last executing test programs: 6m25.288160682s ago: executing program 1 (id=1473): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd0\x00', 0xc0c00, 0x0) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101003, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) sendmsg$auto_ILA_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x14, 0x0, 0x100, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4004800}, 0x88c5) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0) read$auto(0x3, 0x0, 0x80) r1 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r1, 0x0, 0x9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/maps\x00', 0x2000, 0x0) read$auto_proc_pid_maps_operations_internal(r2, &(0x7f0000000980)=""/4098, 0x1002) 6m24.367994363s ago: executing program 1 (id=1474): close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) (async) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x4, 0x2020009, 0x3, 0x15, r1, 0x8000) (async) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r3, 0x40107447, &(0x7f00000000c0)={0xd, &(0x7f0000000000)={0x30, 0xf1, 0xb0, @inferred=0xffffffffffffffff}}) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) r5 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r5, 0xc0603d06, 0x0) (async) ioctl$auto_SNDRV_PCM_IOCTL_TTSTAMP2(r4, 0x40044103, &(0x7f0000000040)=0x9) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0xffffffffffffffff, 0xd, 0x13) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000340)={0x19980330}, 0x0) (async) get_robust_list$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) waitid$auto(0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0) 6m23.569892707s ago: executing program 1 (id=1478): select$auto(0x5, &(0x7f0000000080)={[0x400020000008, 0xfffffffffffffffc, 0x7, 0x9, 0xc, 0x3, 0x5, 0xc65, 0x9, 0x2, 0x9, 0xf, 0xa657, 0x202, 0xd3, 0x4]}, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(r0, 0x2, 0x38) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x80000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8001, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) bind$auto(0xffffffffffffffff, &(0x7f00000001c0)=@l2={0x1f, 0xfcb2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x66) ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, 0x0, 0x4, 0x200) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x2c201, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) pipe$auto(0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80004001, 0x9) write$auto(0x6, 0x0, 0x100000001) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) fanotify_mark$auto(0x0, 0x55, 0x9, 0xffffffffffffffff, 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="013b", @ANYRESOCT=r0], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) 6m23.21612088s ago: executing program 1 (id=1479): mmap$auto(0x0, 0x20006, 0x4, 0xeb1, 0xffffffffffffffff, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x7, 0x66a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x1a, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x7d, 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/neigh/veth1_macvtap/locktime\x00', 0x103142, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x800, 0x0) ioctl$auto_FS_IOC_UNRESVSP64(r1, 0x4030582b, 0x6) ioctl$auto_BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)="5d3d4b8c60c2f201bbdecdf45a36e14cf63e57caea0fdf108d") 6m22.961456481s ago: executing program 1 (id=1482): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r0, 0x921064a1, 0x8) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r1 = eventfd$auto(0x80) readv$auto(r1, &(0x7f0000000380)={0x0, 0x8}, 0x4) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) read$auto(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0) 6m22.048073604s ago: executing program 1 (id=1484): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/stat_refresh\x00', 0x101202, 0x0) sendfile$auto(r1, r1, 0x0, 0x48) socket(0x21, 0x3, 0x40a) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/ip6_tables_targets\x00', 0x608100, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'gre0\x00'}) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) keyctl$auto_KEYCTL_SET_REQKEY_KEYRING(0xe, 0x4, 0x5e, 0x1ff, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001a80)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x3, 0x0) mmap$auto(0x0, 0xffff, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) vmsplice$auto(0x1, 0x0, 0xa, 0x6) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x8000, 0x80000000, 0x7) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(0x0, 0x0) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(0xffffffffffffffff, 0xcf6, &(0x7f00000000c0)={@siginfo_0_0={0x1bacfe7e, 0x3, 0x6, @_sigpoll={0xe986, r0}}}, 0x4) fcntl$auto(0xffffffffffffffff, 0x5, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x8000002}, 0x3, 0xf8, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) 6m6.44432773s ago: executing program 32 (id=1484): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/stat_refresh\x00', 0x101202, 0x0) sendfile$auto(r1, r1, 0x0, 0x48) socket(0x21, 0x3, 0x40a) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/ip6_tables_targets\x00', 0x608100, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'gre0\x00'}) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) keyctl$auto_KEYCTL_SET_REQKEY_KEYRING(0xe, 0x4, 0x5e, 0x1ff, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001a80)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x3, 0x0) mmap$auto(0x0, 0xffff, 0x3, 0x11, 0xfffffffffffffffa, 0x8000) vmsplice$auto(0x1, 0x0, 0xa, 0x6) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x8000, 0x80000000, 0x7) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(0x0, 0x0) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(0xffffffffffffffff, 0xcf6, &(0x7f00000000c0)={@siginfo_0_0={0x1bacfe7e, 0x3, 0x6, @_sigpoll={0xe986, r0}}}, 0x4) fcntl$auto(0xffffffffffffffff, 0x5, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x8000002}, 0x3, 0xf8, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) 21.733923208s ago: executing program 2 (id=2322): mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) write$auto(r0, 0x0, 0xfffffde9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card1/pcm1c/xrun_debug\x00', 0x20440, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/hsr_slave_1/proxy_ndp\x00', 0x440000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4020565b, 0x38) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/040/001\x00', 0x29202, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r1, 0x0) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) 20.189487606s ago: executing program 2 (id=2327): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="000126bd7000fbdbdf2502000000080001"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x20044000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x4070bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f00000089c0)='/sys/kernel/debug/netdevsim/netdevsim1/max_vfs\x00', 0x101000, 0x0) mmap$auto(0x0, 0xfffffffffffffffd, 0xdf, 0x10, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x3, 0x80000, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x6, 0x400008, 0xe2, 0x9b72, r1, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) read$auto(0x3, 0x0, 0xf34) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0x10000) r6 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000040)={@siginfo_0_0={0x6, 0xf, 0x2, @_sigsys={&(0x7f0000000000)="abed021cfd38ce04f05c3780286687f6", 0x17b6, 0x1ff}}}, 0x200, &(0x7f00000002c0)={{0x615, 0x4}, {0x0, 0x4287}, 0x3, 0x6, 0x5, 0x4, 0x4, 0x2, 0x9, 0x1000, 0x8, 0x0, 0x1, 0x6, 0x1ff, 0x3ff}) get_robust_list$auto(r6, &(0x7f0000000440)=&(0x7f0000000400)={{&(0x7f0000000140)={&(0x7f00000000c0)}}, 0xb8e, &(0x7f00000003c0)={&(0x7f0000000380)={&(0x7f00000001c0)}}}, &(0x7f0000000480)=0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 18.855327453s ago: executing program 2 (id=2330): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x87) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xe}, 0x1, 0x0, 0x6, 0x9}, 0x7}, 0x803, 0x0) r0 = socket(0x2, 0x80805, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(r0, 0x84, 0x22, 0x0, 0x0) 18.213666162s ago: executing program 2 (id=2332): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) socketpair$auto(0x2, 0x0, 0x2, 0x0) acct$auto(&(0x7f00000001c0)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x1f') socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4, 0x7f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) 15.75052218s ago: executing program 2 (id=2338): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r1 = socket(0xf, 0x5, 0x20) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) read$auto_ftrace_enable_fops_trace_events(r3, &(0x7f0000000580)=""/155, 0x9b) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r4, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=0x0) r5 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setgroups$auto(0xc00000000, 0xfffffffffffffffc) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) r6 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r4, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r5, 0x0, 0xffffffffffffffff, 0x9}, {r0, 0x0, 0x10000333d, 0x7}, {r6, 0x0, 0x7, 0x2}, {r0, 0x0, 0x8, 0xd589}, {r1, 0x0, 0xa7, 0x2}]}) sysfs$auto(0x2, 0x11, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x20040, 0x0) r7 = fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x800, 0x0) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) 13.867723707s ago: executing program 2 (id=2340): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) socketpair$auto(0x2, 0x0, 0x2, 0x0) acct$auto(0x0) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x10563, 0x568c12f2) sendmsg$auto_NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x24048800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4, 0x7f, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NFSD_A_SERVER_PROTO_VERSION={0x10, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x3}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) 8.489142364s ago: executing program 4 (id=2350): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2, 0x1, 0x106) connect$auto(0xffffffffffffffff, 0x0, 0x7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) io_uring_setup$auto(0x59, 0x0) open(0x0, 0x64842, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_register$auto(0x2, 0x14, 0x0, 0x3) io_uring_register$auto(0x2, 0x15, 0x0, 0x6) write$auto(0x3, 0x0, 0x100082) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) socket$nl_generic(0x10, 0x3, 0x10) fchdir$auto(0xffffffffffffffff) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) r0 = fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x10005, 0x7e184820, 0x3, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) read$auto(0x3, 0x0, 0xf34) setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9) write$auto(0x3, 0x0, 0xffd8) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) 7.638229821s ago: executing program 3 (id=2351): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="000126bd7000fbdbdf2502000000080001"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x20044000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x4070bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f00000089c0)='/sys/kernel/debug/netdevsim/netdevsim1/max_vfs\x00', 0x101000, 0x0) mmap$auto(0x0, 0xfffffffffffffffd, 0xdf, 0x10, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x3, 0x80000, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2164, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x6, 0x400008, 0xe2, 0x9b72, r1, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) read$auto(0x3, 0x0, 0xf34) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0x10000) r6 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000040)={@siginfo_0_0={0x6, 0xf, 0x2, @_sigsys={&(0x7f0000000000)="abed021cfd38ce04f05c3780286687f6", 0x17b6, 0x1ff}}}, 0x200, &(0x7f00000002c0)={{0x615, 0x4}, {0x0, 0x4287}, 0x3, 0x6, 0x5, 0x4, 0x4, 0x2, 0x9, 0x1000, 0x8, 0x0, 0x1, 0x6, 0x1ff, 0x3ff}) get_robust_list$auto(r6, &(0x7f0000000440)=&(0x7f0000000400)={{&(0x7f0000000140)={&(0x7f00000000c0)}}, 0xb8e, &(0x7f00000003c0)={&(0x7f0000000380)={&(0x7f00000001c0)}}}, &(0x7f0000000480)=0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 7.58484326s ago: executing program 4 (id=2352): socket(0x5, 0x3, 0x1) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/loop15/rqos/wbt/wb_background\x00', 0x80, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000800), 0xffffffffffffffff) mount$auto(&(0x7f0000000180)='ipvlan1\x00', &(0x7f00000001c0)='./cgroup/../file0\x00', &(0x7f0000000200)='/sys/kernel/debug/block/loop15/rqos/wbt/wb_background\x00', 0x81, &(0x7f0000000240)="c6c246de695b9bb9e43ba024053a8763fca1fefbdb1897f65331a45d4972d305eecff3bd545d44faa4034a5e28c1d335c840fab73ee91d98d0eb7c1ce6e9cfb5baa4bc431c00611730d63c8e021f991ce7b4ae57d6c9491c35f4c5878c037b9cb902a0e112a20071f79f70072df5e33eb8c22b1fa8d46ce9dc9fbadeb9cca48e2d93ffb47582c9e9bdd2d048a83c6ff10388132ddf2c1fcbb49b0c348b2a14ce") sendmsg$auto_MACSEC_CMD_DEL_RXSA(r0, 0x0, 0x20004010) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xb00) ioctl$auto(0xc8, 0x400454d0, 0x5) openat$auto_fake_panic_fops_(0xffffffffffffff9c, 0x0, 0x480000, 0x0) mmap$auto(0xa0b, 0x4, 0xf61, 0xeb5, 0x401, 0x40000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) open(0x0, 0x261c2, 0x84) readv$auto(0x3, 0x0, 0x400) write$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffffff, &(0x7f0000000b40), 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2581, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x3) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000002, 0x0) ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi26\x00', 0x0, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x642, 0x0) close_range$auto(0x2, 0x8, 0x0) mkdir$auto(&(0x7f0000000040)='./cgroup/../file0\x00', 0x1) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 7.510830651s ago: executing program 0 (id=2353): r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self/environ\x00', 0x202400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) readv$auto(r0, 0x0, 0x40000000000400) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0xa2180, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f27, 0x0) read$auto_proc_environ_operations_base(r0, 0x0, 0x0) mmap$auto(0xffffffffffffffff, 0x2000002060009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x200006, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x1, 0x0) msgctl$auto_MSG_STAT_ANY(0x4, 0xd, &(0x7f0000000100)={{0x9, 0xee00, 0xee00, 0x3, 0x97a, 0x9f, 0x3}, &(0x7f0000000040)=0x8e, &(0x7f00000000c0)=0x40, 0xd6, 0x7, 0x4, 0x81, 0x9, 0x4, 0x9, 0x2, @raw=0xfbed0000, @raw=0xfffff004}) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_policy\x00', 0x202, 0x0) bpf$auto(0x1, &(0x7f0000000540)=@link_create={@map_fd=r0, @target_fd=r4, 0x7, 0x7, @perf_event={0x8}}, 0x6f4) sendfile$auto(r4, r3, 0x0, 0x48) syz_clone(0xa300100, 0x0, 0x0, 0x0, 0x0, 0x0) shmctl$auto_SHM_LOCK(0xac6, 0xb, &(0x7f00000002c0)={{0x0, 0x0, 0xffffffffffffffff, 0x4, 0xd9}, 0xfffffc00, 0x3, 0x5, 0x6, @raw=0x8, @raw=0x201, 0x4, 0x0, &(0x7f0000000740)="99a67a2b1bead10c128805537cdc7ff5be4a3b2c23992fe21010dbf8eed366dc9585f8d49269004532f18b573b29b6289c42273242e3012dc480983a49eee5ce74d6b817a2874e87ce297ae23c820366d8386d7257000000befab0e5158baa789d20d31feb159f9cd5df7fee5681a9decf7a456fec159bd51922c44daa37b894ab23595a70307f0b37cbd75b600d02ec14f449ca0772c8df4702012681b42f72df4be69184e9466e34517e7c9fc7bd63f03edce692611efde9351d5f99146a005cbb9c02f88ae1631eae6173efd280ae2b2ba04b01e105c95323f6bccc0b7c902baaee8ebd788e885920f970951adb507cf64589", &(0x7f00000001c0)="9665d61804696ab62bde66a62307b69444c6dc9e775d4b4407afbc2c181920d474e19dc4cff52ed741474221b00b58bcde9884d13a5143529d8c3c57f7b84d1b79c023d1113151c7c0e16e10d4cf888cf37ba970759326edb105bd465da5913bc8be1b2e371a27f61e"}) r6 = getpgid$auto(0xffffffffffffffff) shmctl$auto_IPC_RMID(0x1, 0x0, &(0x7f00000004c0)={{0x4, r2, r5, 0x5, 0x7ff, 0x1}, 0x5, 0x10000000000fff, 0x8, 0x5, @inferred, @inferred=r6, 0xd69, 0x0, &(0x7f0000000340)="0e9b1f8a9f2d3d3c0c24454d879bd405ae3eed8a51fae20acf5cfb1cf36176841dcb4432f273315c460460e1533cc5895ae9813677ac27e70b0925c871de1e0e6c96347bb2438e0b613bcb7da493c4e87521d49d53dafda627c82e8a834b87a9860a8117b2fe8751c2839752658dd46a2f0bc74500da10667c8b3749df1460e1bfa4e16c9add9b6ee39f780c83e188cc47c3f6c1ab29d150db1b309d8c8b2fabca07e4117e4a8b84654a6032f75093fdda8f5af14286a9b1fa086c3ad9e9569cc1c6a706590ccc248e53c0351f7a45c12617333ccfff", &(0x7f0000000440)="108cea25fb64e2f6a105bddd4622712d06f5bae8398a46bbaef09f94b0f502f89d2c0501a70417e535331b13d24a453c73a014ff5c66c24548c0bc4b4f6d56a8320af2be0ceedb198ffd001328d1b4c1d44e06120bba651a83a25c375bdee888256a06045bf35ace"}) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r7, 0x5453, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000700), 0x8001) r8 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r8, 0x5606, 0x7) 7.246530608s ago: executing program 0 (id=2354): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = socket(0x26, 0x2, 0x4) mmap$auto(0x0, 0x20009, 0xda, 0xeb1, 0x405, 0x0) sysfs$auto(0x2, 0x100000000000037, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1e, 0x1, 0x0) socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socket(0x2, 0x3, 0xa) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8) close_range$auto(0x2, 0x8, 0x0) ioperm$auto(0x6, 0x81, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) syncfs$auto(r1) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x0, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0xfffffffe, 0x0, 0xf89, 0x9, 0x837, 0x8}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card2/midi3\x00', 0x400c02, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/dev\x00', 0x40100, 0x0) getsockopt$auto_SO_OOBINLINE(r0, 0x2, 0xa, &(0x7f0000000080)='ns/cgroup\x00', &(0x7f00000000c0)=0x200) pread64$auto(r3, 0x0, 0x10001, 0x830) 6.963814494s ago: executing program 0 (id=2355): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r1 = socket(0xf, 0x5, 0x20) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) read$auto_ftrace_enable_fops_trace_events(r3, 0x0, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r4, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') r5 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setgroups$auto(0xc00000000, 0xfffffffffffffffc) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) r6 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r4, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r5, 0x0, 0xffffffffffffffff, 0x9}, {r0, 0x0, 0x10000333d, 0x7}, {r6, 0x0, 0x7, 0x2}, {r0, 0x0, 0x8, 0xd589}, {r1, 0x0, 0xa7, 0x2}]}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x20040, 0x0) r7 = fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x800, 0x0) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) 6.083034862s ago: executing program 3 (id=2356): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r1 = socket(0xf, 0x5, 0x20) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) read$auto_ftrace_enable_fops_trace_events(r3, &(0x7f0000000580)=""/155, 0x9b) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r4, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') r5 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setgroups$auto(0xc00000000, 0xfffffffffffffffc) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) r6 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r4, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r5, 0x0, 0xffffffffffffffff, 0x9}, {r0, 0x0, 0x10000333d, 0x7}, {r6, 0x0, 0x7, 0x2}, {r0, 0x0, 0x8, 0xd589}, {r1, 0x0, 0xa7, 0x2}]}) sysfs$auto(0x2, 0x11, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x20040, 0x0) r7 = fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x800, 0x0) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) 5.227809772s ago: executing program 0 (id=2357): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x42, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000000000899edb615550fd8c7c924d87f0030047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)="42bf46", 0x3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xfffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.14/usb38/38-0:1.0/usb38-port1/usb3_lpm_permit\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000000280)="16c8ae39519bbe7a253b302a6c81a04860426be36aeb99776aa7d3b33c38351cc5e8272e595bab60ffdb32d15924bc60d45976da67d6b4f371ca226225857acb4e5b4f09456946b869fc1b01bb0602285368c084334b0678e13ed49d8d52533df3fe6b48d1c99f83c613ff7be83f42fdccf2bdd1628aebde9d3429813ef8aada", 0x80) capset$auto(0x0, 0x0) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x23a002, 0x0) ioctl$auto_TIOCSWINSZ(r4, 0x5414, &(0x7f0000000300)="bb894ad3e1a8d99bba6b8c6702cc3a43936353485d5fa75a669fe02be138b8c275c3c31a80d31aaf31cf013ce092ed53d80f1be6d1b5f0dfeb7c5fe2060bd1ec868f231e2492a244005937f853994cf74fe2f51adb5e92c2e1198b16c46274e57b8e0ce097bf921dbbf4100f9d20c1024d7d358d7cd6853be8cf851abcbede392f0c8df36b93e9feb1fac8d81e851b316aaf9bc259b0a89d82dbdaa0898916a6d0d8f7483d6298675d40f98ec565d2adbd9b5b8fc3be9fa7d458891e283e18920091d17aff9439aca634de") move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x44084) madvise$auto(0x0, 0xffffffffffff0009, 0x19) 5.060755474s ago: executing program 4 (id=2358): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r1 = socket(0xf, 0x5, 0x20) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) read$auto_ftrace_enable_fops_trace_events(r3, &(0x7f0000000580)=""/155, 0x9b) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r4, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') r5 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setgroups$auto(0xc00000000, 0xfffffffffffffffc) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) r6 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r4, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r5, 0x0, 0xffffffffffffffff, 0x9}, {r0, 0x0, 0x10000333d, 0x7}, {r6, 0x0, 0x7, 0x2}, {r0, 0x0, 0x8, 0xd589}, {r1, 0x0, 0xa7, 0x2}]}) sysfs$auto(0x2, 0x11, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x20040, 0x0) r7 = fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x800, 0x0) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) 4.696664252s ago: executing program 3 (id=2359): mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) write$auto(r0, 0x0, 0xfffffde9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card1/pcm1c/xrun_debug\x00', 0x20440, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/hsr_slave_1/proxy_ndp\x00', 0x440000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4020565b, 0x38) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x9, 0xffffffff, 0x8000200008011, 0xffffffffffffffff, 0x8000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x18000) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) 3.884389343s ago: executing program 4 (id=2360): r0 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, r0, 0x7ffd) clock_adjtime$auto(0x1, &(0x7f0000000280)={0xfff, 0x0, 0x6fe, 0x40003, 0x7, 0x4, 0x8227, 0x0, 0x2, 0x0, 0x8, {0x7, 0x800}, 0x101, 0xf8, 0xa, 0xd94, 0x0, 0x1, 0x7, 0x6, 0xa9, 0x3, 0xfffffffe}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x20200, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x4dd8, 0x5) mmap$auto(0x0, 0x20009, 0x809, 0xeb1, 0x401, 0x80000000008000) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32, @ANYBLOB="0400028008000100"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x1}, 0x801) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/sysname\x00', 0x80002, 0x0) writev$auto(r2, &(0x7f0000000240)={0x0, 0x9}, 0xb) io_submit$auto(0x2, 0x40fc, &(0x7f00000000c0)=&(0x7f0000000080)={0x6, 0x3, 0x9, 0x9, 0xb044, r2, 0x9, 0x0, 0x8, 0x0, 0x1192, r2}) write$auto_hwflags_ops_debugfs(r3, &(0x7f0000000100)="0f570657e69ffbffdd117eae480e90817122f168c6f24c5c679e0ec2ecd2e0753cde48", 0x23) openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, r0, 0x7ffd) (async) clock_adjtime$auto(0x1, &(0x7f0000000280)={0xfff, 0x0, 0x6fe, 0x40003, 0x7, 0x4, 0x8227, 0x0, 0x2, 0x0, 0x8, {0x7, 0x800}, 0x101, 0xf8, 0xa, 0xd94, 0x0, 0x1, 0x7, 0x6, 0xa9, 0x3, 0xfffffffe}) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x20200, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x4dd8, 0x5) (async) mmap$auto(0x0, 0x20009, 0x809, 0xeb1, 0x401, 0x80000000008000) (async) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32, @ANYBLOB="0400028008000100"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x1}, 0x801) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/sysname\x00', 0x80002, 0x0) (async) writev$auto(r2, &(0x7f0000000240)={0x0, 