __pfx___do_sys_close_range+0x10/0x10 [ 1565.807495][ T765] exit_to_user_mode_loop+0xeb/0x110 [ 1565.807551][ T765] do_syscall_64+0x3f6/0x490 [ 1565.807590][ T765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1565.807625][ T765] RIP: 0033:0x7f15d8b8e929 [ 1565.807652][ T765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1565.807686][ T765] RSP: 002b:00007f15d69f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1565.807718][ T765] RAX: 0000000000000000 RBX: 00007f15d8db5fa0 RCX: 00007f15d8b8e929 [ 1565.807740][ T765] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1565.807760][ T765] RBP: 00007f15d8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1565.807781][ T765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1565.807806][ T765] R13: 0000000000000000 R14: 00007f15d8db5fa0 R15: 00007ffda2fae568 [ 1565.807851][ T765] [ 1566.391298][ T767] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1566.404917][ T747] kexec: Could not allocate control_code_buffer [ 1568.813656][ T772] Bluetooth: hci4: command 0x0406 tx timeout [ 1570.453357][ T814] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 1571.156452][ T800] ptrace attach of "./syz-executor exec"[8394] was attempted by "./syz-executor exec"[800] [ 1576.574773][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1576.581560][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1576.601531][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1576.621150][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1576.640657][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1576.650293][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1576.666736][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1576.680360][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1579.174526][ T895] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9204'. [ 1581.415097][ T910] netlink: 28 bytes leftover after parsing attributes in process `syz.0.9205'. [ 1582.064529][ T928] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1582.531952][ T925] FAULT_INJECTION: forcing a failure. [ 1582.531952][ T925] name failslab, interval 1, probability 0, space 0, times 0 [ 1582.620848][ T925] CPU: 0 UID: 0 PID: 925 Comm: syz.7.9207 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1582.620904][ T925] Tainted: [I]=FIRMWARE_WORKAROUND [ 1582.620918][ T925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1582.620937][ T925] Call Trace: [ 1582.620948][ T925] [ 1582.620961][ T925] dump_stack_lvl+0x16c/0x1f0 [ 1582.621000][ T925] should_fail_ex+0x512/0x640 [ 1582.621052][ T925] ? fs_reclaim_acquire+0xae/0x150 [ 1582.621097][ T925] ? tomoyo_init_log+0x1385/0x2140 [ 1582.621143][ T925] should_failslab+0xc2/0x120 [ 1582.621178][ T925] __kmalloc_noprof+0xd2/0x510 [ 1582.621240][ T925] tomoyo_init_log+0x1385/0x2140 [ 1582.621312][ T925] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1582.621373][ T925] tomoyo_write_log2+0x2f7/0xc10 [ 1582.621445][ T925] tomoyo_supervisor+0x15e/0x13b0 [ 1582.621488][ T925] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1582.621541][ T925] ? lockdep_hardirqs_on+0x7c/0x110 [ 1582.621606][ T925] ? tomoyo_check_path_acl+0xad/0x210 [ 1582.621650][ T925] ? tomoyo_check_acl+0x1f7/0x410 [ 1582.621693][ T925] tomoyo_path_permission+0x270/0x3b0 [ 1582.621740][ T925] tomoyo_check_open_permission+0x37b/0x3c0 [ 1582.621787][ T925] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1582.621876][ T925] ? do_raw_spin_lock+0x12c/0x2b0 [ 1582.621938][ T925] tomoyo_file_open+0x6b/0x90 [ 1582.621972][ T925] security_file_open+0x84/0x1e0 [ 1582.622020][ T925] do_dentry_open+0x596/0x1c10 [ 1582.622083][ T925] vfs_open+0x82/0x3f0 [ 1582.622123][ T925] path_openat+0x1de4/0x2cb0 [ 1582.622184][ T925] ? __pfx_path_openat+0x10/0x10 [ 1582.622232][ T925] ? __lock_acquire+0xb8a/0x1c90 [ 1582.622283][ T925] do_filp_open+0x20b/0x470 [ 1582.622336][ T925] ? __pfx_do_filp_open+0x10/0x10 [ 1582.622421][ T925] ? alloc_fd+0x471/0x7d0 [ 1582.622492][ T925] do_sys_openat2+0x11b/0x1d0 [ 1582.622533][ T925] ? __pfx_do_sys_openat2+0x10/0x10 [ 1582.622588][ T925] __x64_sys_openat+0x174/0x210 [ 1582.622630][ T925] ? __pfx___x64_sys_openat+0x10/0x10 [ 1582.622688][ T925] do_syscall_64+0xcd/0x490 [ 1582.622725][ T925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1582.622761][ T925] RIP: 0033:0x7f15d8b8e929 [ 1582.622787][ T925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1582.622821][ T925] RSP: 002b:00007f15d69d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1582.622854][ T925] RAX: ffffffffffffffda RBX: 00007f15d8db6080 RCX: 00007f15d8b8e929 [ 1582.622878][ T925] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 1582.622899][ T925] RBP: 00007f15d8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1582.622920][ T925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1582.622941][ T925] R13: 0000000000000000 R14: 00007f15d8db6080 R15: 00007ffda2fae568 [ 1582.622983][ T925] [ 1584.076447][T32504] Bluetooth: hci6: unexpected subevent 0x01 length: 123 > 18 [ 1588.281980][ T992] ptrace attach of "./syz-executor exec"[31761] was attempted by "./syz-executor exec"[992] [ 1588.916906][ T1011] ram7: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 1589.005821][ T1011] ram7: p1 start 220897 is beyond EOD, truncated [ 1589.039938][ T1011] ram7: p2 start 2709520384 is beyond EOD, truncated [ 1589.084496][ T1011] ram7: p3 start 410044 is beyond EOD, truncated [ 1589.108933][ T1011] ram7: p4 start 2709520384 is beyond EOD, truncated [ 1589.156468][ T1011] ram7: p5 start 172607 is beyond EOD, truncated [ 1589.168122][ T1011] ram7: p6 start 2709520384 is beyond EOD, truncated [ 1589.195592][ T1011] ram7: p7 start 612494 is beyond EOD, truncated [ 1589.218903][ T1011] ram7: p8 start 2709520384 is beyond EOD, truncated [ 1589.227206][ T1011] ram7: p9 start 606741 is beyond EOD, truncated [ 1589.234793][ T1011] ram7: p10 start 2709520384 is beyond EOD, truncated [ 1589.257755][ T1011] ram7: p11 start 606748 is beyond EOD, truncated [ 1589.264797][ T1011] ram7: p12 start 2709520384 is beyond EOD, truncated [ 1593.165017][ T1073] ptrace attach of "./syz-executor exec"[32342] was attempted by "./syz-executor exec"[1073] [ 1594.844836][T32270] Process accounting paused [ 1598.532195][ T1151] Invalid ELF header magic: != ELF [ 1599.969412][ T1169] zswap: compressor 000 not available [ 1600.791601][ T1181] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 1603.641932][T32504] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1603.940342][ T1223] size and base must be multiples of 4 kiB [ 1603.976431][ T1223] CPU: 0 UID: 0 PID: 1223 Comm: syz.7.9262 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1603.976489][ T1223] Tainted: [I]=FIRMWARE_WORKAROUND [ 1603.976502][ T1223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1603.976523][ T1223] Call Trace: [ 1603.976533][ T1223] [ 1603.976547][ T1223] dump_stack_lvl+0x16c/0x1f0 [ 1603.976587][ T1223] mtrr_add+0xdf/0x110 [ 1603.976632][ T1223] mtrr_ioctl+0x7ef/0xcf0 [ 1603.976673][ T1223] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1603.976731][ T1223] ? find_held_lock+0x2b/0x80 [ 1603.976777][ T1223] ? __fget_files+0x20e/0x3c0 [ 1603.976825][ T1223] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1603.976867][ T1223] proc_reg_unlocked_ioctl+0x229/0x320 [ 1603.976918][ T1223] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1603.976975][ T1223] __x64_sys_ioctl+0x18b/0x210 [ 1603.977021][ T1223] do_syscall_64+0xcd/0x490 [ 1603.977060][ T1223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1603.977094][ T1223] RIP: 0033:0x7f15d8b8e929 [ 1603.977121][ T1223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1603.977154][ T1223] RSP: 002b:00007f15d6591038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1603.977190][ T1223] RAX: ffffffffffffffda RBX: 00007f15d8db6240 RCX: 00007f15d8b8e929 [ 1603.977213][ T1223] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 1603.977235][ T1223] RBP: 00007f15d8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1603.977257][ T1223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1603.977277][ T1223] R13: 0000000000000000 R14: 00007f15d8db6240 R15: 00007ffda2fae568 [ 1603.977317][ T1223] [ 1605.888174][ T1243] Invalid ELF header magic: != ELF [ 1606.472150][ T1253] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0xffff888078006000 pfn:0x78000 [ 1606.543863][ T1253] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1606.622126][ T1253] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1606.638460][ T1253] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 1606.657726][ T1253] raw: ffff888078006000 0000000000000000 00000008ffffffff 0000000000000000 [ 1606.726394][ T1253] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 1606.810322][ T1253] head: ffff888078006000 0000000000000000 00000008ffffffff 0000000000000000 [ 1606.903533][ T1253] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1606.981289][ T1253] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1606.990066][ T1253] page dumped because: unmovable page [ 1607.173599][ T1239] kexec: Could not allocate control_code_buffer [ 1607.231637][ T1253] page_owner tracks the page as allocated [ 1607.252569][ T5188] ERROR: Out of memory at tomoyo_memory_ok. [ 1607.279932][ T1253] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5746, tgid 5746 (sshd-session), ts 86123905999, free_ts 85794682333 [ 1607.477030][ T1253] post_alloc_hook+0x1c0/0x230 [ 1607.530318][ T1253] get_page_from_freelist+0x1321/0x3890 [ 1607.601481][ T1253] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1607.672051][ T1253] alloc_pages_mpol+0x1fb/0x550 [ 1607.677160][ T1253] alloc_pages_noprof+0x131/0x390 [ 1607.725269][ T1253] skb_page_frag_refill+0x186/0x5a0 [ 1607.760235][ T1253] try_fill_recv+0x7e4/0x28a0 [ 1607.765073][ T1253] virtnet_poll+0x1984/0x3c30 [ 1607.850420][ T1253] __napi_poll.constprop.0+0xb7/0x550 [ 1607.856172][ T1253] net_rx_action+0xa9f/0xfe0 [ 1607.973119][ T1253] handle_softirqs+0x219/0x8e0 [ 1607.978117][ T1253] __irq_exit_rcu+0x109/0x170 [ 1608.168819][ T1253] irq_exit_rcu+0x9/0x30 [ 1608.188583][ T1253] common_interrupt+0x66/0xe0 [ 1608.247367][ T1253] asm_common_interrupt+0x26/0x40 [ 1608.299946][ T1253] page last free pid 5742 tgid 5742 stack trace: [ 1608.340248][ T1253] __free_frozen_pages+0x7fe/0x1180 [ 1608.379791][ T1253] __put_partials+0x16d/0x1c0 [ 1608.416507][ T1253] qlist_free_all+0x4d/0x120 [ 1608.508097][ T1253] kasan_quarantine_reduce+0x195/0x1e0 [ 1608.541247][ T1253] __kasan_slab_alloc+0x69/0x90 [ 1608.590172][ T1253] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1608.645029][ T1253] vm_area_dup+0x27/0x8d0 [ 1608.700261][ T1253] dup_mmap+0x877/0x21d0 [ 1608.704776][ T1253] copy_process+0x4081/0x76a0 [ 1608.791747][ T1253] kernel_clone+0xfc/0x960 [ 1608.832450][T32502] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 1608.840723][ T1253] __do_sys_clone+0xce/0x120 [ 1608.848287][ T1253] do_syscall_64+0xcd/0x490 [ 1608.920239][ T1253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.775066][T32504] Bluetooth: hci5: command 0x0406 tx timeout [ 1613.961772][ T1332] netlink: 28 bytes leftover after parsing attributes in process `syz.7.9284'. [ 1614.080992][ T1332] hsr_slave_0: left promiscuous mode [ 1614.099169][ T1333] ERROR: Out of memory at tomoyo_memory_ok. [ 1614.213141][ T1332] hsr_slave_1: left promiscuous mode [ 1615.380459][ T31] INFO: task syz.4.8927:32075 blocked for more than 143 seconds. [ 1615.393723][ T31] Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1615.424105][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1615.466156][ T31] task:syz.4.8927 state:D stack:26920 pid:32075 tgid:32074 ppid:16641 task_flags:0x400140 flags:0x00004004 [ 1615.546686][ T31] Call Trace: [ 1615.550067][ T31] [ 1615.557026][ T31] __schedule+0x116a/0x5de0 [ 1615.587337][ T31] ? __lock_acquire+0x622/0x1c90 [ 1615.604090][ T31] ? __pfx___schedule+0x10/0x10 [ 1615.640235][ T31] ? find_held_lock+0x2b/0x80 [ 1615.645104][ T31] ? schedule+0x2d7/0x3a0 [ 1615.649531][ T31] schedule+0xe7/0x3a0 [ 1615.655997][ T31] schedule_preempt_disabled+0x13/0x30 [ 1615.680296][ T31] __mutex_lock+0x6c7/0xb90 [ 1615.692686][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1615.710443][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1615.715686][ T31] ? __nla_validate_parse+0x600/0x2880 [ 1615.733096][ T31] ? __pfx___nla_validate_parse+0x10/0x10 [ 1615.739858][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1615.749732][ T31] nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1615.759502][ T31] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 1615.769648][ T31] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1615.778293][ T31] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1615.798602][ T31] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1615.807870][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1615.815418][ T31] ? rcu_is_watching+0x12/0xc0 [ 1615.820735][ T31] ? bpf_lsm_capable+0x9/0x10 [ 1615.825596][ T31] ? security_capable+0x7e/0x260 [ 1615.842026][ T31] genl_rcv_msg+0x55c/0x800 [ 1615.853690][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1615.859373][ T31] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 1615.870240][ T31] netlink_rcv_skb+0x158/0x420 [ 1615.875146][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1615.893643][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1615.899080][ T31] ? netlink_deliver_tap+0x1ae/0xd30 [ 1615.913281][ T31] genl_rcv+0x28/0x40 [ 1615.920493][ T31] netlink_unicast+0x53d/0x7f0 [ 1615.925464][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 1615.940238][ T31] netlink_sendmsg+0x8d1/0xdd0 [ 1615.952230][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1615.963863][ T31] ____sys_sendmsg+0xa95/0xc70 [ 1615.979239][ T31] ? copy_msghdr_from_user+0x10a/0x160 [ 1615.985043][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1616.003251][ T31] ? __pfx_futex_wake_mark+0x10/0x10 [ 1616.032815][ T31] ___sys_sendmsg+0x134/0x1d0 [ 1616.040687][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1616.050273][ T31] ? __lock_acquire+0x622/0x1c90 [ 1616.055489][ T31] __sys_sendmsg+0x16d/0x220 [ 1616.131676][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 1616.136998][ T31] ? __x64_sys_futex+0x1e0/0x4c0 [ 1616.197243][ T31] do_syscall_64+0xcd/0x490 [ 