last executing test programs:

13m31.320918882s ago: executing program 1 (id=1762):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa821, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
memfd_create$auto(0x0, 0x12)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)

13m31.033127594s ago: executing program 1 (id=1764):
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x6, 0x0)
r0 = socket(0xa, 0x2, 0x88)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', <r2=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x8, r0, @relative_id=0x13, 0xe5fc}, 0xf)
bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc)

13m30.756074324s ago: executing program 1 (id=1765):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x9}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @remote}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x10}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR={0xa, 0x1, @random="a01d8645b361"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

13m30.315065937s ago: executing program 1 (id=1768):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
mkdir$auto(0x0, 0x353)

13m29.49764301s ago: executing program 1 (id=1772):
mmap$auto(0x8000002, 0x20009, 0x8000000400000003, 0xeb1, 0x401, 0x8001)
r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
socketpair$auto(0x2001e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa})
ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)

13m28.410642716s ago: executing program 1 (id=1774):
mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
ioctl$auto(r0, 0x5646, r0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
ioctl$auto(0x3, 0xae41, 0xffffffffffffffff)

13m28.410552652s ago: executing program 32 (id=1774):
mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
ioctl$auto(r0, 0x5646, r0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
ioctl$auto(0x3, 0xae41, 0xffffffffffffffff)

12m39.052461955s ago: executing program 4 (id=1952):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="e00013"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

12m38.575712386s ago: executing program 4 (id=1955):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040004}, 0x800)
openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0)
read$auto(0x3, 0x0, 0x7)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc)

12m37.534283234s ago: executing program 4 (id=1958):
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x11, 0x80003, 0x300)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)

12m35.58907496s ago: executing program 4 (id=1968):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
socket(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1$auto(0x3000000000000)
inotify_rm_watch$auto(r0, 0x84e4)

12m35.223383797s ago: executing program 4 (id=1970):
socket(0x1d, 0x2, 0x6)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
r0 = socket(0x23, 0x80805, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
fanotify_init$auto(0x5, 0x2000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2)
ioctl$auto(0x3, 0xc000ff0b, r0)

12m34.188893507s ago: executing program 4 (id=1976):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9)
recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0)
write$auto(0x3, 0x0, 0xfdef)
read$auto(0x4, 0x0, 0xfdef)

12m19.03887824s ago: executing program 33 (id=1976):
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9)
recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0)
write$auto(0x3, 0x0, 0xfdef)
read$auto(0x4, 0x0, 0xfdef)

8.74329912s ago: executing program 0 (id=4176):
r0 = socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0)
read$auto(0x3, 0x0, 0x80)
write$auto(0xffffffffffffffff, 0x0, 0xfd)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
lsm_list_modules$auto(0x0, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, r0, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
prctl$auto(0x3c, 0x9, 0xffffffffffffffff, 0x1, 0x9)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)

8.358742322s ago: executing program 3 (id=4178):
r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x7ae61e73ddc1d2b, 0x0)
r1 = openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, 0x0, 0x2, 0x0)
select$auto(0x5, 0x0, 0x0, 0x0, 0x0)
openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, 0x0, 0x28000, 0x0)
write$auto(0x3, 0x0, 0xfdef)
epoll_ctl$auto(r1, 0x40, 0xffffffffffffffff, 0x0)
write$auto_proc_mem_operations_base(r0, 0x0, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(r2, 0xfffffffffffff000, 0x2)
landlock_create_ruleset$auto(&(0x7f0000000140)={0x5, 0x3, 0x9}, 0x9, 0x0)
landlock_restrict_self$auto(r2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
settimeofday$auto(0x0, 0x0)
ptrace$auto(0x10, r3, 0x4, 0x7ff)

7.528934372s ago: executing program 0 (id=4180):
madvise$auto(0x407ff, 0x5, 0x15)
sysfs$auto(0x2, 0x10000000000002a, 0x0)
socket(0x2, 0x80002, 0x73)
r0 = socket(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), r0)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
madvise$auto(0x110c230000, 0x8031ca, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
getpgid$auto(0x0)
read$auto(0xffffffffffffffff, 0x0, 0xe8)
openat$auto_trace_fops_debugfs(0xffffffffffffff9c, 0x0, 0x202800, 0x0)
mmap$auto(0x0, 0x400008, 0x9, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)

7.34396314s ago: executing program 5 (id=4181):
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0xffffffffffffffff, 0xd, 0x13)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capset$auto(&(0x7f0000000340)={0x19980330}, 0x0)
socket(0xa, 0x5, 0x94)
io_uring_setup$auto(0x6, 0x0)
r1 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0)
read$auto(r1, 0x0, 0x80000000006)
signalfd$auto(r1, 0x0, 0x8)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffffff)
socket(0xa, 0x801, 0x84)

7.187558527s ago: executing program 3 (id=4182):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x1d, 0x2, 0x2)
connect$auto(0x3, 0x0, 0x55)
r2 = socket(0x10, 0x3, 0x6)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
write$auto(0x3, 0x0, 0x5c8)
close_range$auto(r2, 0xfffffffffffff000, 0x4000000000002)
getcwd$auto(&(0x7f0000000000)='\x00', 0x0)
socket(0xa, 0x5, 0x0)
socket(0x11, 0x80003, 0x300)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
write$auto(0x3, 0x0, 0x5c8)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x5c, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x10}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x211e789c}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @broadcast}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)

6.242547971s ago: executing program 5 (id=4183):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
open(0x0, 0xa22c0, 0x155)
r0 = socket(0x18, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0\x00'})
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
socket(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x84)
r2 = socket(0x18, 0x5, 0x1)
connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x80047437, 0x0)
read$auto(0x3, 0x0, 0x7)

5.916423992s ago: executing program 5 (id=4184):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
epoll_create$auto(0x4)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0xf82, 0x0)
readv$auto(r0, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)

5.757055627s ago: executing program 3 (id=4185):
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0)
socketpair$auto(0xfff, 0x5, 0x10, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
fsopen$auto(0x0, 0x1)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
pselect6$auto(0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
shmget$auto(0xa, 0x10563, 0x568d1af2)
read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)

5.4424252s ago: executing program 2 (id=4186):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x3, 0x0)
close_range$auto(0x2, 0xa, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24044010}, 0xc0)
mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x0, 0x2}}, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

5.152173094s ago: executing program 2 (id=4187):
mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000)
sysfs$auto(0x2, 0x1f, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x801, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x10, 0x80002, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x801, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x80002, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
timerfd_create$auto(0x0, 0x0)
timerfd_settime$auto(r1, 0x3, 0x0, 0x0)
timerfd_settime$auto(r0, 0x3, 0x0, 0x0)

4.846000321s ago: executing program 0 (id=4188):
memfd_secret$auto(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x2, 0x0)
socket(0xa, 0x5, 0x0)
socketpair$auto(0x3, 0x5, 0x7, 0x0)
bpf$auto(0x0, 0x0, 0xaf1)

4.521819328s ago: executing program 2 (id=4189):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r2=>0x0})
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x5, 0x2000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x80805, 0x0)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
pidfd_getfd$auto(0x3, 0x1, 0x100000000)
bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc)
r3 = open(0x0, 0x261c2, 0x84)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc)

4.404515302s ago: executing program 5 (id=4190):
mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
write$auto(0x3, 0x0, 0xfffffdef)
mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
fstat$auto(r0, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd})
semctl$auto_SETALL(0x2, 0x6, 0x11, 0xb1c)
r2 = socket(0x15, 0x5, 0x0)
getsockopt$auto(r2, 0x114, 0x271f, 0xfffffffffffffffc, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
io_uring_setup$auto(0x6, 0x0)

4.129518385s ago: executing program 0 (id=4191):
r0 = socket(0xa, 0x3, 0x3b)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0x9)
mbind$auto(0x0, 0x605, 0x3, 0x0, 0x7, 0x3)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xdd, 0x8000)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = syz_clone(0x100281091, 0x0, 0xffb6, 0x0, 0x0, 0x0)
move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2)
getsockopt$auto(r0, 0x3a, 0x20, 0x0, 0x0)
r2 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card0/pcm0p/sub7/status\x00', 0x0, 0x0)
ioctl$auto_UDMABUF_CREATE(r2, 0x40187542, 0x0)

4.04234811s ago: executing program 2 (id=4192):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socket(0x10, 0x2, 0x14)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x40, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
socket(0x2, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
socket(0xa, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_create$auto(0x0, 0x6)
r0 = socket(0x10, 0x2, 0x14)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4010}, 0x51)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0)

3.77723634s ago: executing program 3 (id=4193):
socket(0x1d, 0x2, 0x6)
socket(0x2, 0x1, 0x0)
openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa1\x00', 0x1, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x3, 0x3a)
socketpair$auto(0x1e, 0x5, 0xfffffffc, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x1f, 0x0)

3.401697458s ago: executing program 3 (id=4194):
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
bpf$auto(0x0, &(0x7f00000000c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x4, 0x3}, 0x6f6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x3)
r0 = socket(0xa, 0x2, 0x88)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3)

2.651724717s ago: executing program 2 (id=4195):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r0 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0)
unshare$auto(0x40000080)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd)
setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8)

2.590419998s ago: executing program 5 (id=4196):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x0)
io_uring_setup$auto(0x1, 0x0)
socket(0xf, 0x3, 0x2)
socket(0x10, 0x2, 0x6)
socket(0x29, 0x2, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x0)
r0 = socket(0xa, 0x801, 0x84)
getsockopt$auto(r0, 0x84, 0x71, 0x0, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffb8, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

1.811230346s ago: executing program 3 (id=4197):
madvise$auto(0x407ff, 0x5, 0x15)
sysfs$auto(0x2, 0x10000000000002a, 0x0)
socket(0x2, 0x80002, 0x73)
r0 = socket(0xa, 0x1, 0x84)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), r0)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
madvise$auto(0x110c230000, 0x8031ca, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
getpgid$auto(0x0)
read$auto(0xffffffffffffffff, 0x0, 0xe8)
openat$auto_trace_fops_debugfs(0xffffffffffffff9c, 0x0, 0x202800, 0x0)
mmap$auto(0x0, 0x400008, 0x9, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)

1.810622426s ago: executing program 0 (id=4205):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
r0 = socket(0x10, 0x2, 0xc)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
fanotify_init$auto(0x65, 0x2)
pipe$auto(0x0)
dup2$auto(0x5, 0x4)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9)
write$auto(0x6, 0x0, 0x100000001)
sysfs$auto(0x2, 0x2e, 0x0)
setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9)
recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)
close_range$auto(0x2, 0x8, 0x0)

1.174778169s ago: executing program 5 (id=4198):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
socket(0x2, 0x1, 0x0)
epoll_create$auto(0x4)
epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0)
openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0)
connect$auto(0x4, 0x0, 0x10)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
socketpair$auto(0x2d, 0x2, 0x8000000000000000, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
close_range$auto(0x2, 0x8, 0x0)

579.948115ms ago: executing program 2 (id=4199):
r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r0)
mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$auto_WG_CMD_SET_DEVICE(r1, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000000000)={0x30, r2, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x80)
sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@WGDEVICE_A_FWMARK={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4014)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mknod$auto(&(0x7f0000000080)='}[,&*}\x00', 0xe6c, 0x17)
llistxattr$auto(&(0x7f0000000040)='}[,&*}\x00', 0x0, 0x7)
rmdir$auto(&(0x7f0000000300)='./cgroup\x00')
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
select$auto(0x4, 0x0, &(0x7f0000000340)={[0x209c, 0x40000000e9e, 0x7, 0x9, 0x33, 0x100000001, 0xa, 0xf, 0x1, 0x6, 0x3, 0x8000000d59, 0x8, 0x100000ff, 0x3, 0x80080001]}, 0x0, 0x0)

0s ago: executing program 0 (id=4200):
syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff)
socket(0x1e, 0x1, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram10\x00', 0xe0702, 0x0)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
read$auto(r1, 0x0, 0xb4d3)

kernel console output (not intermixed with test programs):

				



			



		

		
				
	


	
					

	



			



		
	
	

	
	

		
				
	


	
	

	
	
	
					
	
	

	
	



			


		


		



		
	
	

	
	
	
	

	
	



	




	
	

	
	
	
	