0x9}, 0xb) (async) io_submit$auto(0x2, 0x40fc, &(0x7f00000000c0)=&(0x7f0000000080)={0x6, 0x3, 0x9, 0x9, 0xb044, r2, 0x9, 0x0, 0x8, 0x0, 0x1192, r2}) (async) write$auto_hwflags_ops_debugfs(r3, &(0x7f0000000100)="0f570657e69ffbffdd117eae480e90817122f168c6f24c5c679e0ec2ecd2e0753cde48", 0x23) (async) 3.620021928s ago: executing program 3 (id=2361): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1a, 0x5, 0x0) r2 = socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r2, 0xd}, 0x92) r3 = open(0x0, 0x261c2, 0x84) r4 = bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x24008804) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x13, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) mmap$auto(0x4, 0x10000, 0x4000000000e3, 0x11, 0xffffffffffffffff, 0x10008001) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) 3.424137282s ago: executing program 4 (id=2362): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r1 = socket(0xf, 0x5, 0x20) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) read$auto_ftrace_enable_fops_trace_events(r3, 0x0, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r4, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setgroups$auto(0xc00000000, 0xfffffffffffffffc) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0) sysfs$auto(0x2, 0x11, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x20040, 0x0) r5 = fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x800, 0x0) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) 3.071611235s ago: executing program 3 (id=2363): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) r1 = socket(0xf, 0x5, 0x20) setsockopt$auto(r1, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=ANY=[], 0x1094}, 0x1, 0x0, 0x0, 0x4081}, 0xc000) read$auto_ftrace_enable_fops_trace_events(r3, 0x0, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r4, 0x57, r2) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') r5 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setgroups$auto(0xc00000000, 0xfffffffffffffffc) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) r6 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_clock\x00', 0x0, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r4, 0x40087543, &(0x7f00000004c0)={0x1, 0x80, [{0xffffffffffffffff, 0x0, 0x5, 0xef0}, {r5, 0x0, 0xffffffffffffffff, 0x9}, {r0, 0x0, 0x10000333d, 0x7}, {r6, 0x0, 0x7, 0x2}, {r0, 0x0, 0x8, 0xd589}, {r1, 0x0, 0xa7, 0x2}]}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp1\x00', 0x20040, 0x0) r7 = fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x800, 0x0) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) 1.739402078s ago: executing program 4 (id=2364): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) r1 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) ioctl$auto_I2C_RDWR(0xffffffffffffffff, 0x707, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) 766.692779ms ago: executing program 3 (id=2365): capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r0, 0x0, 0xe) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b67, 0x1) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) write$auto(0xffffffffffffffff, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xfa\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x400000103) r3 = socket(0x9, 0x4, 0x400) mmap$auto(0x1, 0x2020009, 0x3, 0x10, r0, 0x8000) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), r3) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000180)="285ecf7e037b55e1ab7a4f76992f65c6415bf83a1dbdf2c6c5e006b2e5e027c00f96dad6274a64b2878a42144a92217419d1586fc6d20bdf574fae2b958d59a2518677c559eba44de9112cf6c1fa7f9f93f6fd92bc4e4c39199566e6357935fffc05c8b7523b36cd1db40563ab0d5ef018172ca9860267e22834fb3e01c71b86121c9b09f81877d895ba10c871673dc023c9a133074d031b377b9b1c638b2450d6e4") ioctl$auto(r4, 0x541c, r5) 477.295499ms ago: executing program 0 (id=2366): r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self/environ\x00', 0x202400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) readv$auto(r0, 0x0, 0x40000000000400) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0xa2180, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f27, 0x0) read$auto_proc_environ_operations_base(r0, 0x0, 0x0) mmap$auto(0xffffffffffffffff, 0x2000002060009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x200006, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x1, 0x0) msgctl$auto_MSG_STAT_ANY(0x4, 0xd, &(0x7f0000000100)={{0x9, 0xee00, 0xee00, 0x3, 0x97a, 0x9f, 0x3}, &(0x7f0000000040)=0x8e, &(0x7f00000000c0)=0x40, 0xd6, 0x7, 0x4, 0x81, 0x9, 0x4, 0x9, 0x2, @raw=0xfbed0000, @raw=0xfffff004}) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_policy\x00', 0x202, 0x0) bpf$auto(0x1, &(0x7f0000000540)=@link_create={@map_fd=r0, @target_fd=r4, 0x7, 0x7, @perf_event={0x8}}, 0x6f4) sendfile$auto(r4, r3, 0x0, 0x48) syz_clone(0xa300100, 0x0, 0x0, 0x0, 0x0, 0x0) shmctl$auto_SHM_LOCK(0xac6, 0xb, &(0x7f00000002c0)={{0x0, 0x0, 0xffffffffffffffff, 0x4, 0xd9}, 0xfffffc00, 0x3, 0x5, 0x6, @raw=0x8, @raw=0x201, 0x4, 0x0, &(0x7f0000000740)="99a67a2b1bead10c128805537cdc7ff5be4a3b2c23992fe21010dbf8eed366dc9585f8d49269004532f18b573b29b6289c42273242e3012dc480983a49eee5ce74d6b817a2874e87ce297ae23c820366d8386d7257000000befab0e5158baa789d20d31feb159f9cd5df7fee5681a9decf7a456fec159bd51922c44daa37b894ab23595a70307f0b37cbd75b600d02ec14f449ca0772c8df4702012681b42f72df4be69184e9466e34517e7c9fc7bd63f03edce692611efde9351d5f99146a005cbb9c02f88ae1631eae6173efd280ae2b2ba04b01e105c95323f6bccc0b7c902baaee8ebd788e885920f970951adb507cf64589", &(0x7f00000001c0)="9665d61804696ab62bde66a62307b69444c6dc9e775d4b4407afbc2c181920d474e19dc4cff52ed741474221b00b58bcde9884d13a5143529d8c3c57f7b84d1b79c023d1113151c7c0e16e10d4cf888cf37ba970759326edb105bd465da5913bc8be1b2e371a27f61e"}) r6 = getpgid$auto(0xffffffffffffffff) shmctl$auto_IPC_RMID(0x1, 0x0, &(0x7f00000004c0)={{0x4, r2, r5, 0x5, 0x7ff, 0x1}, 0x5, 0x10000000000fff, 0x8, 0x5, @inferred, @inferred=r6, 0xd69, 0x0, &(0x7f0000000340)="0e9b1f8a9f2d3d3c0c24454d879bd405ae3eed8a51fae20acf5cfb1cf36176841dcb4432f273315c460460e1533cc5895ae9813677ac27e70b0925c871de1e0e6c96347bb2438e0b613bcb7da493c4e87521d49d53dafda627c82e8a834b87a9860a8117b2fe8751c2839752658dd46a2f0bc74500da10667c8b3749df1460e1bfa4e16c9add9b6ee39f780c83e188cc47c3f6c1ab29d150db1b309d8c8b2fabca07e4117e4a8b84654a6032f75093fdda8f5af14286a9b1fa086c3ad9e9569cc1c6a706590ccc248e53c0351f7a45c12617333ccfff", &(0x7f0000000440)="108cea25fb64e2f6a105bddd4622712d06f5bae8398a46bbaef09f94b0f502f89d2c0501a70417e535331b13d24a453c73a014ff5c66c24548c0bc4b4f6d56a8320af2be0ceedb198ffd001328d1b4c1d44e06120bba651a83a25c375bdee888256a06045bf35ace"}) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r7, 0x5453, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000700), 0x8001) r8 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r8, 0x5606, 0x7) 0s ago: executing program 0 (id=2367): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x6) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f0000000100)={0x0, 0xf0ff, &(0x7f00000000c0)={&(0x7f0000000140)={0x30, r3, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x1c, 0x1e, 0x0, 0x1, [@nested={0x18, 0x122, 0x0, 0x1, [@nested={0x8, 0x46, 0x0, 0x1, [@nested={0x4, 0xf7}]}, @nested={0xa, 0x10, 0x0, 0x1, [@generic='\x00\x00\x00*O{']}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x5}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setresuid$auto(0x2, 0x7, 0x8080) ioctl$auto(0x3, 0x400454ca, 0x38) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000001c0), r1) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r4, 0x200, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x80d0}, 0x100) kernel console output (not intermixed with test programs): 65.511161][T11403] R10: 0000000000000052 R11: 0000000000000246 R12: 0000000000000001 [ 565.511174][T11403] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 565.511204][T11403] [ 566.133567][ T30] audit: type=1800 audit(6042200336.911:5): pid=11418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1329" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 567.190668][ T5824] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 567.190706][ T5824] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 567.207787][ T5824] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 567.207818][ T5824] Bluetooth: hci2: adv larger than maximum supported [ 567.214892][ T5824] Bluetooth: hci2: adv larger than maximum supported [ 567.224209][ T5824] Bluetooth: hci2: Malformed LE Event: 0x0d [ 568.110665][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.117166][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.232070][T11488] .^: entered promiscuous mode [ 573.152385][T11498] sp0: Synchronizing with TNC [ 573.734292][T11497] Invalid ELF header magic: != ELF [ 574.354986][T11513] Invalid ELF header magic: != ELF [ 574.455252][T11517] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1358'. [ 575.401315][T11524] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1360'. [ 575.502494][T11524] bridge0: port 3(vlan1) entered disabled state [ 575.944654][T11530] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1361'. [ 576.010702][T11524] vlan1 (unregistering): left allmulticast mode [ 576.041064][T11524] veth0_vlan (unregistering): left allmulticast mode [ 576.087206][T11524] vlan1 (unregistering): left promiscuous mode [ 576.133056][T11524] bridge0: port 3(vlan1) entered disabled state [ 577.317239][T11548] sp0: Synchronizing with TNC [ 578.926358][ T5824] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 578.926391][ T5824] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 578.946723][ T5824] Bluetooth: hci0: Dropping invalid advertising data [ 578.953480][ T5824] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 579.603221][T11584] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1374'. [ 579.765452][T11589] FAULT_INJECTION: forcing a failure. [ 579.765452][T11589] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 579.898820][T11589] CPU: 0 UID: 0 PID: 11589 Comm: syz.0.1377 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 579.898860][T11589] Tainted: [U]=USER [ 579.898868][T11589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 579.898888][T11589] Call Trace: [ 579.898895][T11589] [ 579.898904][T11589] dump_stack_lvl+0x16c/0x1f0 [ 579.898944][T11589] should_fail_ex+0x512/0x640 [ 579.898982][T11589] _copy_from_user+0x2e/0xd0 [ 579.899020][T11589] copy_msghdr_from_user+0x98/0x160 [ 579.899048][T11589] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 579.899080][T11589] ? kfree+0x252/0x4d0 [ 579.899101][T11589] ? __lock_acquire+0x5ca/0x1ba0 [ 579.899137][T11589] ___sys_recvmsg+0xdb/0x1a0 [ 579.899164][T11589] ? __pfx____sys_recvmsg+0x10/0x10 [ 579.899207][T11589] ? __pfx___might_resched+0x10/0x10 [ 579.899240][T11589] do_recvmmsg+0x2fe/0x740 [ 579.899271][T11589] ? __pfx_do_recvmmsg+0x10/0x10 [ 579.899304][T11589] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 579.899349][T11589] ? __fget_files+0x20e/0x3c0 [ 579.899377][T11589] __x64_sys_recvmmsg+0x22a/0x280 [ 579.899408][T11589] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 579.899436][T11589] ? rcu_is_watching+0x12/0xc0 [ 579.899465][T11589] do_syscall_64+0xcd/0x230 [ 579.899501][T11589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.899524][T11589] RIP: 0033:0x7f778cd8e969 [ 579.899541][T11589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.899563][T11589] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 579.899585][T11589] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 579.899601][T11589] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 579.899614][T11589] RBP: 00007f778db66090 R08: 0000000000000000 R09: 0000000000000000 [ 579.899629][T11589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 579.899642][T11589] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 579.899671][T11589] [ 580.671019][T11604] binder: 11602:11604 ioctl 4030582b 6 returned -22 [ 580.711865][T11604] binder: 11602:11604 ioctl c0306201 2000000000c0 returned -11 [ 582.364922][T11624] Invalid ELF header magic: != ELF [ 582.394311][T11609] kexec: Could not allocate control_code_buffer [ 582.864551][T11635] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1387'. [ 584.323521][T11650] Invalid ELF header magic: != ELF [ 587.954888][T11685] Invalid ELF header magic: != ELF [ 588.710317][ T5824] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 588.710352][ T5824] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 588.726371][ T5824] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 588.726399][ T5824] Bluetooth: hci0: adv larger than maximum supported [ 588.733453][ T5824] Bluetooth: hci0: adv larger than maximum supported [ 588.740340][ T5824] Bluetooth: hci0: Malformed LE Event: 0x0d [ 589.365745][T11710] sp0: Synchronizing with TNC [ 590.639265][T11724] input: f¬ as /devices/virtual/input/input22 [ 590.738016][ T5824] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 590.738052][ T5824] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 590.753145][ T5824] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 590.753181][ T5824] Bluetooth: hci0: adv larger than maximum supported [ 590.760505][ T5824] Bluetooth: hci0: adv larger than maximum supported [ 590.767351][ T5824] Bluetooth: hci0: Malformed LE Event: 0x0d [ 591.677623][ T5824] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 591.677663][ T5824] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 591.692552][ T5824] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 591.692579][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 591.699668][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 591.706567][ T5824] Bluetooth: hci1: Malformed LE Event: 0x0d [ 592.154102][T11741] Invalid ELF header magic: != ELF [ 596.573709][T11772] can: request_module (can-proto-3) failed. [ 598.884121][T11808] Invalid ELF header magic: != ELF [ 600.463020][T11831] FAULT_INJECTION: forcing a failure. [ 600.463020][T11831] name failslab, interval 1, probability 0, space 0, times 0 [ 600.564414][T11831] CPU: 0 UID: 0 PID: 11831 Comm: syz.0.1436 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 600.564454][T11831] Tainted: [U]=USER [ 600.564461][T11831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 600.564475][T11831] Call Trace: [ 600.564482][T11831] [ 600.564491][T11831] dump_stack_lvl+0x16c/0x1f0 [ 600.564531][T11831] should_fail_ex+0x512/0x640 [ 600.564565][T11831] ? fs_reclaim_acquire+0xae/0x150 [ 600.564605][T11831] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 600.564650][T11831] should_failslab+0xc2/0x120 [ 600.564681][T11831] __kmalloc_noprof+0xd2/0x510 [ 600.564713][T11831] tomoyo_realpath_from_path+0xc2/0x6e0 [ 600.564751][T11831] ? tomoyo_profile+0x47/0x60 [ 600.564775][T11831] tomoyo_path_number_perm+0x245/0x580 [ 600.564803][T11831] ? tomoyo_path_number_perm+0x237/0x580 [ 600.564834][T11831] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 600.564864][T11831] ? find_held_lock+0x2b/0x80 [ 600.564913][T11831] ? find_held_lock+0x2b/0x80 [ 600.564935][T11831] ? hook_file_ioctl_common+0x145/0x410 [ 600.564968][T11831] ? __fget_files+0x20e/0x3c0 [ 600.564995][T11831] security_file_ioctl+0x9b/0x240 [ 600.565026][T11831] __x64_sys_ioctl+0xb7/0x200 [ 600.565062][T11831] do_syscall_64+0xcd/0x230 [ 600.565099][T11831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.565123][T11831] RIP: 0033:0x7f778cd8e969 [ 600.565141][T11831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 600.565164][T11831] RSP: 002b:00007f778db45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 600.565185][T11831] RAX: ffffffffffffffda RBX: 00007f778cfb6080 RCX: 00007f778cd8e969 [ 600.565201][T11831] RDX: 00002000000001c0 RSI: fffffff7effffd04 RDI: 0000000000000003 [ 600.565216][T11831] RBP: 00007f778db45090 R08: 0000000000000000 R09: 0000000000000000 [ 600.565230][T11831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 600.565244][T11831] R13: 0000000000000000 R14: 00007f778cfb6080 R15: 00007ffef3e37948 [ 600.565273][T11831] [ 600.565282][T11831] ERROR: Out of memory at tomoyo_realpath_from_path. [ 602.337549][ T5824] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 602.337585][ T5824] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 602.353313][ T5824] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 602.353344][ T5824] Bluetooth: hci3: adv larger than maximum supported [ 602.360877][ T5824] Bluetooth: hci3: adv larger than maximum supported [ 602.368056][ T5824] Bluetooth: hci3: Malformed LE Event: 0x0d [ 602.502639][T11854] FAULT_INJECTION: forcing a failure. [ 602.502639][T11854] name failslab, interval 1, probability 0, space 0, times 0 [ 602.531770][T11854] CPU: 0 UID: 0 PID: 11854 Comm: syz.2.1441 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 602.531814][T11854] Tainted: [U]=USER [ 602.531822][T11854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 602.531836][T11854] Call Trace: [ 602.531845][T11854] [ 602.531854][T11854] dump_stack_lvl+0x16c/0x1f0 [ 602.531896][T11854] should_fail_ex+0x512/0x640 [ 602.531931][T11854] ? __kmalloc_noprof+0xbf/0x510 [ 602.531961][T11854] ? constrain_params_by_rules+0x175/0xca0 [ 602.531999][T11854] should_failslab+0xc2/0x120 [ 602.532030][T11854] __kmalloc_noprof+0xd2/0x510 [ 602.532057][T11854] ? unwind_get_return_address+0x59/0xa0 [ 602.532093][T11854] constrain_params_by_rules+0x175/0xca0 [ 602.532136][T11854] ? stack_trace_save+0x8e/0xc0 [ 602.532164][T11854] ? stack_depot_save_flags+0x28/0xa50 [ 602.532201][T11854] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 602.532246][T11854] ? __kasan_kmalloc+0xaa/0xb0 [ 602.532269][T11854] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 602.532307][T11854] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 602.532342][T11854] ? snd_pcm_oss_sync+0x32e/0x840 [ 602.532387][T11854] ? rcu_is_watching+0x12/0xc0 [ 602.532416][T11854] ? snd_interval_refine+0x2fa/0x580 [ 602.532447][T11854] snd_pcm_hw_refine+0x7de/0xad0 [ 602.532489][T11854] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 602.532537][T11854] ? __asan_memset+0x23/0x50 [ 602.532558][T11854] ? _snd_pcm_hw_param_min+0x259/0x630 [ 602.532598][T11854] snd_pcm_oss_change_params_locked+0x65e/0x3b40 [ 602.532637][T11854] ? __mutex_init+0x70/0x120 [ 602.532672][T11854] ? rcu_is_watching+0x12/0xc0 [ 602.532695][T11854] ? trace_contention_end+0xdd/0x130 [ 602.532734][T11854] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 602.532774][T11854] ? snd_pcm_oss_sync+0x30c/0x840 [ 602.532830][T11854] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 602.532869][T11854] snd_pcm_oss_sync+0x32e/0x840 [ 602.532909][T11854] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 602.532945][T11854] snd_pcm_oss_release+0x28b/0x310 [ 602.532983][T11854] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 602.533019][T11854] __fput+0x3ff/0xb70 [ 602.533055][T11854] task_work_run+0x14d/0x240 [ 602.533094][T11854] ? __pfx_task_work_run+0x10/0x10 [ 602.533132][T11854] ? __pfx___do_sys_close_range+0x10/0x10 [ 602.533154][T11854] ? rcu_is_watching+0x12/0xc0 [ 602.533182][T11854] syscall_exit_to_user_mode+0x27b/0x2a0 [ 602.533220][T11854] do_syscall_64+0xda/0x230 [ 602.533257][T11854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.533283][T11854] RIP: 0033:0x7f8d5e38e969 [ 602.533303][T11854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.533327][T11854] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 602.533350][T11854] RAX: 0000000000000000 RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 602.533365][T11854] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 602.533379][T11854] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 602.533394][T11854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 602.533413][T11854] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 602.533443][T11854] [ 603.746587][T11860] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1443'. [ 605.960415][T11893] sp0: Synchronizing with TNC [ 606.111891][ T5824] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 606.111928][ T5824] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 606.129689][ T5824] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 606.129719][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 606.137181][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 606.144341][ T5824] Bluetooth: hci1: Malformed LE Event: 0x0d [ 607.691898][ T5824] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 607.691935][ T5824] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 607.717596][ T5824] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 607.717630][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 607.724729][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 607.733575][ T5824] Bluetooth: hci1: Malformed LE Event: 0x0d [ 608.266163][T11920] sp1: Synchronizing with TNC [ 608.763771][T11930] input: f¬ as /devices/virtual/input/input24 [ 609.132988][ T5824] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 609.133036][ T5824] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 609.148842][ T5824] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 609.148870][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 609.156109][ T5824] Bluetooth: hci1: adv larger than maximum supported [ 609.162899][ T5824] Bluetooth: hci1: Malformed LE Event: 0x0d [ 612.590329][T11976] capability: warning: `syz.1.1474' uses 32-bit capabilities (legacy support in use) [ 612.929046][T11983] mkiss: ax0: crc mode is auto. [ 616.688652][ T5824] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 616.688687][ T5824] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 616.703935][ T5824] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 616.703963][ T5824] Bluetooth: hci2: adv larger than maximum supported [ 616.712168][ T5824] Bluetooth: hci2: Malformed LE Event: 0x0d [ 620.891058][T12049] random: crng reseeded on system resumption [ 621.015669][T12049] FAULT_INJECTION: forcing a failure. [ 621.015669][T12049] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 621.357183][T12049] CPU: 0 UID: 0 PID: 12049 Comm: syz.2.1491 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 621.357233][T12049] Tainted: [U]=USER [ 621.357241][T12049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 621.357256][T12049] Call Trace: [ 621.357264][T12049] [ 621.357273][T12049] dump_stack_lvl+0x16c/0x1f0 [ 621.357315][T12049] should_fail_ex+0x512/0x640 [ 621.357356][T12049] should_fail_alloc_page+0xe7/0x130 [ 621.357389][T12049] prepare_alloc_pages+0x3c2/0x610 [ 621.357427][T12049] ? unwind_get_return_address+0x59/0xa0 [ 621.357459][T12049] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 621.357615][T12049] ? stack_trace_save+0x8e/0xc0 [ 621.357648][T12049] ? __pfx_stack_trace_save+0x10/0x10 [ 621.357672][T12049] ? stack_depot_save_flags+0x28/0xa50 [ 621.357711][T12049] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 621.357746][T12049] ? kasan_save_stack+0x42/0x60 [ 621.357771][T12049] ? kasan_save_stack+0x33/0x60 [ 621.357797][T12049] ? kasan_save_track+0x14/0x30 [ 621.357827][T12049] ? chrdev_open+0x231/0x6a0 [ 621.357852][T12049] ? do_dentry_open+0x741/0x1c10 [ 621.357876][T12049] ? vfs_open+0x82/0x3f0 [ 621.357906][T12049] ? path_openat+0x1e5e/0x2d40 [ 621.357928][T12049] ? do_filp_open+0x20b/0x470 [ 621.357956][T12049] ? do_sys_openat2+0x11b/0x1d0 [ 621.357986][T12049] ? __x64_sys_openat+0x174/0x210 [ 621.358019][T12049] ? do_syscall_64+0xcd/0x230 [ 621.358055][T12049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.358082][T12049] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 621.358120][T12049] ? policy_nodemask+0xea/0x4e0 [ 621.358154][T12049] alloc_pages_mpol+0x1fb/0x550 [ 621.358194][T12049] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 621.358239][T12049] alloc_pages_noprof+0x131/0x390 [ 621.358280][T12049] get_zeroed_page_noprof+0x14/0x50 [ 621.358318][T12049] get_image_page+0x18/0x190 [ 621.358344][T12049] chain_alloc+0x8c/0xd0 [ 621.358370][T12049] memory_bm_create+0x30f/0x810 [ 621.358407][T12049] create_basic_memory_bitmaps+0x10f/0x680 [ 621.358441][T12049] snapshot_open+0x235/0x2b0 [ 621.358469][T12049] ? __pfx_snapshot_open+0x10/0x10 [ 621.358499][T12049] misc_open+0x35d/0x420 [ 621.358531][T12049] ? __pfx_misc_open+0x10/0x10 [ 621.358554][T12049] chrdev_open+0x231/0x6a0 [ 621.358580][T12049] ? __pfx_apparmor_file_open+0x10/0x10 [ 621.358615][T12049] ? __pfx_chrdev_open+0x10/0x10 [ 621.358646][T12049] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 621.358692][T12049] do_dentry_open+0x741/0x1c10 [ 621.358719][T12049] ? __pfx_chrdev_open+0x10/0x10 [ 621.358752][T12049] vfs_open+0x82/0x3f0 [ 621.358789][T12049] path_openat+0x1e5e/0x2d40 [ 