1616.224389][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1616.240228][ T31] RIP: 0033:0x7f93fef8e929 [ 1616.246473][ T31] RSP: 002b:00007f93ffdde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1616.270608][ T31] RAX: ffffffffffffffda RBX: 00007f93ff1b5fa0 RCX: 00007f93fef8e929 [ 1616.278865][ T31] RDX: 0000000000000844 RSI: 00002000000004c0 RDI: 0000000000000004 [ 1616.300230][ T31] RBP: 00007f93ff010b39 R08: 0000000000000000 R09: 0000000000000000 [ 1616.308318][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1616.334633][ T31] R13: 0000000000000000 R14: 00007f93ff1b5fa0 R15: 00007fff730e0408 [ 1616.360243][ T31] [ 1616.363426][ T31] [ 1616.363426][ T31] Showing all locks held in the system: [ 1616.380226][ T31] 1 lock held by khungtaskd/31: [ 1616.385310][ T31] #0: ffffffff8e3c4b40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1616.421744][ T31] 2 locks held by kworker/u9:0/51: [ 1616.427033][ T31] #0: ffff8880262f2148 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1616.448316][ T31] #1: ffffc90000bb7d10 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1616.482117][ T31] 2 locks held by getty/15611: [ 1616.486984][ T31] #0: ffff888035c420a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1616.520942][ T31] #1: ffffc9000469b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1616.541694][ T31] 1 lock held by syz.0.3989/16457: [ 1616.546895][ T31] 2 locks held by syz.0.6535/23703: [ 1616.580211][ T31] 2 locks held by syz.0.7157/25641: [ 1616.585511][ T31] 2 locks held by syz.0.7736/27562: [ 1616.593287][ T31] 3 locks held by kworker/1:2/30540: [ 1616.598699][ T31] #0: ffff88801b480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1616.630180][ T31] #1: ffffc9000f2d7d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1616.663169][ T31] #2: ffffffff8e3d0138 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 1616.691462][ T31] 2 locks held by syz.3.8813/31576: [ 1616.696776][ T31] #0: ffffffff901f3590 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1616.735225][ T31] #1: ffffffff8e7de5a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x698/0xbf0 [ 1616.761476][ T31] 2 locks held by syz.4.8927/32075: [ 1616.766769][ T31] #0: ffffffff901f3590 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1616.800215][ T31] #1: ffffffff8e7de5a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1616.830177][ T31] 2 locks held by syz.2.8947/32150: [ 1616.835764][ T31] #0: ffff888027cc00e0 (&type->s_umount_key#50){++++}-{4:4}, at: deactivate_super+0xd6/0x100 [ 1616.879852][ T31] #1: ffffffff8e7de5a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1616.900475][ T31] 4 locks held by kworker/u11:2/32502: [ 1616.906297][ T31] #0: ffff88801c2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1616.926816][ T31] #1: ffffc9000f107d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1616.950172][ T31] #2: ffffffff90138d90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 1616.967635][ T31] #3: ffffffff8e3d0138 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 1616.980717][ T31] 4 locks held by syz.5.9141/574: [ 1616.985824][ T31] #0: ffff888031728d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 1617.010225][ T31] #1: ffff888031728078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 1617.028774][ T31] #2: ffffffff903c0448 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 1617.043034][ T31] #3: ffff888030723338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 1617.062824][ T31] 3 locks held by scsi_id/1349: [ 1617.118579][ T31] [ 1617.125146][ T31] ============================================= [ 