	
	
	

	
		
	
	

	
	
	

	
		

	

		
	

	



	
			
	

	

	
		

		
	

	
		
	

	
		
	
	
	
	
	
	
	

	
		


	
		
	

	
		
	

	
		



	
	

	

	

	
		
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	




	






			







			







	






	







		









	

	
		
	
	

	
	
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	




	






	








	



	


		
	
		
	
		
		

	
	
	












	
	

	








	




	




		








				
	


	



	


	
		


		



	

	
	

	

	
				
	
		


	
	

	
		
	

	
		


	

	
		

	


	
	

		
	
		
	
	

	



			








	




	





	
	
	


		











	



	
	

	








	
	






	





	





		








	
		

	


	
	

		
	
		
	
	

	



			








	





	















		
		


	

	













	


















	















	




	
	






	





	





		







				

				


			
	

				
				

			
	



	

	

	
		
	

	
		



	

	
		
	

	
		
	
	

	
	
	
	

	
	
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	


		

	



		


		


	

		


















	


	
	








	




	





		







	

	
		
	
	
	
	
	
	

	
		

	


	
	

		
	
		
	
	

	



			








	





	









	




	

	
	


	



	
	


	


	

		

		
	


	


		
	

		
	
	
	
	
	
	
	






	






	







		









			

	
		

	


	

	

		
	
		
	
	

	



			








	

	






	
	








	

	
	

	




		
	
	








	


	



	



	



	
	
	








	






		











	

	









	
	







	









	
	




		
		
		
		
	






	




	





	
	








								



	
		

	


	
	

		
	
		
	
	

	



			








	





	













	
	











	

	

	
		
		
		
		
		


		


	

		


















	


	
	








	




	





		







	
	
			


	

	
		

	


	
	

		
	
		
	
	

	



			








	

	
	


	




	
	
	
	









	
	
		
	
	
	
	
		






	
	










	
	






	





	





		








	
	


	

	
		
	

	



	

	

	
		
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	




	




















	



	
	














	
	










	
	






	





	





		










	
		
		
	
	

	



			













	



	
	














	
	










	
	






	





	





		







	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	





	




	
	


	

	

	


	



	

	


	

	


	
	

	

	






	




	





		







	

	
		

	
				
	
	



	
	




	
		

	


	
	

		
	
		
	
	

	



			








	





	









	




	

	
	


	



	
	


	


	

		

		
	


	


		
		
	


	

			
			



		

	
		
		


		


	

		


















	


	
	








	




	





		








	
		

	


		

		
	
		
	
	

	



			








	









	
	




	


	








	
	






	




	






		








	

	
		
	
	

	
		

	


		

		
	
		
	
	

	



			








	






	
	


	






	
	






	





	





		







	
	



	
				
	
		
	


	
	
	

	
		

	


	
	

		
	
		
	
	

	



			








	





	





	

	


	


	


	



	

	
	

	









	












	





	

	

	

	













	

	

	












	
	






	





	






		








	
		

	


		

		
	
		
	
	

	



			








	








	










	
	






	




	





		







	

	

	
		








		
	


				



	

	
				
	
	



	
	

	
		

	


		

		
	
		
	
	

	



			








	

	
	
	


	

	








	




	






		








	
		

	


	
	

		
	
		
	
	

	



			








	



	













	






	


	
	








	




	





		







		
	

	
	