621.358825][T12049] ? __pfx_path_openat+0x10/0x10 [ 621.358859][T12049] do_filp_open+0x20b/0x470 [ 621.358884][T12049] ? __pfx_do_filp_open+0x10/0x10 [ 621.358931][T12049] ? alloc_fd+0x471/0x7d0 [ 621.358962][T12049] do_sys_openat2+0x11b/0x1d0 [ 621.358996][T12049] ? __pfx_do_sys_openat2+0x10/0x10 [ 621.359043][T12049] __x64_sys_openat+0x174/0x210 [ 621.359079][T12049] ? __pfx___x64_sys_openat+0x10/0x10 [ 621.359123][T12049] ? rcu_is_watching+0x12/0xc0 [ 621.359157][T12049] do_syscall_64+0xcd/0x230 [ 621.359199][T12049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.359225][T12049] RIP: 0033:0x7f8d5e38e969 [ 621.359246][T12049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.359295][T12049] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 621.359320][T12049] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 621.359337][T12049] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 621.359353][T12049] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 621.359368][T12049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.359382][T12049] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 621.359413][T12049] [ 624.313587][T12077] sp0: Synchronizing with TNC [ 628.114318][T12104] binder: 12103:12104 ioctl 4030582b 6 returned -22 [ 629.551756][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.560603][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.662595][T12135] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 631.672150][ T5137] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 631.680523][ T5137] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 631.689603][ T5137] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 631.697453][ T5137] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 633.785943][ T5137] Bluetooth: hci4: command tx timeout [ 634.517842][T12133] chnl_net:caif_netlink_parms(): no params data found [ 635.655715][T12133] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.718589][T12133] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.769777][T12133] bridge_slave_0: entered allmulticast mode [ 635.818324][T12133] bridge_slave_0: entered promiscuous mode [ 635.868938][ T5137] Bluetooth: hci4: command tx timeout [ 635.879911][T12133] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.951874][T12133] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.992514][T12133] bridge_slave_1: entered allmulticast mode [ 636.056079][T12133] bridge_slave_1: entered promiscuous mode [ 636.922536][T12133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 636.971492][T12133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 637.708886][T12133] team0: Port device team_slave_0 added [ 637.769468][T12133] team0: Port device team_slave_1 added [ 637.952299][ T5137] Bluetooth: hci4: command tx timeout [ 638.006388][T12133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.053439][T12133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.223147][T12133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.301336][T12133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.348824][T12133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.519462][T12133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.990578][T12133] hsr_slave_0: entered promiscuous mode [ 639.047161][T12133] hsr_slave_1: entered promiscuous mode [ 639.053462][T12133] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 639.132075][T12133] Cannot create hsr debugfs directory [ 640.028980][ T5137] Bluetooth: hci4: command tx timeout [ 640.550740][T12133] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 640.617325][T12133] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 640.773287][T12133] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 640.838145][T12133] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 640.966211][T12186] Invalid ELF header magic: != ELF [ 641.989007][T12133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.179446][T12133] 8021q: adding VLAN 0 to HW filter on device team0 [ 642.368820][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.376056][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 642.457761][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.464959][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 643.884197][T12133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 644.487137][T12208] Invalid ELF header magic: != ELF [ 645.390501][T12220] binder: 12219:12220 ioctl 4030582b 6 returned -22 [ 645.426429][T12220] binder: 12219:12220 ioctl c0306201 2000000000c0 returned -14 [ 645.751241][T12133] veth0_vlan: entered promiscuous mode [ 645.811180][T12133] veth1_vlan: entered promiscuous mode [ 646.042553][T12133] veth0_macvtap: entered promiscuous mode [ 646.147636][T12133] veth1_macvtap: entered promiscuous mode [ 646.285423][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.368104][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.429800][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.494304][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.560518][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.632623][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.718225][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.789098][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.857889][T12133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 646.928516][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.011536][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.075488][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.144664][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.209634][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.284394][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.322327][T12233] Invalid ELF header magic: != ELF [ 647.349165][T12133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.428121][T12133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.479647][T12133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 647.614689][T12133] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.716138][T12133] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.724900][T12133] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.849136][T12133] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.566255][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 649.622047][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.263708][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 650.309791][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 651.717283][ T5137] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 651.717317][ T5137] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 651.733974][ T5137] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 651.734005][ T5137] Bluetooth: hci0: adv larger than maximum supported [ 651.741401][ T5137] Bluetooth: hci0: adv larger than maximum supported [ 651.748489][ T5137] Bluetooth: hci0: Malformed LE Event: 0x0d [ 654.240543][T12280] random: crng reseeded on system resumption [ 654.457589][T12280] FAULT_INJECTION: forcing a failure. [ 654.457589][T12280] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 654.809784][T12280] CPU: 0 UID: 0 PID: 12280 Comm: syz.3.1537 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 654.809826][T12280] Tainted: [U]=USER [ 654.809834][T12280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.809848][T12280] Call Trace: [ 654.809856][T12280] [ 654.809865][T12280] dump_stack_lvl+0x16c/0x1f0 [ 654.809934][T12280] should_fail_ex+0x512/0x640 [ 654.809975][T12280] should_fail_alloc_page+0xe7/0x130 [ 654.810018][T12280] prepare_alloc_pages+0x3c2/0x610 [ 654.810056][T12280] ? unwind_get_return_address+0x59/0xa0 [ 654.810089][T12280] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 654.810210][T12280] ? stack_trace_save+0x8e/0xc0 [ 654.810245][T12280] ? __pfx_stack_trace_save+0x10/0x10 [ 654.810270][T12280] ? stack_depot_save_flags+0x28/0xa50 [ 654.810309][T12280] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 654.810351][T12280] ? kasan_save_stack+0x42/0x60 [ 654.810378][T12280] ? kasan_save_stack+0x33/0x60 [ 654.810407][T12280] ? kasan_save_track+0x14/0x30 [ 654.810435][T12280] ? chrdev_open+0x231/0x6a0 [ 654.810460][T12280] ? do_dentry_open+0x741/0x1c10 [ 654.810485][T12280] ? vfs_open+0x82/0x3f0 [ 654.810515][T12280] ? path_openat+0x1e5e/0x2d40 [ 654.810536][T12280] ? do_filp_open+0x20b/0x470 [ 654.810557][T12280] ? do_sys_openat2+0x11b/0x1d0 [ 654.810588][T12280] ? __x64_sys_openat+0x174/0x210 [ 654.810620][T12280] ? do_syscall_64+0xcd/0x230 [ 654.810655][T12280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.810683][T12280] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 654.810719][T12280] ? policy_nodemask+0xea/0x4e0 [ 654.810752][T12280] alloc_pages_mpol+0x1fb/0x550 [ 654.810784][T12280] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 654.810824][T12280] alloc_pages_noprof+0x131/0x390 [ 654.810856][T12280] get_zeroed_page_noprof+0x14/0x50 [ 654.810891][T12280] get_image_page+0x18/0x190 [ 654.810915][T12280] chain_alloc+0x8c/0xd0 [ 654.810939][T12280] memory_bm_create+0x30f/0x810 [ 654.810975][T12280] create_basic_memory_bitmaps+0x10f/0x680 [ 654.811007][T12280] snapshot_open+0x235/0x2b0 [ 654.811035][T12280] ? __pfx_snapshot_open+0x10/0x10 [ 654.811064][T12280] misc_open+0x35d/0x420 [ 654.811086][T12280] ? __pfx_misc_open+0x10/0x10 [ 654.811108][T12280] chrdev_open+0x231/0x6a0 [ 654.811134][T12280] ? __pfx_apparmor_file_open+0x10/0x10 [ 654.811171][T12280] ? __pfx_chrdev_open+0x10/0x10 [ 654.811202][T12280] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 654.811248][T12280] do_dentry_open+0x741/0x1c10 [ 654.811275][T12280] ? __pfx_chrdev_open+0x10/0x10 [ 654.811310][T12280] vfs_open+0x82/0x3f0 [ 654.811347][T12280] path_openat+0x1e5e/0x2d40 [ 654.811383][T12280] ? __pfx_path_openat+0x10/0x10 [ 654.811424][T12280] do_filp_open+0x20b/0x470 [ 654.811450][T12280] ? __pfx_do_filp_open+0x10/0x10 [ 654.811499][T12280] ? alloc_fd+0x471/0x7d0 [ 654.811531][T12280] do_sys_openat2+0x11b/0x1d0 [ 654.811564][T12280] ? __pfx_do_sys_openat2+0x10/0x10 [ 654.811611][T12280] __x64_sys_openat+0x174/0x210 [ 654.811647][T12280] ? __pfx___x64_sys_openat+0x10/0x10 [ 654.811685][T12280] ? rcu_is_watching+0x12/0xc0 [ 654.811717][T12280] do_syscall_64+0xcd/0x230 [ 654.811758][T12280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.811783][T12280] RIP: 0033:0x7fbdd458e969 [ 654.811805][T12280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.811831][T12280] RSP: 002b:00007fbdd5468038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 654.811854][T12280] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa0 RCX: 00007fbdd458e969 [ 654.811872][T12280] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 654.811888][T12280] RBP: 00007fbdd4610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 654.811904][T12280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.811919][T12280] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 654.811952][T12280] [ 657.352813][T12320] FAULT_INJECTION: forcing a failure. [ 657.352813][T12320] name failslab, interval 1, probability 0, space 0, times 0 [ 657.522371][T12320] CPU: 0 UID: 0 PID: 12320 Comm: syz.2.1547 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 657.522414][T12320] Tainted: [U]=USER [ 657.522422][T12320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 657.522437][T12320] Call Trace: [ 657.522446][T12320] [ 657.522455][T12320] dump_stack_lvl+0x16c/0x1f0 [ 657.522503][T12320] should_fail_ex+0x512/0x640 [ 657.522539][T12320] ? __kmalloc_noprof+0xbf/0x510 [ 657.522570][T12320] ? ops_init+0x77/0x5f0 [ 657.522599][T12320] should_failslab+0xc2/0x120 [ 657.522631][T12320] __kmalloc_noprof+0xd2/0x510 [ 657.522665][T12320] ops_init+0x77/0x5f0 [ 657.522699][T12320] setup_net+0x21e/0x850 [ 657.522733][T12320] ? __pfx_setup_net+0x10/0x10 [ 657.522762][T12320] ? lockdep_init_map_type+0x5c/0x280 [ 657.522796][T12320] ? __pfx_down_read_killable+0x10/0x10 [ 657.522824][T12320] ? debug_mutex_init+0x37/0x70 [ 657.522850][T12320] copy_net_ns+0x2a6/0x5f0 [ 657.522887][T12320] create_new_namespaces+0x3ea/0xad0 [ 657.522923][T12320] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 657.522954][T12320] ksys_unshare+0x45b/0xa40 [ 657.522995][T12320] ? __pfx_ksys_unshare+0x10/0x10 [ 657.523027][T12320] ? xfd_validate_state+0x5d/0x180 [ 657.523053][T12320] ? rcu_is_watching+0x12/0xc0 [ 657.523084][T12320] __x64_sys_unshare+0x31/0x40 [ 657.523119][T12320] do_syscall_64+0xcd/0x230 [ 657.523159][T12320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.523184][T12320] RIP: 0033:0x7f8d5e38e969 [ 657.523204][T12320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.523229][T12320] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 657.523252][T12320] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 657.523268][T12320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 657.523284][T12320] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 657.523299][T12320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.523319][T12320] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 657.523350][T12320] [ 657.742039][ C0] vkms_vblank_simulate: vblank timer overrun [ 662.137865][T12352] netlink: 'syz.3.1554': attribute type 2 has an invalid length. [ 681.648679][T12526] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 685.065077][T12568] sp0: Synchronizing with TNC [ 691.036516][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.042860][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.251381][T12614] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 696.247513][T12661] sp0: Synchronizing with TNC [ 696.421444][T12666] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 700.204904][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.286680][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 702.322868][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 702.612490][T12724] binder: 12722:12724 ioctl 4030582b 6 returned -22 [ 703.080823][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 703.793573][ T12] bridge_slave_1: left allmulticast mode [ 703.870425][ T12] bridge_slave_1: left promiscuous mode [ 703.915325][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.244171][ T12] bridge_slave_0: left allmulticast mode [ 704.333978][ T12] bridge_slave_0: left promiscuous mode [ 704.381963][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 705.402806][T12770] binder: 12769:12770 ioctl 4030582b 6 returned -22 [ 706.600269][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 706.658659][ T12] bond0 (unregistering): (slave ): Releasing backup interface [ 706.699479][ T12] bond0 (unregistering): Released all slaves [ 709.422573][ T12] hsr_slave_0: left promiscuous mode [ 709.467639][ T12] hsr_slave_1: left promiscuous mode [ 709.500169][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 709.556221][T12820] Invalid ELF header magic: != ELF [ 709.589469][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 709.660104][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 709.725043][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 709.764955][T12823] Invalid ELF header magic: != ELF [ 709.902342][ T12] veth1_macvtap: left promiscuous mode [ 709.952796][ T12] veth0_macvtap: left promiscuous mode [ 709.989535][ T12] veth1_vlan: left promiscuous mode [ 710.028041][ T12] veth0_vlan: left promiscuous mode [ 711.091825][T12838] Invalid ELF header magic: != ELF [ 712.931067][ T12] team0 (unregistering): Port device team_slave_1 removed [ 713.160019][ T12] team0 (unregistering): Port device team_slave_0 removed [ 719.113637][T12923] Invalid ELF header magic: != ELF [ 719.584933][T12934] netlink: 346 bytes leftover after parsing attributes in process `syz.0.1685'. [ 719.668145][T12934] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1685'. [ 719.739328][T12939] sg_read: process 1509 (syz.0.1685) changed security contexts after opening file descriptor, this is not allowed. [ 719.852763][T12934] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1685'. syzkaller syzkaller login: [ 723.025430][T12974] random: crng reseeded on system resumption [ 723.074611][T12974] FAULT_INJECTION: forcing a failure. [ 723.074611][T12974] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 723.212614][T12974] CPU: 0 UID: 0 PID: 12974 Comm: syz.2.1693 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 723.212657][T12974] Tainted: [U]=USER [ 723.212666][T12974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 723.212682][T12974] Call Trace: [ 723.212690][T12974] [ 723.212701][T12974] dump_stack_lvl+0x16c/0x1f0 [ 723.212743][T12974] should_fail_ex+0x512/0x640 [ 723.212785][T12974] should_fail_alloc_page+0xe7/0x130 [ 723.212820][T12974] prepare_alloc_pages+0x3c2/0x610 [ 723.212864][T12974] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 723.212903][T12974] ? stack_trace_save+0x8e/0xc0 [ 723.212935][T12974] ? __pfx_stack_trace_save+0x10/0x10 [ 723.212960][T12974] ? stack_depot_save_flags+0x28/0xa50 [ 723.213005][T12974] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 723.213038][T12974] ? kasan_save_stack+0x42/0x60 [ 723.213063][T12974] ? kasan_save_stack+0x33/0x60 [ 723.213087][T12974] ? kasan_save_track+0x14/0x30 [ 723.213117][T12974] ? vfs_open+0x82/0x3f0 [ 723.213146][T12974] ? path_openat+0x1e5e/0x2d40 [ 723.213168][T12974] ? do_filp_open+0x20b/0x470 [ 723.213190][T12974] ? do_sys_openat2+0x11b/0x1d0 [ 723.213221][T12974] ? __x64_sys_openat+0x174/0x210 [ 723.213254][T12974] ? do_syscall_64+0xcd/0x230 [ 723.213288][T12974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.213316][T12974] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 723.213350][T12974] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 723.213385][T12974] ? policy_nodemask+0xea/0x4e0 [ 723.213418][T12974] alloc_pages_mpol+0x1fb/0x550 [ 723.213451][T12974] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 723.213490][T12974] alloc_pages_noprof+0x131/0x390 [ 723.213523][T12974] get_zeroed_page_noprof+0x14/0x50 [ 723.213559][T12974] get_image_page+0x18/0x190 [ 723.213583][T12974] alloc_rtree_node+0x3c/0xb0 [ 723.213607][T12974] memory_bm_create+0x515/0x810 [ 723.213646][T12974] create_basic_memory_bitmaps+0x10f/0x680 [ 723.213679][T12974] snapshot_open+0x235/0x2b0 [ 723.213706][T12974] ? __pfx_snapshot_open+0x10/0x10 [ 723.213735][T12974] misc_open+0x35d/0x420 [ 723.213758][T12974] ? __pfx_misc_open+0x10/0x10 [ 723.213779][T12974] chrdev_open+0x231/0x6a0 [ 723.213806][T12974] ? __pfx_apparmor_file_open+0x10/0x10 [ 723.213838][T12974] ? __pfx_chrdev_open+0x10/0x10 [ 723.213871][T12974] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 723.213941][T12974] do_dentry_open+0x741/0x1c10 [ 723.213968][T12974] ? __pfx_chrdev_open+0x10/0x10 [ 723.214002][T12974] vfs_open+0x82/0x3f0 [ 723.214038][T12974] path_openat+0x1e5e/0x2d40 [ 723.214075][T12974] ? __pfx_path_openat+0x10/0x10 [ 723.214108][T12974] do_filp_open+0x20b/0x470 [ 723.214133][T12974] ? __pfx_do_filp_open+0x10/0x10 [ 723.214180][T12974] ? alloc_fd+0x471/0x7d0 [ 723.214210][T12974] do_sys_openat2+0x11b/0x1d0 [ 723.214243][T12974] ? __pfx_do_sys_openat2+0x10/0x10 [ 723.214288][T12974] __x64_sys_openat+0x174/0x210 [ 723.214323][T12974] ? __pfx___x64_sys_openat+0x10/0x10 [ 723.214359][T12974] ? rcu_is_watching+0x12/0xc0 [ 723.214390][T12974] do_syscall_64+0xcd/0x230 [ 723.214430][T12974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.214454][T12974] RIP: 0033:0x7f8d5e38e969 [ 723.214474][T12974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.214498][T12974] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 723.214522][T12974] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 723.214539][T12974] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 723.214555][T12974] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 723.214570][T12974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.214585][T12974] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 723.214616][T12974] [ 725.082964][T13027] i2c i2c-0: delete_device: Can't find device in list [ 727.747708][T13060] sp0: Synchronizing with TNC [ 728.262062][T13074] sp1: Synchronizing with TNC [ 730.286288][T13102] Invalid ELF header magic: != ELF [ 730.413802][T13107] can: request_module (can-proto-3) failed. [ 731.714251][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 731.730461][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 732.666570][T13139] ptp ptp0: max value is 20 [ 734.700834][T13159] binder: 13147:13159 ioctl 4030582b 6 returned -22 [ 734.766731][T13173] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 735.168588][T13158] random: crng reseeded on system resumption [ 735.223831][T13158] FAULT_INJECTION: forcing a failure. [ 735.223831][T13158] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 735.484100][T13158] CPU: 0 UID: 0 PID: 13158 Comm: syz.0.1723 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 735.484154][T13158] Tainted: [U]=USER [ 735.484163][T13158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 735.484178][T13158] Call Trace: [ 735.484187][T13158] [ 735.484197][T13158] dump_stack_lvl+0x16c/0x1f0 [ 735.484239][T13158] should_fail_ex+0x512/0x640 [ 735.484280][T13158] should_fail_alloc_page+0xe7/0x130 [ 735.484315][T13158] prepare_alloc_pages+0x3c2/0x610 [ 735.484360][T13158] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 735.484397][T13158] ? stack_trace_save+0x8e/0xc0 [ 735.484423][T13158] ? __pfx_stack_trace_save+0x10/0x10 [ 735.484448][T13158] ? stack_depot_save_flags+0x28/0xa50 [ 735.484487][T13158] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 735.484520][T13158] ? kasan_save_stack+0x42/0x60 [ 735.484545][T13158] ? kasan_save_stack+0x33/0x60 [ 735.484569][T13158] ? kasan_save_track+0x14/0x30 [ 735.484599][T13158] ? vfs_open+0x82/0x3f0 [ 735.484635][T13158] ? path_openat+0x1e5e/0x2d40 [ 735.484658][T13158] ? do_filp_open+0x20b/0x470 [ 735.484680][T13158] ? do_sys_openat2+0x11b/0x1d0 [ 735.484712][T13158] ? __x64_sys_openat+0x174/0x210 [ 735.484745][T13158] ? do_syscall_64+0xcd/0x230 [ 735.484780][T13158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.484806][T13158] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 735.484840][T13158] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 735.484875][T13158] ? policy_nodemask+0xea/0x4e0 [ 735.484908][T13158] alloc_pages_mpol+0x1fb/0x550 [ 735.484940][T13158] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 735.484980][T13158] alloc_pages_noprof+0x131/0x390 [ 735.485012][T13158] get_zeroed_page_noprof+0x14/0x50 [ 735.485047][T13158] get_image_page+0x18/0x190 [ 735.485072][T13158] alloc_rtree_node+0x3c/0xb0 [ 735.485096][T13158] memory_bm_create+0x515/0x810 [ 735.485138][T13158] create_basic_memory_bitmaps+0x10f/0x680 [ 735.485170][T13158] snapshot_open+0x235/0x2b0 [ 735.485198][T13158] ? __pfx_snapshot_open+0x10/0x10 [ 735.485227][T13158] misc_open+0x35d/0x420 [ 735.485250][T13158] ? __pfx_misc_open+0x10/0x10 [ 735.485272][T13158] chrdev_open+0x231/0x6a0 [ 735.485299][T13158] ? __pfx_apparmor_file_open+0x10/0x10 [ 735.485333][T13158] ? __pfx_chrdev_open+0x10/0x10 [ 735.485362][T13158] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 735.485406][T13158] do_dentry_open+0x741/0x1c10 [ 735.485432][T13158] ? __pfx_chrdev_open+0x10/0x10 [ 735.485466][T13158] vfs_open+0x82/0x3f0 [ 735.485502][T13158] path_openat+0x1e5e/0x2d40 [ 735.485538][T13158] ? __pfx_path_openat+0x10/0x10 [ 735.485570][T13158] do_filp_open+0x20b/0x470 [ 735.485595][T13158] ? __pfx_do_filp_open+0x10/0x10 [ 735.485642][T13158] ? alloc_fd+0x471/0x7d0 [ 735.485673][T13158] do_sys_openat2+0x11b/0x1d0 [ 735.485706][T13158] ? __pfx_do_sys_openat2+0x10/0x10 [ 735.485751][T13158] __x64_sys_openat+0x174/0x210 [ 735.485791][T13158] ? __pfx___x64_sys_openat+0x10/0x10 [ 735.485827][T13158] ? rcu_is_watching+0x12/0xc0 [ 735.485859][T13158] do_syscall_64+0xcd/0x230 [ 735.485898][T13158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.485922][T13158] RIP: 0033:0x7f778cd8e969 [ 735.485942][T13158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 735.485967][T13158] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 735.485990][T13158] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 735.486007][T13158] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 735.486023][T13158] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 735.486038][T13158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 735.486054][T13158] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 735.486085][T13158] [ 735.868478][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.002784][T13188] FAULT_INJECTION: forcing a failure. [ 736.002784][T13188] name failslab, interval 1, probability 0, space 0, times 0 [ 