1617.125146][ T31] [ 1617.152098][ T31] NMI backtrace for cpu 0 [ 1617.152128][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1617.152177][ T31] Tainted: [I]=FIRMWARE_WORKAROUND [ 1617.152191][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1617.152210][ T31] Call Trace: [ 1617.152221][ T31] [ 1617.152234][ T31] dump_stack_lvl+0x116/0x1f0 [ 1617.152271][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1617.152318][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1617.152369][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1617.152413][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1617.152462][ T31] watchdog+0xf70/0x12c0 [ 1617.152519][ T31] ? __pfx_watchdog+0x10/0x10 [ 1617.152567][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1617.152622][ T31] ? __kthread_parkme+0x19e/0x250 [ 1617.152661][ T31] ? __pfx_watchdog+0x10/0x10 [ 1617.152710][ T31] kthread+0x3c2/0x780 [ 1617.152758][ T31] ? __pfx_kthread+0x10/0x10 [ 1617.152808][ T31] ? rcu_is_watching+0x12/0xc0 [ 1617.152841][ T31] ? __pfx_kthread+0x10/0x10 [ 1617.152891][ T31] ret_from_fork+0x5d7/0x6f0 [ 1617.152931][ T31] ? __pfx_kthread+0x10/0x10 [ 1617.152978][ T31] ret_from_fork_asm+0x1a/0x30 [ 1617.153032][ T31] [ 1617.153043][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1617.291951][ C1] NMI backtrace for cpu 1 [ 1617.291976][ C1] CPU: 1 UID: 0 PID: 1348 Comm: syz.5.9286 Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1617.292017][ C1] Tainted: [I]=FIRMWARE_WORKAROUND [ 1617.292028][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1617.292044][ C1] RIP: 0010:check_preemption_disabled+0x2d/0xe0 [ 1617.292080][ C1] Code: 53 48 83 ec 08 65 8b 1d 35 fc 2f 08 65 8b 05 2a fc 2f 08 a9 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b 5d 41 5c e9 c4 de 02 00 9c <58> f6 c4 02 74 ea 48 89 fd 65 48 8b 05 ea fb 2f 08 f6 40 2f 04 74 [ 1617.292107][ C1] RSP: 0018:ffffc900043df630 EFLAGS: 00000046 [ 1617.292128][ C1] RAX: 0000000080000000 RBX: 0000000000000001 RCX: ffffc900043e0001 [ 1617.292145][ C1] RDX: 0000000000000000 RSI: ffffffff8dd05285 RDI: ffffffff8bf55960 [ 1617.292162][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 1617.292178][ C1] R10: 0000000000000000 R11: 000000000001335b R12: ffffffff816a8be4 [ 1617.292194][ C1] R13: 0000000000000206 R14: ffff88805e043c00 R15: ffffc900043df74c [ 1617.292212][ C1] FS: 0000000000000000(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000 [ 1617.292238][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1617.292255][ C1] CR2: 00007f1ab9f8a000 CR3: 0000000050992000 CR4: 00000000003526f0 [ 1617.292273][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1617.292288][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1617.292305][ C1] Call Trace: [ 1617.292314][ C1] [ 1617.292324][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 1617.292366][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 1617.292405][ C1] lock_release+0x9c/0x2f0 [ 1617.292442][ C1] unwind_next_frame+0x3f9/0x20a0 [ 1617.292489][ C1] ? __fput+0x3ff/0xb70 [ 1617.292518][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1617.292551][ C1] arch_stack_walk+0x94/0x100 [ 1617.292596][ C1] ? task_work_run+0x150/0x240 [ 1617.292639][ C1] stack_trace_save+0x8e/0xc0 [ 1617.292667][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1617.292698][ C1] ? __lock_acquire+0x622/0x1c90 [ 1617.292734][ C1] save_stack+0x160/0x1f0 [ 1617.292773][ C1] ? __pfx_save_stack+0x10/0x10 [ 1617.292811][ C1] ? __free_frozen_pages+0x7fe/0x1180 [ 1617.292846][ C1] ? vfree+0x1fd/0xb50 [ 1617.292876][ C1] ? kcov_close+0x34/0x60 [ 1617.292912][ C1] ? __fput+0x3ff/0xb70 [ 1617.292942][ C1] ? page_ext_put+0x3e/0xd0 [ 1617.292986][ C1] __reset_page_owner+0x84/0x1a0 [ 1617.293029][ C1] __free_frozen_pages+0x7fe/0x1180 [ 1617.293070][ C1] vfree+0x1fd/0xb50 [ 1617.293100][ C1] ? find_held_lock+0x2b/0x80 [ 1617.293127][ C1] ? rcu_is_watching+0x12/0xc0 [ 1617.293153][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1617.293195][ C1] ? __pfx_kcov_close+0x10/0x10 [ 1617.293233][ C1] kcov_close+0x34/0x60 [ 1617.293269][ C1] __fput+0x3ff/0xb70 [ 1617.293299][ C1] task_work_run+0x150/0x240 [ 1617.293339][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1617.293384][ C1] do_exit+0x864/0x2bd0 [ 1617.293423][ C1] ? __pfx_do_exit+0x10/0x10 [ 1617.293457][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 1617.293502][ C1] ? find_held_lock+0x2b/0x80 [ 1617.293530][ C1] do_group_exit+0xd3/0x2a0 [ 1617.293567][ C1] get_signal+0x2673/0x26d0 [ 1617.293603][ C1] ? __pfx_get_signal+0x10/0x10 [ 1617.293631][ C1] ? do_futex+0x122/0x350 [ 1617.293663][ C1] ? __pfx_do_futex+0x10/0x10 [ 1617.293697][ C1] arch_do_signal_or_restart+0x8f/0x790 [ 1617.293727][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1617.293762][ C1] ? __pfx___do_sys_close_range+0x10/0x10 [ 1617.293808][ C1] exit_to_user_mode_loop+0x84/0x110 [ 1617.293849][ C1] do_syscall_64+0x3f6/0x490 [ 1617.293876][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.293903][ C1] RIP: 0033:0x7f0fea98e929 [ 1617.293923][ C1] Code: Unable to access opcode bytes at 0x7f0fea98e8ff. [ 1617.293935][ C1] RSP: 002b:00007f0feb7a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1617.293958][ C1] RAX: fffffffffffffe00 RBX: 00007f0feabb6168 RCX: 00007f0fea98e929 [ 1617.293976][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0feabb6168 [ 1617.293992][ C1] RBP: 00007f0feabb6160 R08: 0000000000000000 R09: 0000000000000000 [ 1617.294008][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0feabb616c [ 1617.294025][ C1] R13: 0000000000000000 R14: 00007fffe7aae5e0 R15: 00007fffe7aae6c8 [ 1617.294052][ C1] [ 1617.884727][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1617.891691][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G I 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 1617.904889][ T31] Tainted: [I]=FIRMWARE_WORKAROUND [ 1617.910050][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1617.920170][ T31] Call Trace: [ 1617.923510][ T31] [ 1617.926507][ T31] dump_stack_lvl+0x3d/0x1f0 [ 1617.931271][ T31] panic+0x71c/0x800 [ 1617.935335][ T31] ? __pfx___irq_work_queue_local+0x10/0x10 [ 1617.941290][ T31] ? __pfx_panic+0x10/0x10 [ 1617.945781][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1617.951587][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1617.957641][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1617.963080][ T31] ? watchdog+0xdda/0x12c0 [ 1617.967639][ T31] ? watchdog+0xdcd/0x12c0 [ 1617.972107][ T31] watchdog+0xdeb/0x12c0 [ 1617.976401][ T31] ? __pfx_watchdog+0x10/0x10 [ 1617.981137][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1617.986418][ T31] ? __kthread_parkme+0x19e/0x250 [ 1617.991546][ T31] ? __pfx_watchdog+0x10/0x10 [ 1617.996280][ T31] kthread+0x3c2/0x780 [ 1618.000832][ T31] ? __pfx_kthread+0x10/0x10 [ 1618.005469][ T31] ? rcu_is_watching+0x12/0xc0 [ 1618.010291][ T31] ? __pfx_kthread+0x10/0x10 [ 1618.015030][ T31] ret_from_fork+0x5d7/0x6f0 [ 1618.019664][ T31] ? __pfx_kthread+0x10/0x10 [ 1618.024389][ T31] ret_from_fork_asm+0x1a/0x30 [ 1618.029223][ T31] [ 1618.032766][ T31] Kernel Offset: disabled [ 1618.037131][ T31] Rebooting in 86400 seconds..