syzkaller
syzkaller login: [  994.730140][T16958] Invalid ELF header magic: != ELF
[  997.099963][T16998] FAULT_INJECTION: forcing a failure.
[  997.099963][T16998] name failslab, interval 1, probability 0, space 0, times 0
[  997.276446][T16998] CPU: 1 UID: 0 PID: 16998 Comm: syz.3.3715 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[  997.276489][T16998] Tainted: [U]=USER
[  997.276498][T16998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  997.276514][T16998] Call Trace:
[  997.276521][T16998]  <TASK>
[  997.276531][T16998]  dump_stack_lvl+0x16c/0x1f0
[  997.276563][T16998]  should_fail_ex+0x512/0x640
[  997.276595][T16998]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  997.276625][T16998]  should_failslab+0xc2/0x120
[  997.276654][T16998]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  997.276681][T16998]  ? __d_alloc+0x31/0xaa0
[  997.276709][T16998]  __d_alloc+0x31/0xaa0
[  997.276731][T16998]  ? unix_create1+0x4d9/0x6c0
[  997.276765][T16998]  d_alloc_pseudo+0x1c/0xc0
[  997.276795][T16998]  alloc_file_pseudo+0xcf/0x230
[  997.276828][T16998]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  997.276856][T16998]  ? bpf_lsm_socket_post_create+0x9/0x10
[  997.276905][T16998]  sock_alloc_file+0x50/0x210
[  997.276931][T16998]  __sys_socketpair+0x31c/0x5a0
[  997.276965][T16998]  ? __pfx___sys_socketpair+0x10/0x10
[  997.276998][T16998]  ? xfd_validate_state+0x5d/0x180
[  997.277049][T16998]  ? rcu_is_watching+0x12/0xc0
[  997.277074][T16998]  __x64_sys_socketpair+0x96/0x100
[  997.277124][T16998]  ? lockdep_hardirqs_on+0x7c/0x110
[  997.277151][T16998]  do_syscall_64+0xcd/0x230
[  997.277182][T16998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.277206][T16998] RIP: 0033:0x7fdcd958e969
[  997.277225][T16998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  997.277261][T16998] RSP: 002b:00007fdcda3ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  997.277282][T16998] RAX: ffffffffffffffda RBX: 00007fdcd97b6080 RCX: 00007fdcd958e969
[  997.277298][T16998] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[  997.277313][T16998] RBP: 00007fdcd9610ab1 R08: 0000000000000000 R09: 0000000000000000
[  997.277327][T16998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  997.277341][T16998] R13: 0000000000000000 R14: 00007fdcd97b6080 R15: 00007fff89bdd658
[  997.277370][T16998]  </TASK>
[  998.207679][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  998.213997][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  998.439772][T17007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3718'.
[  999.299845][T17014] netlink: 'syz.5.3720': attribute type 10 has an invalid length.
[  999.428412][T17014] netlink: 230 bytes leftover after parsing attributes in process `syz.5.3720'.
[  999.462337][T17018] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3721'.
[  999.690739][T17015] ima: policy update failed
[  999.699104][   T30] audit: type=1802 audit(4294967683.467:22): pid=17015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3721" res=0 errno=0
[  999.731520][T17014] bridge0: port 3(team0) entered disabled state
[  999.819003][T17014] team0: left allmulticast mode
[  999.918417][T17014] team_slave_0: left allmulticast mode
[ 1000.128003][T17014] team_slave_1: left allmulticast mode
[ 1000.133494][T17014] team0: left promiscuous mode
[ 1000.247255][T17014] team_slave_0: left promiscuous mode
[ 1000.350539][T17014] team_slave_1: left promiscuous mode
[ 1000.448231][T17014] bridge0: port 3(team0) entered disabled state
[ 1000.699778][T17014] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1001.583871][T17031] input: isc as /devices/virtual/input/input22
[ 1001.663360][T17031] FAULT_INJECTION: forcing a failure.
[ 1001.663360][T17031] name failslab, interval 1, probability 0, space 0, times 0
[ 1001.746793][T17031] CPU: 1 UID: 0 PID: 17031 Comm: syz.2.3727 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1001.746829][T17031] Tainted: [U]=USER
[ 1001.746837][T17031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1001.746849][T17031] Call Trace:
[ 1001.746857][T17031]  <TASK>
[ 1001.746865][T17031]  dump_stack_lvl+0x16c/0x1f0
[ 1001.746895][T17031]  should_fail_ex+0x512/0x640
[ 1001.746924][T17031]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1001.746951][T17031]  should_failslab+0xc2/0x120
[ 1001.746977][T17031]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1001.746999][T17031]  ? __pfx_idr_alloc_u32+0x10/0x10
[ 1001.747022][T17031]  ? __kernfs_new_node+0xd2/0x8a0
[ 1001.747063][T17031]  __kernfs_new_node+0xd2/0x8a0
[ 1001.747100][T17031]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1001.747140][T17031]  ? find_held_lock+0x2b/0x80
[ 1001.747161][T17031]  ? kernfs_root+0xee/0x2a0
[ 1001.747199][T17031]  kernfs_new_node+0x13c/0x1e0
[ 1001.747226][T17031]  kernfs_create_dir_ns+0x4c/0x1a0
[ 1001.747252][T17031]  internal_create_group+0x34d/0xf30
[ 1001.747291][T17031]  ? kernfs_add_one+0x14e/0x840
[ 1001.747313][T17031]  ? __pfx_internal_create_group+0x10/0x10
[ 1001.747351][T17031]  ? __pfx_dev_add_physical_location+0x10/0x10
[ 1001.747377][T17031]  ? bus_to_subsys+0x131/0x160
[ 1001.747410][T17031]  dpm_sysfs_add+0x80/0x280
[ 1001.747436][T17031]  device_add+0x9a6/0x1a70
[ 1001.747465][T17031]  ? __pfx_device_add+0x10/0x10
[ 1001.747491][T17031]  ? __pfx_exact_lock+0x10/0x10
[ 1001.747523][T17031]  ? kobject_get+0xbb/0x150
[ 1001.747553][T17031]  cdev_device_add+0xc2/0x1e0
[ 1001.747578][T17031]  evdev_connect+0x3a4/0x4c0
[ 1001.747608][T17031]  input_attach_handler.isra.0+0x181/0x260
[ 1001.747637][T17031]  input_register_device+0xa84/0x1130
[ 1001.747666][T17031]  uinput_ioctl_handler.isra.0+0x1357/0x1df0
[ 1001.747703][T17031]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[ 1001.747743][T17031]  ? find_held_lock+0x2b/0x80
[ 1001.747775][T17031]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1001.747808][T17031]  __x64_sys_ioctl+0x190/0x200
[ 1001.747839][T17031]  do_syscall_64+0xcd/0x230
[ 1001.747868][T17031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1001.747890][T17031] RIP: 0033:0x7f6b0058e969
[ 1001.747907][T17031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1001.747928][T17031] RSP: 002b:00007f6b01382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1001.747948][T17031] RAX: ffffffffffffffda RBX: 00007f6b007b5fa0 RCX: 00007f6b0058e969
[ 1001.747962][T17031] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005
[ 1001.747975][T17031] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1001.747988][T17031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1001.748001][T17031] R13: 0000000000000000 R14: 00007f6b007b5fa0 R15: 00007ffdb595c098
[ 1001.748028][T17031]  </TASK>
[ 1002.425813][T17032] netlink: 306 bytes leftover after parsing attributes in process `syz.5.3726'.
[ 1003.504388][T17045] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3730'.
[ 1003.602497][T17046] netlink: 274 bytes leftover after parsing attributes in process `syz.5.3730'.
[ 1004.048406][T17031] input: failed to attach handler evdev to device input22, error: -12
[ 1006.281093][T17074] lo: entered allmulticast mode
[ 1006.312676][T17074] lo: left allmulticast mode
[ 1008.209622][T17098] serio: Serial port pty64
[ 1009.292282][T17126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3747'.
[ 1010.051967][T17134] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3749'.
[ 1010.866184][T17003] delete_channel: no stack
[ 1017.952067][T17198] netlink: 246 bytes leftover after parsing attributes in process `syz.5.3766'.
[ 1018.995600][T17209] netlink: 'syz.0.3768': attribute type 10 has an invalid length.
[ 1019.157369][T17209] netlink: 230 bytes leftover after parsing attributes in process `syz.0.3768'.
[ 1021.521726][T17237] FAULT_INJECTION: forcing a failure.
[ 1021.521726][T17237] name failslab, interval 1, probability 0, space 0, times 0
[ 1021.652869][T17237] CPU: 1 UID: 0 PID: 17237 Comm: syz.3.3776 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1021.652912][T17237] Tainted: [U]=USER
[ 1021.652920][T17237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1021.652934][T17237] Call Trace:
[ 1021.652942][T17237]  <TASK>
[ 1021.652951][T17237]  dump_stack_lvl+0x16c/0x1f0
[ 1021.652984][T17237]  should_fail_ex+0x512/0x640
[ 1021.653034][T17237]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1021.653077][T17237]  should_failslab+0xc2/0x120
[ 1021.653105][T17237]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1021.653144][T17237]  ? snd_seq_prioq_new+0x3f/0x110
[ 1021.653184][T17237]  snd_seq_prioq_new+0x3f/0x110
[ 1021.653219][T17237]  snd_seq_queue_alloc+0x12b/0x550
[ 1021.653257][T17237]  snd_seq_ioctl_create_queue+0xa9/0x380
[ 1021.653283][T17237]  snd_seq_kernel_client_ctl+0x107/0x1c0
[ 1021.653314][T17237]  alloc_seq_queue+0xda/0x180
[ 1021.653340][T17237]  ? __pfx_alloc_seq_queue+0x10/0x10
[ 1021.653384][T17237]  ? mark_held_locks+0x49/0x80
[ 1021.653413][T17237]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1021.653440][T17237]  snd_seq_oss_open+0x38c/0xa20
[ 1021.653474][T17237]  odev_open+0x6f/0x90
[ 1021.653496][T17237]  ? __pfx_odev_open+0x10/0x10
[ 1021.653520][T17237]  soundcore_open+0x409/0x580
[ 1021.653547][T17237]  ? __pfx_soundcore_open+0x10/0x10
[ 1021.653571][T17237]  chrdev_open+0x231/0x6a0
[ 1021.653595][T17237]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1021.653624][T17237]  ? __pfx_chrdev_open+0x10/0x10
[ 1021.653651][T17237]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1021.653691][T17237]  do_dentry_open+0x741/0x1c10
[ 1021.653715][T17237]  ? __pfx_chrdev_open+0x10/0x10
[ 1021.653752][T17237]  vfs_open+0x82/0x3f0
[ 1021.653786][T17237]  path_openat+0x1e5e/0x2d40
[ 1021.653819][T17237]  ? __pfx_path_openat+0x10/0x10
[ 1021.653849][T17237]  do_filp_open+0x20b/0x470
[ 1021.653875][T17237]  ? __pfx_do_filp_open+0x10/0x10
[ 1021.653918][T17237]  ? alloc_fd+0x471/0x7d0
[ 1021.653961][T17237]  do_sys_openat2+0x11b/0x1d0
[ 1021.653992][T17237]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1021.654034][T17237]  __x64_sys_openat+0x174/0x210
[ 1021.654065][T17237]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1021.654098][T17237]  ? rcu_is_watching+0x12/0xc0
[ 1021.654139][T17237]  do_syscall_64+0xcd/0x230
[ 1021.654170][T17237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1021.654193][T17237] RIP: 0033:0x7fdcd958e969
[ 1021.654211][T17237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1021.654234][T17237] RSP: 002b:00007fdcda3ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1021.654255][T17237] RAX: ffffffffffffffda RBX: 00007fdcd97b6080 RCX: 00007fdcd958e969
[ 1021.654271][T17237] RDX: 0000000000002000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1021.654285][T17237] RBP: 00007fdcd9610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1021.654300][T17237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1021.654313][T17237] R13: 0000000000000000 R14: 00007fdcd97b6080 R15: 00007fff89bdd658