736.016229][T13188] CPU: 0 UID: 0 PID: 13188 Comm: syz.3.1728 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 736.016266][T13188] Tainted: [U]=USER [ 736.016274][T13188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 736.016289][T13188] Call Trace: [ 736.016299][T13188] [ 736.016309][T13188] dump_stack_lvl+0x16c/0x1f0 [ 736.016349][T13188] should_fail_ex+0x512/0x640 [ 736.016384][T13188] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 736.016412][T13188] should_failslab+0xc2/0x120 [ 736.016442][T13188] __kmalloc_cache_noprof+0x6a/0x3e0 [ 736.016467][T13188] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 736.016507][T13188] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 736.016543][T13188] ? genl_start+0x1e8/0x980 [ 736.016579][T13188] genl_start+0x1e8/0x980 [ 736.016617][T13188] __netlink_dump_start+0x60b/0x990 [ 736.016651][T13188] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 736.016688][T13188] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 736.016723][T13188] ? genl_rcv_msg+0x577/0x800 [ 736.016762][T13188] ? __pfx_genl_get_cmd+0x10/0x10 [ 736.016792][T13188] ? __pfx_genl_start+0x10/0x10 [ 736.016822][T13188] ? __pfx_genl_dumpit+0x10/0x10 [ 736.016853][T13188] ? __pfx_genl_done+0x10/0x10 [ 736.016890][T13188] ? __local_bh_enable_ip+0xa4/0x120 [ 736.016917][T13188] ? __dev_queue_xmit+0x896/0x43e0 [ 736.016939][T13188] ? __radix_tree_lookup+0x21f/0x2c0 [ 736.016977][T13188] genl_rcv_msg+0x46e/0x800 [ 736.017015][T13188] ? __pfx_genl_rcv_msg+0x10/0x10 [ 736.017050][T13188] ? __pfx___dev_queue_xmit+0x10/0x10 [ 736.017072][T13188] ? __pfx_smc_nl_get_stats+0x10/0x10 [ 736.017116][T13188] ? __lock_acquire+0xaa4/0x1ba0 [ 736.017153][T13188] netlink_rcv_skb+0x16d/0x440 [ 736.017184][T13188] ? __pfx_genl_rcv_msg+0x10/0x10 [ 736.017220][T13188] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 736.017267][T13188] ? __pfx_down_read+0x10/0x10 [ 736.017290][T13188] ? netlink_deliver_tap+0x1ae/0xd30 [ 736.017324][T13188] genl_rcv+0x28/0x40 [ 736.017354][T13188] netlink_unicast+0x53a/0x7f0 [ 736.017389][T13188] ? __pfx_netlink_unicast+0x10/0x10 [ 736.017418][T13188] ? __lock_acquire+0xaa4/0x1ba0 [ 736.017456][T13188] netlink_sendmsg+0x8d1/0xdd0 [ 736.017492][T13188] ? __pfx_netlink_sendmsg+0x10/0x10 [ 736.017535][T13188] ____sys_sendmsg+0xa98/0xc70 [ 736.017572][T13188] ? copy_msghdr_from_user+0x10a/0x160 [ 736.017601][T13188] ? __pfx_____sys_sendmsg+0x10/0x10 [ 736.017650][T13188] ___sys_sendmsg+0x134/0x1d0 [ 736.017680][T13188] ? __pfx____sys_sendmsg+0x10/0x10 [ 736.017747][T13188] __sys_sendmsg+0x16d/0x220 [ 736.017776][T13188] ? __pfx___sys_sendmsg+0x10/0x10 [ 736.017814][T13188] ? rcu_is_watching+0x12/0xc0 [ 736.017844][T13188] do_syscall_64+0xcd/0x230 [ 736.017881][T13188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.017905][T13188] RIP: 0033:0x7fbdd458e969 [ 736.017924][T13188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.017948][T13188] RSP: 002b:00007fbdd5468038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 736.017971][T13188] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa0 RCX: 00007fbdd458e969 [ 736.017987][T13188] RDX: 0000000000000810 RSI: 0000200000000140 RDI: 0000000000000003 [ 736.018002][T13188] RBP: 00007fbdd5468090 R08: 0000000000000000 R09: 0000000000000000 [ 736.018017][T13188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 736.018031][T13188] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 736.018062][T13188] [ 736.369128][ C0] vkms_vblank_simulate: vblank timer overrun [ 742.456880][T13280] Invalid ELF header magic: != ELF [ 743.375118][T13299] program syz.2.1746 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 746.377820][T13312] FAULT_INJECTION: forcing a failure. [ 746.377820][T13312] name failslab, interval 1, probability 0, space 0, times 0 [ 746.469170][T13312] CPU: 0 UID: 0 PID: 13312 Comm: syz.3.1747 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 746.469214][T13312] Tainted: [U]=USER [ 746.469223][T13312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 746.469238][T13312] Call Trace: [ 746.469246][T13312] [ 746.469257][T13312] dump_stack_lvl+0x16c/0x1f0 [ 746.469299][T13312] should_fail_ex+0x512/0x640 [ 746.469336][T13312] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 746.469369][T13312] should_failslab+0xc2/0x120 [ 746.469400][T13312] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 746.469435][T13312] ? ptlock_alloc+0x1f/0x70 [ 746.469464][T13312] ptlock_alloc+0x1f/0x70 [ 746.469488][T13312] pte_alloc_one+0x6d/0x380 [ 746.469518][T13312] __pte_alloc+0x6d/0x3c0 [ 746.469551][T13312] ? __pfx___pte_alloc+0x10/0x10 [ 746.469585][T13312] ? _raw_spin_unlock+0x28/0x50 [ 746.469616][T13312] ? __pmd_alloc+0x3c2/0x870 [ 746.469655][T13312] copy_page_range+0x3a27/0x5f80 [ 746.469705][T13312] ? cgroup_rstat_updated+0x2a/0xb20 [ 746.469763][T13312] ? __pfx_copy_page_range+0x10/0x10 [ 746.469819][T13312] ? __pfx___might_resched+0x10/0x10 [ 746.469845][T13312] ? __pfx_mas_store+0x10/0x10 [ 746.469866][T13312] ? __vma_enter_locked+0x163/0x3f0 [ 746.469900][T13312] ? copy_process+0x85dd/0x91a0 [ 746.469931][T13312] ? down_write+0x14d/0x200 [ 746.469956][T13312] ? up_write+0x1b2/0x520 [ 746.469995][T13312] copy_process+0x862b/0x91a0 [ 746.470048][T13312] ? __pfx_copy_process+0x10/0x10 [ 746.470077][T13312] ? __pfx___futex_wait+0x10/0x10 [ 746.470137][T13312] kernel_clone+0xfc/0x960 [ 746.470171][T13312] ? __pfx_kernel_clone+0x10/0x10 [ 746.470220][T13312] __do_sys_clone+0xce/0x120 [ 746.470252][T13312] ? __pfx___do_sys_clone+0x10/0x10 [ 746.470283][T13312] ? ksys_unshare+0x687/0xa40 [ 746.470330][T13312] ? rcu_is_watching+0x12/0xc0 [ 746.470362][T13312] do_syscall_64+0xcd/0x230 [ 746.470406][T13312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.470431][T13312] RIP: 0033:0x7fbdd458e969 [ 746.470451][T13312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.470476][T13312] RSP: 002b:00007fbdd5467fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 746.470499][T13312] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa0 RCX: 00007fbdd458e969 [ 746.470515][T13312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 746.470531][T13312] RBP: 00007fbdd4610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 746.470546][T13312] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 746.470560][T13312] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 746.470591][T13312] [ 751.288527][T13382] random: crng reseeded on system resumption [ 751.343403][T13382] FAULT_INJECTION: forcing a failure. [ 751.343403][T13382] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 751.608079][T13382] CPU: 0 UID: 0 PID: 13382 Comm: syz.0.1758 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 751.608126][T13382] Tainted: [U]=USER [ 751.608135][T13382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 751.608149][T13382] Call Trace: [ 751.608158][T13382] [ 751.608168][T13382] dump_stack_lvl+0x16c/0x1f0 [ 751.608210][T13382] should_fail_ex+0x512/0x640 [ 751.608251][T13382] should_fail_alloc_page+0xe7/0x130 [ 751.608285][T13382] prepare_alloc_pages+0x3c2/0x610 [ 751.608329][T13382] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 751.608367][T13382] ? stack_trace_save+0x8e/0xc0 [ 751.608393][T13382] ? __pfx_stack_trace_save+0x10/0x10 [ 751.608424][T13382] ? stack_depot_save_flags+0x28/0xa50 [ 751.608462][T13382] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 751.608495][T13382] ? kasan_save_stack+0x42/0x60 [ 751.608520][T13382] ? kasan_save_stack+0x33/0x60 [ 751.608544][T13382] ? kasan_save_track+0x14/0x30 [ 751.608573][T13382] ? vfs_open+0x82/0x3f0 [ 751.608603][T13382] ? path_openat+0x1e5e/0x2d40 [ 751.608625][T13382] ? do_filp_open+0x20b/0x470 [ 751.608646][T13382] ? do_sys_openat2+0x11b/0x1d0 [ 751.608677][T13382] ? __x64_sys_openat+0x174/0x210 [ 751.608709][T13382] ? do_syscall_64+0xcd/0x230 [ 751.608744][T13382] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.608771][T13382] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 751.608803][T13382] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 751.608839][T13382] ? policy_nodemask+0xea/0x4e0 [ 751.608872][T13382] alloc_pages_mpol+0x1fb/0x550 [ 751.608904][T13382] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 751.608944][T13382] alloc_pages_noprof+0x131/0x390 [ 751.608975][T13382] get_zeroed_page_noprof+0x14/0x50 [ 751.609011][T13382] get_image_page+0x18/0x190 [ 751.609035][T13382] alloc_rtree_node+0x3c/0xb0 [ 751.609058][T13382] memory_bm_create+0x515/0x810 [ 751.609098][T13382] create_basic_memory_bitmaps+0x10f/0x680 [ 751.609131][T13382] snapshot_open+0x235/0x2b0 [ 751.609158][T13382] ? __pfx_snapshot_open+0x10/0x10 [ 751.609187][T13382] misc_open+0x35d/0x420 [ 751.609210][T13382] ? __pfx_misc_open+0x10/0x10 [ 751.609232][T13382] chrdev_open+0x231/0x6a0 [ 751.609258][T13382] ? __pfx_apparmor_file_open+0x10/0x10 [ 751.609291][T13382] ? __pfx_chrdev_open+0x10/0x10 [ 751.609321][T13382] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 751.609365][T13382] do_dentry_open+0x741/0x1c10 [ 751.609392][T13382] ? __pfx_chrdev_open+0x10/0x10 [ 751.609426][T13382] vfs_open+0x82/0x3f0 [ 751.609462][T13382] path_openat+0x1e5e/0x2d40 [ 751.609497][T13382] ? __pfx_path_openat+0x10/0x10 [ 751.609530][T13382] do_filp_open+0x20b/0x470 [ 751.609555][T13382] ? __pfx_do_filp_open+0x10/0x10 [ 751.609602][T13382] ? alloc_fd+0x471/0x7d0 [ 751.609633][T13382] do_sys_openat2+0x11b/0x1d0 [ 751.609666][T13382] ? __pfx_do_sys_openat2+0x10/0x10 [ 751.609712][T13382] __x64_sys_openat+0x174/0x210 [ 751.609746][T13382] ? __pfx___x64_sys_openat+0x10/0x10 [ 751.609783][T13382] ? rcu_is_watching+0x12/0xc0 [ 751.609814][T13382] do_syscall_64+0xcd/0x230 [ 751.609854][T13382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.609879][T13382] RIP: 0033:0x7f778cd8e969 [ 751.609899][T13382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 751.609924][T13382] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 751.609947][T13382] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 751.609963][T13382] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 751.609979][T13382] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 751.609994][T13382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.610008][T13382] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 751.610039][T13382] [ 752.559577][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.568274][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 754.666161][ T5137] Bluetooth: hci4: command 0x0406 tx timeout [ 760.938652][T13527] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1782'. [ 762.603560][T13536] Invalid ELF header magic: != ELF [ 763.167850][ T5137] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 763.175390][ T5137] Bluetooth: hci2: Invalid handle: 0xe200 > 0x0eff [ 768.494427][T13615] ubi0: attaching mtd0 [ 768.534193][T13615] ubi0: scanning is finished [ 768.570747][T13615] ubi0 warning: ubi_read_volume_table: volume table copy #1 is corrupted [ 768.683346][T13615] ubi0: volume table was restored [ 769.476629][T13615] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 769.639906][T13615] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 769.813753][T13615] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 769.971577][T13615] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 770.150069][T13615] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 770.366068][T13615] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 770.374214][T13615] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3919693443 [ 770.813928][T13615] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 770.976997][T13633] ubi0: background thread "ubi_bgt0d" started, PID 13633 [ 776.114673][T13729] Invalid ELF header magic: != ELF [ 776.180669][T13728] Invalid ELF header magic: != ELF [ 776.854148][T13738] Invalid ELF header magic: != ELF [ 779.113745][ T5137] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 781.901357][T13790] Invalid ELF header magic: != ELF [ 783.728636][T13812] random: crng reseeded on system resumption [ 786.539932][T13840] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 786.668801][T13840] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 786.874659][T13840] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 787.018848][T13840] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 