last executing test programs: 8.729568887s ago: executing program 2 (id=2390): mmap$auto(0x0, 0x8000000002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto(0xffffffffffffffff, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) remap_file_pages$auto(0x3, 0x1000, 0x0, 0x3, 0x4) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd700002dcdf250300000004000800180001801400108008000800e000000108000f00", @ANYRES32=0x0, @ANYBLOB="8c77e93f3ff828ae376c6c4f8ddfa7a7292f7acde7520ae4cc947bc96b2a6f9ee820037b5934c160dc052ff0b1a98f0ccf73f5d380fc21c62a51cd770fa3dd819d0340d91653ce60ba124e19cd919482fb1944712a7c6a35065e5ad481a052ad079df1b9c25cfd52c9047c83a7d4d81234af85a02f8d729f5579d026f1c37a3c08fda10ddbbea24fc884851ae02eb04bd71040ecfdadd47fbe901a688e48587d59553fc5a6b2ae30d03185bef769bee8abeec9cae067b1183eb0c5286123294b9e81b8ec2a4eec2a6eb95a7fe0118c26c06b1749e05d2a6510da2b17d79be801828350a9575f7ad679f358b7a40a85487ddb491fa4e5c33a3df549711774061c601a0059250b8ca7fa69bbd443e9a31a97a8adc1b44c59cb9a8787c487d9618a38043ce01b9b02e5d1360aa39ab575221c576a9918c925693fd47fffb85ad5d293e676781f95425a186ae3cf63baee390bba1d086e9e3f362b83"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xa) mmap$auto(0x9, 0x8000000000000000, 0x0, 0x15, 0xffffffffffffffff, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x1000, 0x400000, 0x4) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000002d, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8000, 0x0) mlock$auto(0x5, 0xffff) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180)) write$auto(r2, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) socket(0x1d, 0x2, 0x7) r3 = socket(0x0, 0x80b, 0x7) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) bind$auto(0x3, &(0x7f0000000040)=@l2={0x1f, 0xfff, @none, 0x3, 0x2}, 0x6a) connect$auto(0x3, &(0x7f00000018c0)=@can, 0x18) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000100)={0x2, 0x50, 0xf2, 0x6, 0xfffffff7, 0xffffffffffffffff}) 6.125679145s ago: executing program 2 (id=2397): r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/199, 0xc7) close_range$auto(0x2, 0x8, 0x0) r3 = memfd_create$auto(0x0, 0xe) r4 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x30000000, 0xfffffffc, 0x5, 0xbe, 0x80000001, "d91496ff265f8db6912e71d0173f6174674e98735ff51514f9e40f03c9f438cabce37cadb59ddc2435b6e787ca4f216092d53d0b60197e9be45fa05e"}) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, r1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) write$auto(0x3, 0x0, 0x7df3) setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1) 5.921241341s ago: executing program 2 (id=2399): r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/kvm/pf_mmio_spte_created\x00', 0x2002, 0x0) read$auto_stat_fops_per_vm_kvm_main(r0, 0x0, 0x0) 5.81241238s ago: executing program 2 (id=2400): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r1, 0xc0045520, r0) 5.678653546s ago: executing program 2 (id=2401): mmap$auto(0x0, 0x2020009, 0x3, 0x200000000000eb1, 0xfffffffffffffffb, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd11/integrity/tag_size\x00', 0x0, 0x0) read$auto(r0, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.7/usb23/23-0:1.0/ep_81/interval\x00', 0x3) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram12\x00', 0x129380, 0x0) ioctl$auto(r1, 0x301, r1) close_range$auto(0x2, 0x8, 0x0) getcwd$auto(0x0, 0x4fec) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) shmctl$auto_IPC_RMID(0x400, 0x0, &(0x7f00000001c0)={{0x0, 0xee01, 0x0, 0xc, 0x5, 0x3c43caa8, 0x1}, 0x7, 0x2, 0x6, 0x2, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000140)="a704ff78fd37ad6a58ae2a9b0ff8f806b2c0c09a5739d0e0265b57791043", &(0x7f0000000180)="78c5114a406028b67ad6dd1383904d44"}) r3 = setfsgid$auto(0xee01) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={"61cc9ac49883d09ce22bfb3d3d77875ecfd63bd68228aac4c2b3a4478c4efe17", 0x9, 0x5, 0xd, 0x7, 0x40f5, 0x0}) shmctl$auto(0x4, 0x6, &(0x7f0000000400)={{0xb, r2, r3, 0x2, 0x2, 0xdd9}, 0x8, 0x5, 0x81, 0x9, @raw=0x9, @inferred=r4, 0x5, 0x0, &(0x7f00000002c0)="6fb1347bee4548e9fce67ed384bbc7c10bf432dd1020a1649aeb1a305b940ae9cc318b39d93b9028e52d1918e0c5b988213710da8c26", &(0x7f0000000300)="4784344ad908e076fea01c845f74e1836cf7c547e1204725573a3243913fb002f51f2092d0c709a236143f1b447ea47cb1b3e00ef867102fef5787dd9e0ab5f098baaf563fdc228316bf0aed023bb9833ba52092ad42e31696ae9b70af03a44076eeca98d82befcb933bb2e8b768a8f31db4be92557eb100890ef7e0e6ad808c07a011628a26f784cbff28154b1d94e16b66d8d9c5d0e40f72893ea5a0d7237f8401322cf6172fb60f312faa31344f41e9e803edfff91ab1174f2f3f68773aa30e0f0c7a046d69b864ea3486"}) move_pages$auto(0xffffffffffffffff, 0x1002000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) close_range$auto(0x2, 0x8000, 0x0) r5 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000040), 0x161100, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000480)='/dev/usbmon33\x00', 0x4000, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xfffffffffffffffe, 0x0, 0xe) read$auto_safesetid_uid_file_fops_securityfs(r5, 0x0, 0x0) 5.497559523s ago: executing program 1 (id=2402): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x100) r1 = socket(0x2, 0x1, 0x0) r2 = socket(0x21, 0x4, 0x9310) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r1, 0x7) accept$auto(r1, 0x0, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xff, r0, 0xda) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x490000, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) sysfs$auto(0x2, 0x24, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r5, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000015c0)={'wg1\x00'}) bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_fd=r2, r6, 0xc, 0xffffffff, r6, @relative_id=0x1d, 0x1}, 0x10) 5.293392922s ago: executing program 2 (id=2403): r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x200000, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) modify_ldt$auto(0x1, 0x0, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getpgrp(0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x2400, 0x0) sysfs$auto(0x2, 0x20, 0x0) getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91) setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1) 4.353361063s ago: executing program 1 (id=2406): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x4c2801, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20000, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto_I2C_TENBIT(r1, 0x704, 0xfffffffffffffffd) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/authorized_default\x00', 0x101002, 0x0) write$auto(r2, &(0x7f0000000000)='\x00\x00\x00\x00\x00\xab\x00\x00\x00\x00\x00\x00\x00\x00', 0x400000002) socket(0x2, 0x6, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) setsockopt$auto_SO_PRIORITY(r0, 0x2, 0xc, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x7) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x541c, r5) ioctl$auto_BTRFS_IOC_SNAP_CREATE_V2(r5, 0x50009417, &(0x7f0000000240)={@raw=0xff, 0x7ff, 0x4, @unused, @subvolid=0x1}) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) semget$auto(0xffffff81, 0x4, 0x7) fadvise64$auto_POSIX_FADV_RANDOM(0xffffffffffffffff, 0xffff, 0x5915007, 0x1) 4.191561589s ago: executing program 3 (id=2407): r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/199, 0xc7) close_range$auto(0x2, 0x8, 0x0) r3 = memfd_create$auto(0x0, 0xe) r4 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000180)={0x30000000, 0xfffffffc, 0x5, 0xbe, 0x80000001, "d91496ff265f8db6912e71d0173f6174674e98735ff51514f9e40f03c9f438cabce37cadb59ddc2435b6e787ca4f216092d53d0b60197e9be45fa05e"}) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, r1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) write$auto(0x3, 0x0, 0x7df3) setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1) 4.080680829s ago: executing program 0 (id=2408): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.11/usb32/32-0:1.0/usb32-port4/disable\x00', 0x80302, 0x0) rt_sigaction$auto(0x36, &(0x7f0000000000)={0x0, 0x4, 0x0}, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x101000, 0x0) pread64$auto(r1, 0x0, 0x10, 0x5) rt_sigaction$auto(0x7, &(0x7f00000005c0)={&(0x7f00000003c0)=&(0x7f0000000480)=0x3, 0x8, &(0x7f0000000580)=0x0, {0x1}}, 0x0, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_FLUSH(r2, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000000200)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x2400c001}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) connect$auto(r4, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x0) setsockopt$auto(r0, 0x8000001, 0x1, 0x0, 0x5) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0xfffffffffffffffe, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x10004, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x20000003, 0x3, 0x0, 0x50100000000000, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x4000, 0x0, 0x2, 0xfffffffffffffffd, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffeffff, 0x0, 0x292, 0x0, 0x400000000005b8, 0x9, 0x0, 0x200000000, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0x8000000000000000, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x4]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x33580}}, 0x4064890) 3.991339761s ago: executing program 3 (id=2409): r0 = socket(0x2, 0x801, 0x106) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1b0026bd7000fddbdf25030100000400080012000100898771f1c19f17790485908286fd00000400028023ae3843c0974b6ad3b151195e2bea91a237ad7df7baff32bb48d6477d92bea2605a2efe61bae3bc4fca2c3807a5c80b1f74161ba791b0c4c6b87be0467a4b388362faba65108c9023a569e9f2694ce8c08ea25e7953ddec4586f1808ec3e5c70128788dab3e"], 0x30}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) mmap$auto(0x8, 0x10000000020009, 0x4000000000df, 0x17, 0x401, 0x100) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, 0x0, 0x2, 0x0) modify_ldt$auto(0x1, &(0x7f0000000100)="703a2cd648cbfcb004aafc758a8205bdb412dc04fb21b03acd4d5d979bc8175a1e6f01e2fe5c5a69408feea0bedcbbdcf3d0cea97b9bb8db64396775e3b3a6e59f21db271445a851fb59f57eb2c1e210e8242cbe8c4e55e51b01ad356a4a7281ba3b0c805a8697542276d381763e5593c6375fa285ccdcc271fbcf6fb3c9c34f1a5b214b8c1955b9b326af08471126b9edd4578f11655ad54a8c8a5bb112c53604878b894eb45ce9ae4f0303435bf4cfda2c1ca4a34fad83f159be98691b02f108744d89fca8a10258f3bc10529bcac80cc4481bc941d7ac4741", 0x1) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) ftruncate$auto(0x3, 0x700) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) write$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r4, r4, 0x0, 0x200) socket(0x2b, 0x1, 0x1) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) r5 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/err\x00', 0x800, 0x0) read$auto_aoe_fops_aoechr(r5, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 3.125981348s ago: executing program 0 (id=2410): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) getpid() ioperm$auto(0x2, 0x3, 0x1) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, &(0x7f00000001c0)={&(0x7f00000000c0)=0x8, 0x0, 0x1}) mmap$auto(0x0, 0x400008, 0xdf, 0xb2, 0x2, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80) mmap$auto(0xfffffffffffffffe, 0x8000, 0xdf, 0x10000009b71, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_RECEIVE(0xffffffffffffffff, 0x7ac, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008008, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0xfffffdfe, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x6af1, 0x20000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) 3.123320857s ago: executing program 1 (id=2411): mlockall$auto(0x7) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40080, 0x0) mlockall$auto(0x7) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa0440, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000f9dbdf250100000005000d00100000000500070010000000080009009c781e2108000a000800000014001f000000000000000000c0feffff0000000014002000ff01faffffff00000000020000000000060002000100"], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x9, 0x20000c3, 0x3, 0x10, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x0, 0x5, 0xa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop2\x00', 0x14f602, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x703, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b58995648d9dca26087ede284d956395831192b0b02d4db181bad67b751c2441b5d", 0x5a) openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x400000, 0x10, 0x7}, 0x18) openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f00000001c0), 0x82000, 0x0) 2.620976905s ago: executing program 0 (id=2412): r0 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ipsec\x00', 0xc2040, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00', @ANYBLOB], 0x1ac}, 0x1, 0x0, 0x0, 0x40080}, 0x40000) r2 = socket(0x1d, 0x3, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socketpair$auto(0xfffffffa, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x24) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x18, 0x2, 0x7fff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r3, 0x5609, r4) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x6f50, 0xffffffffffffffff) getsockopt$auto(r2, 0x65, 0x1, 0xffffffffffffffff, 0x0) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0) clock_adjtime$auto(0x1, &(0x7f0000000040)={0x9db9, 0x0, 0xb, 0x0, 0x0, 0x8000, 0xd60, 0x0, 0x0, 0x3, 0x4fd, {0x10, 0x1}, 0x3, 0x6677fb77, 0x1, 0x1, 0x0, 0x6, 0x5, 0x3, 0x10001, 0xffffffff, 0x5ab}) read$auto_ipsec_dbg_fops_ipsec(r0, 0x0, 0x0) 2.461384206s ago: executing program 3 (id=2413): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r0 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={0x2, @new_prog_fd=0x4, 0x7, @old_prog_fd=0x8000}, 0xa3) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000000), 0x400480, 0x0) msgctl$auto_MSG_INFO(0x1000, 0xc, &(0x7f0000000140)={{0x10, 0xee00, 0xffffffffffffffff, 0x1, 0x95a7, 0xfff, 0x4}, &(0x7f0000000040)=0x9, &(0x7f0000000100)=0xa3, 0x8, 0xe13, 0x8000000000000001, 0x6, 0x7, 0x1, 0x6, 0x8, @raw=0x5b, @inferred=0xffffffffffffffff}) msgctl$auto_IPC_SET(0x4380d56b, 0x1, &(0x7f0000000240)={{0x1, 0x0, 0xee01, 0x0, 0x80, 0xf059, 0x1}, &(0x7f00000001c0)=0xdc, &(0x7f0000000200)=0x6, 0x7, 0x9, 0x100000001, 0x2, 0x5, 0xe, 0x7, 0x8001, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff}) fstat$auto(r2, &(0x7f00000002c0)={0x80, 0x2, 0xdd1f, 0x0, r3, r4, 0x0, 0x2, 0x1c0000000, 0x8, 0x7fffffff, 0x4, 0x94, 0x5, 0xfffffffffffffe2d, 0xb, 0x6}) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000003c0), r1) sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4004}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, r5, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_CCA_MODE={0x8, 0xc, 0xe}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x7}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0xa57}]}, 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x800) r6 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20) fallocate$auto(r6, 0x3fbb061c, 0x0, 0x1) prctl$auto(0x41, 0x0, 0x0, 0x0, 0x0) execve$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x12) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r8 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r7, 0x541c, r8) r9 = io_uring_setup$auto(0xa, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1020, 0x202, 0x10001, 0x8, r9, [], {0x6, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000008, 0x52, 0x1, 0x1, 0x40, 0x76c4, 0x80008, 0x5}}) 2.221158596s ago: executing program 0 (id=2414): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0) read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000040)=""/4099, 0xfd98) pread64$auto(r1, 0x0, 0x8, 0x7f) sendfile$auto(r0, r0, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB], 0x174}, 0x1, 0x0, 0x0, 0x40041}, 0x810) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/snd-soc-dummy/uevent\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000003c0)=ANY=[@ANYBLOB="68130000", @ANYRES16, @ANYBLOB="00012bbd7000fbdbdf25070000000a01098033d6b2f24ee018e9b9855ea5a93da0dbf50b4b8d86d9c820adfd997126489bd2546bfcc6fbff50c3bf8d7f45d1ebb9d89021906d31e536c6c0c92f519a0c83aea385552794c7882697d5a21c4da79315acddceacb346ab83e89a1645955894eef5f3c2c35e3124caac9166412cacae4bffc75d40f06baba4de4dbe5513052f62def8033ecf0fe621bc7a7f715aee786d0f3181c875c3977947736c9579f2a8135c790800c600", @ANYRES32, @ANYBLOB="59000080196ac6b1f594343c4dc2d5eef775d2121d439c6c5e3911f42e14dea873dc07df80b5c9c191ea9197af5a41b30d5154771d3aa6abf4f498dc46b03d453fad04d3d69c1f96fc9b50dbd135811b420500f4000000000000000000000501028090ad7e7c493399c9bdb07eab0d03c802000000bcb15977343e24015792742705e71447aa81a23cdbf4e082e6bf010f5ef7670f5470e766e6bc53d8ed8452c290a80750460290587d580bede006a1c8383ab532e16dcc7eb4de284f4e8fa1f60a760ace6a545c6994d2c88279d8f115b3d80c4e987920e69b02d08f85214cb693ab205b0fc92df8c19d6a9d2edb6c4e135183d735b6292a09eea9d7f9d1b607d7c133e71b699f9c5af00216c14d51a0902458349f24d076023ddea031fb7a36da788838209ab2aa125768bc0f72037b5131b8e65d4bf2306d29853432cdbcb88a434aae6c8849d6274299e692fb08007300543339e00400da000800d800", @ANYRES32, @ANYBLOB="0000002800038008005e00", @ANYRES32, @ANYBLOB="0800f000", @ANYRES32, @ANYBLOB='\b\x00>\x00', @ANYRES32, @ANYBLOB="99f3a10396e315e1f108b34d1f100980b046b622a9dd59042c88a5c2dece45bb172c8508000d00", @ANYRES32, @ANYBLOB="b2c918b3bb0ae2ae692f37b0cc89efe01ad859093422ab8d8d2b0545096c2cd8770f8bc86e30fffe3bf8815d3e27d0861d843153a501a915dc04797ef6a74bbc8d1a81492a3aa181cd3f982327724208db82d67eaa280ac2d84376f52203020ec946cd31eedccc3d49cee968706b648329601fbfe13b55d2fe9c7ab3f612c1889397217f46650544f0b9512146f71219359823e63867c8c60ec770fc07086fbb4a459b1f3306eccb4a6fca61be5f419568da8dd975e5ef50cf2878d2d39850af73f30892db996792913712911d67d0b97e0ea6f2f17a2a9bd11eb1448fa4dd61ead2b246ef9beb447db0ae5cc49c3059b440c0a8e1be3d92fb065c8f6b6b7ce52668f797d14d5a587c63430e487bf4eed22f79d4412ca618fb78817dfab24209c53457ba5a4fedd01fcb1125a7edd63a90"], 0x1368}, 0x1, 0x0, 0x0, 0x80000}, 0x20000) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39) sysfs$auto(0x2, 0x4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa0000, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040)) sysfs$auto(0x2, 0x631, 0x0) fsopen$auto(0x0, 0x1) fsopen$auto(0x0, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.074656851s ago: executing program 3 (id=2415): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x100) r1 = socket(0x2, 0x1, 0x0) r2 = socket(0x21, 