[ 1021.654342][T17237]  </TASK>
[ 1022.540577][ T5835] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1023.628002][T17255] netlink: 2076 bytes leftover after parsing attributes in process `syz.5.3781'.
[ 1026.090523][T17286] netlink: 246 bytes leftover after parsing attributes in process `syz.2.3792'.
[ 1027.029765][T17278] kexec: Could not allocate control_code_buffer
[ 1027.101097][T17295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3796'.
[ 1028.860429][T17304] kexec: Could not allocate control_code_buffer
[ 1029.490953][T17319] random: crng reseeded on system resumption
[ 1031.624255][T17342] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3810'.
[ 1031.717874][T17342] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3810'.
[ 1032.612097][T17349] netlink: 'syz.3.3813': attribute type 5 has an invalid length.
[ 1032.671682][T17349] netlink: 'syz.3.3813': attribute type 1 has an invalid length.
[ 1032.717206][T17349] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3813'.
[ 1032.800846][T17351] netlink: 'syz.3.3813': attribute type 5 has an invalid length.
[ 1032.853387][T17351] netlink: 'syz.3.3813': attribute type 1 has an invalid length.
[ 1032.927233][T17351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3813'.
[ 1034.088580][T17371] Device name cannot be null; rc = [-22]
[ 1034.240466][T17370] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1034.287437][T17370] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1034.315327][T17370] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1034.493265][T17370] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1034.540315][T17370] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1034.664611][T17370] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1034.693906][T17370] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1034.765889][T17370] CPU0 is offline.
[ 1035.269655][T17378] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3823'.
[ 1036.258391][T17225] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1036.337159][T17225] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1036.481715][T17385] FAULT_INJECTION: forcing a failure.
[ 1036.481715][T17385] name failslab, interval 1, probability 0, space 0, times 0
[ 1036.507164][T17225] Bluetooth: hci4: command 0x0406 tx timeout
[ 1036.597280][T17385] CPU: 1 UID: 0 PID: 17385 Comm: syz.2.3825 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1036.597334][T17385] Tainted: [U]=USER
[ 1036.597342][T17385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1036.597355][T17385] Call Trace:
[ 1036.597363][T17385]  <TASK>
[ 1036.597372][T17385]  dump_stack_lvl+0x16c/0x1f0
[ 1036.597404][T17385]  should_fail_ex+0x512/0x640
[ 1036.597452][T17385]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1036.597492][T17385]  should_failslab+0xc2/0x120
[ 1036.597520][T17385]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1036.597555][T17385]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1036.597588][T17385]  ? ip6addrlbl_alloc+0x9a/0x2c0
[ 1036.597619][T17385]  ip6addrlbl_alloc+0x9a/0x2c0
[ 1036.597647][T17385]  ip6addrlbl_net_init+0x13d/0x400
[ 1036.597676][T17385]  ? __pfx_ip6addrlbl_net_init+0x10/0x10
[ 1036.597703][T17385]  ops_init+0x1df/0x5f0
[ 1036.597729][T17385]  setup_net+0x21e/0x850
[ 1036.597767][T17385]  ? __pfx_setup_net+0x10/0x10
[ 1036.597787][T17385]  ? lockdep_init_map_type+0x5c/0x280
[ 1036.597815][T17385]  ? __pfx_down_read_killable+0x10/0x10
[ 1036.597847][T17385]  ? debug_mutex_init+0x37/0x70
[ 1036.597884][T17385]  copy_net_ns+0x2a6/0x5f0
[ 1036.597911][T17385]  create_new_namespaces+0x3ea/0xad0
[ 1036.597960][T17385]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1036.598000][T17385]  ksys_unshare+0x45b/0xa40
[ 1036.598029][T17385]  ? __pfx_ksys_unshare+0x10/0x10
[ 1036.598055][T17385]  ? xfd_validate_state+0x5d/0x180
[ 1036.598091][T17385]  ? rcu_is_watching+0x12/0xc0
[ 1036.598116][T17385]  __x64_sys_unshare+0x31/0x40
[ 1036.598144][T17385]  do_syscall_64+0xcd/0x230
[ 1036.598172][T17385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.598193][T17385] RIP: 0033:0x7f6b0058e969
[ 1036.598210][T17385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1036.598232][T17385] RSP: 002b:00007f6b01382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1036.598252][T17385] RAX: ffffffffffffffda RBX: 00007f6b007b5fa0 RCX: 00007f6b0058e969
[ 1036.598266][T17385] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1036.598279][T17385] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1036.598292][T17385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1036.598305][T17385] R13: 0000000000000000 R14: 00007f6b007b5fa0 R15: 00007ffdb595c098
[ 1036.598331][T17385]  </TASK>
[ 1037.172410][T17225] Bluetooth: hci1: command 0x0406 tx timeout
[ 1038.417177][T17225] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1038.578502][T17225] Bluetooth: hci4: command 0x0406 tx timeout
[ 1039.220801][ T5835] Bluetooth: hci1: command 0x0406 tx timeout
[ 1040.897525][T17225] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1041.001225][T17419] FAULT_INJECTION: forcing a failure.
[ 1041.001225][T17419] name failslab, interval 1, probability 0, space 0, times 0
[ 1041.091589][T17419] CPU: 1 UID: 0 PID: 17419 Comm: syz.2.3833 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1041.091627][T17419] Tainted: [U]=USER
[ 1041.091635][T17419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1041.091648][T17419] Call Trace:
[ 1041.091656][T17419]  <TASK>
[ 1041.091664][T17419]  dump_stack_lvl+0x16c/0x1f0
[ 1041.091695][T17419]  should_fail_ex+0x512/0x640
[ 1041.091726][T17419]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1041.091753][T17419]  should_failslab+0xc2/0x120
[ 1041.091779][T17419]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1041.091803][T17419]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 1041.091831][T17419]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 1041.091859][T17419]  idr_get_free+0x528/0xa30
[ 1041.091893][T17419]  idr_alloc_u32+0x190/0x2f0
[ 1041.091919][T17419]  ? __pfx_idr_alloc_u32+0x10/0x10
[ 1041.091946][T17419]  ? __pfx___mutex_lock+0x10/0x10
[ 1041.091978][T17419]  idr_alloc+0xc0/0x130
[ 1041.091999][T17419]  ? __pfx_idr_alloc+0x10/0x10
[ 1041.092022][T17419]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1041.092055][T17419]  ppp_dev_configure+0x905/0xc80
[ 1041.092087][T17419]  ppp_ioctl+0x17e0/0x2660
[ 1041.092114][T17419]  ? find_held_lock+0x2b/0x80
[ 1041.092135][T17419]  ? __pfx_ppp_ioctl+0x10/0x10
[ 1041.092165][T17419]  ? __fget_files+0x20e/0x3c0
[ 1041.092202][T17419]  ? __pfx_ppp_ioctl+0x10/0x10
[ 1041.092229][T17419]  __x64_sys_ioctl+0x190/0x200
[ 1041.092260][T17419]  do_syscall_64+0xcd/0x230
[ 1041.092288][T17419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1041.092310][T17419] RIP: 0033:0x7f6b0058e969
[ 1041.092326][T17419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1041.092347][T17419] RSP: 002b:00007f6b01382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1041.092368][T17419] RAX: ffffffffffffffda RBX: 00007f6b007b5fa0 RCX: 00007f6b0058e969
[ 1041.092387][T17419] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000003
[ 1041.092401][T17419] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1041.092414][T17419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1041.092426][T17419] R13: 0000000000000000 R14: 00007f6b007b5fa0 R15: 00007ffdb595c098
[ 1041.092454][T17419]  </TASK>
[ 1042.858027][T17436] netlink: 252 bytes leftover after parsing attributes in process `syz.5.3839'.
[ 1043.181143][T17437] netlink: 252 bytes leftover after parsing attributes in process `syz.5.3839'.
[ 1044.441741][T17454] FAULT_INJECTION: forcing a failure.
[ 1044.441741][T17454] name fail_futex, interval 1, probability 0, space 0, times 0
[ 1044.723991][T17454] CPU: 1 UID: 0 PID: 17454 Comm: syz.5.3844 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1044.724028][T17454] Tainted: [U]=USER
[ 1044.724035][T17454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1044.724048][T17454] Call Trace:
[ 1044.724055][T17454]  <TASK>
[ 1044.724064][T17454]  dump_stack_lvl+0x16c/0x1f0
[ 1044.724094][T17454]  should_fail_ex+0x512/0x640
[ 1044.724128][T17454]  get_futex_key+0x49e/0x1000
[ 1044.724149][T17454]  ? find_held_lock+0x2b/0x80
[ 1044.724171][T17454]  ? __pfx_get_futex_key+0x10/0x10
[ 1044.724192][T17454]  ? do_raw_spin_unlock+0x172/0x230
[ 1044.724224][T17454]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1044.724248][T17454]  ? trace_pid_list_is_set+0x100/0x150
[ 1044.724274][T17454]  futex_wait_setup+0x78/0x290
[ 1044.724301][T17454]  ? event_filter_pid_sched_wakeup_probe_post+0x103/0x270
[ 1044.724334][T17454]  __futex_wait+0x266/0x3c0
[ 1044.724363][T17454]  ? __pfx___futex_wait+0x10/0x10
[ 1044.724390][T17454]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1044.724417][T17454]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1044.724455][T17454]  futex_wait+0xe8/0x380
[ 1044.724481][T17454]  ? __pfx_futex_wait+0x10/0x10
[ 1044.724514][T17454]  ? kmem_cache_free+0x2d4/0x4d0
[ 1044.724535][T17454]  ? fd_install+0x225/0x750
[ 1044.724565][T17454]  ? putname+0x154/0x1a0
[ 1044.724593][T17454]  do_futex+0x229/0x350
[ 1044.724615][T17454]  ? __pfx_do_futex+0x10/0x10
[ 1044.724645][T17454]  __x64_sys_futex+0x1e0/0x4c0
[ 1044.724669][T17454]  ? __x64_sys_openat+0x174/0x210
[ 1044.724699][T17454]  ? __pfx___x64_sys_futex+0x10/0x10
[ 1044.724723][T17454]  ? rcu_is_watching+0x12/0xc0
[ 1044.724755][T17454]  do_syscall_64+0xcd/0x230
[ 1044.724785][T17454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1044.724807][T17454] RIP: 0033:0x7f292858e969
[ 1044.724824][T17454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1044.724846][T17454] RSP: 002b:00007f29294e00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1044.724866][T17454] RAX: ffffffffffffffda RBX: 00007f29287b5fa8 RCX: 00007f292858e969
[ 1044.724880][T17454] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f29287b5fa8
[ 1044.724893][T17454] RBP: 00007f29287b5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1044.724906][T17454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29287b5fac
[ 1044.724919][T17454] R13: 0000000000000000 R14: 00007ffce5ef3760 R15: 00007ffce5ef3848
[ 1044.724945][T17454]  </TASK>
[ 1044.970236][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1045.466276][T17465] cougar: G6 mapped to space
[ 1046.371880][T17471] sp0: Synchronizing with TNC
[ 1046.641062][   T30] audit: type=1326 audit(4294967336.870:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17475 comm="syz.3.3850" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdcd958e969 code=0x0
[ 1047.369733][T17479] syz.3.3850 (17479) used greatest stack depth: 21064 bytes left