0x4, 0x9310) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r1, 0x7) accept$auto(r1, 0x0, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xff, r0, 0xda) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x490000, 0x0) read$auto(r3, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x24, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000015c0)={'wg1\x00'}) bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_fd=r2, r5, 0xc, 0xffffffff, r5, @relative_id=0x1d, 0x1}, 0x10) 1.974008954s ago: executing program 1 (id=2416): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x12, 0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vbi29\x00', 0x1c9240, 0x0) ioctl$auto(0x3, 0xc0285628, 0x38) 1.684003401s ago: executing program 0 (id=2417): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0xffffffffffffffff, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) r1 = bpf$auto(0x9, &(0x7f00000001c0)=@test={r0, 0x10000, 0x7, 0x1000, 0x101, 0x0, 0x0, 0xfff, 0x10000, 0x8, 0x7fc00000000, 0x4, 0x4, 0x2}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYRES32=0x0], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) close_range$auto(r1, r2, 0x3) sendmmsg$auto(r3, 0x0, 0x5, 0x20000000) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x10041, 0x0) accept$auto(r1, &(0x7f0000000140)=@l2tp={0x2, 0x0, @broadcast, 0x3}, &(0x7f0000000280)=0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 1.080737033s ago: executing program 3 (id=2419): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/bridge0/base_reachable_time_ms\x00', 0x202, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x0, 0x0) read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000040)=""/4099, 0xfd98) pread64$auto(r1, 0x0, 0x8, 0x7f) sendfile$auto(r0, r0, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB="000127bd7000fedbdf2563000000d300c700fb9a4b6d7e9cd67807a7085b6eecbf90c5a304449a6f77cde832691aff6f37b54035e200f749db20f4895300e59c891815f4d2a35cc60e96a7ec9b096a5ede775690321abfb161984e77ba9400f18fe0cdeb0e0de8bc984958019c1f4c916be9df2e446f4f0344ed2cb2e6d7ed8d7c322398df5d07c29a3381caa43a09858c6b16c4a64357056c3d08c75a484fefd289ae485cbd3a4b6a2402ff8ccc05cad8c89cfce28f2d"], 0x174}, 0x1, 0x0, 0x0, 0x40041}, 0x810) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/snd-soc-dummy/uevent\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000003c0)=ANY=[@ANYBLOB="68130000", @ANYRES16, @ANYBLOB="00012bbd7000fbdbdf25070000000a01098033d6b2f24ee018e9b9855ea5a93da0dbf50b4b8d86d9c820adfd997126489bd2546bfcc6fbff50c3bf8d7f45d1ebb9d89021906d31e536c6c0c92f519a0c83aea385552794c7882697d5a21c4da79315acddceacb346ab83e89a1645955894eef5f3c2c35e3124caac9166412cacae4bffc75d40f06baba4de4dbe5513052f62def8033ecf0fe621bc7a7f715aee786d0f3181c875c3977947736c9579f2a8135c790800c600", @ANYRES32, @ANYBLOB="59000080196ac6b1f594343c4dc2d5eef775d2121d439c6c5e3911f42e14dea873dc07df80b5c9c191ea9197af5a41b30d5154771d3aa6abf4f498dc46b03d453fad04d3d69c1f96fc9b50dbd135811b420500f4000000000000000000000501028090ad7e7c493399c9bdb07eab0d03c802000000bcb15977343e24015792742705e71447aa81a23cdbf4e082e6bf010f5ef7670f5470e766e6bc53d8ed8452c290a80750460290587d580bede006a1c8383ab532e16dcc7eb4de284f4e8fa1f60a760ace6a545c6994d2c88279d8f115b3d80c4e987920e69b02d08f85214cb693ab205b0fc92df8c19d6a9d2edb6c4e135183d735b6292a09eea9d7f9d1b607d7c133e71b699f9c5af00216c14d51a0902458349f24d076023ddea031fb7a36da788838209ab2aa125768bc0f72037b5131b8e65d4bf2306d29853432cdbcb88a434aae6c8849d6274299e692fb08007300543339e00400da000800d800", @ANYRES32, @ANYBLOB="0000002800038008005e00", @ANYRES32, @ANYBLOB="0800f000", @ANYRES32, @ANYBLOB='\b\x00>\x00', @ANYRES32, @ANYBLOB="99f3a10396e315e1f108b34d1f100980b046b622a9dd59042c88a5c2dece45bb172c8508000d00", @ANYRES32, @ANYBLOB="b2c918b3bb0ae2ae692f37b0cc89efe01ad859093422ab8d8d2b0545096c2cd8770f8bc86e30fffe3bf8815d3e27d0861d843153a501a915dc04797ef6a74bbc8d1a81492a3aa181cd3f982327724208db82d67eaa280ac2d84376f52203020ec946cd31eedccc3d49cee968706b648329601fbfe13b55d2fe9c7ab3f612c1889397217f46650544f0b9512146f71219359823e63867c8c60ec770fc07086fbb4a459b1f3306eccb4a6fca61be5f419568da8dd975e5ef50cf2878d2d39850af73f30892db996792913712911d67d0b97e0ea6f2f17a2a9bd11eb1448fa4dd61ead2b246ef9beb447db0ae5cc49c3059b440c0a8e1be3d92fb065c8f6b6b7ce52668f797d14d5a587c63430e487bf4eed22f79d4412ca618fb78817dfab24209c53457ba5a4fedd01fcb1125a7edd63a90"], 0x1368}, 0x1, 0x0, 0x0, 0x80000}, 0x20000) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39) sysfs$auto(0x2, 0x4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xa0000, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000040)) sysfs$auto(0x2, 0x631, 0x0) fsopen$auto(0x0, 0x1) fsopen$auto(0x0, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) close_range$auto(0x2, 0x8, 0x0) 881.490595ms ago: executing program 1 (id=2420): r0 = socket(0xa, 0x1, 0x84) r1 = getsockopt$auto(r0, 0x83, 0xe, 0x0, &(0x7f0000000040)=0x81) r2 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x100, 0x0) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x6, 0x2, 0x9b4, 0x9, "ce25aafc24b9952f997e703f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) r4 = socket(0x15, 0x5, 0x0) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/options/blk_classic\x00', 0x4000, 0x0) r6 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0xffffffffffffffff, 0x4b47, 0x1) sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000040), 0x7, 0xa505}, 0x800}, 0x5, 0x400a) r7 = syz_genetlink_get_family_id$auto_thermal(&(0x7f00000000c0), r0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9b3de62820c0a8f60b7ca3ece37a7a127037c8224d5aa1ef29fdf0294449f94a483995f16d8c308a1dc31345bddc60b3710fe19d5a0cbe31f9495538ec1fba263ee97fe1411825c559f12b9f8233d10e59ea23fbe89f77f27e645bf379ca6a22f9c26da4f748cedcfcee3fccd1e36def0eab0b0a708c4a5431e696a7983c3bd216c64ae2138715c60838c91e8b0cb266fdb1a9f06185240b455f293a0e56891f5438254f7958fd77b7b29752faf576031aa359e93b3e", @ANYRES16=r7, @ANYBLOB="000328bd7000fddbdf250300000008000c000d0000000800080006ab720508001b000180000008000600faffffff"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) setsockopt$auto(r4, 0x114, 0x6, 0x0, 0x8000002) pread64$auto(r2, &(0x7f0000002f00)='@[}\xf5', 0x2, 0x3) socket(0x1d, 0x3, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0x8, 0x8, 0x0) r8 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) ioctl$auto_IOCTL_STOP_ACCEL_DEV(r8, 0x40096101, &(0x7f0000000000)={@config_section=&(0x7f0000000380)={"4af387e27933efe4486ea152ed1bd584803219d16d909a29dabb36c941e95a6fdfd91593c1a034abb9176fb953516b42811b70af57618d36f37c698878a45474", @params=&(0x7f0000000040)={"ba12dfd4ed860897de861ff47fd55e8bd29d109d66e6db0d60d8d394f81ef6fc063914d45e70015b5ff95839cbc226ebaf801c18a010254559ebdc4384148e66", "670c509a0be9d98655fb7a968381651a7065ee6a7982a3dbc6efcd81cf4130b0b1676e8894eb3d7d28d2dcb5775918f7cecfa7a1c35f294280b1352343ad7946", @padding3, 0x2}, @next=&(0x7f0000000300)={"8260260e6df0d183c8fe6ea3ccd2090b8713708aeaa2c690a087a4eb3d2175e71d71b88739d7fb4cdf221c5fc8ddb689ebbde8cf0c594712e96ce2e4508902ae", @params=&(0x7f0000000240)={"858ea6bd30a13771228de82f4a55348c74600d908fdf9fa07fd52f84ae6b190fa6924601b42bab94d388ba7d83380b031a8b9b9a8e3d69c793c03dddb9e5a9b9", "972e1489d9c6fa2135368fe72e4ddfaf4a86a3b9e26c8ec9c00fe558d73a46289607835bb7b657ccd7361fdb482683c80a3fd4b35bf20a13e44f8e46776c4280", @next=&(0x7f0000000180)={"94bd6da3d2079bdc60823b0d5d43a85dd0526a68bd43041dab442cb73fea7a5532a5822e5f6848daf7552370e2c19b186205023698e53113ed6126b2cdbeb466", "48637d57da8c94a97aa8c07d727ddcc53a6e35b9acbee6588a640a615fc0c2bd5b2f2935dba4decf557241f96e06cfd2205158b5fc31f0d71165094ed1c407a6", @next, 0x1}}, @padding3}}, 0xfe}) ioctl$auto_SNDRV_PCM_IOCTL_WRITEN_FRAMES2(0xffffffffffffffff, 0x40184152, &(0x7f00000004c0)={0x7fff, &(0x7f0000000100)=&(0x7f0000000400)="0199e0a8449141cc1a27ea4176b3bb1aa2b710a9caf1272e7cfeb204980a0ce0cb8fc6d1b8c1e984a9f133e11398bb82218a61439111efaaff7ce873c6ddd326072439c355cec48f0b41af934960842bac0e9e616d1a65f34a1772796067f6def3493f40e3a501c33c909ce631d8a17cc64e70a2d117628dac9f8bb198244618589032ae7b81e8ea1d9a7d5bbf05202df16bedd6314c3e63876d108b", 0x5}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000540), 0xffffffffffffffff) semctl$auto_SETVAL(0xfff, 0x8, 0x10, 0x9) msgctl$auto_IPC_STAT(0x7, 0x2, &(0x7f0000000600)={{0x72, 0xee00, 0xee00, 0x3, 0x7, 0x0, 0x7}, &(0x7f0000000580)=0x5, &(0x7f00000005c0)=0x9, 0xfff, 0x31de, 0x1, 0x2, 0x7, 0x2, 0x2, 0x8, @inferred=0xffffffffffffffff, @raw=0x1}) 469.08823ms ago: executing program 3 (id=2421): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(r0, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000) statmount$auto(0x0, 0x0, 0x227, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto(r1, 0x0, 0xeffd) madvise$auto(0x7ff, 0xfffffffffffefffd, 0x15) sysfs$auto(0x2, 0x10000000000002a, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/fs/lockd/nlm_end_grace\x00', 0x48041, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) madvise$auto(0x110c230000, 0x8031ca, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0) ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000000140)=0x47ee) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0) madvise$auto(0x0, 0x20499d, 0x9) futex_waitv$auto(&(0x7f0000000000)={0x8, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd) madvise$auto(0x108000, 0x800034, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) 333.143209ms ago: executing program 0 (id=2422): rt_sigaction$auto(0x4, 0x0, &(0x7f0000000340)={0x0, 0x4, 0x0, {0x6}}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) syz_clone3(&(0x7f0000000380)={0x80000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58) capget$auto(0x0, 0xfffffffffffffffe) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x0, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x7f, 0x80000004, 0x7, 0x0, 0x5, 0x0, 0xfffffffffffffffc]}, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001140)='/sys/kernel/mm/ksm/advisor_max_pages_to_scan\x00', 0x20b42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/236, 0xec) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x2}) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) 0s ago: executing program 1 (id=2423): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(0x4, 0x88, 0x1, &(0x7f0000000000)='!/*:(*\'\x00', 0xe) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x100001000000032, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x3, &(0x7f0000001640)='+\x00', &(0x7f0000001680)="df", 0x0) ioctl$auto(0xc8, 0x401054d6, 0x5c8d) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x5, 0x2, 0x7, 0x0) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r2, 0x10000}, 0x10) io_uring_setup$auto(0x1, 0x0) bpf$auto(0x4, 0x0, 0x13) r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x80201, 0x0) write$auto(r3, 0x0, 0x0) r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r4, 0x0, 0xe) waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x9, 0x1, @_rt={0x0, 0xee01, @sival_int=0x10000}}}, 0x3, &(0x7f0000000080)={{0x1, 0x8000000000000001}, {0x830, 0xf}, 0x5, 0x0, 0xfffffffffffffffd, 0x1000, 0x5, 0xc3, 0x1000, 0x9, 0x9, 0x48a3, 0x7, 0x2, 0xd, 0x3}) prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, r5, 0x7, 0x100000000) kernel console output (not intermixed with test programs): kptr_offset+0x164/0x1a0 [ 437.710119][T12765] ? __might_fault+0xe3/0x190 [ 437.710133][T12765] ? __pfx_copy_from_sockptr_offset+0x10/0x10 [ 437.710159][T12765] do_ipt_set_ctl+0x5ed/0xbe0 [ 437.710180][T12765] ? __mutex_lock+0x1cc/0xb10 [ 437.710201][T12765] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 437.710222][T12765] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 437.710241][T12765] ? sockopt_release_sock+0x52/0x60 [ 437.710255][T12765] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 437.710282][T12765] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 437.710304][T12765] nf_setsockopt+0x8a/0xf0 [ 437.710325][T12765] ip_setsockopt+0xcb/0xf0 [ 437.710340][T12765] ipv6_setsockopt+0x155/0x170 [ 437.710361][T12765] sctp_setsockopt+0x16a/0xb810 [ 437.710387][T12765] ? __pfx_sctp_setsockopt+0x10/0x10 [ 437.710408][T12765] ? __pfx_aa_sk_perm+0x10/0x10 [ 437.710427][T12765] ? sock_common_setsockopt+0x2e/0xf0 [ 437.710443][T12765] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 437.710458][T12765] do_sock_setsockopt+0x222/0x480 [ 437.710474][T12765] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 437.710489][T12765] ? lock_acquire+0x2f/0xb0 [ 437.710515][T12765] __sys_setsockopt+0x1a0/0x230 [ 437.710538][T12765] __x64_sys_setsockopt+0xbd/0x160 [ 437.710556][T12765] ? do_syscall_64+0x91/0x250 [ 437.710575][T12765] ? lockdep_hardirqs_on+0x7c/0x110 [ 437.710592][T12765] do_syscall_64+0xcd/0x250 [ 437.710611][T12765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.710630][T12765] RIP: 0033:0x7f6e9038d169 [ 437.710641][T12765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.710655][T12765] RSP: 002b:00007f6e911c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 437.710668][T12765] RAX: ffffffffffffffda RBX: 00007f6e905a5fa0 RCX: 00007f6e9038d169 [ 437.710677][T12765] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 437.710685][T12765] RBP: 00007f6e911c3090 R08: 0000000000010001 R09: 0000000000000000 [ 437.710693][T12765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 437.710701][T12765] R13: 0000000000000000 R14: 00007f6e905a5fa0 R15: 00007fff59b86ab8 [ 437.710718][T12765] [ 439.038504][T12784] QAT: Stopping all acceleration devices. [ 440.258016][T12814] FAULT_INJECTION: forcing a failure. [ 440.258016][T12814] name failslab, interval 1, probability 0, space 0, times 0 [ 440.405602][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.412183][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.443493][T12814] CPU: 1 UID: 0 PID: 12814 Comm: syz.2.1766 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 440.443518][T12814] Tainted: [U]=USER [ 440.443522][T12814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 440.443531][T12814] Call Trace: [ 440.443535][T12814] [ 440.443541][T12814] dump_stack_lvl+0x16c/0x1f0 [ 440.443566][T12814] should_fail_ex+0x50a/0x650 [ 440.443580][T12814] ? fs_reclaim_acquire+0xae/0x150 [ 440.443599][T12814] should_failslab+0xc2/0x120 [ 440.443613][T12814] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 440.443637][T12814] ? ptlock_alloc+0x1f/0x70 [ 440.443660][T12814] ptlock_alloc+0x1f/0x70 [ 440.443679][T12814] pte_alloc_one+0x74/0x390 [ 440.443699][T12814] do_pte_missing+0x1aff/0x3e10 [ 440.443725][T12814] ? do_raw_spin_unlock+0x172/0x230 [ 440.443740][T12814] ? __pmd_alloc+0x3c2/0x870 [ 440.443760][T12814] __handle_mm_fault+0x103c/0x2a40 [ 440.443786][T12814] ? __pfx___handle_mm_fault+0x10/0x10 [ 440.443804][T12814] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 440.443834][T12814] ? find_vma+0xc0/0x140 [ 440.443850][T12814] ? __pfx_find_vma+0x10/0x10 [ 440.443868][T12814] handle_mm_fault+0x3fa/0xaa0 [ 440.443892][T12814] do_user_addr_fault+0x7a3/0x13f0 [ 440.443914][T12814] exc_page_fault+0x5c/0xc0 [ 440.443932][T12814] asm_exc_page_fault+0x26/0x30 [ 440.443951][T12814] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 440.443967][T12814] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 440.443981][T12814] RSP: 0018:ffffc9000c177750 EFLAGS: 00050202 [ 440.443993][T12814] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 440.444001][T12814] RDX: fffff5200182ef00 RSI: 0000000000000000 RDI: ffffc9000c177800 [ 440.444010][T12814] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff5200182ef00 [ 440.444018][T12814] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 440.444026][T12814] R13: ffffc9000c177800 R14: ffff8880623b4030 R15: ffff8880623b4000 [ 440.444044][T12814] _copy_from_user+0x98/0xd0 [ 440.444060][T12814] ip6_mroute_setsockopt+0x1ea1/0x2420 [ 440.444075][T12814] ? hlock_class+0x4e/0x130 [ 440.444088][T12814] ? mark_lock+0xb5/0xc60 [ 440.444106][T12814] ? __pfx___lock_acquire+0x10/0x10 [ 440.444126][T12814] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 440.444138][T12814] ? mark_lock+0xb5/0xc60 [ 440.444162][T12814] ? is_bpf_text_address+0x8a/0x1a0 [ 440.444182][T12814] ? __pfx_lock_release+0x10/0x10 [ 440.444207][T12814] ? __pfx_mark_lock+0x10/0x10 [ 440.444224][T12814] ? __lock_acquire+0x15a9/0x3c40 [ 440.444248][T12814] ? do_ipv6_setsockopt+0x8c4/0x4520 [ 440.444267][T12814] do_ipv6_setsockopt+0x8c4/0x4520 [ 440.444285][T12814] ? __pfx___lock_acquire+0x10/0x10 [ 440.444306][T12814] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 440.444328][T12814] ? hlock_class+0x4e/0x130 [ 440.444341][T12814] ? mark_lock+0xb5/0xc60 [ 440.444357][T12814] ? aa_label_sk_perm+0x19d/0x5a0 [ 440.444375][T12814] ? __pfx_mark_lock+0x10/0x10 [ 440.444393][T12814] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 440.444413][T12814] ? find_held_lock+0x2d/0x110 [ 440.444440][T12814] ? ipv6_setsockopt+0xcb/0x170 [ 440.444457][T12814] ipv6_setsockopt+0xcb/0x170 [ 440.444476][T12814] rawv6_setsockopt+0xd7/0x680 [ 440.444493][T12814] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 440.444513][T12814] ? sock_common_setsockopt+0x2e/0xf0 [ 440.444530][T12814] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 440.444545][T12814] do_sock_setsockopt+0x222/0x480 [ 440.444560][T12814] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 440.444575][T12814] ? lock_acquire+0x2f/0xb0 [ 440.444603][T12814] __sys_setsockopt+0x1a0/0x230 [ 440.444625][T12814] __x64_sys_setsockopt+0xbd/0x160 [ 440.444644][T12814] ? do_syscall_64+0x91/0x250 [ 440.444661][T12814] ? lockdep_hardirqs_on+0x7c/0x110 [ 440.444678][T12814] do_syscall_64+0xcd/0x250 [ 440.444697][T12814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.444715][T12814] RIP: 0033:0x7f6e9038d169 [ 440.444730][T12814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.444743][T12814] RSP: 002b:00007f6e911a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 440.444755][T12814] RAX: ffffffffffffffda RBX: 00007f6e905a6080 RCX: 00007f6e9038d169 [ 440.444764][T12814] RDX: 00000000000000d0 RSI: 0000000000000029 RDI: 0400000000000003 [ 440.444772][T12814] RBP: 00007f6e911a2090 R08: 0000000000000004 R09: 0000000000000000 [ 440.444780][T12814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 440.444787][T12814] R13: 0000000000000000 R14: 00007f6e905a6080 R15: 00007fff59b86ab8 [ 440.444805][T12814] [ 445.291630][T12902] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input41 [ 445.809407][T12911] netlink: 'syz.1.1794': attribute type 11 has an invalid length. [ 447.780097][T12953] FAULT_INJECTION: forcing a failure. [ 447.780097][T12953] name failslab, interval 1, probability 0, space 0, times 0 [ 447.846278][T12953] CPU: 1 UID: 0 PID: 12953 Comm: syz.2.1805 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 447.846304][T12953] Tainted: [U]=USER [ 447.846310][T12953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 447.846319][T12953] Call Trace: [ 447.846323][T12953] [ 447.846329][T12953] dump_stack_lvl+0x16c/0x1f0 [ 447.846353][T12953] should_fail_ex+0x50a/0x650 [ 447.846367][T12953] ? fs_reclaim_acquire+0xae/0x150 [ 447.846387][T12953] should_failslab+0xc2/0x120 [ 447.846400][T12953] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 447.846421][T12953] ? __alloc_skb+0x2b1/0x380 [ 447.846443][T12953] __alloc_skb+0x2b1/0x380 [ 447.846462][T12953] ? __pfx___alloc_skb+0x10/0x10 [ 447.846488][T12953] netlink_alloc_large_skb+0x69/0x130 [ 447.846510][T12953] netlink_sendmsg+0x689/0xd70 [ 447.846532][T12953] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.846558][T12953] ____sys_sendmsg+0xaaf/0xc90 [ 447.846575][T12953] ? copy_msghdr_from_user+0x10b/0x160 [ 447.846596][T12953] ? __pfx_____sys_sendmsg+0x10/0x10 [ 447.846620][T12953] ___sys_sendmsg+0x135/0x1e0 [ 447.846641][T12953] ? __pfx____sys_sendmsg+0x10/0x10 [ 447.846668][T12953] ? __pfx_lock_release+0x10/0x10 [ 447.846687][T12953] ? trace_lock_acquire+0x14e/0x1f0 [ 447.846709][T12953] ? __fget_files+0x206/0x3a0 [ 447.846733][T12953] __sys_sendmsg+0x16e/0x220 [ 447.846754][T12953] ? __pfx___sys_sendmsg+0x10/0x10 [ 447.846785][T12953] do_syscall_64+0xcd/0x250 [ 447.846806][T12953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.846825][T12953] RIP: 0033:0x7f6e9038d169 [ 447.846837][T12953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.846851][T12953] RSP: 002b:00007f6e911c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 447.846865][T12953] RAX: ffffffffffffffda RBX: 00007f6e905a5fa0 RCX: 00007f6e9038d169 [ 447.846874][T12953] RDX: 0000000000008000 RSI: 0000400000000000 RDI: 0000000000000003 [ 447.846882][T12953] RBP: 00007f6e911c3090 R08: 0000000000000000 R09: 0000000000000000 [ 447.846889][T12953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.846897][T12953] R13: 0000000000000000 R14: 00007f6e905a5fa0 R15: 00007fff59b86ab8 [ 447.846914][T12953] [ 448.203548][T12960] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1807'. [ 449.179932][T12979] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1813'. [ 450.847177][T13009] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1821'. [ 452.659919][T13038] QAT: Stopping all acceleration devices. [ 453.645881][T13058] FAULT_INJECTION: forcing a failure. [ 453.645881][T13058] name failslab, interval 1, probability 0, space 0, times 0 [ 453.923486][T13058] CPU: 1 UID: 0 PID: 13058 Comm: syz.3.1835 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 453.923510][T13058] Tainted: [U]=USER [ 453.923514][T13058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 453.923523][T13058] Call Trace: [ 453.923527][T13058] [ 453.923533][T13058] dump_stack_lvl+0x16c/0x1f0 [ 453.923557][T13058] should_fail_ex+0x50a/0x650 [ 453.923570][T13058] ? fs_reclaim_acquire+0xae/0x150 [ 453.923590][T13058] ? tomoyo_encode2+0x100/0x3e0 [ 453.923609][T13058] should_failslab+0xc2/0x120 [ 453.923622][T13058] __kmalloc_noprof+0xcb/0x510 [ 453.923643][T13058] ? d_absolute_path+0x137/0x1b0 [ 453.923658][T13058] ? rcu_is_watching+0x12/0xc0 [ 453.923675][T13058] tomoyo_encode2+0x100/0x3e0 [ 453.923697][T13058] tomoyo_encode+0x29/0x50 [ 453.923714][T13058] tomoyo_realpath_from_path+0x19d/0x720 [ 453.923739][T13058] tomoyo_path_number_perm+0x248/0x590 [ 453.923755][T13058] ? tomoyo_path_number_perm+0x235/0x590 [ 453.923773][T13058] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 453.923807][T13058] ? __pfx_lock_release+0x10/0x10 [ 453.923825][T13058] ? trace_lock_acquire+0x14e/0x1f0 [ 453.923844][T13058] ? lock_acquire+0x2f/0xb0 [ 453.923861][T13058] ? __fget_files+0x40/0x3a0 [ 453.923883][T13058] ? __fget_files+0x206/0x3a0 [ 453.923905][T13058] security_file_ioctl+0x9b/0x240 [ 453.923924][T13058] __x64_sys_ioctl+0xb7/0x200 [ 453.923943][T13058] do_syscall_64+0xcd/0x250 [ 453.923963][T13058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.923983][T13058] RIP: 0033:0x7f8536b8d169 [ 453.923995][T13058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.924009][T13058] RSP: 002b:00007f853790f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.924023][T13058] RAX: ffffffffffffffda RBX: 00007f8536da5fa0 RCX: 00007f8536b8d169 [ 453.924032][T13058] RDX: 0000400000000000 RSI: 0000000040096101 RDI: 0000000000000008 [ 453.924041][T13058] RBP: 00007f853790f090 R08: 0000000000000000 R09: 0000000000000000 [ 453.924049][T13058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.924057][T13058] R13: 0000000000000000 R14: 00007f8536da5fa0 R15: 00007ffcf1a43768 [ 453.924075][T13058] [ 453.924085][T13058] ERROR: Out of memory at tomoyo_realpath_from_path. [ 454.582391][T13075] FAULT_INJECTION: forcing a failure. [ 454.582391][T13075] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 454.631891][T13075] CPU: 1 UID: 0 PID: 13075 Comm: syz.0.1839 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 454.631917][T13075] Tainted: [U]=USER [ 454.631922][T13075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 454.631931][T13075] Call Trace: [ 454.631936][T13075] [ 454.631942][T13075] dump_stack_lvl+0x16c/0x1f0 [ 454.631967][T13075] should_fail_ex+0x50a/0x650 [ 454.631980][T13075] ? __pfx___might_resched+0x10/0x10 [ 454.632005][T13075] should_fail_alloc_page+0xe7/0x130 [ 454.632020][T13075] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 454.632042][T13075] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 454.632068][T13075] ? __pfx_mark_lock+0x10/0x10 [ 454.632089][T13075] ? __pfx___lock_acquire+0x10/0x10 [ 454.632108][T13075] ? mark_lock+0xb5/0xc60 [ 454.632124][T13075] ? find_held_lock+0x2d/0x110 [ 454.632141][T13075] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 454.632174][T13075] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 454.632197][T13075] ? policy_nodemask+0xea/0x4e0 [ 454.632212][T13075] alloc_pages_mpol+0x1fc/0x540 [ 454.632226][T13075] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 454.632246][T13075] ? find_held_lock+0x2d/0x110 [ 454.632264][T13075] folio_alloc_mpol_noprof+0x36/0x2f0 [ 454.632281][T13075] shmem_alloc_folio+0x135/0x160 [ 454.632304][T13075] shmem_alloc_and_add_folio+0x48e/0xc10 [ 454.632323][T13075] ? shmem_huge_global_enabled+0x72/0x6b0 [ 454.632338][T13075] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 454.632356][T13075] ? shmem_allowable_huge_orders+0xd0/0x410 [ 454.632376][T13075] shmem_get_folio_gfp+0x689/0x1530 [ 454.632396][T13075] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 454.632414][T13075] ? filemap_map_pages+0xf92/0x16b0 [ 454.632434][T13075] shmem_fault+0x200/0xae0 [ 454.632451][T13075] ? __pfx_shmem_fault+0x10/0x10 [ 454.632470][T13075] ? do_pte_missing+0xde9/0x3e10 [ 454.632491][T13075] ? __pfx_lock_release+0x10/0x10 [ 454.632515][T13075] __do_fault+0x10a/0x490 [ 454.632532][T13075] do_pte_missing+0xecf/0x3e10 [ 454.632552][T13075] ? do_raw_spin_unlock+0x172/0x230 [ 454.632567][T13075] ? __pmd_alloc+0x3c2/0x870 [ 454.632586][T13075] __handle_mm_fault+0x103c/0x2a40 [ 454.632612][T13075] ? __pfx___handle_mm_fault+0x10/0x10 [ 454.632631][T13075] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 454.632660][T13075] ? find_vma+0xc0/0x140 [ 454.632676][T13075] ? __pfx_find_vma+0x10/0x10 [ 454.632695][T13075] handle_mm_fault+0x3fa/0xaa0 [ 454.632718][T13075] do_user_addr_fault+0x7a3/0x13f0 [ 454.632742][T13075] exc_page_fault+0x5c/0xc0 [ 454.632761][T13075] asm_exc_page_fault+0x26/0x30 [ 454.632780][T13075] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 454.632796][T13075] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 454.632810][T13075] RSP: 0018:ffffc9000d21f750 EFLAGS: 00050202 [ 454.632822][T13075] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 454.632831][T13075] RDX: fffff52001a43f00 RSI: 0000000000000000 RDI: ffffc9000d21f800 [ 454.632840][T13075] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52001a43f00 [ 454.632848][T13075] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 454.632857][T13075] R13: ffffc9000d21f800 R14: ffff888024b8c030 R15: ffff888024b8c000 [ 454.632875][T13075] _copy_from_user+0x98/0xd0 [ 454.632891][T13075] ip6_mroute_setsockopt+0x1ea1/0x2420 [ 454.632906][T13075] ? hlock_class+0x4e/0x130 [ 454.632920][T13075] ? mark_lock+0xb5/0xc60 [ 454.632937][T13075] ? __pfx___lock_acquire+0x10/0x10 [ 454.632958][T13075] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 454.632970][T13075] ? mark_lock+0xb5/0xc60 [ 454.632995][T13075] ? is_bpf_text_address+0x8a/0x1a0 [ 454.633014][T13075] ? __pfx_lock_release+0x10/0x10 [ 454.633040][T13075] ? __pfx_mark_lock+0x10/0x10 [ 454.633057][T13075] ? __lock_acquire+0x15a9/0x3c40 [ 454.633082][T13075] ? do_ipv6_setsockopt+0x8c4/0x4520 [ 454.633101][T13075] do_ipv6_setsockopt+0x8c4/0x4520 [ 454.633118][T13075] ? __pfx___lock_acquire+0x10/0x10 [ 454.633141][T13075] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 454.633163][T13075] ? hlock_class+0x4e/0x130 [ 454.633177][T13075] ? mark_lock+0xb5/0xc60 [ 454.633193][T13075] ? aa_label_sk_perm+0x19d/0x5a0 [ 454.633212][T13075] ? __pfx_mark_lock+0x10/0x10 [ 454.633230][T13075] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 454.633255][T13075] ? find_held_lock+0x2d/0x110 [ 454.633282][T13075] ? ipv6_setsockopt+0xcb/0x170 [ 454.633299][T13075] ipv6_setsockopt+0xcb/0x170 [ 454.633319][T13075] rawv6_setsockopt+0xd7/0x680 [ 454.633337][T13075] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 454.633356][T13075] ? sock_common_setsockopt+0x2e/0xf0 [ 454.633373][T13075] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 454.633389][T13075] do_sock_setsockopt+0x222/0x480 [ 454.633405][T13075] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 454.633421][T13075] ? lock_acquire+0x2f/0xb0 [ 454.633448][T13075] __sys_setsockopt+0x1a0/0x230 [ 454.633471][T13075] __x64_sys_setsockopt+0xbd/0x160 [ 454.633490][T13075] ? do_syscall_64+0x91/0x250 [ 454.633509][T13075] ? lockdep_hardirqs_on+0x7c/0x110 [ 454.633527][T13075] do_syscall_64+0xcd/0x250 [ 454.633547][T13075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.633565][T13075] RIP: 0033:0x7fe6c218d169 [ 454.633576][T13075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.633589][T13075] RSP: 002b:00007fe6c2f9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 454.633602][T13075] RAX: ffffffffffffffda RBX: 00007fe6c23a6080 RCX: 00007fe6c218d169 [ 454.633611][T13075] RDX: 00000000000000d0 RSI: 0000000000000029 RDI: 0400000000000003 [ 454.633619][T13075] RBP: 00007fe6c2f9b090 R08: 0000000000000004 R09: 0000000000000000 [ 454.633628][T13075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.633636][T13075] R13: 0000000000000000 R14: 00007fe6c23a6080 R15: 00007fff33576958 [ 454.633654][T13075] [ 455.450466][T13058] QAT: Stopping all acceleration devices. [ 457.421223][T13117] Invalid ELF header magic: != ELF [ 459.191337][T13164] bond0: option mode: unable to set because the bond device is up [ 459.271545][T13166] syz.3.1863 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 459.578690][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1866'. [ 459.888453][T13179] Invalid ELF header magic: != ELF [ 461.386285][T13208] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1875'. [ 462.127438][T13220] FAULT_INJECTION: forcing a failure. [ 462.127438][T13220] name fail_futex, interval 1, probability 0, space 0, times 0 [ 462.149772][T13223] FAULT_INJECTION: forcing a failure. [ 462.149772][T13223] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 462.193752][T13220] CPU: 1 UID: 0 PID: 13220 Comm: syz.3.1880 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 462.193777][T13220] Tainted: [U]=USER [ 462.193781][T13220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 462.193790][T13220] Call Trace: [ 462.193795][T13220] [ 462.193801][T13220] dump_stack_lvl+0x16c/0x1f0 [ 462.193825][T13220] should_fail_ex+0x50a/0x650 [ 462.193839][T13220] ? __lock_acquire+0x15a9/0x3c40 [ 462.193860][T13220] get_futex_key+0xac1/0x1000 [ 462.193878][T13220] ? __pfx_get_futex_key+0x10/0x10 [ 462.193901][T13220] futex_wake+0xe8/0x4e0 [ 462.193921][T13220] ? __pfx_futex_wake+0x10/0x10 [ 462.193942][T13220] ? find_held_lock+0x2d/0x110 [ 462.193961][T13220] do_futex+0x1e5/0x350 [ 462.193979][T13220] ? __pfx_do_futex+0x10/0x10 [ 462.193995][T13220] ? __might_fault+0xe3/0x190 [ 462.194010][T13220] ? __might_fault+0xe3/0x190 [ 462.194026][T13220] mm_release+0x24e/0x300 [ 462.194047][T13220] do_exit+0x886/0x2d70 [ 462.194064][T13220] ? get_signal+0x8f7/0x26c0 [ 462.194084][T13220] ? __pfx_do_exit+0x10/0x10 [ 462.194099][T13220] ? do_raw_spin_lock+0x12d/0x2c0 [ 462.194112][T13220] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 462.194127][T13220] do_group_exit+0xd3/0x2a0 [ 462.194144][T13220] get_signal+0x24ed/0x26c0 [ 462.194166][T13220] ? __pfx___blk_flush_plug+0x10/0x10 [ 462.194183][T13220] ? __pfx___up_read+0x10/0x10 [ 462.194204][T13220] ? __pfx_get_signal+0x10/0x10 [ 462.194226][T13220] ? __pfx_do_futex+0x10/0x10 [ 462.194244][T13220] arch_do_signal_or_restart+0x90/0x7e0 [ 462.194262][T13220] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 462.194283][T13220] ? rcu_is_watching+0x12/0xc0 [ 462.194301][T13220] syscall_exit_to_user_mode+0x150/0x2a0 [ 462.194321][T13220] do_syscall_64+0xda/0x250 [ 462.194341][T13220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.194370][T13220] RIP: 0033:0x7f8536b8d169 [ 462.194382][T13220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.194396][T13220] RSP: 002b:00007f853790f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 462.194410][T13220] RAX: fffffffffffffe00 RBX: 00007f8536da5fa8 RCX: 00007f8536b8d169 [ 462.194419][T13220] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8536da5fa8 [ 462.194427][T13220] RBP: 00007f8536da5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 462.194436][T13220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8536da5fac [ 462.194444][T13220] R13: 0000000000000000 R14: 00007ffcf1a43680 R15: 00007ffcf1a43768 [ 462.194461][T13220] [ 462.472016][T13216] netlink: 'syz.0.1878': attribute type 19 has an invalid length. [ 462.480187][T13216] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1878'. [ 462.722830][T13223] CPU: 1 UID: 0 PID: 13223 Comm: syz.1.1881 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 462.722856][T13223] Tainted: [U]=USER [ 462.722861][T13223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 462.722870][T13223] Call Trace: [ 462.722874][T13223] [ 462.722880][T13223] dump_stack_lvl+0x16c/0x1f0 [ 462.722904][T13223] should_fail_ex+0x50a/0x650 [ 462.722921][T13223] _copy_to_user+0x32/0xd0 [ 462.722939][T13223] simple_read_from_buffer+0xd0/0x160 [ 462.722959][T13223] proc_fail_nth_read+0x198/0x270 [ 462.722978][T13223] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 462.722996][T13223] ? rw_verify_area+0xcf/0x680 [ 462.723013][T13223] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 462.723030][T13223] vfs_read+0x1df/0xbf0 [ 462.723048][T13223] ? __fget_files+0x1fc/0x3a0 [ 462.723069][T13223] ? __pfx___mutex_lock+0x10/0x10 [ 462.723089][T13223] ? __pfx_vfs_read+0x10/0x10 [ 462.723112][T13223] ? __fget_files+0x206/0x3a0 [ 462.723136][T13223] ksys_read+0x12b/0x250 [ 462.723155][T13223] ? __pfx_ksys_read+0x10/0x10 [ 462.723178][T13223] do_syscall_64+0xcd/0x250 [ 462.723199][T13223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.723219][T13223] RIP: 0033:0x7f500ad8bb7c [ 462.723231][T13223] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 462.723245][T13223] RSP: 002b:00007f500bc8d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 462.723258][T13223] RAX: ffffffffffffffda RBX: 00007f500afa5fa0 RCX: 00007f500ad8bb7c [ 462.723268][T13223] RDX: 000000000000000f RSI: 00007f500bc8d0a0 RDI: 0000000000000007 [ 462.723276][T13223] RBP: 00007f500bc8d090 R08: 0000000000000000 R09: 0000000000000000 [ 462.723284][T13223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 462.723293][T13223] R13: 0000000000000000 R14: 00007f500afa5fa0 R15: 00007ffca79243e8 [ 462.723310][T13223] [ 463.333739][T13234] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1882'. [ 465.378748][T13246] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 465.538858][T13246] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 465.607827][T13246] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 465.666665][T13246] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 465.760077][T13246] CPU0 is offline. [ 466.872712][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 467.595936][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 467.682492][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 467.688688][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 467.936397][T13325] FAULT_INJECTION: forcing a failure. [ 467.936397][T13325] name failslab, interval 1, probability 0, space 0, times 0 [ 468.097113][T13325] CPU: 1 UID: 0 PID: 13325 Comm: syz.3.1905 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 468.097139][T13325] Tainted: [U]=USER [ 468.097144][T13325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 468.097153][T13325] Call Trace: [ 468.097158][T13325] [ 468.097165][T13325] dump_stack_lvl+0x16c/0x1f0 [ 468.097190][T13325] should_fail_ex+0x50a/0x650 [ 468.097205][T13325] ? fs_reclaim_acquire+0xae/0x150 [ 468.097224][T13325] should_failslab+0xc2/0x120 [ 468.097238][T13325] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 468.097261][T13325] ? ima_alloc_tfm+0x21d/0x2d0 [ 468.097280][T13325] ? ima_collect_measurement+0x4b7/0xa40 [ 468.097296][T13325] krealloc_noprof+0x1fb/0x380 [ 468.097318][T13325] ima_collect_measurement+0x4b7/0xa40 [ 468.097331][T13325] ? security_mmap_file+0x88c/0x990 [ 468.097354][T13325] ? __pfx_ima_collect_measurement+0x10/0x10 [ 468.097380][T13325] ? __mutex_lock+0x1cc/0xb10 [ 468.097398][T13325] ? is_bad_inode+0xd/0x40 [ 468.097415][T13325] ? xattr_resolve_name+0x27b/0x3f0 [ 468.097440][T13325] ? vfs_getxattr_alloc+0xf1/0x340 [ 468.097462][T13325] ? ima_get_hash_algo+0x27d/0x410 [ 468.097481][T13325] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 468.097504][T13325] ? process_measurement+0x1271/0x2370 [ 468.097523][T13325] process_measurement+0x1271/0x2370 [ 468.097550][T13325] ? __pfx_process_measurement+0x10/0x10 [ 468.097576][T13325] ? aa_file_perm+0x4c6/0xfe0 [ 468.097595][T13325] ? trace_lock_acquire+0x14e/0x1f0 [ 468.097632][T13325] ima_file_mmap+0x1b3/0x1e0 [ 468.097651][T13325] ? __pfx_ima_file_mmap+0x10/0x10 [ 468.097669][T13325] ? lockdep_init_map_type+0x16d/0x7d0 [ 468.097694][T13325] security_mmap_file+0x88c/0x990 [ 468.097727][T13325] vm_mmap_pgoff+0xeb/0x440 [ 468.097750][T13325] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 468.097768][T13325] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 468.097785][T13325] ? hugetlbfs_get_inode+0x323/0x740 [ 468.097812][T13325] ksys_mmap_pgoff+0x1c8/0x5c0 [ 468.097834][T13325] __x64_sys_mmap+0x125/0x190 [ 468.097858][T13325] do_syscall_64+0xcd/0x250 [ 468.097878][T13325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.097897][T13325] RIP: 0033:0x7f8536b8d169 [ 468.097910][T13325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.097923][T13325] RSP: 002b:00007f853790f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 468.097936][T13325] RAX: ffffffffffffffda RBX: 00007f8536da5fa0 RCX: 00007f8536b8d169 [ 468.097946][T13325] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 468.097954][T13325] RBP: 00007f8536c0e2a0 R08: 0000000000000401 R09: 0000300001000000 [ 468.097964][T13325] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 468.097973][T13325] R13: 0000000000000000 R14: 00007f8536da5fa0 R15: 00007ffcf1a43768 [ 468.097990][T13325] [ 468.376969][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.721190][T13351] random: crng reseeded on system resumption [ 471.338715][ T30] audit: type=1800 audit(6037343596.334:8): pid=13325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1905" name="anon_hugepage" dev="hugetlbfs" ino=43117 res=0 errno=0 [ 474.295841][T13429] FAULT_INJECTION: forcing a failure. [ 474.295841][T13429] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 474.407528][T13429] CPU: 1 UID: 0 PID: 13429 Comm: syz.2.1933 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 474.407554][T13429] Tainted: [U]=USER [ 474.407559][T13429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 474.407568][T13429] Call Trace: [ 474.407572][T13429] [ 474.407578][T13429] dump_stack_lvl+0x16c/0x1f0 [ 474.407603][T13429] should_fail_ex+0x50a/0x650 [ 474.407620][T13429] _copy_from_iter+0x2a1/0x1560 [ 474.407636][T13429] ? trace_lock_acquire+0x14e/0x1f0 [ 474.407653][T13429] ? __alloc_skb+0x1fe/0x380 [ 474.407674][T13429] ? __pfx__copy_from_iter+0x10/0x10 [ 474.407688][T13429] ? __virt_addr_valid+0x1a4/0x590 [ 474.407705][T13429] ? __virt_addr_valid+0x5e/0x590 [ 474.407718][T13429] ? __phys_addr_symbol+0x30/0x80 [ 474.407732][T13429] ? __check_object_size+0x488/0x710 [ 474.407748][T13429] netlink_sendmsg+0x813/0xd70 [ 474.407772][T13429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 474.407798][T13429] ____sys_sendmsg+0xaaf/0xc90 [ 474.407815][T13429] ? copy_msghdr_from_user+0x10b/0x160 [ 474.407837][T13429] ? __pfx_____sys_sendmsg+0x10/0x10 [ 474.407861][T13429] ___sys_sendmsg+0x135/0x1e0 [ 474.407883][T13429] ? __pfx____sys_sendmsg+0x10/0x10 [ 474.407910][T13429] ? __pfx_lock_release+0x10/0x10 [ 474.407929][T13429] ? trace_lock_acquire+0x14e/0x1f0 [ 474.407951][T13429] ? __fget_files+0x206/0x3a0 [ 474.407975][T13429] __sys_sendmsg+0x16e/0x220 [ 474.407996][T13429] ? __pfx___sys_sendmsg+0x10/0x10 [ 474.408028][T13429] do_syscall_64+0xcd/0x250 [ 474.408049][T13429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.408068][T13429] RIP: 0033:0x7f6e9038d169 [ 474.408080][T13429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.408094][T13429] RSP: 002b:00007f6e911c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 474.408108][T13429] RAX: ffffffffffffffda RBX: 00007f6e905a5fa0 RCX: 00007f6e9038d169 [ 474.408117][T13429] RDX: 0000000000008000 RSI: 0000400000000000 RDI: 0000000000000003 [ 474.408132][T13429] RBP: 00007f6e911c3090 R08: 0000000000000000 R09: 0000000000000000 [ 474.408140][T13429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 474.408149][T13429] R13: 0000000000000000 R14: 00007f6e905a5fa0 R15: 00007fff59b86ab8 [ 474.408166][T13429] [ 474.916332][T13439] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1934'. [ 474.989516][ T30] audit: type=1326 audit(6037343728.762:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13434 comm="syz.3.1936" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8536b8d169 code=0x0 [ 475.026673][T13442] usbip-vudc usbip-vudc.0: gadget not bound [ 475.274775][T13442] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1935'. [ 475.391585][T13449] FAULT_INJECTION: forcing a failure. [ 475.391585][T13449] name fail_futex, interval 1, probability 0, space 0, times 0 [ 475.422149][T13449] CPU: 1 UID: 0 PID: 13449 Comm: syz.0.1937 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 475.422174][T13449] Tainted: [U]=USER [ 475.422179][T13449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 475.422188][T13449] Call Trace: [ 475.422193][T13449] [ 475.422199][T13449] dump_stack_lvl+0x16c/0x1f0 [ 475.422223][T13449] should_fail_ex+0x50a/0x650 [ 475.422237][T13449] ? __lock_acquire+0x15a9/0x3c40 [ 475.422258][T13449] get_futex_key+0x1c3/0x1000 [ 475.422277][T13449] ? __pfx_get_futex_key+0x10/0x10 [ 475.422299][T13449] futex_wake+0xe8/0x4e0 [ 475.422319][T13449] ? __pfx_futex_wake+0x10/0x10 [ 475.422340][T13449] ? find_held_lock+0x2d/0x110 [ 475.422360][T13449] do_futex+0x1e5/0x350 [ 475.422377][T13449] ? __pfx_do_futex+0x10/0x10 [ 475.422393][T13449] ? __might_fault+0xe3/0x190 [ 475.422407][T13449] ? __might_fault+0xe3/0x190 [ 475.422423][T13449] mm_release+0x24e/0x300 [ 475.422444][T13449] do_exit+0x886/0x2d70 [ 475.422460][T13449] ? get_signal+0x8f7/0x26c0 [ 475.422480][T13449] ? __pfx_do_exit+0x10/0x10 [ 475.422495][T13449] ? do_raw_spin_lock+0x12d/0x2c0 [ 475.422508][T13449] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 475.422524][T13449] do_group_exit+0xd3/0x2a0 [ 475.422540][T13449] get_signal+0x24ed/0x26c0 [ 475.422567][T13449] ? __pfx_get_signal+0x10/0x10 [ 475.422591][T13449] ? __pfx_do_futex+0x10/0x10 [ 475.422610][T13449] arch_do_signal_or_restart+0x90/0x7e0 [ 475.422627][T13449] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 475.422648][T13449] ? rcu_is_watching+0x12/0xc0 [ 475.422667][T13449] syscall_exit_to_user_mode+0x150/0x2a0 [ 475.422687][T13449] do_syscall_64+0xda/0x250 [ 475.422708][T13449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.422728][T13449] RIP: 0033:0x7fe6c218d169 [ 475.422740][T13449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.422753][T13449] RSP: 002b:00007fe6c2fbc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 475.422767][T13449] RAX: fffffffffffffe00 RBX: 00007fe6c23a5fa8 RCX: 00007fe6c218d169 [ 475.422776][T13449] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe6c23a5fa8 [ 475.422785][T13449] RBP: 00007fe6c23a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 475.422793][T13449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6c23a5fac [ 475.422802][T13449] R13: 0000000000000000 R14: 00007fff33576870 R15: 00007fff33576958 [ 475.422819][T13449] [ 476.037860][T13455] cougar: G6 mapped to space [ 476.130941][T13457] QAT: Stopping all acceleration devices. [ 480.796259][T13551] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1960'. [ 483.973917][T13608] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1976'. [ 485.034250][T13629] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1980'. [ 485.326639][T13633] FAULT_INJECTION: forcing a failure. [ 485.326639][T13633] name failslab, interval 1, probability 0, space 0, times 0 [ 485.400944][T13633] CPU: 1 UID: 0 PID: 13633 Comm: syz.3.1982 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 485.400968][T13633] Tainted: [U]=USER [ 485.400973][T13633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 485.400982][T13633] Call Trace: [ 485.400986][T13633] [ 485.400993][T13633] dump_stack_lvl+0x16c/0x1f0 [ 485.401017][T13633] should_fail_ex+0x50a/0x650 [ 485.401034][T13633] should_failslab+0xc2/0x120 [ 485.401048][T13633] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 485.401070][T13633] ? skb_clone+0x190/0x3f0 [ 485.401087][T13633] skb_clone+0x190/0x3f0 [ 485.401100][T13633] netlink_deliver_tap+0xabd/0xd30 [ 485.401124][T13633] netlink_unicast+0x5e1/0x7f0 [ 485.401146][T13633] ? __pfx_netlink_unicast+0x10/0x10 [ 485.401167][T13633] ? __phys_addr_symbol+0x30/0x80 [ 485.401182][T13633] ? __check_object_size+0x488/0x710 [ 485.401198][T13633] netlink_sendmsg+0x8b8/0xd70 [ 485.401221][T13633] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.401248][T13633] ____sys_sendmsg+0xaaf/0xc90 [ 485.401265][T13633] ? copy_msghdr_from_user+0x10b/0x160 [ 485.401287][T13633] ? __pfx_____sys_sendmsg+0x10/0x10 [ 485.401312][T13633] ___sys_sendmsg+0x135/0x1e0 [ 485.401334][T13633] ? __pfx____sys_sendmsg+0x10/0x10 [ 485.401363][T13633] ? __pfx_lock_release+0x10/0x10 [ 485.401382][T13633] ? trace_lock_acquire+0x14e/0x1f0 [ 485.401405][T13633] ? __fget_files+0x206/0x3a0 [ 485.401430][T13633] __sys_sendmsg+0x16e/0x220 [ 485.401451][T13633] ? __pfx___sys_sendmsg+0x10/0x10 [ 485.401484][T13633] do_syscall_64+0xcd/0x250 [ 485.401506][T13633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.401525][T13633] RIP: 0033:0x7f8536b8d169 [ 485.401537][T13633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.401551][T13633] RSP: 002b:00007f853790f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.401565][T13633] RAX: ffffffffffffffda RBX: 00007f8536da5fa0 RCX: 00007f8536b8d169 [ 485.401574][T13633] RDX: 0000000000008000 RSI: 0000400000000000 RDI: 0000000000000003 [ 485.401583][T13633] RBP: 00007f853790f090 R08: 0000000000000000 R09: 0000000000000000 [ 485.401591][T13633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.401600][T13633] R13: 0000000000000000 R14: 00007f8536da5fa0 R15: 00007ffcf1a43768 [ 485.401618][T13633] [ 485.401699][T13633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1982'. [ 486.272345][T13660] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1988'. [ 487.566278][T13667] sctp: [Deprecated]: syz.0.1989 (pid 13667) Use of struct sctp_assoc_value in delayed_ack socket option. [ 487.566278][T13667] Use struct sctp_sack_info instead [ 490.241548][T13716] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 490.255213][T13716] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 490.271727][T13716] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 490.286836][T13716] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 490.303748][T13716] CPU0 is offline. [ 490.457603][T13743] FAULT_INJECTION: forcing a failure. [ 490.457603][T13743] name failslab, interval 1, probability 0, space 0, times 0 [ 490.481182][T13744] .SR: entered promiscuous mode [ 490.536512][T13743] CPU: 1 UID: 0 PID: 13743 Comm: syz.0.2013 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 490.536536][T13743] Tainted: [U]=USER [ 490.536541][T13743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 490.536550][T13743] Call Trace: [ 490.536555][T13743] [ 490.536561][T13743] dump_stack_lvl+0x16c/0x1f0 [ 490.536586][T13743] should_fail_ex+0x50a/0x650 [ 490.536601][T13743] ? fs_reclaim_acquire+0xae/0x150 [ 490.536620][T13743] should_failslab+0xc2/0x120 [ 490.536635][T13743] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 490.536657][T13743] ? ima_alloc_tfm+0x21d/0x2d0 [ 490.536676][T13743] ? ima_collect_measurement+0x4b7/0xa40 [ 490.536694][T13743] krealloc_noprof+0x1fb/0x380 [ 490.536716][T13743] ima_collect_measurement+0x4b7/0xa40 [ 490.536729][T13743] ? security_mmap_file+0x88c/0x990 [ 490.536752][T13743] ? __pfx_ima_collect_measurement+0x10/0x10 [ 490.536778][T13743] ? __mutex_lock+0x1cc/0xb10 [ 490.536796][T13743] ? is_bad_inode+0xd/0x40 [ 490.536813][T13743] ? xattr_resolve_name+0x27b/0x3f0 [ 490.536835][T13743] ? vfs_getxattr_alloc+0xf1/0x340 [ 490.536857][T13743] ? ima_get_hash_algo+0x27d/0x410 [ 490.536875][T13743] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 490.536898][T13743] ? process_measurement+0x1271/0x2370 [ 490.536917][T13743] process_measurement+0x1271/0x2370 [ 490.536943][T13743] ? __pfx_process_measurement+0x10/0x10 [ 490.536969][T13743] ? aa_file_perm+0x4c6/0xfe0 [ 490.536989][T13743] ? trace_lock_acquire+0x14e/0x1f0 [ 490.537026][T13743] ima_file_mmap+0x1b3/0x1e0 [ 490.537046][T13743] ? __pfx_ima_file_mmap+0x10/0x10 [ 490.537064][T13743] ? lockdep_init_map_type+0x16d/0x7d0 [ 490.537088][T13743] security_mmap_file+0x88c/0x990 [ 490.537106][T13743] vm_mmap_pgoff+0xeb/0x440 [ 490.537128][T13743] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 490.537145][T13743] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 490.537162][T13743] ? hugetlbfs_get_inode+0x323/0x740 [ 490.537182][T13743] ksys_mmap_pgoff+0x1c8/0x5c0 [ 490.537203][T13743] __x64_sys_mmap+0x125/0x190 [ 490.537225][T13743] do_syscall_64+0xcd/0x250 [ 490.537250][T13743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.537269][T13743] RIP: 0033:0x7fe6c218d169 [ 490.537281][T13743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.537296][T13743] RSP: 002b:00007fe6c2fbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 490.537309][T13743] RAX: ffffffffffffffda RBX: 00007fe6c23a5fa0 RCX: 00007fe6c218d169 [ 490.537318][T13743] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 490.537327][T13743] RBP: 00007fe6c220e2a0 R08: 0000000000000401 R09: 0000300005000000 [ 490.537336][T13743] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 490.537344][T13743] R13: 0000000000000000 R14: 00007fe6c23a5fa0 R15: 00007fff33576958 [ 490.537371][T13743] [ 490.537471][ T30] audit: type=1800 audit(6037343873.529:10): pid=13743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2013" name="anon_hugepage" dev="hugetlbfs" ino=44829 res=0 errno=0 [ 490.842356][ C1] vkms_vblank_simulate: vblank timer overrun [ 491.310154][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 491.411608][T13752] FAULT_INJECTION: forcing a failure. [ 491.411608][T13752] name failslab, interval 1, probability 0, space 0, times 0 [ 491.462761][T13752] CPU: 1 UID: 0 PID: 13752 Comm: syz.3.2016 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 491.462790][T13752] Tainted: [U]=USER [ 491.462795][T13752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 491.462804][T13752] Call Trace: [ 491.462809][T13752] [ 491.462816][T13752] dump_stack_lvl+0x16c/0x1f0 [ 491.462841][T13752] should_fail_ex+0x50a/0x650 [ 491.462855][T13752] ? fs_reclaim_acquire+0xae/0x150 [ 491.462875][T13752] should_failslab+0xc2/0x120 [ 491.462890][T13752] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 491.462911][T13752] ? __kernfs_new_node+0xd3/0x890 [ 491.462933][T13752] __kernfs_new_node+0xd3/0x890 [ 491.462952][T13752] ? hlock_class+0x4e/0x130 [ 491.462967][T13752] ? __pfx___kernfs_new_node+0x10/0x10 [ 491.462994][T13752] ? __pfx___lock_acquire+0x10/0x10 [ 491.463012][T13752] ? hlock_class+0x4e/0x130 [ 491.463026][T13752] ? __lock_acquire+0x15a9/0x3c40 [ 491.463046][T13752] kernfs_new_node+0x186/0x240 [ 491.463067][T13752] ? lock_acquire.part.0+0x11b/0x380 [ 491.463088][T13752] kernfs_create_dir_ns+0x4c/0x150 [ 491.463110][T13752] sysfs_create_dir_ns+0x13b/0x2b0 [ 491.463128][T13752] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 491.463146][T13752] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 491.463160][T13752] ? kobject_add_internal+0x12d/0x990 [ 491.463181][T13752] ? do_raw_spin_unlock+0x172/0x230 [ 491.463196][T13752] kobject_add_internal+0x2c8/0x990 [ 491.463220][T13752] kobject_add+0x16f/0x240 [ 491.463240][T13752] ? __pfx_kobject_add+0x10/0x10 [ 491.463259][T13752] ? class_to_subsys+0x3e/0x160 [ 491.463287][T13752] ? do_raw_spin_unlock+0x172/0x230 [ 491.463302][T13752] ? kobject_put+0xab/0x5a0 [ 491.463327][T13752] device_add+0x289/0x1a70 [ 491.463348][T13752] ? __pfx_dev_set_name+0x10/0x10 [ 491.463370][T13752] ? __pfx_device_add+0x10/0x10 [ 491.463389][T13752] ? nl80211_common_reg_change_event+0x45b/0x5d0 [ 491.463410][T13752] ? __pfx_nl80211_common_reg_change_event+0x10/0x10 [ 491.463434][T13752] rfkill_register+0x1ad/0xb40 [ 491.463456][T13752] wiphy_register+0x224f/0x2860 [ 491.463477][T13752] ? __pfx__dev_printk+0x10/0x10 [ 491.463496][T13752] ? __pfx_wiphy_register+0x10/0x10 [ 491.463523][T13752] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 491.463545][T13752] ieee80211_register_hw+0x2455/0x4060 [ 491.463572][T13752] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 491.463590][T13752] ? __pfx_schedule_timeout+0x10/0x10 [ 491.463611][T13752] ? __asan_memset+0x23/0x50 [ 491.463629][T13752] ? __hrtimer_init+0x106/0x2c0 [ 491.463652][T13752] mac80211_hwsim_new_radio+0x304e/0x54e0 [ 491.463684][T13752] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 491.463710][T13752] hwsim_new_radio_nl+0xb42/0x12b0 [ 491.463732][T13752] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 491.463760][T13752] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 491.463785][T13752] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 491.463813][T13752] genl_family_rcv_msg_doit+0x202/0x2f0 [ 491.463829][T13752] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 491.463851][T13752] ? trace_cap_capable+0x1a2/0x210 [ 491.463872][T13752] ? bpf_lsm_capable+0x9/0x10 [ 491.463887][T13752] ? security_capable+0x7e/0x260 [ 491.463902][T13752] ? ns_capable+0xd7/0x110 [ 491.463924][T13752] genl_rcv_msg+0x565/0x800 [ 491.463940][T13752] ? __pfx_genl_rcv_msg+0x10/0x10 [ 491.463955][T13752] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 491.463982][T13752] netlink_rcv_skb+0x16b/0x440 [ 491.464002][T13752] ? __pfx_genl_rcv_msg+0x10/0x10 [ 491.464017][T13752] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 491.464045][T13752] ? down_read+0xc9/0x330 [ 491.464065][T13752] ? __pfx_down_read+0x10/0x10 [ 491.464086][T13752] ? netlink_deliver_tap+0x1ae/0xd30 [ 491.464108][T13752] genl_rcv+0x28/0x40 [ 491.464128][T13752] netlink_unicast+0x53c/0x7f0 [ 491.464151][T13752] ? __pfx_netlink_unicast+0x10/0x10 [ 491.464172][T13752] ? __phys_addr_symbol+0x30/0x80 [ 491.464186][T13752] ? __check_object_size+0x488/0x710 [ 491.464203][T13752] netlink_sendmsg+0x8b8/0xd70 [ 491.464226][T13752] ? __pfx_netlink_sendmsg+0x10/0x10 [ 