syzkaller
syzkaller login: [ 1052.523750][T17225] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260
[ 1052.523780][T17225] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260
[ 1052.540897][T17225] Bluetooth: hci2: Dropping invalid advertising data
[ 1052.548777][T17225] Bluetooth: hci2: unknown advertising packet type: 0xe9
[ 1053.690954][T17536] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3864'.
[ 1057.168422][T17572] sd 0:0:1:0: device reset
[ 1058.960921][T17592] netlink: 'syz.3.3881': attribute type 10 has an invalid length.
[ 1059.025116][T17592] netlink: 230 bytes leftover after parsing attributes in process `syz.3.3881'.
[ 1059.087422][T17592] team_slave_1: left promiscuous mode
[ 1059.128768][T17592] team_slave_1: left allmulticast mode
[ 1059.340650][T17592] team0: Port device team_slave_1 removed
[ 1059.623819][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.637183][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1060.758668][T17610] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3886'.
[ 1060.826270][T17614] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3886'.
[ 1062.915964][T17624] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3887'.
[ 1063.159148][T17633] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3889'.
[ 1065.061686][T17651] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3895'.
[ 1065.251584][T17653] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3895'.
[ 1065.524747][T17654] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3895'.
[ 1067.808956][T17674] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3899'.
[ 1070.487424][T17709] FAULT_INJECTION: forcing a failure.
[ 1070.487424][T17709] name failslab, interval 1, probability 0, space 0, times 0
[ 1070.691509][T17708] Invalid ELF header magic: != ELF
[ 1070.802634][T17709] CPU: 1 UID: 0 PID: 17709 Comm: syz.0.3910 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1070.802673][T17709] Tainted: [U]=USER
[ 1070.802681][T17709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1070.802695][T17709] Call Trace:
[ 1070.802703][T17709]  <TASK>
[ 1070.802712][T17709]  dump_stack_lvl+0x16c/0x1f0
[ 1070.802742][T17709]  should_fail_ex+0x512/0x640
[ 1070.802777][T17709]  ? aa_label_asxprint+0x75/0x140
[ 1070.802797][T17709]  should_failslab+0xc2/0x120
[ 1070.802823][T17709]  __kmalloc_noprof+0xd2/0x510
[ 1070.802854][T17709]  aa_label_asxprint+0x75/0x140
[ 1070.802876][T17709]  apparmor_lsmprop_to_secctx+0xb2/0x1a0
[ 1070.802906][T17709]  security_lsmprop_to_secctx+0x94/0x260
[ 1070.802936][T17709]  audit_log_task_context+0x134/0x1a0
[ 1070.802960][T17709]  ? __pfx_audit_log_task_context+0x10/0x10
[ 1070.802986][T17709]  ? from_kuid+0x8d/0xd0
[ 1070.803013][T17709]  ? __pfx_from_kuid+0x10/0x10
[ 1070.803047][T17709]  integrity_audit_message+0x269/0x580
[ 1070.803078][T17709]  ? __pfx_integrity_audit_message+0x10/0x10
[ 1070.803107][T17709]  ? __pfx_ima_add_template_entry+0x10/0x10
[ 1070.803142][T17709]  integrity_audit_msg+0x41/0x60
[ 1070.803172][T17709]  ima_add_violation+0x1b4/0x3d0
[ 1070.803195][T17709]  ? __pfx_ima_add_violation+0x10/0x10
[ 1070.803229][T17709]  ? ima_d_path+0x12b/0x2a0
[ 1070.803246][T17709]  ? __pfx___might_resched+0x10/0x10
[ 1070.803270][T17709]  ? __pfx_ima_d_path+0x10/0x10
[ 1070.803293][T17709]  ? __pfx_down_write+0x10/0x10
[ 1070.803329][T17709]  process_measurement+0x1674/0x23e0
[ 1070.803368][T17709]  ? __pfx_process_measurement+0x10/0x10
[ 1070.803399][T17709]  ? __pfx___might_resched+0x10/0x10
[ 1070.803423][T17709]  ? rcu_is_watching+0x12/0xc0
[ 1070.803449][T17709]  ? find_held_lock+0x2b/0x80
[ 1070.803470][T17709]  ? trace_array_get+0x83/0xe0
[ 1070.803522][T17709]  ? tracing_open_generic+0x94/0xc0
[ 1070.803546][T17709]  ? subsystem_open+0x18f/0x3e0
[ 1070.803573][T17709]  ? inode_to_bdi+0x9e/0x160
[ 1070.803604][T17709]  ima_file_check+0xc5/0x110
[ 1070.803635][T17709]  ? __pfx_ima_file_check+0x10/0x10
[ 1070.803673][T17709]  security_file_post_open+0x8e/0x210
[ 1070.803700][T17709]  path_openat+0x147d/0x2d40
[ 1070.803730][T17709]  ? __pfx_path_openat+0x10/0x10
[ 1070.803758][T17709]  do_filp_open+0x20b/0x470
[ 1070.803778][T17709]  ? __pfx_do_filp_open+0x10/0x10
[ 1070.803817][T17709]  ? alloc_fd+0x471/0x7d0
[ 1070.803857][T17709]  do_sys_openat2+0x11b/0x1d0
[ 1070.803885][T17709]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1070.803914][T17709]  ? __pfx___might_resched+0x10/0x10
[ 1070.803944][T17709]  __x64_sys_openat+0x174/0x210
[ 1070.803973][T17709]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1070.804003][T17709]  ? rcu_is_watching+0x12/0xc0
[ 1070.804029][T17709]  do_syscall_64+0xcd/0x230
[ 1070.804057][T17709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1070.804079][T17709] RIP: 0033:0x7f27a2d8e969
[ 1070.804097][T17709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1070.804119][T17709] RSP: 002b:00007f27a3c9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1070.804139][T17709] RAX: ffffffffffffffda RBX: 00007f27a2fb6160 RCX: 00007f27a2d8e969
[ 1070.804153][T17709] RDX: 0000000000109041 RSI: 0000200000007380 RDI: ffffffffffffff9c
[ 1070.804167][T17709] RBP: 00007f27a2e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1070.804181][T17709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1070.804194][T17709] R13: 0000000000000000 R14: 00007f27a2fb6160 R15: 00007ffc7b079498
[ 1070.804221][T17709]  </TASK>
[ 1070.804232][T17709] audit: error in audit_log_task_context
[ 1072.638309][T17715] netlink: 'syz.3.3912': attribute type 10 has an invalid length.
[ 1072.646152][T17715] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3912'.
[ 1073.876069][   T30] audit: type=1804 audit(4294967360.760:24): pid=17709 uid=0 auid=4294967295 ses=4294967295 op=invalid_pcr cause=ToMToU comm="syz.0.3910" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0
[ 1075.705820][T17731] Invalid ELF header magic: != ELF
[ 1076.307900][ T5835] Bluetooth: hci2: unexpected event 0x03 length: 17 > 11
[ 1080.102343][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 1080.574376][T17775] netlink: 'syz.3.3930': attribute type 4 has an invalid length.
[ 1080.637283][T17775] netlink: 'syz.3.3930': attribute type 5 has an invalid length.
[ 1080.696952][T17775] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3930'.
[ 1081.906059][T17791] sp0: Synchronizing with TNC
[ 1083.350556][T17800] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input23
[ 1085.717779][T17818] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3941'.
[ 1085.837581][T17820] netlink: 13 bytes leftover after parsing attributes in process `syz.3.3941'.
[ 1086.300411][T17823] kafs: addr_prefs: Invalid Command
[ 1088.167507][T17842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3947'.
[ 1089.661440][T17861] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3950'.
[ 1089.735333][T17861] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3950'.
[ 1090.250586][T17864] netlink: 86 bytes leftover after parsing attributes in process `syz.0.3951'.
[ 1091.949933][    C1] vcan0: j1939_tp_rxtimer: 0xffff888065568000: rx timeout, send abort
[ 1091.958324][    C1] vcan0: j1939_tp_rxtimer: 0xffff888065568c00: rx timeout, send abort
[ 1091.966744][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888065568000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1091.982193][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888065568c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1096.646532][T17912] netlink: 'syz.0.3965': attribute type 8 has an invalid length.
[ 1096.707816][T17913] netlink: 'syz.0.3965': attribute type 8 has an invalid length.
[ 1097.766709][T17924] netlink: 93 bytes leftover after parsing attributes in process `syz.2.3968'.
[ 1097.937950][T17920] netlink: 93 bytes leftover after parsing attributes in process `syz.2.3968'.
[ 1099.662765][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1099.672509][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1101.067380][T17962] FAULT_INJECTION: forcing a failure.
[ 1101.067380][T17962] name failslab, interval 1, probability 0, space 0, times 0
[ 1101.262891][T17962] CPU: 1 UID: 0 PID: 17962 Comm: syz.5.3978 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1101.262933][T17962] Tainted: [U]=USER
[ 1101.262942][T17962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1101.262957][T17962] Call Trace:
[ 1101.262965][T17962]  <TASK>
[ 1101.262975][T17962]  dump_stack_lvl+0x16c/0x1f0
[ 1101.263008][T17962]  should_fail_ex+0x512/0x640
[ 1101.263041][T17962]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1101.263083][T17962]  should_failslab+0xc2/0x120
[ 1101.263111][T17962]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1101.263149][T17962]  ? uinput_open+0x48/0x160
[ 1101.263187][T17962]  uinput_open+0x48/0x160
[ 1101.263219][T17962]  ? __pfx_uinput_open+0x10/0x10
[ 1101.263251][T17962]  misc_open+0x35a/0x420
[ 1101.263287][T17962]  ? __pfx_misc_open+0x10/0x10
[ 1101.263334][T17962]  chrdev_open+0x231/0x6a0
[ 1101.263358][T17962]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1101.263386][T17962]  ? __pfx_chrdev_open+0x10/0x10
[ 1101.263411][T17962]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1101.263451][T17962]  do_dentry_open+0x741/0x1c10
[ 1101.263474][T17962]  ? __pfx_chrdev_open+0x10/0x10
[ 1101.263503][T17962]  vfs_open+0x82/0x3f0
[ 1101.263535][T17962]  path_openat+0x1e5e/0x2d40
[ 1101.263566][T17962]  ? __pfx_path_openat+0x10/0x10
[ 1101.263595][T17962]  do_filp_open+0x20b/0x470
[ 1101.263617][T17962]  ? __pfx_do_filp_open+0x10/0x10
[ 1101.263658][T17962]  ? alloc_fd+0x471/0x7d0
[ 1101.263700][T17962]  do_sys_openat2+0x11b/0x1d0
[ 1101.263729][T17962]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1101.263770][T17962]  __x64_sys_openat+0x174/0x210
[ 1101.263807][T17962]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1101.263840][T17962]  ? rcu_is_watching+0x12/0xc0
[ 1101.263869][T17962]  do_syscall_64+0xcd/0x230
[ 1101.263900][T17962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1101.263927][T17962] RIP: 0033:0x7f292858e969
[ 1101.263946][T17962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1101.263968][T17962] RSP: 002b:00007f29294e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1101.263990][T17962] RAX: ffffffffffffffda RBX: 00007f29287b5fa0 RCX: 00007f292858e969
[ 1101.264005][T17962] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1101.264020][T17962] RBP: 00007f2928610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1101.264034][T17962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1101.264048][T17962] R13: 0000000000000000 R14: 00007f29287b5fa0 R15: 00007ffce5ef3848
[ 1101.264076][T17962]  </TASK>
[ 1102.146258][T17965] FAULT_INJECTION: forcing a failure.
[ 1102.146258][T17965] name failslab, interval 1, probability 0, space 0, times 0
[ 1102.245724][T17965] CPU: 1 UID: 0 PID: 17965 Comm: syz.0.3980 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1102.245767][T17965] Tainted: [U]=USER
[ 1102.245775][T17965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1102.245789][T17965] Call Trace:
[ 1102.245797][T17965]  <TASK>
[ 1102.245806][T17965]  dump_stack_lvl+0x16c/0x1f0
[ 1102.245841][T17965]  should_fail_ex+0x512/0x640
[ 1102.245874][T17965]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1102.245905][T17965]  should_failslab+0xc2/0x120
[ 1102.245934][T17965]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1102.245961][T17965]  ? do_kmem_cache_create+0x1b3/0x730
[ 1102.245994][T17965]  do_kmem_cache_create+0x1b3/0x730
[ 1102.246022][T17965]  ? __kmem_cache_create_args+0x205/0x390
[ 1102.246052][T17965]  __kmem_cache_create_args+0x225/0x390
[ 1102.246081][T17965]  mon_text_open+0x313/0x4f0
[ 1102.246118][T17965]  ? __pfx_mon_text_open+0x10/0x10
[ 1102.246150][T17965]  ? __debugfs_file_get+0x1fe/0x840
[ 1102.246176][T17965]  ? __pfx_mon_text_ctor+0x10/0x10
[ 1102.246210][T17965]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1102.246238][T17965]  ? lockdown_is_locked_down+0x3f/0x130
[ 1102.246270][T17965]  ? bpf_lsm_locked_down+0x9/0x10
[ 1102.246298][T17965]  ? __pfx_mon_text_open+0x10/0x10
[ 1102.246331][T17965]  full_proxy_open_regular+0x1b6/0x360
[ 1102.246362][T17965]  do_dentry_open+0x741/0x1c10
[ 1102.246386][T17965]  ? __pfx_full_proxy_open_regular+0x10/0x10
[ 1102.246421][T17965]  vfs_open+0x82/0x3f0
[ 1102.246455][T17965]  path_openat+0x1e5e/0x2d40
[ 1102.246488][T17965]  ? __pfx_path_openat+0x10/0x10
[ 1102.246518][T17965]  do_filp_open+0x20b/0x470
[ 1102.246541][T17965]  ? __pfx_do_filp_open+0x10/0x10
[ 1102.246585][T17965]  ? alloc_fd+0x471/0x7d0
[ 1102.246640][T17965]  do_sys_openat2+0x11b/0x1d0
[ 1102.246670][T17965]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1102.246718][T17965]  __x64_sys_openat+0x174/0x210
[ 1102.246751][T17965]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1102.246785][T17965]  ? rcu_is_watching+0x12/0xc0
[ 1102.246814][T17965]  do_syscall_64+0xcd/0x230
[ 1102.246845][T17965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.246868][T17965] RIP: 0033:0x7f27a2d8e969