491.464254][T13752] ____sys_sendmsg+0xaaf/0xc90 [ 491.464278][T13752] ? copy_msghdr_from_user+0x10b/0x160 [ 491.464299][T13752] ? __pfx_____sys_sendmsg+0x10/0x10 [ 491.464325][T13752] ___sys_sendmsg+0x135/0x1e0 [ 491.464347][T13752] ? __pfx____sys_sendmsg+0x10/0x10 [ 491.464377][T13752] ? __pfx_lock_release+0x10/0x10 [ 491.464395][T13752] ? trace_lock_acquire+0x14e/0x1f0 [ 491.464418][T13752] ? __fget_files+0x206/0x3a0 [ 491.464443][T13752] __sys_sendmsg+0x16e/0x220 [ 491.464465][T13752] ? __pfx___sys_sendmsg+0x10/0x10 [ 491.464486][T13752] ? __x64_sys_futex+0x1e1/0x4c0 [ 491.464516][T13752] do_syscall_64+0xcd/0x250 [ 491.464537][T13752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.464557][T13752] RIP: 0033:0x7f8536b8d169 [ 491.464569][T13752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.464583][T13752] RSP: 002b:00007f853790f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 491.464596][T13752] RAX: ffffffffffffffda RBX: 00007f8536da5fa0 RCX: 00007f8536b8d169 [ 491.464606][T13752] RDX: 0000000004044820 RSI: 00004000000002c0 RDI: 0000000000000005 [ 491.464615][T13752] RBP: 00007f8536c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 491.464623][T13752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 491.464631][T13752] R13: 0000000000000000 R14: 00007f8536da5fa0 R15: 00007ffcf1a43768 [ 491.464650][T13752] [ 491.468762][T13752] kobject: kobject_add_internal failed for rfkill25 (error: -12 parent: phy18) [ 492.410415][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 492.417324][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 492.426413][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 493.511434][T13798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2029'. [ 494.061575][T13813] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.351483][T13815] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2033'. [ 494.647259][T13818] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.878518][T13823] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2035'. [ 494.916498][T13830] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 495.327693][T13844] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 495.362472][T13843] nvme_fabrics: missing parameter 'transport=%s' [ 495.375294][T13843] nvme_fabrics: missing parameter 'nqn=%s' [ 495.641374][T13851] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 495.692228][T13855] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 496.232164][T13865] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2043'. [ 496.567535][T13873] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 496.621731][T13874] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 496.710638][T13875] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 496.949566][T13879] : entered promiscuous mode [ 497.019046][T13878] Invalid ELF header magic: != ELF [ 498.057317][T13915] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.263718][T13945] EXT4-fs error: 1 callbacks suppressed [ 499.263730][T13945] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.318676][T13947] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 500.011533][T13967] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 500.060639][T13968] FAULT_INJECTION: forcing a failure. [ 500.060639][T13968] name failslab, interval 1, probability 0, space 0, times 0 [ 500.100730][T13968] CPU: 1 UID: 0 PID: 13968 Comm: syz.3.2073 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 500.100755][T13968] Tainted: [U]=USER [ 500.100760][T13968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 500.100770][T13968] Call Trace: [ 500.100775][T13968] [ 500.100781][T13968] dump_stack_lvl+0x16c/0x1f0 [ 500.100806][T13968] should_fail_ex+0x50a/0x650 [ 500.100820][T13968] ? fs_reclaim_acquire+0xae/0x150 [ 500.100839][T13968] should_failslab+0xc2/0x120 [ 500.100854][T13968] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 500.100873][T13968] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 500.100894][T13968] ? acpi_ut_create_internal_object_dbg+0x78/0x3f0 [ 500.100920][T13968] acpi_ut_create_internal_object_dbg+0x78/0x3f0 [ 500.100945][T13968] acpi_ds_create_operand+0x30d/0x880 [ 500.100963][T13968] ? __pfx_acpi_ds_create_operand+0x10/0x10 [ 500.100986][T13968] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 500.101009][T13968] acpi_ds_create_operands+0x249/0x390 [ 500.101027][T13968] ? acpi_ps_get_next_namepath+0x1bf/0x730 [ 500.101044][T13968] ? __pfx_acpi_ds_create_operands+0x10/0x10 [ 500.101071][T13968] acpi_ds_exec_end_op+0x5ef/0x1460 [ 500.101090][T13968] ? __pfx_acpi_ds_exec_end_op+0x10/0x10 [ 500.101108][T13968] acpi_ps_parse_loop+0x429/0x1ce0 [ 500.101130][T13968] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 500.101146][T13968] ? acpi_ns_get_normalized_pathname+0x97/0xd0 [ 500.101168][T13968] ? acpi_ds_call_control_method+0x96/0x6d0 [ 500.101188][T13968] acpi_ps_parse_aml+0x3c1/0xcb0 [ 500.101208][T13968] acpi_ps_execute_method+0x55a/0xb30 [ 500.101228][T13968] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 500.101255][T13968] acpi_ns_evaluate+0x76c/0xca0 [ 500.101275][T13968] ? kasan_save_track+0x14/0x30 [ 500.101296][T13968] acpi_evaluate_object+0x1fb/0xa90 [ 500.101314][T13968] ? __lock_acquire+0xcc5/0x3c40 [ 500.101334][T13968] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 500.101365][T13968] acpi_evaluate_integer+0xde/0x200 [ 500.101380][T13968] ? __pfx___lock_acquire+0x10/0x10 [ 500.101399][T13968] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 500.101413][T13968] ? rcu_is_watching+0x12/0xc0 [ 500.101428][T13968] ? trace_contention_end+0xee/0x140 [ 500.101455][T13968] ? __pfx_status_show+0x10/0x10 [ 500.101471][T13968] status_show+0xa1/0x120 [ 500.101488][T13968] ? __pfx_status_show+0x10/0x10 [ 500.101510][T13968] dev_attr_show+0x53/0xe0 [ 500.101530][T13968] ? __pfx_dev_attr_show+0x10/0x10 [ 500.101555][T13968] sysfs_kf_seq_show+0x23e/0x410 [ 500.101576][T13968] seq_read_iter+0x4f4/0x12b0 [ 500.101605][T13968] kernfs_fop_read_iter+0x414/0x580 [ 500.101619][T13968] ? rw_verify_area+0xcf/0x680 [ 500.101637][T13968] vfs_read+0x886/0xbf0 [ 500.101660][T13968] ? __pfx_vfs_read+0x10/0x10 [ 500.101691][T13968] ksys_read+0x12b/0x250 [ 500.101708][T13968] ? __pfx_ksys_read+0x10/0x10 [ 500.101732][T13968] do_syscall_64+0xcd/0x250 [ 500.101753][T13968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.101773][T13968] RIP: 0033:0x7f8536b8d169 [ 500.101785][T13968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 500.101799][T13968] RSP: 002b:00007f85349f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 500.101813][T13968] RAX: ffffffffffffffda RBX: 00007f8536da6080 RCX: 00007f8536b8d169 [ 500.101822][T13968] RDX: 000000000000007a RSI: 0000400000000140 RDI: 0000000000000005 [ 500.101831][T13968] RBP: 00007f8536c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 500.101840][T13968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 500.101848][T13968] R13: 0000000000000000 R14: 00007f8536da6080 R15: 00007ffcf1a43768 [ 500.101868][T13968] [ 500.457752][ C1] vkms_vblank_simulate: vblank timer overrun [ 500.464843][T13968] ACPI Error: Could not allocate an object descriptor (20240827/dsutils-617) [ 500.474355][T13968] ACPI Error: AE_NO_MEMORY, While creating Arg 0 (20240827/dsutils-725) [ 500.482868][T13968] ACPI Error: Aborting method \_SB.IQST due to previous error (AE_NO_MEMORY) (20240827/psparse-529) [ 500.493838][T13968] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20240827/psparse-529) [ 500.801307][T13981] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 501.605720][T14000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2084'. [ 501.835737][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.842052][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.503323][T14021] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 502.842227][T14028] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 502.915882][T14031] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.288581][T14034] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2092'. [ 503.629778][T14041] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.648528][T14042] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 503.671985][T14040] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 504.075685][T14055] netlink: zone id is out of range [ 504.104682][T14055] netlink: zone id is out of range [ 504.152871][T14055] netlink: zone id is out of range [ 504.178679][T14055] netlink: zone id is out of range [ 504.232233][T14055] netlink: zone id is out of range [ 504.302682][T14055] netlink: zone id is out of range [ 504.307828][T14055] netlink: zone id is out of range [ 504.382704][T14055] netlink: zone id is out of range [ 504.387848][T14055] netlink: zone id is out of range [ 504.427037][T14055] netlink: zone id is out of range [ 505.221492][T14068] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input44 [ 505.336587][T14080] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 505.805981][T14087] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 505.857547][T14089] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 506.254223][T14095] QAT: Invalid ioctl 35123 [ 506.934462][T14120] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 508.150684][T14141] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 508.238191][T14143] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 508.552198][T14157] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 509.544098][T14174] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 509.653959][T14179] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2129'. [ 509.737850][T14176] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2128'. [ 509.830235][T14181] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 509.964283][T14186] program syz.0.2131 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 510.256886][T14190] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2132'. [ 510.308135][T14194] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 510.541737][T14203] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1198: comm udevd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 510.647482][T14203] udevd[14203]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 510.887252][T14198] Invalid ELF header magic: != ELF [ 511.620019][T14230] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 511.653286][T14228] netlink: 'syz.2.2141': attribute type 2 has an invalid length. [ 512.467227][T14244] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 512.519847][T14241] Invalid ELF header magic: != ELF [ 513.635966][T14262] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 513.765067][T14265] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 514.778469][T14276] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 515.036183][T14280] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 515.392250][T14292] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 515.608921][T14296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2156'. [ 515.808153][T14298] net_ratelimit: 2 callbacks suppressed [ 515.808168][T14298] openvswitch: netlink: nsh attr 68 is out of range max 3 [ 515.852895][T14298] overlayfs: "check_copy_up" module option is obsolete [ 516.363876][T14320] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.744592][T14335] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.798404][T14336] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 516.853053][T14337] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 517.096898][T14341] Invalid ELF header magic: != ELF [ 517.713357][T14350] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 518.368130][T14365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2172'. [ 518.409302][T14365] FAULT_INJECTION: forcing a failure. [ 518.409302][T14365] name failslab, interval 1, probability 0, space 0, times 0 [ 518.477339][T14365] CPU: 1 UID: 0 PID: 14365 Comm: syz.0.2172 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 518.477363][T14365] Tainted: [U]=USER [ 518.477368][T14365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 518.477377][T14365] Call Trace: [ 518.477382][T14365] [ 518.477387][T14365] dump_stack_lvl+0x16c/0x1f0 [ 518.477412][T14365] should_fail_ex+0x50a/0x650 [ 518.477453][T14365] should_failslab+0xc2/0x120 [ 518.477467][T14365] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 518.477489][T14365] ? skb_clone+0x190/0x3f0 [ 518.477506][T14365] skb_clone+0x190/0x3f0 [ 518.477519][T14365] netlink_deliver_tap+0xabd/0xd30 [ 518.477543][T14365] netlink_unicast+0x6b4/0x7f0 [ 518.477566][T14365] ? __pfx_netlink_unicast+0x10/0x10 [ 518.477585][T14365] ? genl_rcv_msg+0x4bd/0x800 [ 518.477603][T14365] netlink_ack+0x6ac/0xb80 [ 518.477629][T14365] netlink_rcv_skb+0x348/0x440 [ 518.477648][T14365] ? __pfx_genl_rcv_msg+0x10/0x10 [ 518.477663][T14365] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 518.477691][T14365] ? down_read+0xc9/0x330 [ 518.477712][T14365] ? __pfx_down_read+0x10/0x10 [ 518.477732][T14365] ? netlink_deliver_tap+0x1ae/0xd30 [ 518.477754][T14365] genl_rcv+0x28/0x40 [ 518.477774][T14365] netlink_unicast+0x53c/0x7f0 [ 518.477796][T14365] ? __pfx_netlink_unicast+0x10/0x10 [ 518.477817][T14365] ? __phys_addr_symbol+0x30/0x80 [ 518.477831][T14365] ? __check_object_size+0x488/0x710 [ 518.477848][T14365] netlink_sendmsg+0x8b8/0xd70 [ 518.477871][T14365] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.477899][T14365] ____sys_sendmsg+0xaaf/0xc90 [ 518.477916][T14365] ? copy_msghdr_from_user+0x10b/0x160 [ 518.477937][T14365] ? __pfx_____sys_sendmsg+0x10/0x10 [ 518.477963][T14365] ___sys_sendmsg+0x135/0x1e0 [ 518.477985][T14365] ? __pfx____sys_sendmsg+0x10/0x10 [ 518.478014][T14365] ? __pfx_lock_release+0x10/0x10 [ 518.478033][T14365] ? trace_lock_acquire+0x14e/0x1f0 [ 518.478056][T14365] ? __fget_files+0x206/0x3a0 [ 518.478082][T14365] __sys_sendmsg+0x16e/0x220 [ 518.478104][T14365] ? __pfx___sys_sendmsg+0x10/0x10 [ 518.478138][T14365] do_syscall_64+0xcd/0x250 [ 518.478158][T14365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.478178][T14365] RIP: 0033:0x7fe6c218d169 [ 518.478190][T14365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.478204][T14365] RSP: 002b:00007fe6c2fbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 518.478218][T14365] RAX: ffffffffffffffda RBX: 00007fe6c23a5fa0 RCX: 00007fe6c218d169 [ 518.478227][T14365] RDX: 0000000000008000 RSI: 0000400000000000 RDI: 0000000000000003 [ 518.478237][T14365] RBP: 00007fe6c2fbc090 R08: 0000000000000000 R09: 0000000000000000 [ 518.478245][T14365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 518.478253][T14365] R13: 0000000000000000 R14: 00007fe6c23a5fa0 R15: 00007fff33576958 [ 518.478271][T14365] [ 520.320771][T14387] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 520.410824][T14390] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 521.601143][T14404] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 522.273356][T14424] FAULT_INJECTION: forcing a failure. [ 522.273356][T14424] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.426477][T14424] CPU: 1 UID: 0 PID: 14424 Comm: syz.2.2189 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 522.426501][T14424] Tainted: [U]=USER [ 522.426506][T14424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 522.426515][T14424] Call Trace: [ 522.426519][T14424] [ 522.426525][T14424] dump_stack_lvl+0x16c/0x1f0 [ 522.426550][T14424] should_fail_ex+0x50a/0x650 [ 522.426566][T14424] _copy_from_user+0x2e/0xd0 [ 522.426582][T14424] core_sys_select+0x361/0xb80 [ 522.426606][T14424] ? __pfx_core_sys_select+0x10/0x10 [ 522.426627][T14424] ? find_held_lock+0x2d/0x110 [ 522.426658][T14424] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 522.426682][T14424] kern_select+0x15e/0x1e0 [ 522.426700][T14424] ? __pfx_kern_select+0x10/0x10 [ 522.426722][T14424] ? __pfx_ksys_write+0x10/0x10 [ 522.426743][T14424] __x64_sys_select+0xbd/0x160 [ 522.426761][T14424] ? do_syscall_64+0x91/0x250 [ 522.426780][T14424] ? lockdep_hardirqs_on+0x7c/0x110 [ 522.426798][T14424] do_syscall_64+0xcd/0x250 [ 522.426818][T14424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.426837][T14424] RIP: 0033:0x7f6e9038d169 [ 522.426849][T14424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.426863][T14424] RSP: 002b:00007f6e911a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 522.426877][T14424] RAX: ffffffffffffffda RBX: 00007f6e905a6080 RCX: 00007f6e9038d169 [ 522.426886][T14424] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 522.426895][T14424] RBP: 00007f6e911a2090 R08: 0000000000000000 R09: 0000000000000000 [ 522.426903][T14424] R10: 00004000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 522.426912][T14424] R13: 0000000000000001 R14: 00007f6e905a6080 R15: 00007fff59b86ab8 [ 522.426929][T14424] [ 523.002362][T14417] sctp: [Deprecated]: syz.3.2188 (pid 14417) Use of struct sctp_assoc_value in delayed_ack socket option. [ 523.002362][T14417] Use struct sctp_sack_info instead [ 523.394148][T14438] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 523.448012][T14443] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 523.879086][T14449] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2196'. [ 524.107296][T14453] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.151879][T14454] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.208694][T14456] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 524.689052][T14463] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2198'. [ 525.527187][T14476] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 525.742141][T14482] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 525.943285][T14486] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 526.215139][T14490] tipc: Started in network mode [ 526.240871][T14490] tipc: Node identity b5e70b3f, cluster identity 4711 [ 526.276350][T14490] tipc: Node number set to 3051817791 [ 526.572045][T14481] sctp: [Deprecated]: syz.1.2203 (pid 14481) Use of struct sctp_assoc_value in delayed_ack socket option. [ 526.572045][T14481] Use struct sctp_sack_info instead [ 528.029341][T14524] FAULT_INJECTION: forcing a failure. [ 528.029341][T14524] name failslab, interval 1, probability 0, space 0, times 0 [ 528.172608][T14524] CPU: 1 UID: 0 PID: 14524 Comm: syz.3.2213 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 528.172633][T14524] Tainted: [U]=USER [ 528.172638][T14524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 528.172647][T14524] Call Trace: [ 528.172652][T14524] [ 528.172659][T14524] dump_stack_lvl+0x16c/0x1f0 [ 528.172685][T14524] should_fail_ex+0x50a/0x650 [ 528.172699][T14524] ? fs_reclaim_acquire+0xae/0x150 [ 528.172719][T14524] should_failslab+0xc2/0x120 [ 528.172734][T14524] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 528.172757][T14524] ? ima_alloc_tfm+0x21d/0x2d0 [ 528.172777][T14524] ? ima_collect_measurement+0x4b7/0xa40 [ 528.172794][T14524] krealloc_noprof+0x1fb/0x380 [ 528.172817][T14524] ima_collect_measurement+0x4b7/0xa40 [ 528.172830][T14524] ? security_mmap_file+0x88c/0x990 [ 528.172853][T14524] ? __pfx_ima_collect_measurement+0x10/0x10 [ 528.172879][T14524] ? __mutex_lock+0x1cc/0xb10 [ 528.172897][T14524] ? is_bad_inode+0xd/0x40 [ 528.172914][T14524] ? xattr_resolve_name+0x27b/0x3f0 [ 528.172935][T14524] ? vfs_getxattr_alloc+0xf1/0x340 [ 528.172957][T14524] ? ima_get_hash_algo+0x27d/0x410 [ 528.172975][T14524] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 528.172998][T14524] ? process_measurement+0x1271/0x2370 [ 528.173016][T14524] process_measurement+0x1271/0x2370 [ 528.173042][T14524] ? __pfx_process_measurement+0x10/0x10 [ 528.173069][T14524] ? aa_file_perm+0x4c6/0xfe0 [ 528.173088][T14524] ? trace_lock_acquire+0x14e/0x1f0 [ 528.173125][T14524] ima_file_mmap+0x1b3/0x1e0 [ 528.173144][T14524] ? __pfx_ima_file_mmap+0x10/0x10 [ 528.173163][T14524] ? lockdep_init_map_type+0x16d/0x7d0 [ 528.173187][T14524] security_mmap_file+0x88c/0x990 [ 528.173206][T14524] vm_mmap_pgoff+0xeb/0x440 [ 528.173227][T14524] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 528.173245][T14524] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 528.173261][T14524] ? hugetlbfs_get_inode+0x323/0x740 [ 528.173281][T14524] ksys_mmap_pgoff+0x1c8/0x5c0 [ 528.173302][T14524] __x64_sys_mmap+0x125/0x190 [ 528.173323][T14524] do_syscall_64+0xcd/0x250 [ 528.173343][T14524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.173362][T14524] RIP: 0033:0x7f8536b8d169 [ 528.173375][T14524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.173389][T14524] RSP: 002b:00007f853790f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 528.173403][T14524] RAX: ffffffffffffffda RBX: 00007f8536da5fa0 RCX: 00007f8536b8d169 [ 528.173412][T14524] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 528.173420][T14524] RBP: 00007f8536c0e2a0 R08: 0000000000000401 R09: 00003000a4010000 [ 528.173429][T14524] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 528.173437][T14524] R13: 0000000000000000 R14: 00007f8536da5fa0 R15: 00007ffcf1a43768 [ 528.173455][T14524] [ 528.174732][ T30] audit: type=1800 audit(4294967297.190:11): pid=14524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2213" name="anon_hugepage" dev="hugetlbfs" ino=48024 res=0 errno=0 [ 529.456933][T14551] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 529.472885][T14552] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 529.547896][T14554] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 530.713320][T14572] FAULT_INJECTION: forcing a failure. [ 530.713320][T14572] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 531.022679][T14572] CPU: 1 UID: 0 PID: 14572 Comm: syz.3.2226 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 531.022705][T14572] Tainted: [U]=USER [ 531.022710][T14572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 531.022719][T14572] Call Trace: [ 531.022724][T14572] [ 531.022731][T14572] dump_stack_lvl+0x16c/0x1f0 [ 531.022755][T14572] should_fail_ex+0x50a/0x650 [ 531.022769][T14572] ? __pfx___might_resched+0x10/0x10 [ 531.022794][T14572] should_fail_alloc_page+0xe7/0x130 [ 531.022809][T14572] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 531.022835][T14572] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 531.022857][T14572] ? __pfx___lock_acquire+0x10/0x10 [ 531.022877][T14572] ? __pfx_mark_lock+0x10/0x10 [ 531.022896][T14572] ? hlock_class+0x4e/0x130 [ 531.022910][T14572] ? __lock_acquire+0x15a9/0x3c40 [ 531.022929][T14572] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 531.022962][T14572] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 531.022985][T14572] ? policy_nodemask+0xea/0x4e0 [ 531.022999][T14572] alloc_pages_mpol+0x1fc/0x540 [ 531.023014][T14572] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 531.023026][T14572] ? __pollwait+0x26d/0x4c0 [ 531.023043][T14572] ? __pfx_lock_release+0x10/0x10 [ 531.023061][T14572] ? lock_acquire+0x2f/0xb0 [ 531.023078][T14572] ? add_wait_queue+0x45/0x230 [ 531.023098][T14572] alloc_pages_noprof+0x131/0x390 [ 531.023111][T14572] ? __pfx___pollwait+0x10/0x10 [ 531.023128][T14572] get_free_pages_noprof+0xc/0x40 [ 531.023142][T14572] __pollwait+0x291/0x4c0 [ 531.023159][T14572] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 531.023179][T14572] ? __pfx___pollwait+0x10/0x10 [ 531.023201][T14572] snd_seq_pool_poll_wait+0x58/0x140 [ 531.023221][T14572] snd_seq_kernel_client_write_poll+0xf9/0x1a0 [ 531.023238][T14572] snd_seq_oss_poll+0x17d/0x1d0 [ 531.023256][T14572] ? __pfx_odev_poll+0x10/0x10 [ 531.023269][T14572] odev_poll+0x4a/0x90 [ 531.023283][T14572] do_select+0xd88/0x17e0 [ 531.023314][T14572] ? __pfx_do_select+0x10/0x10 [ 531.023331][T14572] ? __pfx_mark_lock+0x10/0x10 [ 531.023348][T14572] ? mark_lock+0xb5/0xc60 [ 531.023366][T14572] ? __pfx___pollwait+0x10/0x10 [ 531.023386][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023405][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023424][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023443][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023462][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023481][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023501][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023520][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023539][T14572] ? __pfx_pollwake+0x10/0x10 [ 531.023557][T14572] ? trace_lock_acquire+0x14e/0x1f0 [ 531.023575][T14572] ? lock_acquire+0x2f/0xb0 [ 531.023592][T14572] ? __might_fault+0xe3/0x190 [ 531.023606][T14572] ? __might_fault+0xe3/0x190 [ 531.023623][T14572] ? core_sys_select+0x459/0xb80 [ 531.023642][T14572] core_sys_select+0x459/0xb80 [ 531.023664][T14572] ? __pfx_core_sys_select+0x10/0x10 [ 531.023686][T14572] ? find_held_lock+0x2d/0x110 [ 531.023715][T14572] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 531.023738][T14572] kern_select+0x15e/0x1e0 [ 531.023757][T14572] ? __pfx_kern_select+0x10/0x10 [ 531.023778][T14572] ? __pfx_ksys_write+0x10/0x10 [ 531.023800][T14572] __x64_sys_select+0xbd/0x160 [ 531.023818][T14572] ? do_syscall_64+0x91/0x250 [ 531.023836][T14572] ? lockdep_hardirqs_on+0x7c/0x110 [ 531.023854][T14572] do_syscall_64+0xcd/0x250 [ 531.023874][T14572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.023894][T14572] RIP: 0033:0x7f8536b8d169 [ 531.023906][T14572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.023920][T14572] RSP: 002b:00007f85349f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 531.023934][T14572] RAX: ffffffffffffffda RBX: 00007f8536da6080 RCX: 00007f8536b8d169 [ 531.023943][T14572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 531.023952][T14572] RBP: 00007f85349f6090 R08: 0000000000000000 R09: 0000000000000000 [ 531.023960][T14572] R10: 00004000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 531.023968][T14572] R13: 0000000000000001 R14: 00007f8536da6080 R15: 00007ffcf1a43768 [ 531.023985][T14572] [ 531.438596][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.447419][ C1] hrtimer: interrupt took 414846003 ns [ 531.547447][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.714959][T14585] FAULT_INJECTION: forcing a failure. [ 532.714959][T14585] name failslab, interval 1, probability 0, space 0, times 0 [ 532.772704][T14585] CPU: 1 UID: 0 PID: 14585 Comm: syz.2.2230 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 532.772728][T14585] Tainted: [U]=USER [ 532.772733][T14585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 532.772743][T14585] Call Trace: [ 532.772749][T14585] [ 532.772755][T14585] dump_stack_lvl+0x16c/0x1f0 [ 532.772779][T14585] should_fail_ex+0x50a/0x650 [ 532.772793][T14585] ? fs_reclaim_acquire+0xae/0x150 [ 532.772813][T14585] ? kobject_uevent_env+0x265/0x1870 [ 532.772829][T14585] should_failslab+0xc2/0x120 [ 532.772843][T14585] __kmalloc_cache_noprof+0x68/0x410 [ 532.772863][T14585] ? kobject_init_and_add+0x124/0x190 [ 532.772886][T14585] kobject_uevent_env+0x265/0x1870 [ 532.772908][T14585] nfs_netns_sysfs_setup+0x16f/0x1f0 [ 532.772931][T14585] nfs_net_init+0x10a/0x300 [ 532.772948][T14585] ? __pfx_nfs_net_init+0x10/0x10 [ 532.772963][T14585] ops_init+0x1df/0x5f0 [ 532.772980][T14585] setup_net+0x21f/0x860 [ 532.772995][T14585] ? __pfx_setup_net+0x10/0x10 [ 532.773007][T14585] ? down_read_killable+0xcc/0x380 [ 532.773028][T14585] ? __pfx_down_read_killable+0x10/0x10 [ 532.773049][T14585] ? __raw_spin_lock_init+0x3a/0x110 [ 532.773064][T14585] ? debug_mutex_init+0x37/0x70 [ 532.773081][T14585] copy_net_ns+0x2a6/0x5f0 [ 532.773097][T14585] create_new_namespaces+0x3ea/0xad0 [ 532.773123][T14585] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 532.773146][T14585] ksys_unshare+0x45d/0xa40 [ 532.773161][T14585] ? __pfx_ksys_unshare+0x10/0x10 [ 532.773174][T14585] ? xfd_validate_state+0x5d/0x180 [ 532.773194][T14585] ? syscall_user_dispatch+0x7a/0x130 [ 532.773219][T14585] __x64_sys_unshare+0x31/0x40 [ 532.773233][T14585] do_syscall_64+0xcd/0x250 [ 532.773253][T14585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.773272][T14585] RIP: 0033:0x7f6e9038d169 [ 532.773284][T14585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.773297][T14585] RSP: 002b:00007f6e911c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 532.773311][T14585] RAX: ffffffffffffffda RBX: 00007f6e905a5fa0 RCX: 00007f6e9038d169 [ 532.773320][T14585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 532.773328][T14585] RBP: 00007f6e9040e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 532.773336][T14585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.773344][T14585] R13: 0000000000000000 R14: 00007f6e905a5fa0 R15: 00007fff59b86ab8 [ 532.773362][T14585] [ 533.027773][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.139595][T14589] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 533.319660][T14591] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 533.558568][T14595] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 535.237103][T14624] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2240'. [ 535.408525][T14629] cougar: G6 mapped to space [ 536.718842][T14641] FAULT_INJECTION: forcing a failure. [ 536.718842][T14641] name failslab, interval 1, probability 0, space 0, times 0 [ 536.778133][T14641] CPU: 1 UID: 0 PID: 14641 Comm: syz.3.2246 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 536.778159][T14641] Tainted: [U]=USER [ 536.778165][T14641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 536.778175][T14641] Call Trace: [ 536.778180][T14641] [ 536.778186][T14641] dump_stack_lvl+0x16c/0x1f0 [ 536.778211][T14641] should_fail_ex+0x50a/0x650 [ 536.778225][T14641] ? fs_reclaim_acquire+0xae/0x150 [ 536.778246][T14641] should_failslab+0xc2/0x120 [ 536.778260][T14641] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 536.778282][T14641] ? vma_merge_new_range+0x40a/0xbb0 [ 536.778302][T14641] ? vm_area_alloc+0x134/0x230 [ 536.778325][T14641] vm_area_alloc+0x134/0x230 [ 536.778344][T14641] __mmap_region+0x108d/0x2760 [ 536.778359][T14641] ? __pfx___mmap_region+0x10/0x10 [ 536.778384][T14641] ? hlock_class+0x4e/0x130 [ 536.778399][T14641] ? mark_lock+0xb5/0xc60 [ 536.778422][T14641] ? __pfx___schedule+0x10/0x10 [ 536.778462][T14641] ? cap_capable+0xb3/0x250 [ 536.778480][T14641] mmap_region+0x1ab/0x3f0 [ 536.778499][T14641] do_mmap+0xd8d/0x11b0 [ 536.778521][T14641] ? __pfx_do_mmap+0x10/0x10 [ 536.778543][T14641] ? __pfx_down_write_killable+0x10/0x10 [ 536.778568][T14641] vm_mmap_pgoff+0x279/0x440 [ 536.778591][T14641] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 536.778615][T14641] ? __x64_sys_futex+0x1e1/0x4c0 [ 536.778631][T14641] ? __x64_sys_futex+0x1ea/0x4c0 [ 536.778650][T14641] ksys_mmap_pgoff+0x7d/0x5c0 [ 536.778667][T14641] ? rcu_is_watching+0x12/0xc0 [ 536.778684][T14641] __x64_sys_mmap+0x125/0x190 [ 536.778705][T14641] do_syscall_64+0xcd/0x250 [ 536.778725][T14641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.778744][T14641] RIP: 0033:0x7f8536b8d169 [ 536.778756][T14641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.778770][T14641] RSP: 002b:00007f853790f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 536.778784][T14641] RAX: ffffffffffffffda RBX: 00007f8536da5fa0 RCX: 00007f8536b8d169 [ 536.778794][T14641] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 536.778803][T14641] RBP: 00007f8536c0e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 536.778811][T14641] R10: 00000000000000f1 R11: 0000000000000246 R12: 0000000000000000 [ 536.778820][T14641] R13: 0000000000000000 R14: 00007f8536da5fa0 R15: 00007ffcf1a43768 [ 536.778838][T14641] [ 538.530920][T14664] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 538.699960][T14668] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 538.809340][T14671] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 539.165160][T14677] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2252'. [ 541.126205][T14697] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 541.219557][T14702] RDS: rds_bind could not find a transport for 7bc:c94c:4e37:70c4::, load rds_tcp or rds_rdma? [ 541.244344][T14706] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 541.374746][T14690] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 541.389970][T14690] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 541.413174][T14709] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2257'. [ 541.432803][T14690] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 541.452869][T14690] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 541.488527][T14690] CPU0 is offline. [ 541.764329][T14715] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 543.025370][T14734] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 543.076047][T14736] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 543.353559][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 543.435526][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 543.512841][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 543.519074][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 543.569877][T14749] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 543.764912][ T30] audit: type=1804 audit(4294967312.760:12): pid=14752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2269" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1067 res=1 errno=0 [ 544.981539][T14772] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2277'. [ 545.077327][T14773] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 545.181126][T14778] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 545.422348][T14784] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 547.358891][T14823] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 547.745629][T14834] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 547.837354][T14835] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2291'. [ 548.592368][T14842] FAULT_INJECTION: forcing a failure. [ 548.592368][T14842] name failslab, interval 1, probability 0, space 0, times 0 [ 548.671181][T14842] CPU: 1 UID: 0 PID: 14842 Comm: syz.0.2293 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 548.671207][T14842] Tainted: [U]=USER [ 548.671213][T14842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 548.671222][T14842] Call Trace: [ 548.671227][T14842] [ 548.671233][T14842] dump_stack_lvl+0x16c/0x1f0 [ 548.671257][T14842] should_fail_ex+0x50a/0x650 [ 548.671276][T14842] ? fs_reclaim_acquire+0xae/0x150 [ 548.671296][T14842] ? tomoyo_encode2+0x100/0x3e0 [ 548.671315][T14842] should_failslab+0xc2/0x120 [ 548.671329][T14842] __kmalloc_noprof+0xcb/0x510 [ 548.671350][T14842] ? rcu_is_watching+0x12/0xc0 [ 548.671367][T14842] tomoyo_encode2+0x100/0x3e0 [ 548.671388][T14842] tomoyo_encode+0x29/0x50 [ 548.671405][T14842] tomoyo_realpath_from_path+0x19d/0x720 [ 548.671426][T14842] ? tomoyo_path_number_perm+0x235/0x590 [ 548.671444][T14842] tomoyo_path_number_perm+0x248/0x590 [ 548.671460][T14842] ? tomoyo_path_number_perm+0x235/0x590 [ 548.671477][T14842] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 548.671501][T14842] ? __pfx_lock_release+0x10/0x10 [ 548.671530][T14842] ? __pfx_lock_release+0x10/0x10 [ 548.671548][T14842] ? trace_lock_acquire+0x14e/0x1f0 [ 548.671565][T14842] ? lock_acquire+0x2f/0xb0 [ 548.671582][T14842] ? __fget_files+0x40/0x3a0 [ 548.671604][T14842] ? __fget_files+0x206/0x3a0 [ 548.671625][T14842] security_file_ioctl+0x9b/0x240 [ 548.671643][T14842] __x64_sys_ioctl+0xb7/0x200 [ 548.671662][T14842] do_syscall_64+0xcd/0x250 [ 548.671682][T14842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.671701][T14842] RIP: 0033:0x7fe6c218d169 [ 548.671713][T14842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.671727][T14842] RSP: 002b:00007fe6c2fbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 548.671740][T14842] RAX: ffffffffffffffda RBX: 00007fe6c23a5fa0 RCX: 00007fe6c218d169 [ 548.671750][T14842] RDX: 0000000000000000 RSI: 000000008028640c RDI: 0000000000000000 [ 548.671759][T14842] RBP: 00007fe6c220e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 548.671768][T14842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.671776][T14842] R13: 0000000000000000 R14: 00007fe6c23a5fa0 R15: 00007fff33576958 [ 548.671793][T14842] [ 548.671808][T14842] ERROR: Out of memory at tomoyo_realpath_from_path. [ 550.688334][T14876] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2304'. [ 550.780861][T14874] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2303'. [ 550.804611][T14878] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 550.870178][T14874] team_slave_0: entered allmulticast mode [ 551.893486][T14896] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 552.363394][T14898] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 553.626960][T14910] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2311'. [ 554.013456][T14913] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 