[ 1102.246886][T17965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1102.246909][T17965] RSP: 002b:00007f27a3cde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1102.246931][T17965] RAX: ffffffffffffffda RBX: 00007f27a2fb5fa0 RCX: 00007f27a2d8e969
[ 1102.246946][T17965] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1102.246961][T17965] RBP: 00007f27a2e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1102.246976][T17965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1102.246990][T17965] R13: 0000000000000000 R14: 00007f27a2fb5fa0 R15: 00007ffc7b079498
[ 1102.247019][T17965]  </TASK>
[ 1104.232496][T17988] Invalid ELF header magic: != ELF
[ 1106.620585][T18019] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3993'.
[ 1106.868335][T17965] __kmem_cache_create_args(mon_text_ffff888028d57000) failed with error -22
[ 1107.047233][T17965] CPU: 1 UID: 0 PID: 17965 Comm: syz.0.3980 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1107.047276][T17965] Tainted: [U]=USER
[ 1107.047284][T17965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1107.047297][T17965] Call Trace:
[ 1107.047305][T17965]  <TASK>
[ 1107.047313][T17965]  dump_stack_lvl+0x16c/0x1f0
[ 1107.047343][T17965]  __kmem_cache_create_args+0x125/0x390
[ 1107.047372][T17965]  mon_text_open+0x313/0x4f0
[ 1107.047405][T17965]  ? __pfx_mon_text_open+0x10/0x10
[ 1107.047434][T17965]  ? __debugfs_file_get+0x1fe/0x840
[ 1107.047458][T17965]  ? __pfx_mon_text_ctor+0x10/0x10
[ 1107.047489][T17965]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1107.047515][T17965]  ? lockdown_is_locked_down+0x3f/0x130
[ 1107.047544][T17965]  ? bpf_lsm_locked_down+0x9/0x10
[ 1107.047570][T17965]  ? __pfx_mon_text_open+0x10/0x10
[ 1107.047599][T17965]  full_proxy_open_regular+0x1b6/0x360
[ 1107.047627][T17965]  do_dentry_open+0x741/0x1c10
[ 1107.047650][T17965]  ? __pfx_full_proxy_open_regular+0x10/0x10
[ 1107.047682][T17965]  vfs_open+0x82/0x3f0
[ 1107.047712][T17965]  path_openat+0x1e5e/0x2d40
[ 1107.047742][T17965]  ? __pfx_path_openat+0x10/0x10
[ 1107.047769][T17965]  do_filp_open+0x20b/0x470
[ 1107.047790][T17965]  ? __pfx_do_filp_open+0x10/0x10
[ 1107.047829][T17965]  ? alloc_fd+0x471/0x7d0
[ 1107.047869][T17965]  do_sys_openat2+0x11b/0x1d0
[ 1107.047897][T17965]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1107.047935][T17965]  __x64_sys_openat+0x174/0x210
[ 1107.047964][T17965]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1107.047995][T17965]  ? rcu_is_watching+0x12/0xc0
[ 1107.048022][T17965]  do_syscall_64+0xcd/0x230
[ 1107.048051][T17965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.048073][T17965] RIP: 0033:0x7f27a2d8e969
[ 1107.048090][T17965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1107.048111][T17965] RSP: 002b:00007f27a3cde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1107.048131][T17965] RAX: ffffffffffffffda RBX: 00007f27a2fb5fa0 RCX: 00007f27a2d8e969
[ 1107.048145][T17965] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1107.048159][T17965] RBP: 00007f27a2e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1107.048172][T17965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1107.048185][T17965] R13: 0000000000000000 R14: 00007f27a2fb5fa0 R15: 00007ffc7b079498
[ 1107.048212][T17965]  </TASK>
[ 1108.236559][T18042] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3997'.
[ 1109.515793][T18052] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4001'.
[ 1109.588353][T18052] netdevsim netdevsim5 netdevsim1: left allmulticast mode
[ 1109.631943][T18052] netdevsim netdevsim5 netdevsim1: left promiscuous mode
[ 1109.681133][T18052] bridge0: port 4(netdevsim1) entered disabled state
[ 1109.745974][T18052] bridge_slave_1: left allmulticast mode
[ 1109.760977][T18052] bridge_slave_1: left promiscuous mode
[ 1109.798031][T18052] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1109.840889][T18052] bridge_slave_0: left allmulticast mode
[ 1109.846717][T18052] bridge_slave_0: left promiscuous mode
[ 1109.873831][T18052] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1110.571396][T18058] netlink: 326 bytes leftover after parsing attributes in process `syz.5.4004'.
[ 1110.774050][ T5835] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[ 1110.784995][ T5835] Bluetooth: hci0: Invalid handle: 0xe200 > 0x0eff
[ 1117.560705][T18139] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1117.596951][T18145] Device name cannot be null; rc = [-22]
[ 1117.672155][T18139] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1117.701100][T18139] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1117.749964][T18139] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1117.796533][T18139] CPU0 is offline.
[ 1118.737851][ T5833] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1119.617476][ T5833] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1119.699541][ T5833] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1119.777546][ T5833] Bluetooth: hci1: command 0x0406 tx timeout
[ 1119.783667][T18129] Bluetooth: hci4: command 0x0406 tx timeout
[ 1120.032601][T18178] sp0: Synchronizing with TNC
[ 1121.078310][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1121.084643][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1129.666184][T18281] Invalid ELF header magic: != ELF
[ 1132.204551][T18294] : renamed from gre0 (while UP)
[ 1138.875735][T18353] tipc: Started in network mode
[ 1138.923553][T18353] tipc: Node identity ee00, cluster identity 4711
[ 1139.018723][T18353] tipc: Node number set to 60928
[ 1139.052256][T18356] ima: policy update failed
[ 1139.147118][   T30] audit: type=1802 audit(4294967429.410:25): pid=18356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.4073" res=0 errno=0
[ 1139.262655][ T5833] Bluetooth: hci4: unexpected event 0x3e length: 508 > 260
[ 1139.262688][ T5833] Bluetooth: hci4: unexpected subevent 0x02 length: 507 > 260
[ 1139.279520][ T5833] Bluetooth: hci4: Dropping invalid advertising data
[ 1139.286219][ T5833] Bluetooth: hci4: unknown advertising packet type: 0xe9
[ 1139.327176][   T30] audit: type=1800 audit(4294967429.590:26): pid=18353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4071" name="members" dev="configfs" ino=260935 res=0 errno=0
[ 1147.781208][T18462] mkiss: ax0: crc mode is auto.
[ 1148.001789][T18465] FAULT_INJECTION: forcing a failure.
[ 1148.001789][T18465] name failslab, interval 1, probability 0, space 0, times 0
[ 1148.107369][T18465] CPU: 1 UID: 0 PID: 18465 Comm: syz.3.4097 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1148.107407][T18465] Tainted: [U]=USER
[ 1148.107414][T18465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1148.107428][T18465] Call Trace:
[ 1148.107435][T18465]  <TASK>
[ 1148.107443][T18465]  dump_stack_lvl+0x16c/0x1f0
[ 1148.107473][T18465]  should_fail_ex+0x512/0x640
[ 1148.107501][T18465]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1148.107539][T18465]  should_failslab+0xc2/0x120
[ 1148.107565][T18465]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1148.107598][T18465]  ? vhost_net_open+0x28/0x8a0
[ 1148.107619][T18465]  ? vhost_net_open+0x6e/0x8a0
[ 1148.107643][T18465]  ? __pfx_vhost_net_open+0x10/0x10
[ 1148.107663][T18465]  vhost_net_open+0x6e/0x8a0
[ 1148.107689][T18465]  ? __pfx_vhost_net_open+0x10/0x10
[ 1148.107711][T18465]  misc_open+0x35a/0x420
[ 1148.107744][T18465]  ? __pfx_misc_open+0x10/0x10
[ 1148.107775][T18465]  chrdev_open+0x231/0x6a0
[ 1148.107797][T18465]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1148.107824][T18465]  ? __pfx_chrdev_open+0x10/0x10
[ 1148.107848][T18465]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1148.107885][T18465]  do_dentry_open+0x741/0x1c10
[ 1148.107907][T18465]  ? __pfx_chrdev_open+0x10/0x10
[ 1148.107935][T18465]  vfs_open+0x82/0x3f0
[ 1148.107965][T18465]  path_openat+0x1e5e/0x2d40
[ 1148.107994][T18465]  ? __pfx_path_openat+0x10/0x10
[ 1148.108021][T18465]  do_filp_open+0x20b/0x470
[ 1148.108042][T18465]  ? __pfx_do_filp_open+0x10/0x10
[ 1148.108081][T18465]  ? alloc_fd+0x471/0x7d0
[ 1148.108120][T18465]  do_sys_openat2+0x11b/0x1d0
[ 1148.108147][T18465]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1148.108177][T18465]  ? do_fcntl+0x1eb/0x1590
[ 1148.108207][T18465]  __x64_sys_openat+0x174/0x210
[ 1148.108235][T18465]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1148.108265][T18465]  ? rcu_is_watching+0x12/0xc0
[ 1148.108292][T18465]  do_syscall_64+0xcd/0x230
[ 1148.108321][T18465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1148.108342][T18465] RIP: 0033:0x7fdcd958e969
[ 1148.108359][T18465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1148.108381][T18465] RSP: 002b:00007fdcda40d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1148.108402][T18465] RAX: ffffffffffffffda RBX: 00007fdcd97b5fa0 RCX: 00007fdcd958e969
[ 1148.108417][T18465] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1148.108431][T18465] RBP: 00007fdcd9610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1148.108445][T18465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1148.108458][T18465] R13: 0000000000000000 R14: 00007fdcd97b5fa0 R15: 00007fff89bdd658
[ 1148.108486][T18465]  </TASK>
[ 1148.382470][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1150.476897][T18475] FAULT_INJECTION: forcing a failure.
[ 1150.476897][T18475] name failslab, interval 1, probability 0, space 0, times 0
[ 1150.750617][T18475] CPU: 1 UID: 0 PID: 18475 Comm: syz.3.4102 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1150.750657][T18475] Tainted: [U]=USER
[ 1150.750665][T18475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1150.750678][T18475] Call Trace:
[ 1150.750686][T18475]  <TASK>
[ 1150.750695][T18475]  dump_stack_lvl+0x16c/0x1f0
[ 1150.750727][T18475]  should_fail_ex+0x512/0x640
[ 1150.750758][T18475]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1150.750799][T18475]  should_failslab+0xc2/0x120
[ 1150.750827][T18475]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1150.750864][T18475]  ? alloc_netdev_mqs+0xf3a/0x1570
[ 1150.750904][T18475]  alloc_netdev_mqs+0xf3a/0x1570
[ 1150.750932][T18475]  slip_open+0x35c/0x1150
[ 1150.750959][T18475]  ? __pfx___might_resched+0x10/0x10
[ 1150.750982][T18475]  ? __pfx_n_tty_close+0x10/0x10
[ 1150.751010][T18475]  ? find_held_lock+0x2b/0x80
[ 1150.751030][T18475]  ? __pfx_slip_open+0x10/0x10
[ 1150.751055][T18475]  ? down_write+0x14d/0x200
[ 1150.751085][T18475]  ? __pfx_slip_open+0x10/0x10
[ 1150.751111][T18475]  tty_ldisc_open+0x9c/0x120
[ 1150.751131][T18475]  tty_set_ldisc+0x32b/0x780
[ 1150.751156][T18475]  tty_ioctl+0xc42/0x1610
[ 1150.751181][T18475]  ? __pfx_tty_ioctl+0x10/0x10
[ 1150.751213][T18475]  ? __sys_sendmsg+0x199/0x220
[ 1150.751232][T18475]  ? hook_file_ioctl_common+0x145/0x410
[ 1150.751261][T18475]  ? xfd_validate_state+0x5d/0x180
[ 1150.751298][T18475]  ? __pfx_tty_ioctl+0x10/0x10
[ 1150.751322][T18475]  __x64_sys_ioctl+0x190/0x200
[ 1150.751353][T18475]  do_syscall_64+0xcd/0x230
[ 1150.751381][T18475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.751402][T18475] RIP: 0033:0x7fdcd958e969
[ 1150.751419][T18475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1150.751440][T18475] RSP: 002b:00007fdcda40d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1150.751468][T18475] RAX: ffffffffffffffda RBX: 00007fdcd97b5fa0 RCX: 00007fdcd958e969
[ 1150.751482][T18475] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000001
[ 1150.751494][T18475] RBP: 00007fdcd9610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1150.751507][T18475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1150.751520][T18475] R13: 0000000000000000 R14: 00007fdcd97b5fa0 R15: 00007fff89bdd658
[ 1150.751547][T18475]  </TASK>
[ 1150.754166][T18475] Falling back ldisc for ttyS2.
[ 1156.932088][T18522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4121'.
[ 1157.011242][T18522] netlink: 354 bytes leftover after parsing attributes in process `syz.0.4121'.
[ 1158.577716][ T5833] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1159.094362][T18541] FAULT_INJECTION: forcing a failure.
[ 1159.094362][T18541] name failslab, interval 1, probability 0, space 0, times 0
[ 1159.167172][T18541] CPU: 1 UID: 0 PID: 18541 Comm: syz.5.4118 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1159.167207][T18541] Tainted: [U]=USER
[ 1159.167214][T18541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1159.167226][T18541] Call Trace:
[ 1159.167233][T18541]  <TASK>
[ 1159.167241][T18541]  dump_stack_lvl+0x16c/0x1f0
[ 1159.167270][T18541]  should_fail_ex+0x512/0x640
[ 1159.167298][T18541]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1159.167334][T18541]  should_failslab+0xc2/0x120
[ 1159.167358][T18541]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1159.167390][T18541]  ? lockdep_init_map_type+0x5c/0x280
[ 1159.167420][T18541]  ? slip_open+0x846/0x1150
[ 1159.167445][T18541]  ? do_init_timer+0xc9/0x110
[ 1159.167467][T18541]  slip_open+0x846/0x1150
[ 1159.167493][T18541]  ? __pfx_n_tty_close+0x10/0x10
[ 1159.167521][T18541]  ? find_held_lock+0x2b/0x80
[ 1159.167538][T18541]  ? __pfx_slip_open+0x10/0x10
[ 1159.167562][T18541]  ? down_write+0x14d/0x200
[ 1159.167590][T18541]  ? __pfx_slip_open+0x10/0x10
[ 1159.167615][T18541]  tty_ldisc_open+0x9c/0x120