554.630300][T14922] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 554.766958][T14922] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 554.948793][T14922] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 555.209032][T14934] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 555.408749][T14938] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 2: bad block bitmap checksum [ 555.479086][T14935] netlink: 'syz.0.2319': attribute type 16 has an invalid length. [ 555.559494][T14935] netlink: 50 bytes leftover after parsing attributes in process `syz.0.2319'. [ 555.622882][T14939] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 3: bad block bitmap checksum [ 555.899409][ T4510] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.255600][ T4510] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.539728][ T4510] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.600233][T14950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2322'. [ 556.898857][ T4510] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.073848][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 557.092767][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 557.101190][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 557.114521][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 557.121936][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 557.134517][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 557.518610][T14961] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 557.627961][T14967] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 557.673728][ T4510] bridge_slave_1: left allmulticast mode [ 557.679404][ T4510] bridge_slave_1: left promiscuous mode [ 557.739128][ T4510] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.803842][ T4510] bridge_slave_0: left allmulticast mode [ 557.809528][ T4510] bridge_slave_0: left promiscuous mode [ 557.871903][ T4510] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.192836][ T5832] Bluetooth: hci1: command tx timeout [ 560.091335][ T4510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 560.189883][ T4510] bond0 (unregistering): Released all slaves [ 560.209502][T14989] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2332'. [ 560.267255][T14990] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:5: corrupted in-inode xattr: bad magic number in in-inode xattr [ 560.349566][ T4510] tipc: Left network mode [ 560.413929][T14955] chnl_net:caif_netlink_parms(): no params data found [ 560.576120][T14993] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 560.667042][T14994] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 561.239042][T15002] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 561.272713][ T5832] Bluetooth: hci1: command tx timeout [ 561.318972][T15003] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 561.472782][T14955] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.501049][T14955] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.536159][T14955] bridge_slave_0: entered allmulticast mode [ 561.593527][T14955] bridge_slave_0: entered promiscuous mode [ 561.613492][T14955] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.620627][T14955] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.666468][T14955] bridge_slave_1: entered allmulticast mode [ 561.687162][T14955] bridge_slave_1: entered promiscuous mode [ 561.956447][ T4510] hsr_slave_0: left promiscuous mode [ 561.971816][ T4510] hsr_slave_1: left promiscuous mode [ 561.988274][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 562.013922][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 562.035313][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 562.048224][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 562.080906][ T4510] veth1_macvtap: left promiscuous mode [ 562.097952][ T4510] veth0_macvtap: left promiscuous mode [ 562.114856][ T4510] veth1_vlan: left promiscuous mode [ 562.126626][ T4510] veth0_vlan: left promiscuous mode [ 562.348665][T15009] Invalid ELF header magic: != ELF [ 562.919702][ T4510] team0 (unregistering): Port device team_slave_1 removed [ 562.976713][ T4510] team0 (unregistering): Port device team_slave_0 removed [ 563.278581][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.287032][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.360440][ T5832] Bluetooth: hci1: command tx timeout [ 563.497173][T14955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 563.546916][T14955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 563.571302][T15013] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 563.656412][T15014] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 563.697263][T14955] team0: Port device team_slave_0 added [ 563.771589][T14955] team0: Port device team_slave_1 added [ 563.836089][T15015] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 563.905181][T14955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.944969][T14955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.040987][T14955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 564.089444][T14955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 564.116792][T14955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.204446][T15021] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 564.228099][T14955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.368834][T14955] hsr_slave_0: entered promiscuous mode [ 564.413511][T14955] hsr_slave_1: entered promiscuous mode [ 565.014516][T15045] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.105745][T15047] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.436358][ T5832] Bluetooth: hci1: command tx timeout [ 565.518511][T15053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2346'. [ 565.586104][T15055] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.722745][T15057] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.830608][T15061] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 565.946791][T15064] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 566.222966][T15067] FAULT_INJECTION: forcing a failure. [ 566.222966][T15067] name fail_futex, interval 1, probability 0, space 0, times 0 [ 566.284949][T15067] CPU: 1 UID: 0 PID: 15067 Comm: syz.0.2348 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 566.284974][T15067] Tainted: [U]=USER [ 566.284979][T15067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 566.284987][T15067] Call Trace: [ 566.284992][T15067] [ 566.284998][T15067] dump_stack_lvl+0x16c/0x1f0 [ 566.285023][T15067] should_fail_ex+0x50a/0x650 [ 566.285037][T15067] ? __lock_acquire+0x15a9/0x3c40 [ 566.285059][T15067] get_futex_key+0x1c3/0x1000 [ 566.285077][T15067] ? __pfx_get_futex_key+0x10/0x10 [ 566.285099][T15067] futex_wake+0xe8/0x4e0 [ 566.285119][T15067] ? __pfx_futex_wake+0x10/0x10 [ 566.285140][T15067] ? find_held_lock+0x2d/0x110 [ 566.285159][T15067] do_futex+0x1e5/0x350 [ 566.285176][T15067] ? __pfx_do_futex+0x10/0x10 [ 566.285191][T15067] ? __might_fault+0xe3/0x190 [ 566.285206][T15067] ? __might_fault+0xe3/0x190 [ 566.285221][T15067] mm_release+0x24e/0x300 [ 566.285243][T15067] do_exit+0x886/0x2d70 [ 566.285259][T15067] ? get_signal+0x8f7/0x26c0 [ 566.285279][T15067] ? __pfx_do_exit+0x10/0x10 [ 566.285293][T15067] ? do_raw_spin_lock+0x12d/0x2c0 [ 566.285307][T15067] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 566.285322][T15067] do_group_exit+0xd3/0x2a0 [ 566.285338][T15067] get_signal+0x24ed/0x26c0 [ 566.285361][T15067] ? __pfx___blk_flush_plug+0x10/0x10 [ 566.285377][T15067] ? __pfx___up_read+0x10/0x10 [ 566.285406][T15067] ? __pfx_get_signal+0x10/0x10 [ 566.285428][T15067] ? __pfx_do_futex+0x10/0x10 [ 566.285446][T15067] arch_do_signal_or_restart+0x90/0x7e0 [ 566.285464][T15067] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 566.285485][T15067] ? rcu_is_watching+0x12/0xc0 [ 566.285504][T15067] syscall_exit_to_user_mode+0x150/0x2a0 [ 566.285524][T15067] do_syscall_64+0xda/0x250 [ 566.285544][T15067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.285563][T15067] RIP: 0033:0x7fe6c218d169 [ 566.285575][T15067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.285590][T15067] RSP: 002b:00007fe6c2fbc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 566.285604][T15067] RAX: fffffffffffffe00 RBX: 00007fe6c23a5fa8 RCX: 00007fe6c218d169 [ 566.285613][T15067] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe6c23a5fa8 [ 566.285622][T15067] RBP: 00007fe6c23a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 566.285631][T15067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6c23a5fac [ 566.285639][T15067] R13: 0000000000000000 R14: 00007fff33576870 R15: 00007fff33576958 [ 566.285656][T15067] [ 567.803452][T14955] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 567.908931][T14955] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 567.962481][T14955] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 568.054965][T14955] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 568.534802][T14955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 568.675948][T14955] 8021q: adding VLAN 0 to HW filter on device team0 [ 568.750706][ T4510] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.757863][ T4510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 568.826979][ T4510] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.834138][ T4510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 568.985453][T15096] EXT4-fs error: 10 callbacks suppressed [ 568.985469][T15096] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.093775][T15101] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.172068][T15103] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.269438][T15105] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 569.414751][T14955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 569.645511][T14955] veth0_vlan: entered promiscuous mode [ 569.672366][T14955] veth1_vlan: entered promiscuous mode [ 569.687437][ T5832] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 569.687471][ T5832] Bluetooth: hci3: unexpected subevent 0x05 length: 725 > 12 [ 569.703662][ T30] audit: type=1326 audit(4294967338.720:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15108 comm="syz.3.2357" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8536b8d169 code=0x0 [ 569.786966][T14955] veth0_macvtap: entered promiscuous mode [ 569.818709][T14955] veth1_macvtap: entered promiscuous mode [ 569.937481][T14955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 569.937501][T14955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.937509][T14955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 569.937520][T14955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.937528][T14955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 569.937539][T14955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.938205][T14955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 570.002762][ C1] vkms_vblank_simulate: vblank timer overrun [ 570.021385][T14955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.021403][T14955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.021411][T14955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.021422][T14955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.021430][T14955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 570.021440][T14955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 570.021978][T14955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 570.032153][ T30] audit: type=1326 audit(4294967339.040:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15108 comm="syz.3.2357" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8536b8d169 code=0x0 [ 570.044643][T14955] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.044671][T14955] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.044691][T14955] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.044711][T14955] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.192249][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.192282][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.255528][ T4510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.255547][ T4510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.338890][T15123] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 570.559356][T15127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2317'. [ 571.118536][T15136] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1198: comm udevd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 571.119338][T15136] udevd[15136]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 571.762726][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 571.951067][T15142] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1198: comm udevd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 571.988709][T15145] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 572.006005][T15142] udevd[15142]: failed to execute '/lib/udev/scsi_id' 'scsi_id --export --whitelisted -d /dev/sda': Structure needs cleaning [ 573.592646][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 573.600133][T15134] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 573.923942][T15134] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 573.931822][T15134] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 573.940258][T15134] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 573.947303][T15134] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 573.959853][T15134] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 573.968274][T15134] CPU0 is offline. [ 574.038105][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 574.047744][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 574.058992][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 574.068272][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 574.078896][ T5838] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 574.086415][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 574.479010][T15164] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2367'. [ 574.687244][T15168] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 574.848808][ T4510] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.949070][T15141] chnl_net:caif_netlink_parms(): no params data found [ 575.048522][ T4510] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.258988][ T4510] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.377117][T15179] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:6: corrupted in-inode xattr: bad magic number in in-inode xattr [ 575.528770][ T4510] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.664202][T15141] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.671598][T15141] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.686714][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 575.745528][T15141] bridge_slave_0: entered allmulticast mode [ 575.752115][T15141] bridge_slave_0: entered promiscuous mode [ 575.837153][T15141] bridge0: port 2(bridge_slave_1) entered blocking state [ 575.861211][T15141] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.880617][T15190] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:3: corrupted in-inode xattr: bad magic number in in-inode xattr [ 575.902777][T15141] bridge_slave_1: entered allmulticast mode [ 575.993061][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 575.999287][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 576.052426][T15141] bridge_slave_1: entered promiscuous mode [ 576.059084][T15193] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 576.153093][ T5838] Bluetooth: hci4: command tx timeout [ 576.296994][T15141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 576.356126][T15141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 576.557626][T15141] team0: Port device team_slave_0 added [ 576.593408][T15141] team0: Port device team_slave_1 added [ 576.807683][T15141] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 576.842253][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 577.237584][T15141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 577.408417][ T4510] bridge_slave_1: left allmulticast mode [ 577.422390][ T4510] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.450768][ T4510] bridge_slave_0: left allmulticast mode [ 577.466920][ T4510] bridge_slave_0: left promiscuous mode [ 577.481797][ T4510] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.082021][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 578.205852][ T4510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 578.228836][ T4510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 578.238011][ T5838] Bluetooth: hci4: command tx timeout [ 578.255087][ T4510] bond0 (unregistering): Released all slaves [ 578.271814][T15141] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.295279][T15216] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.314471][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.424417][T15218] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.465130][T15141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 578.545433][ T4510] : left promiscuous mode [ 578.623931][ T4510] tipc: Left network mode [ 578.768163][T15141] hsr_slave_0: entered promiscuous mode [ 578.781488][T15141] hsr_slave_1: entered promiscuous mode [ 578.811074][T15141] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 578.838728][T15141] Cannot create hsr debugfs directory [ 578.870445][T15224] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 578.968301][T15225] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 579.167883][ T4510] hsr_slave_0: left promiscuous mode [ 579.187843][ T4510] hsr_slave_1: left promiscuous mode [ 579.205351][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 579.225919][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 579.258149][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 579.279129][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 579.305436][ T4510] veth1_macvtap: left promiscuous mode [ 579.311335][ T4510] veth0_macvtap: left promiscuous mode [ 579.319392][ T4510] veth1_vlan: left allmulticast mode [ 579.326490][ T4510] veth1_vlan: left promiscuous mode [ 579.331741][ T4510] veth0_vlan: left promiscuous mode [ 580.097350][T15234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2384'. [ 580.159988][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 580.312659][ T5838] Bluetooth: hci4: command