[ 1159.167634][T18541]  tty_set_ldisc+0x32b/0x780
[ 1159.167658][T18541]  tty_ioctl+0xc42/0x1610
[ 1159.167681][T18541]  ? __pfx_tty_ioctl+0x10/0x10
[ 1159.167717][T18541]  ? __sys_sendmsg+0x199/0x220
[ 1159.167735][T18541]  ? hook_file_ioctl_common+0x145/0x410
[ 1159.167764][T18541]  ? xfd_validate_state+0x5d/0x180
[ 1159.167800][T18541]  ? __pfx_tty_ioctl+0x10/0x10
[ 1159.167824][T18541]  __x64_sys_ioctl+0x190/0x200
[ 1159.167854][T18541]  do_syscall_64+0xcd/0x230
[ 1159.167881][T18541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1159.167902][T18541] RIP: 0033:0x7f292858e969
[ 1159.167918][T18541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1159.167939][T18541] RSP: 002b:00007f29294e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1159.167959][T18541] RAX: ffffffffffffffda RBX: 00007f29287b5fa0 RCX: 00007f292858e969
[ 1159.167973][T18541] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000001
[ 1159.167986][T18541] RBP: 00007f2928610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1159.167998][T18541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1159.168010][T18541] R13: 0000000000000000 R14: 00007f29287b5fa0 R15: 00007ffce5ef3848
[ 1159.168036][T18541]  </TASK>
[ 1164.699889][T18591] FAULT_INJECTION: forcing a failure.
[ 1164.699889][T18591] name failslab, interval 1, probability 0, space 0, times 0
[ 1164.803664][T18591] CPU: 1 UID: 0 PID: 18591 Comm: syz.2.4129 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1164.803700][T18591] Tainted: [U]=USER
[ 1164.803707][T18591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1164.803720][T18591] Call Trace:
[ 1164.803727][T18591]  <TASK>
[ 1164.803735][T18591]  dump_stack_lvl+0x16c/0x1f0
[ 1164.803763][T18591]  should_fail_ex+0x512/0x640
[ 1164.803791][T18591]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1164.803827][T18591]  should_failslab+0xc2/0x120
[ 1164.803870][T18591]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1164.803902][T18591]  ? vhost_net_open+0x28/0x8a0
[ 1164.803924][T18591]  ? vhost_net_open+0x6e/0x8a0
[ 1164.803947][T18591]  ? __pfx_vhost_net_open+0x10/0x10
[ 1164.803967][T18591]  vhost_net_open+0x6e/0x8a0
[ 1164.803987][T18591]  ? __pfx_vhost_net_open+0x10/0x10
[ 1164.804009][T18591]  misc_open+0x35a/0x420
[ 1164.804041][T18591]  ? __pfx_misc_open+0x10/0x10
[ 1164.804072][T18591]  chrdev_open+0x231/0x6a0
[ 1164.804093][T18591]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1164.804120][T18591]  ? __pfx_chrdev_open+0x10/0x10
[ 1164.804144][T18591]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1164.804180][T18591]  do_dentry_open+0x741/0x1c10
[ 1164.804202][T18591]  ? __pfx_chrdev_open+0x10/0x10
[ 1164.804239][T18591]  vfs_open+0x82/0x3f0
[ 1164.804270][T18591]  path_openat+0x1e5e/0x2d40
[ 1164.804299][T18591]  ? __pfx_path_openat+0x10/0x10
[ 1164.804327][T18591]  do_filp_open+0x20b/0x470
[ 1164.804346][T18591]  ? __pfx_do_filp_open+0x10/0x10
[ 1164.804386][T18591]  ? alloc_fd+0x471/0x7d0
[ 1164.804425][T18591]  do_sys_openat2+0x11b/0x1d0
[ 1164.804451][T18591]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1164.804481][T18591]  ? do_fcntl+0x1eb/0x1590
[ 1164.804511][T18591]  __x64_sys_openat+0x174/0x210
[ 1164.804539][T18591]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1164.804569][T18591]  ? rcu_is_watching+0x12/0xc0
[ 1164.804596][T18591]  do_syscall_64+0xcd/0x230
[ 1164.804624][T18591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1164.804646][T18591] RIP: 0033:0x7f6b0058e969
[ 1164.804663][T18591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1164.804684][T18591] RSP: 002b:00007f6b01382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1164.804704][T18591] RAX: ffffffffffffffda RBX: 00007f6b007b5fa0 RCX: 00007f6b0058e969
[ 1164.804718][T18591] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1164.804731][T18591] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1164.804744][T18591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1164.804756][T18591] R13: 0000000000000000 R14: 00007f6b007b5fa0 R15: 00007ffdb595c098
[ 1164.804783][T18591]  </TASK>
[ 1167.778046][ T5833] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1168.369063][T18616] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4135'.
[ 1169.897819][T18631] FAULT_INJECTION: forcing a failure.
[ 1169.897819][T18631] name failslab, interval 1, probability 0, space 0, times 0
[ 1169.972996][T18631] CPU: 1 UID: 0 PID: 18631 Comm: syz.2.4140 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1169.973032][T18631] Tainted: [U]=USER
[ 1169.973039][T18631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1169.973053][T18631] Call Trace:
[ 1169.973060][T18631]  <TASK>
[ 1169.973068][T18631]  dump_stack_lvl+0x16c/0x1f0
[ 1169.973097][T18631]  should_fail_ex+0x512/0x640
[ 1169.973124][T18631]  ? __kvmalloc_node_noprof+0x122/0x600
[ 1169.973149][T18631]  should_failslab+0xc2/0x120
[ 1169.973173][T18631]  __kvmalloc_node_noprof+0x135/0x600
[ 1169.973195][T18631]  ? alloc_netdev_mqs+0xfbe/0x1570
[ 1169.973220][T18631]  ? alloc_netdev_mqs+0xfbe/0x1570
[ 1169.973239][T18631]  alloc_netdev_mqs+0xfbe/0x1570
[ 1169.973264][T18631]  slip_open+0x35c/0x1150
[ 1169.973290][T18631]  ? __pfx___might_resched+0x10/0x10
[ 1169.973313][T18631]  ? __pfx_n_tty_close+0x10/0x10
[ 1169.973341][T18631]  ? find_held_lock+0x2b/0x80
[ 1169.973359][T18631]  ? __pfx_slip_open+0x10/0x10
[ 1169.973383][T18631]  ? down_write+0x14d/0x200
[ 1169.973411][T18631]  ? __pfx_slip_open+0x10/0x10
[ 1169.973436][T18631]  tty_ldisc_open+0x9c/0x120
[ 1169.973456][T18631]  tty_set_ldisc+0x32b/0x780
[ 1169.973479][T18631]  tty_ioctl+0xc42/0x1610
[ 1169.973502][T18631]  ? __pfx_tty_ioctl+0x10/0x10
[ 1169.973531][T18631]  ? __pfx_task_mm_cid_work+0x10/0x10
[ 1169.973563][T18631]  ? __pfx___might_resched+0x10/0x10
[ 1169.973601][T18631]  ? hook_file_ioctl_common+0x145/0x410
[ 1169.973634][T18631]  ? xfd_validate_state+0x5d/0x180
[ 1169.973691][T18631]  ? __pfx_tty_ioctl+0x10/0x10
[ 1169.973719][T18631]  __x64_sys_ioctl+0x190/0x200
[ 1169.973762][T18631]  do_syscall_64+0xcd/0x230
[ 1169.973794][T18631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.973818][T18631] RIP: 0033:0x7f6b0058e969
[ 1169.973836][T18631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1169.973861][T18631] RSP: 002b:00007f6b01382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1169.973884][T18631] RAX: ffffffffffffffda RBX: 00007f6b007b5fa0 RCX: 00007f6b0058e969
[ 1169.973901][T18631] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000001
[ 1169.973916][T18631] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1169.973932][T18631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1169.973946][T18631] R13: 0000000000000000 R14: 00007f6b007b5fa0 R15: 00007ffdb595c098
[ 1169.973977][T18631]  </TASK>
[ 1171.686582][T18639] Invalid ELF header magic: != ELF
[ 1171.808154][T18644] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[ 1172.441251][T18657] FAULT_INJECTION: forcing a failure.
[ 1172.441251][T18657] name failslab, interval 1, probability 0, space 0, times 0
[ 1172.543435][T18657] CPU: 1 UID: 0 PID: 18657 Comm: syz.2.4147 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1172.543473][T18657] Tainted: [U]=USER
[ 1172.543481][T18657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1172.543495][T18657] Call Trace:
[ 1172.543502][T18657]  <TASK>
[ 1172.543510][T18657]  dump_stack_lvl+0x16c/0x1f0
[ 1172.543545][T18657]  should_fail_ex+0x512/0x640
[ 1172.543575][T18657]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1172.543603][T18657]  should_failslab+0xc2/0x120
[ 1172.543630][T18657]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1172.543651][T18657]  ? __proc_create+0xc3/0x8c0
[ 1172.543685][T18657]  ? __proc_create+0x2ce/0x8c0
[ 1172.543709][T18657]  __proc_create+0x2ce/0x8c0
[ 1172.543731][T18657]  ? __pfx___proc_create+0x10/0x10
[ 1172.543757][T18657]  ? _raw_write_unlock+0x28/0x50
[ 1172.543782][T18657]  proc_create_reg+0x7d/0x180
[ 1172.543807][T18657]  proc_create_data+0x86/0x110
[ 1172.543829][T18657]  ? __pfx_proc_create_data+0x10/0x10
[ 1172.543853][T18657]  ? cache_register_net+0x137/0x5e0
[ 1172.543888][T18657]  cache_register_net+0x1e0/0x5e0
[ 1172.543920][T18657]  unix_gid_cache_create+0x8b/0x130
[ 1172.543949][T18657]  ? __pfx_sunrpc_init_net+0x10/0x10
[ 1172.543972][T18657]  sunrpc_init_net+0x71/0x190
[ 1172.543996][T18657]  ops_init+0x1df/0x5f0
[ 1172.544020][T18657]  setup_net+0x21e/0x850
[ 1172.544042][T18657]  ? __pfx_setup_net+0x10/0x10
[ 1172.544061][T18657]  ? lockdep_init_map_type+0x5c/0x280
[ 1172.544088][T18657]  ? __pfx_down_read_killable+0x10/0x10
[ 1172.544118][T18657]  ? debug_mutex_init+0x37/0x70
[ 1172.544152][T18657]  copy_net_ns+0x2a6/0x5f0
[ 1172.544177][T18657]  create_new_namespaces+0x3ea/0xad0
[ 1172.544205][T18657]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1172.544229][T18657]  ksys_unshare+0x45b/0xa40
[ 1172.544256][T18657]  ? __pfx_ksys_unshare+0x10/0x10
[ 1172.544281][T18657]  ? xfd_validate_state+0x5d/0x180
[ 1172.544314][T18657]  ? rcu_is_watching+0x12/0xc0
[ 1172.544338][T18657]  __x64_sys_unshare+0x31/0x40
[ 1172.544364][T18657]  do_syscall_64+0xcd/0x230
[ 1172.544390][T18657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1172.544410][T18657] RIP: 0033:0x7f6b0058e969
[ 1172.544426][T18657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1172.544447][T18657] RSP: 002b:00007f6b01382038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1172.544466][T18657] RAX: ffffffffffffffda RBX: 00007f6b007b5fa0 RCX: 00007f6b0058e969
[ 1172.544480][T18657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1172.544492][T18657] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1172.544504][T18657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1172.544517][T18657] R13: 0000000000000000 R14: 00007f6b007b5fa0 R15: 00007ffdb595c098
[ 1172.544547][T18657]  </TASK>
[ 1175.792584][T18703] FAULT_INJECTION: forcing a failure.
[ 1175.792584][T18703] name failslab, interval 1, probability 0, space 0, times 0
[ 1175.963695][T18703] CPU: 1 UID: 0 PID: 18703 Comm: syz.5.4158 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1175.963734][T18703] Tainted: [U]=USER
[ 1175.963742][T18703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1175.963755][T18703] Call Trace:
[ 1175.963762][T18703]  <TASK>
[ 1175.963771][T18703]  dump_stack_lvl+0x16c/0x1f0
[ 1175.963801][T18703]  should_fail_ex+0x512/0x640
[ 1175.963830][T18703]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1175.963857][T18703]  should_failslab+0xc2/0x120
[ 1175.963883][T18703]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1175.963907][T18703]  ? security_file_alloc+0x34/0x2b0
[ 1175.963939][T18703]  security_file_alloc+0x34/0x2b0
[ 1175.963966][T18703]  init_file+0x93/0x4c0
[ 1175.963991][T18703]  alloc_empty_file+0x73/0x1e0
[ 1175.964018][T18703]  path_openat+0xe0/0x2d40
[ 1175.964036][T18703]  ? __x64_sys_openat+0x174/0x210
[ 1175.964063][T18703]  ? do_syscall_64+0xcd/0x230
[ 1175.964088][T18703]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.964119][T18703]  ? __pfx_path_openat+0x10/0x10
[ 1175.964146][T18703]  do_filp_open+0x20b/0x470
[ 1175.964166][T18703]  ? __pfx_do_filp_open+0x10/0x10
[ 1175.964204][T18703]  ? alloc_fd+0x471/0x7d0
[ 1175.964249][T18703]  do_sys_openat2+0x11b/0x1d0
[ 1175.964277][T18703]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1175.964315][T18703]  __x64_sys_openat+0x174/0x210
[ 1175.964344][T18703]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1175.964374][T18703]  ? rcu_is_watching+0x12/0xc0
[ 1175.964401][T18703]  do_syscall_64+0xcd/0x230
[ 1175.964429][T18703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.964450][T18703] RIP: 0033:0x7f292858e969
[ 1175.964467][T18703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1175.964490][T18703] RSP: 002b:00007f29294bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1175.964511][T18703] RAX: ffffffffffffffda RBX: 00007f29287b6080 RCX: 00007f292858e969
[ 1175.964526][T18703] RDX: 0000000000048981 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1175.964540][T18703] RBP: 00007f2928610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1175.964554][T18703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1175.964566][T18703] R13: 0000000000000000 R14: 00007f29287b6080 R15: 00007ffce5ef3848
[ 1175.964593][T18703]  </TASK>
[ 1176.555629][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.562066][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1181.406189][ T5833] Bluetooth: hci1: SCO packet too small
[ 1182.294144][T18765] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4175'.
[ 1182.410603][T18765] hsr_slave_0: left promiscuous mode
[ 1182.421853][T18765] hsr_slave_1: left promiscuous mode
[ 1182.503779][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.510312][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1187.491790][T18829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4192'.
[ 1187.644614][T18821] FAULT_INJECTION: forcing a failure.
[ 1187.644614][T18821] name failslab, interval 1, probability 0, space 0, times 0
[ 1187.705054][T18831] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4192'.