tx timeout [ 580.542405][ T4510] team0 (unregistering): Port device team_slave_1 removed [ 580.612045][ T4510] team0 (unregistering): Port device team_slave_0 removed [ 580.668226][T15241] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2386'. [ 581.351149][T15244] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 581.638169][T15249] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 581.708442][T15251] openvswitch: netlink: Multiple metadata blocks provided [ 581.759726][T15252] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 582.006353][T15256] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 582.282078][T15260] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 582.392762][ T5838] Bluetooth: hci4: command tx timeout [ 582.822128][T15263] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 582.886373][T15141] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 582.925461][T15141] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 582.952428][T15141] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 582.992097][T15141] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 583.005319][T15264] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 583.071919][T15265] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 583.183035][T15266] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 583.328397][T15141] 8021q: adding VLAN 0 to HW filter on device bond0 [ 583.395765][T15141] 8021q: adding VLAN 0 to HW filter on device team0 [ 583.445093][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.452205][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 583.524944][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.532029][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 583.548069][T15272] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 583.709715][T15141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 583.799865][T15141] veth0_vlan: entered promiscuous mode [ 583.846617][T15141] veth1_vlan: entered promiscuous mode [ 583.920094][T15141] veth0_macvtap: entered promiscuous mode [ 583.951209][T15141] veth1_macvtap: entered promiscuous mode [ 583.998778][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.050810][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.081360][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.120227][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.177265][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.229118][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.273570][T15294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2396'. [ 584.292106][T15141] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.340694][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.386661][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.416929][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.457554][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.518240][T15141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.552284][T15141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.593584][T15141] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.656719][T15141] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.692319][T15141] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.735292][T15141] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.767332][T15141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.963919][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.017560][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 585.110334][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 585.154953][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 586.242086][T15323] FAULT_INJECTION: forcing a failure. [ 586.242086][T15323] name failslab, interval 1, probability 0, space 0, times 0 [ 586.378206][T15323] CPU: 1 UID: 0 PID: 15323 Comm: syz.1.2406 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 586.378231][T15323] Tainted: [U]=USER [ 586.378239][T15323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 586.378248][T15323] Call Trace: [ 586.378253][T15323] [ 586.378259][T15323] dump_stack_lvl+0x16c/0x1f0 [ 586.378283][T15323] should_fail_ex+0x50a/0x650 [ 586.378303][T15323] ? fs_reclaim_acquire+0xae/0x150 [ 586.378323][T15323] ? alloc_tty_struct+0x98/0x8d0 [ 586.378343][T15323] should_failslab+0xc2/0x120 [ 586.378357][T15323] __kmalloc_cache_noprof+0x68/0x410 [ 586.378380][T15323] alloc_tty_struct+0x98/0x8d0 [ 586.378400][T15323] ? __pfx_alloc_tty_struct+0x10/0x10 [ 586.378423][T15323] tty_init_dev.part.0+0x1e/0x660 [ 586.378443][T15323] tty_open+0xac1/0xf80 [ 586.378461][T15323] ? chrdev_open+0x10e/0x6a0 [ 586.378483][T15323] ? __pfx_tty_open+0x10/0x10 [ 586.378501][T15323] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 586.378515][T15323] ? lock_acquire+0x2f/0xb0 [ 586.378532][T15323] ? chrdev_open+0x80/0x6a0 [ 586.378553][T15323] ? __pfx_tty_open+0x10/0x10 [ 586.378571][T15323] chrdev_open+0x237/0x6a0 [ 586.378590][T15323] ? __pfx_apparmor_file_open+0x10/0x10 [ 586.378608][T15323] ? __pfx_chrdev_open+0x10/0x10 [ 586.378630][T15323] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 586.378652][T15323] do_dentry_open+0x735/0x1c40 [ 586.378671][T15323] ? __pfx_chrdev_open+0x10/0x10 [ 586.378692][T15323] ? inode_permission+0xdd/0x5f0 [ 586.378709][T15323] vfs_open+0x82/0x3f0 [ 586.378722][T15323] ? may_open+0x1f2/0x400 [ 586.378739][T15323] path_openat+0x1e88/0x2d80 [ 586.378765][T15323] ? __pfx_path_openat+0x10/0x10 [ 586.378785][T15323] ? __pfx___lock_acquire+0x10/0x10 [ 586.378802][T15323] ? lock_acquire.part.0+0x11b/0x380 [ 586.378820][T15323] ? find_held_lock+0x2d/0x110 [ 586.378837][T15323] do_filp_open+0x20c/0x470 [ 586.378857][T15323] ? __pfx_do_filp_open+0x10/0x10 [ 586.378875][T15323] ? find_held_lock+0x2d/0x110 [ 586.378902][T15323] ? alloc_fd+0x41f/0x760 [ 586.378927][T15323] do_sys_openat2+0x17a/0x1e0 [ 586.378941][T15323] ? __pfx_do_sys_openat2+0x10/0x10 [ 586.378963][T15323] __x64_sys_openat+0x175/0x210 [ 586.378978][T15323] ? __pfx___x64_sys_openat+0x10/0x10 [ 586.379000][T15323] do_syscall_64+0xcd/0x250 [ 586.379022][T15323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.379041][T15323] RIP: 0033:0x7f073018d169 [ 586.379053][T15323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.379067][T15323] RSP: 002b:00007f07310d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 586.379081][T15323] RAX: ffffffffffffffda RBX: 00007f07303a5fa0 RCX: 00007f073018d169 [ 586.379091][T15323] RDX: 0000000000000800 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 586.379099][T15323] RBP: 00007f073020e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 586.379108][T15323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.379117][T15323] R13: 0000000000000000 R14: 00007f07303a5fa0 R15: 00007ffdd3db4c68 [ 586.379135][T15323] [ 587.776415][T15344] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2411'. [ 587.923290][T15346] EXT4-fs error: 9 callbacks suppressed [ 587.923304][T15346] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.444313][T15357] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:8: corrupted in-inode xattr: bad magic number in in-inode xattr [ 588.490059][T15360] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 589.524687][T15371] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:1: corrupted in-inode xattr: bad magic number in in-inode xattr [ 589.584490][T15374] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:7: corrupted in-inode xattr: bad magic number in in-inode xattr [ 589.740370][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 589.750115][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 589.758639][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 589.766444][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 589.774317][ T5832] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 589.781488][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 590.166789][T15388] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 590.256174][T15377] chnl_net:caif_netlink_parms(): no params data found [ 590.645590][T15398] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #1251: comm kworker/u8:4: corrupted in-inode xattr: bad magic number in in-inode xattr [ 590.680105][ T1160] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.724173][T15397] ================================================================== [ 590.732289][T15397] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330 [ 590.740187][T15397] Read of size 8 at addr ffff888143fd5800 by task syz.1.2423/15397 [ 590.748095][T15397] [ 590.750413][T15397] CPU: 1 UID: 0 PID: 15397 Comm: syz.1.2423 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 590.750435][T15397] Tainted: [U]=USER [ 590.750440][T15397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 590.750450][T15397] Call Trace: [ 590.750457][T15397] [ 590.750465][T15397] dump_stack_lvl+0x116/0x1f0 [ 590.750489][T15397] print_report+0xc3/0x670 [ 590.750503][T15397] ? __virt_addr_valid+0x5e/0x590 [ 590.750518][T15397] ? __phys_addr+0xc6/0x150 [ 590.750533][T15397] kasan_report+0xd9/0x110 [ 590.750545][T15397] ? force_devcd_write+0x317/0x330 [ 590.750565][T15397] ? force_devcd_write+0x317/0x330 [ 590.750584][T15397] force_devcd_write+0x317/0x330 [ 590.750602][T15397] ? __pfx_force_devcd_write+0x10/0x10 [ 590.750621][T15397] ? __debugfs_file_get+0x1ff/0x850 [ 590.750639][T15397] ? __pfx___debugfs_file_get+0x10/0x10 [ 590.750657][T15397] ? rcu_is_watching+0x12/0xc0 [ 590.750671][T15397] ? trace_lock_acquire+0x14e/0x1f0 [ 590.750688][T15397] full_proxy_write+0x13c/0x200 [ 590.750706][T15397] ? __pfx_full_proxy_write+0x10/0x10 [ 590.750723][T15397] vfs_write+0x24c/0x1150 [ 590.750742][T15397] ? __pfx_vfs_write+0x10/0x10 [ 590.750759][T15397] ? do_futex+0x123/0x350 [ 590.750775][T15397] ? __pfx_do_futex+0x10/0x10 [ 590.750796][T15397] ? __pfx___might_resched+0x10/0x10 [ 590.750817][T15397] ? __x64_sys_futex+0x1e1/0x4c0 [ 590.750840][T15397] ? __x64_sys_futex+0x1ea/0x4c0 [ 590.750859][T15397] ksys_write+0x12b/0x250 [ 590.750877][T15397] ? __pfx_ksys_write+0x10/0x10 [ 590.750898][T15397] do_syscall_64+0xcd/0x250 [ 590.750917][T15397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.750936][T15397] RIP: 0033:0x7f073018d169 [ 590.750949][T15397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.750963][T15397] RSP: 002b:00007f07310af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 590.750977][T15397] RAX: ffffffffffffffda RBX: 00007f07303a6080 RCX: 00007f073018d169 [ 590.750987][T15397] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000004 [ 590.750996][T15397] RBP: 00007f073020e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 590.751005][T15397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.751014][T15397] R13: 0000000000000000 R14: 00007f07303a6080 R15: 00007ffdd3db4c68 [ 590.751027][T15397] [ 590.751032][T15397] [ 590.986062][T15397] Allocated by task 5830: [ 590.990392][T15397] kasan_save_stack+0x33/0x60 [ 590.995073][T15397] kasan_save_track+0x14/0x30 [ 590.999749][T15397] __kasan_kmalloc+0xaa/0xb0 [ 591.004327][T15397] vhci_open+0x4c/0x430 [ 591.008471][T15397] misc_open+0x35a/0x420 [ 591.012693][T15397] chrdev_open+0x237/0x6a0 [ 591.017095][T15397] do_dentry_open+0x735/0x1c40 [ 591.021843][T15397] vfs_open+0x82/0x3f0 [ 591.025892][T15397] path_openat+0x1e88/0x2d80 [ 591.030471][T15397] do_filp_open+0x20c/0x470 [ 591.034961][T15397] do_sys_openat2+0x17a/0x1e0 [ 591.039634][T15397] __x64_sys_openat+0x175/0x210 [ 591.044466][T15397] do_syscall_64+0xcd/0x250 [ 591.048958][T15397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.054838][T15397] [ 591.057140][T15397] Freed by task 13548: [ 591.061182][T15397] kasan_save_stack+0x33/0x60 [ 591.065846][T15397] kasan_save_track+0x14/0x30 [ 591.070518][T15397] kasan_save_free_info+0x3b/0x60 [ 591.075536][T15397] __kasan_slab_free+0x51/0x70 [ 591.080376][T15397] kfree+0x2c4/0x4d0 [ 591.084273][T15397] vhci_release+0xbb/0xf0 [ 591.088608][T15397] __fput+0x3ff/0xb70 [ 591.092582][T15397] task_work_run+0x14e/0x250 [ 591.097180][T15397] do_exit+0xad8/0x2d70 [ 591.101336][T15397] do_group_exit+0xd3/0x2a0 [ 591.105840][T15397] get_signal+0x24ed/0x26c0 [ 591.110343][T15397] arch_do_signal_or_restart+0x90/0x7e0 [ 591.115878][T15397] syscall_exit_to_user_mode+0x150/0x2a0 [ 591.121512][T15397] do_syscall_64+0xda/0x250 [ 591.126016][T15397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.131896][T15397] [ 591.134240][T15397] The buggy address belongs to the object at ffff888143fd5800 [ 591.134240][T15397] which belongs to the cache kmalloc-1k of size 1024 [ 591.148272][T15397] The buggy address is located 0 bytes inside of [ 591.148272][T15397] freed 1024-byte region [ffff888143fd5800, ffff888143fd5c00) [ 591.161976][T15397] [ 591.164297][T15397] The buggy address belongs to the physical page: [ 591.170708][T15397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888143fd5800 pfn:0x143fd0 [ 591.180848][T15397] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 591.189507][T15397] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff) [ 591.198083][T15397] page_type: f5(slab) [ 591.202055][T15397] raw: 057ff00000000240 ffff88801b041dc0 ffffea000537e210 ffffea000503be10 [ 591.210631][T15397] raw: ffff888143fd5800 0000000000100003 00000000f5000000 0000000000000000 [ 591.219197][T15397] head: 057ff00000000240 ffff88801b041dc0 ffffea000537e210 ffffea000503be10 [ 591.227848][T15397] head: ffff888143fd5800 0000000000100003 00000000f5000000 0000000000000000 [ 591.236526][T15397] head: 057ff00000000003 ffffea00050ff401 ffffffffffffffff 0000000000000000 [ 591.245190][T15397] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 591.253842][T15397] page dumped because: kasan: bad access detected [ 591.260504][T15397] page_owner tracks the page as allocated [ 591.266195][T15397] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8936636075, free_ts 0 [ 591.285898][T15397] post_alloc_hook+0x181/0x1b0 [ 591.290663][T15397] get_page_from_freelist+0xfce/0x2f80 [ 591.296112][T15397] __alloc_frozen_pages_noprof+0x221/0x2470 [ 591.302005][T15397] alloc_pages_mpol+0x1fc/0x540 [ 591.306948][T15397] new_slab+0x23d/0x330 [ 591.311177][T15397] ___slab_alloc+0xc5d/0x1720 [ 591.315838][T15397] __slab_alloc.constprop.0+0x56/0xb0 [ 591.321285][T15397] __kmalloc_cache_noprof+0xfa/0x410 [ 591.326553][T15397] loop_add+0xbf/0xb60 [ 591.330609][T15397] loop_init+0x164/0x270 [ 591.334837][T15397] do_one_initcall+0x128/0x700 [ 591.339585][T15397] kernel_init_freeable+0x5c7/0x900 [ 591.344800][T15397] kernel_init+0x1c/0x2b0 [ 591.349124][T15397] ret_from_fork+0x45/0x80 [ 591.353535][T15397] ret_from_fork_asm+0x1a/0x30 [ 591.358287][T15397] page_owner free stack trace missing [ 591.364070][T15397] [ 591.366384][T15397] Memory state around the buggy address: [ 591.371989][T15397] ffff888143fd5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 591.380031][T15397] ffff888143fd5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 591.388070][T15397] >ffff888143fd5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 591.396127][T15397] ^ [ 591.400172][T15397] ffff888143fd5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 591.408234][T15397] ffff888143fd5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 591.416446][T15397] ================================================================== [ 591.424578][ C1] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 591.949018][T15377] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 591.982632][ T5838] Bluetooth: hci5: command tx timeout [ 592.496608][ T1160] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.541237][T15373] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 592.689153][T15373] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 592.712204][ T1160] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.737540][T15397] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 592.744756][T15397] CPU: 1 UID: 0 PID: 15397 Comm: syz.1.2423 Tainted: G U 6.14.0-rc7-syzkaller #0 [ 592.755243][T15397] Tainted: [U]=USER [ 592.759042][T15397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 592.769081][T15397] Call Trace: [ 592.772346][T15397] [ 592.775276][T15397] dump_stack_lvl+0x3d/0x1f0 [ 592.779859][T15397] panic+0x71d/0x800 [ 592.783742][T15397] ? __pfx_panic+0x10/0x10 [ 592.788161][T15397] ? preempt_schedule_thunk+0x1a/0x30 [ 592.793523][T15397] ? preempt_schedule_common+0x44/0xc0 [ 592.798980][T15397] check_panic_on_warn+0xab/0xb0 [ 592.803921][T15397] end_report+0x117/0x180 [ 592.808250][T15397] kasan_report+0xe9/0x110 [ 592.812769][T15397] ? force_devcd_write+0x317/0x330 [ 592.817881][T15397] ? force_devcd_write+0x317/0x330 [ 592.822996][T15397] force_devcd_write+0x317/0x330 [ 592.827958][T15397] ? __pfx_force_devcd_write+0x10/0x10 [ 592.833524][T15397] ? __debugfs_file_get+0x1ff/0x850 [ 592.838721][T15397] ? __pfx___debugfs_file_get+0x10/0x10 [ 592.844286][T15397] ? rcu_is_watching+0x12/0xc0 [ 592.849058][T15397] ? trace_lock_acquire+0x14e/0x1f0 [ 592.854268][T15397] full_proxy_write+0x13c/0x200 [ 592.859116][T15397] ? __pfx_full_proxy_write+0x10/0x10 [ 592.864482][T15397] vfs_write+0x24c/0x1150 [ 592.868915][T15397] ? __pfx_vfs_write+0x10/0x10 [ 592.873690][T15397] ? do_futex+0x123/0x350 [ 592.878041][T15397] ? __pfx_do_futex+0x10/0x10 [ 592.882725][T15397] ? __pfx___might_resched+0x10/0x10 [ 592.888036][T15397] ? __x64_sys_futex+0x1e1/0x4c0 [ 592.892961][T15397] ? __x64_sys_futex+0x1ea/0x4c0 [ 592.897885][T15397] ksys_write+0x12b/0x250 [ 592.902228][T15397] ? __pfx_ksys_write+0x10/0x10 [ 592.907069][T15397] do_syscall_64+0xcd/0x250 [ 592.911571][T15397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.917464][T15397] RIP: 0033:0x7f073018d169 [ 592.921864][T15397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.941475][T15397] RSP: 002b:00007f07310af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 592.949886][T15397] RAX: ffffffffffffffda RBX: 00007f07303a6080 RCX: 00007f073018d169 [ 592.957875][T15397] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000004 [ 592.965847][T15397] RBP: 00007f073020e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 592.973899][T15397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.981855][T15397] R13: 0000000000000000 R14: 00007f07303a6080 R15: 00007ffdd3db4c68 [ 592.989830][T15397] [ 592.992901][T15397] Kernel Offset: disabled [ 592.997212][T15397] Rebooting in 86400 seconds..