[ 1187.784942][T18821] CPU: 1 UID: 0 PID: 18821 Comm: syz.5.4190 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1187.784985][T18821] Tainted: [U]=USER
[ 1187.784993][T18821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1187.785009][T18821] Call Trace:
[ 1187.785017][T18821]  <TASK>
[ 1187.785026][T18821]  dump_stack_lvl+0x16c/0x1f0
[ 1187.785060][T18821]  should_fail_ex+0x512/0x640
[ 1187.785093][T18821]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1187.785136][T18821]  should_failslab+0xc2/0x120
[ 1187.785164][T18821]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1187.785203][T18821]  ? io_uring_setup+0x24f/0x1ff0
[ 1187.785257][T18821]  io_uring_setup+0x24f/0x1ff0
[ 1187.785289][T18821]  ? __pfx_io_uring_setup+0x10/0x10
[ 1187.785316][T18821]  ? do_futex+0x122/0x350
[ 1187.785342][T18821]  ? __pfx_do_futex+0x10/0x10
[ 1187.785365][T18821]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1187.785413][T18821]  ? rcu_is_watching+0x12/0xc0
[ 1187.785439][T18821]  __x64_sys_io_uring_setup+0xc2/0x170
[ 1187.785470][T18821]  do_syscall_64+0xcd/0x230
[ 1187.785501][T18821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.785525][T18821] RIP: 0033:0x7f292858e969
[ 1187.785543][T18821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1187.785566][T18821] RSP: 002b:00007f29294bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[ 1187.785589][T18821] RAX: ffffffffffffffda RBX: 00007f29287b6080 RCX: 00007f292858e969
[ 1187.785604][T18821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[ 1187.785618][T18821] RBP: 00007f2928610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1187.785632][T18821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1187.785647][T18821] R13: 0000000000000000 R14: 00007f29287b6080 R15: 00007ffce5ef3848
[ 1187.785675][T18821]  </TASK>
[ 1191.169475][T18860] ==================================================================
[ 1191.177562][T18860] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[ 1191.185286][T18860] Read of size 8 at addr ffff8881472e2e18 by task syz.2.4199/18860
[ 1191.193167][T18860] 
[ 1191.195498][T18860] CPU: 1 UID: 0 PID: 18860 Comm: syz.2.4199 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1191.195528][T18860] Tainted: [U]=USER
[ 1191.195535][T18860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1191.195548][T18860] Call Trace:
[ 1191.195555][T18860]  <TASK>
[ 1191.195563][T18860]  dump_stack_lvl+0x116/0x1f0
[ 1191.195589][T18860]  print_report+0xc3/0x670
[ 1191.195612][T18860]  ? __virt_addr_valid+0x5e/0x590
[ 1191.195638][T18860]  ? __phys_addr+0xc6/0x150
[ 1191.195663][T18860]  ? dvb_device_open+0x36a/0x3b0
[ 1191.195689][T18860]  kasan_report+0xe0/0x110
[ 1191.195712][T18860]  ? dvb_device_open+0x36a/0x3b0
[ 1191.195740][T18860]  ? __pfx_dvb_device_open+0x10/0x10
[ 1191.195766][T18860]  dvb_device_open+0x36a/0x3b0
[ 1191.195792][T18860]  ? __pfx_dvb_device_open+0x10/0x10
[ 1191.195818][T18860]  chrdev_open+0x231/0x6a0
[ 1191.195838][T18860]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1191.195863][T18860]  ? __pfx_chrdev_open+0x10/0x10
[ 1191.195883][T18860]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1191.195921][T18860]  do_dentry_open+0x741/0x1c10
[ 1191.195941][T18860]  ? __pfx_chrdev_open+0x10/0x10
[ 1191.195963][T18860]  vfs_open+0x82/0x3f0
[ 1191.195989][T18860]  path_openat+0x1e5e/0x2d40
[ 1191.196011][T18860]  ? __pfx_path_openat+0x10/0x10
[ 1191.196032][T18860]  do_filp_open+0x20b/0x470
[ 1191.196050][T18860]  ? __pfx_do_filp_open+0x10/0x10
[ 1191.196076][T18860]  ? alloc_fd+0x471/0x7d0
[ 1191.196108][T18860]  do_sys_openat2+0x11b/0x1d0
[ 1191.196133][T18860]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1191.196160][T18860]  ? putname+0x154/0x1a0
[ 1191.196184][T18860]  __x64_sys_openat+0x174/0x210
[ 1191.196210][T18860]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1191.196237][T18860]  ? syscall_user_dispatch+0x78/0x140
[ 1191.196269][T18860]  do_syscall_64+0xcd/0x230
[ 1191.196294][T18860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1191.196315][T18860] RIP: 0033:0x7f6b0058e969
[ 1191.196330][T18860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1191.196355][T18860] RSP: 002b:00007f6b01361038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1191.196375][T18860] RAX: ffffffffffffffda RBX: 00007f6b007b6080 RCX: 00007f6b0058e969
[ 1191.196389][T18860] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1191.196402][T18860] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1191.196414][T18860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1191.196427][T18860] R13: 0000000000000000 R14: 00007f6b007b6080 R15: 00007ffdb595c098
[ 1191.196450][T18860]  </TASK>
[ 1191.196457][T18860] 
[ 1191.454094][T18860] Allocated by task 1:
[ 1191.458164][T18860]  kasan_save_stack+0x33/0x60
[ 1191.462847][T18860]  kasan_save_track+0x14/0x30
[ 1191.467527][T18860]  __kasan_kmalloc+0xaa/0xb0
[ 1191.472114][T18860]  dvb_register_device+0x1e4/0x2370
[ 1191.477322][T18860]  dvb_register_frontend+0x5a6/0x880
[ 1191.482612][T18860]  vidtv_bridge_probe+0x459/0xa90
[ 1191.487642][T18860]  platform_probe+0xff/0x1f0
[ 1191.492238][T18860]  really_probe+0x23e/0xa90
[ 1191.496741][T18860]  __driver_probe_device+0x1de/0x440
[ 1191.502021][T18860]  driver_probe_device+0x4c/0x1b0
[ 1191.507044][T18860]  __driver_attach+0x283/0x580
[ 1191.511808][T18860]  bus_for_each_dev+0x13b/0x1d0
[ 1191.516669][T18860]  bus_add_driver+0x2e9/0x690
[ 1191.521352][T18860]  driver_register+0x15c/0x4b0
[ 1191.526137][T18860]  vidtv_bridge_init+0x45/0x80
[ 1191.530914][T18860]  do_one_initcall+0x120/0x6e0
[ 1191.535684][T18860]  kernel_init_freeable+0x5c2/0x900
[ 1191.540890][T18860]  kernel_init+0x1c/0x2b0
[ 1191.545243][T18860]  ret_from_fork+0x45/0x80
[ 1191.549686][T18860]  ret_from_fork_asm+0x1a/0x30
[ 1191.554458][T18860] 
[ 1191.556775][T18860] Freed by task 18644:
[ 1191.560833][T18860]  kasan_save_stack+0x33/0x60
[ 1191.565515][T18860]  kasan_save_track+0x14/0x30
[ 1191.570197][T18860]  kasan_save_free_info+0x3b/0x60
[ 1191.575234][T18860]  __kasan_slab_free+0x51/0x70
[ 1191.580001][T18860]  kfree+0x2b6/0x4d0
[ 1191.583916][T18860]  dvb_device_put.part.0+0x60/0x90
[ 1191.589036][T18860]  dvb_device_open+0x2a4/0x3b0
[ 1191.593802][T18860]  chrdev_open+0x231/0x6a0
[ 1191.598214][T18860]  do_dentry_open+0x741/0x1c10
[ 1191.602975][T18860]  vfs_open+0x82/0x3f0
[ 1191.607050][T18860]  path_openat+0x1e5e/0x2d40
[ 1191.611638][T18860]  do_filp_open+0x20b/0x470
[ 1191.616135][T18860]  do_sys_openat2+0x11b/0x1d0
[ 1191.620834][T18860]  __x64_sys_openat+0x174/0x210
[ 1191.625704][T18860]  do_syscall_64+0xcd/0x230
[ 1191.630213][T18860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1191.636108][T18860] 
[ 1191.638424][T18860] The buggy address belongs to the object at ffff8881472e2e00
[ 1191.638424][T18860]  which belongs to the cache kmalloc-256 of size 256
[ 1191.652476][T18860] The buggy address is located 24 bytes inside of
[ 1191.652476][T18860]  freed 256-byte region [ffff8881472e2e00, ffff8881472e2f00)
[ 1191.666182][T18860] 
[ 1191.668501][T18860] The buggy address belongs to the physical page:
[ 1191.674909][T18860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881472e2e00 pfn:0x1472e2
[ 1191.685053][T18860] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1191.693543][T18860] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[ 1191.702121][T18860] page_type: f5(slab)
[ 1191.706096][T18860] raw: 057ff00000000240 ffff88801b441b40 ffff888140400708 ffffea0005358a10
[ 1191.714676][T18860] raw: ffff8881472e2e00 000000000010000f 00000000f5000000 0000000000000000
[ 1191.723256][T18860] head: 057ff00000000240 ffff88801b441b40 ffff888140400708 ffffea0005358a10
[ 1191.731927][T18860] head: ffff8881472e2e00 000000000010000f 00000000f5000000 0000000000000000
[ 1191.740596][T18860] head: 057ff00000000001 ffffea00051cb881 00000000ffffffff 00000000ffffffff
[ 1191.749259][T18860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1191.757916][T18860] page dumped because: kasan: bad access detected
[ 1191.764319][T18860] page_owner tracks the page as allocated
[ 1191.770022][T18860] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 24218838698, free_ts 0
[ 1191.789735][T18860]  post_alloc_hook+0x181/0x1b0
[ 1191.794494][T18860]  get_page_from_freelist+0x135c/0x3920
[ 1191.800039][T18860]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1191.805930][T18860]  alloc_pages_mpol+0x1fb/0x550
[ 1191.810781][T18860]  new_slab+0x244/0x340
[ 1191.814944][T18860]  ___slab_alloc+0xd9c/0x1940
[ 1191.819632][T18860]  __slab_alloc.constprop.0+0x56/0xb0
[ 1191.825011][T18860]  __kmalloc_cache_noprof+0xfb/0x3e0
[ 1191.830301][T18860]  bus_add_driver+0x92/0x690
[ 1191.834914][T18860]  driver_register+0x15c/0x4b0
[ 1191.839675][T18860]  usb_register_driver+0x216/0x4d0
[ 1191.844803][T18860]  do_one_initcall+0x120/0x6e0
[ 1191.849579][T18860]  kernel_init_freeable+0x5c2/0x900
[ 1191.854772][T18860]  kernel_init+0x1c/0x2b0
[ 1191.859111][T18860]  ret_from_fork+0x45/0x80
[ 1191.863544][T18860]  ret_from_fork_asm+0x1a/0x30
[ 1191.868315][T18860] page_owner free stack trace missing
[ 1191.873672][T18860] 
[ 1191.875985][T18860] Memory state around the buggy address:
[ 1191.881604][T18860]  ffff8881472e2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1191.889659][T18860]  ffff8881472e2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1191.897727][T18860] >ffff8881472e2e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1191.905781][T18860]                             ^
[ 1191.910619][T18860]  ffff8881472e2e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1191.918674][T18860]  ffff8881472e2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1191.926725][T18860] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1196.941617][T18707] smc: removing net device syz_tun with user defined pnetid ETHTOOL
[ 1197.239113][T12193] smc: removing net device syz_tun with user defined pnetid ETHTOOL
[ 1198.214116][ T3514] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1198.544038][ T3514] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1198.620702][T18860] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1198.627925][T18860] CPU: 1 UID: 0 PID: 18860 Comm: syz.2.4199 Tainted: G     U              6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[ 1198.641558][T18860] Tainted: [U]=USER
[ 1198.645356][T18860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1198.655417][T18860] Call Trace:
[ 1198.658783][T18860]  <TASK>
[ 1198.661713][T18860]  dump_stack_lvl+0x3d/0x1f0
[ 1198.666314][T18860]  panic+0x71c/0x800
[ 1198.670218][T18860]  ? __pfx_panic+0x10/0x10
[ 1198.674646][T18860]  ? mark_held_locks+0x49/0x80
[ 1198.679415][T18860]  ? preempt_schedule_thunk+0x16/0x30
[ 1198.684897][T18860]  ? dvb_device_open+0x36a/0x3b0
[ 1198.689844][T18860]  ? preempt_schedule_common+0x44/0xc0
[ 1198.695309][T18860]  ? dvb_device_open+0x36a/0x3b0
[ 1198.700264][T18860]  check_panic_on_warn+0xab/0xb0
[ 1198.705213][T18860]  end_report+0x107/0x170
[ 1198.709551][T18860]  kasan_report+0xee/0x110
[ 1198.713973][T18860]  ? dvb_device_open+0x36a/0x3b0
[ 1198.718925][T18860]  ? __pfx_dvb_device_open+0x10/0x10
[ 1198.724225][T18860]  dvb_device_open+0x36a/0x3b0
[ 1198.729010][T18860]  ? __pfx_dvb_device_open+0x10/0x10
[ 1198.734313][T18860]  chrdev_open+0x231/0x6a0
[ 1198.738738][T18860]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1198.744298][T18860]  ? __pfx_chrdev_open+0x10/0x10
[ 1198.749244][T18860]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 1198.756025][T18860]  do_dentry_open+0x741/0x1c10
[ 1198.760794][T18860]  ? __pfx_chrdev_open+0x10/0x10
[ 1198.765739][T18860]  vfs_open+0x82/0x3f0
[ 1198.769824][T18860]  path_openat+0x1e5e/0x2d40
[ 1198.774441][T18860]  ? __pfx_path_openat+0x10/0x10
[ 1198.779395][T18860]  do_filp_open+0x20b/0x470
[ 1198.783902][T18860]  ? __pfx_do_filp_open+0x10/0x10
[ 1198.788941][T18860]  ? alloc_fd+0x471/0x7d0
[ 1198.793296][T18860]  do_sys_openat2+0x11b/0x1d0
[ 1198.797986][T18860]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1198.803200][T18860]  ? putname+0x154/0x1a0
[ 1198.807455][T18860]  __x64_sys_openat+0x174/0x210
[ 1198.812318][T18860]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1198.817699][T18860]  ? syscall_user_dispatch+0x78/0x140
[ 1198.823095][T18860]  do_syscall_64+0xcd/0x230
[ 1198.827624][T18860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.833521][T18860] RIP: 0033:0x7f6b0058e969
[ 1198.837939][T18860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1198.857553][T18860] RSP: 002b:00007f6b01361038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1198.865966][T18860] RAX: ffffffffffffffda RBX: 00007f6b007b6080 RCX: 00007f6b0058e969
[ 1198.873934][T18860] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1198.881899][T18860] RBP: 00007f6b00610ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1198.889865][T18860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1198.897831][T18860] R13: 0000000000000000 R14: 00007f6b007b6080 R15: 00007ffdb595c098
[ 1198.905804][T18860]  </TASK>
[ 1198.908880][T18860] Kernel Offset: disabled
[ 1198.913210][T18860] Rebooting in 86400 seconds..