787.044779][T13840] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 788.441027][T13870] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1845'. [ 788.586060][ T5137] Bluetooth: hci0: command 0x0406 tx timeout [ 788.746155][ T5137] Bluetooth: hci3: command 0x0406 tx timeout [ 788.906003][ T5137] Bluetooth: hci2: command 0x0406 tx timeout [ 789.061179][T13878] sp0: Synchronizing with TNC [ 789.066176][ T5137] Bluetooth: hci4: command 0x0406 tx timeout [ 791.148742][ T5137] Bluetooth: hci4: command 0x0406 tx timeout [ 791.508885][T13901] can: request_module (can-proto-3) failed. [ 792.223080][T13886] random: crng reseeded on system resumption [ 792.230796][T13912] FAULT_INJECTION: forcing a failure. [ 792.230796][T13912] name failslab, interval 1, probability 0, space 0, times 0 [ 792.306452][T13912] CPU: 0 UID: 0 PID: 13912 Comm: syz.0.1853 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 792.306492][T13912] Tainted: [U]=USER [ 792.306500][T13912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 792.306515][T13912] Call Trace: [ 792.306531][T13912] [ 792.306542][T13912] dump_stack_lvl+0x16c/0x1f0 [ 792.306584][T13912] should_fail_ex+0x512/0x640 [ 792.306620][T13912] ? __kmalloc_noprof+0xbf/0x510 [ 792.306649][T13912] ? lsm_blob_alloc+0x68/0x90 [ 792.306671][T13912] should_failslab+0xc2/0x120 [ 792.306701][T13912] __kmalloc_noprof+0xd2/0x510 [ 792.306735][T13912] lsm_blob_alloc+0x68/0x90 [ 792.306757][T13912] security_prepare_creds+0x30/0x270 [ 792.306796][T13912] prepare_creds+0x56f/0x7d0 [ 792.306835][T13912] __sys_setregid+0x101/0x910 [ 792.306859][T13912] ? rcu_is_watching+0x12/0xc0 [ 792.306885][T13912] do_syscall_64+0xcd/0x230 [ 792.306924][T13912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.306948][T13912] RIP: 0033:0x7f778cd8e969 [ 792.306967][T13912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 792.306991][T13912] RSP: 002b:00007f778db45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 792.307014][T13912] RAX: ffffffffffffffda RBX: 00007f778cfb6080 RCX: 00007f778cd8e969 [ 792.307031][T13912] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 792.307045][T13912] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 792.307060][T13912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.307075][T13912] R13: 0000000000000000 R14: 00007f778cfb6080 R15: 00007ffef3e37948 [ 792.307105][T13912] [ 796.880037][T13966] sp0: Synchronizing with TNC [ 797.620148][T13957] random: crng reseeded on system resumption [ 797.681182][T13957] FAULT_INJECTION: forcing a failure. [ 797.681182][T13957] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 797.809085][T13957] CPU: 0 UID: 0 PID: 13957 Comm: syz.4.1863 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 797.809127][T13957] Tainted: [U]=USER [ 797.809136][T13957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 797.809151][T13957] Call Trace: [ 797.809159][T13957] [ 797.809170][T13957] dump_stack_lvl+0x16c/0x1f0 [ 797.809213][T13957] should_fail_ex+0x512/0x640 [ 797.809255][T13957] should_fail_alloc_page+0xe7/0x130 [ 797.809289][T13957] prepare_alloc_pages+0x3c2/0x610 [ 797.809333][T13957] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 797.809371][T13957] ? stack_trace_save+0x8e/0xc0 [ 797.809397][T13957] ? __pfx_stack_trace_save+0x10/0x10 [ 797.809422][T13957] ? stack_depot_save_flags+0x28/0xa50 [ 797.809468][T13957] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 797.809501][T13957] ? kasan_save_stack+0x42/0x60 [ 797.809525][T13957] ? kasan_save_stack+0x33/0x60 [ 797.809550][T13957] ? kasan_save_track+0x14/0x30 [ 797.809580][T13957] ? vfs_open+0x82/0x3f0 [ 797.809610][T13957] ? path_openat+0x1e5e/0x2d40 [ 797.809632][T13957] ? do_filp_open+0x20b/0x470 [ 797.809653][T13957] ? do_sys_openat2+0x11b/0x1d0 [ 797.809684][T13957] ? __x64_sys_openat+0x174/0x210 [ 797.809716][T13957] ? do_syscall_64+0xcd/0x230 [ 797.809751][T13957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.809779][T13957] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 797.809812][T13957] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 797.809847][T13957] ? policy_nodemask+0xea/0x4e0 [ 797.809880][T13957] alloc_pages_mpol+0x1fb/0x550 [ 797.809912][T13957] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 797.809952][T13957] alloc_pages_noprof+0x131/0x390 [ 797.809984][T13957] get_zeroed_page_noprof+0x14/0x50 [ 797.810020][T13957] get_image_page+0x18/0x190 [ 797.810044][T13957] alloc_rtree_node+0x3c/0xb0 [ 797.810068][T13957] memory_bm_create+0x515/0x810 [ 797.810103][T13957] create_basic_memory_bitmaps+0x10f/0x680 [ 797.810135][T13957] snapshot_open+0x235/0x2b0 [ 797.810163][T13957] ? __pfx_snapshot_open+0x10/0x10 [ 797.810194][T13957] misc_open+0x35d/0x420 [ 797.810217][T13957] ? __pfx_misc_open+0x10/0x10 [ 797.810238][T13957] chrdev_open+0x231/0x6a0 [ 797.810264][T13957] ? __pfx_apparmor_file_open+0x10/0x10 [ 797.810298][T13957] ? __pfx_chrdev_open+0x10/0x10 [ 797.810327][T13957] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 797.810371][T13957] do_dentry_open+0x741/0x1c10 [ 797.810398][T13957] ? __pfx_chrdev_open+0x10/0x10 [ 797.810431][T13957] vfs_open+0x82/0x3f0 [ 797.810474][T13957] path_openat+0x1e5e/0x2d40 [ 797.810511][T13957] ? __pfx_path_openat+0x10/0x10 [ 797.810543][T13957] do_filp_open+0x20b/0x470 [ 797.810569][T13957] ? __pfx_do_filp_open+0x10/0x10 [ 797.810615][T13957] ? alloc_fd+0x471/0x7d0 [ 797.810646][T13957] do_sys_openat2+0x11b/0x1d0 [ 797.810679][T13957] ? __pfx_do_sys_openat2+0x10/0x10 [ 797.810724][T13957] __x64_sys_openat+0x174/0x210 [ 797.810759][T13957] ? __pfx___x64_sys_openat+0x10/0x10 [ 797.810795][T13957] ? rcu_is_watching+0x12/0xc0 [ 797.810826][T13957] do_syscall_64+0xcd/0x230 [ 797.810866][T13957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.810891][T13957] RIP: 0033:0x7f9d02f8e969 [ 797.810911][T13957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.810935][T13957] RSP: 002b:00007f9d03e83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 797.810958][T13957] RAX: ffffffffffffffda RBX: 00007f9d031b5fa0 RCX: 00007f9d02f8e969 [ 797.810975][T13957] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 797.810991][T13957] RBP: 00007f9d03010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 797.811006][T13957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 797.811021][T13957] R13: 0000000000000000 R14: 00007f9d031b5fa0 R15: 00007ffdb6e79f98 [ 797.811052][T13957] [ 800.754554][T13997] Invalid ELF header magic: != ELF [ 805.958824][T14043] random: crng reseeded on system resumption [ 805.996864][T14043] FAULT_INJECTION: forcing a failure. [ 805.996864][T14043] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 806.080180][T14043] CPU: 0 UID: 0 PID: 14043 Comm: syz.0.1884 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 806.080222][T14043] Tainted: [U]=USER [ 806.080230][T14043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 806.080245][T14043] Call Trace: [ 806.080253][T14043] [ 806.080264][T14043] dump_stack_lvl+0x16c/0x1f0 [ 806.080309][T14043] should_fail_ex+0x512/0x640 [ 806.080351][T14043] should_fail_alloc_page+0xe7/0x130 [ 806.080386][T14043] prepare_alloc_pages+0x3c2/0x610 [ 806.080434][T14043] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 806.080472][T14043] ? stack_trace_save+0x8e/0xc0 [ 806.080498][T14043] ? __pfx_stack_trace_save+0x10/0x10 [ 806.080524][T14043] ? stack_depot_save_flags+0x28/0xa50 [ 806.080564][T14043] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 806.080598][T14043] ? kasan_save_stack+0x42/0x60 [ 806.080624][T14043] ? kasan_save_stack+0x33/0x60 [ 806.080650][T14043] ? kasan_save_track+0x14/0x30 [ 806.080681][T14043] ? vfs_open+0x82/0x3f0 [ 806.080711][T14043] ? path_openat+0x1e5e/0x2d40 [ 806.080739][T14043] ? do_filp_open+0x20b/0x470 [ 806.080761][T14043] ? do_sys_openat2+0x11b/0x1d0 [ 806.080793][T14043] ? __x64_sys_openat+0x174/0x210 [ 806.080825][T14043] ? do_syscall_64+0xcd/0x230 [ 806.080860][T14043] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.080888][T14043] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 806.080921][T14043] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 806.081066][T14043] ? policy_nodemask+0xea/0x4e0 [ 806.081106][T14043] alloc_pages_mpol+0x1fb/0x550 [ 806.081139][T14043] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 806.081179][T14043] alloc_pages_noprof+0x131/0x390 [ 806.081212][T14043] get_zeroed_page_noprof+0x14/0x50 [ 806.081248][T14043] get_image_page+0x18/0x190 [ 806.081273][T14043] alloc_rtree_node+0x3c/0xb0 [ 806.081298][T14043] memory_bm_create+0x515/0x810 [ 806.081335][T14043] create_basic_memory_bitmaps+0x10f/0x680 [ 806.081368][T14043] snapshot_open+0x235/0x2b0 [ 806.081395][T14043] ? __pfx_snapshot_open+0x10/0x10 [ 806.081426][T14043] misc_open+0x35d/0x420 [ 806.081451][T14043] ? __pfx_misc_open+0x10/0x10 [ 806.081473][T14043] chrdev_open+0x231/0x6a0 [ 806.081500][T14043] ? __pfx_apparmor_file_open+0x10/0x10 [ 806.081535][T14043] ? __pfx_chrdev_open+0x10/0x10 [ 806.081579][T14043] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 806.081626][T14043] do_dentry_open+0x741/0x1c10 [ 806.081654][T14043] ? __pfx_chrdev_open+0x10/0x10 [ 806.081688][T14043] vfs_open+0x82/0x3f0 [ 806.081733][T14043] path_openat+0x1e5e/0x2d40 [ 806.081772][T14043] ? __pfx_path_openat+0x10/0x10 [ 806.081806][T14043] do_filp_open+0x20b/0x470 [ 806.081833][T14043] ? __pfx_do_filp_open+0x10/0x10 [ 806.081884][T14043] ? alloc_fd+0x471/0x7d0 [ 806.081916][T14043] do_sys_openat2+0x11b/0x1d0 [ 806.081953][T14043] ? __pfx_do_sys_openat2+0x10/0x10 [ 806.082004][T14043] __x64_sys_openat+0x174/0x210 [ 806.082042][T14043] ? __pfx___x64_sys_openat+0x10/0x10 [ 806.082082][T14043] ? rcu_is_watching+0x12/0xc0 [ 806.082117][T14043] do_syscall_64+0xcd/0x230 [ 806.082161][T14043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.082187][T14043] RIP: 0033:0x7f778cd8e969 [ 806.082212][T14043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 806.082240][T14043] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 806.082264][T14043] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 806.082281][T14043] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 806.082298][T14043] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 806.082314][T14043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.082329][T14043] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 806.082362][T14043] [ 806.852438][T14065] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1889'. [ 807.056694][T14070] ubi: mtd0 is already attached to ubi0 [ 810.013768][T14102] mkiss: ax0: crc mode is auto. [ 812.261435][T14134] FAULT_INJECTION: forcing a failure. [ 812.261435][T14134] name failslab, interval 1, probability 0, space 0, times 0 [ 812.465569][T14134] CPU: 0 UID: 0 PID: 14134 Comm: syz.2.1906 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 812.465612][T14134] Tainted: [U]=USER [ 812.465620][T14134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 812.465636][T14134] Call Trace: [ 812.465644][T14134] [ 812.465654][T14134] dump_stack_lvl+0x16c/0x1f0 [ 812.465695][T14134] should_fail_ex+0x512/0x640 [ 812.465731][T14134] ? __kmalloc_noprof+0xbf/0x510 [ 812.465765][T14134] ? constrain_params_by_rules+0x175/0xca0 [ 812.465804][T14134] should_failslab+0xc2/0x120 [ 812.465835][T14134] __kmalloc_noprof+0xd2/0x510 [ 812.465866][T14134] ? do_raw_spin_lock+0x12c/0x2b0 [ 812.465907][T14134] constrain_params_by_rules+0x175/0xca0 [ 812.465947][T14134] ? mark_held_locks+0x49/0x80 [ 812.465980][T14134] ? lockdep_hardirqs_on+0x7c/0x110 [ 812.466017][T14134] ? stack_depot_save_flags+0x3e6/0xa50 [ 812.466054][T14134] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 812.466100][T14134] ? __kasan_kmalloc+0xaa/0xb0 [ 812.466124][T14134] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 812.466162][T14134] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 812.466199][T14134] ? snd_pcm_oss_get_formats+0x7e/0x340 [ 812.466251][T14134] ? rcu_is_watching+0x12/0xc0 [ 812.466275][T14134] ? snd_interval_refine+0x2fa/0x580 [ 812.466306][T14134] snd_pcm_hw_refine+0x7de/0xad0 [ 812.466350][T14134] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 812.466399][T14134] ? __asan_memset+0x23/0x50 [ 812.466422][T14134] ? _snd_pcm_hw_param_min+0x259/0x630 [ 812.466463][T14134] snd_pcm_oss_change_params_locked+0x65e/0x3b40 [ 812.466506][T14134] ? rcu_is_watching+0x12/0xc0 [ 812.466533][T14134] ? lockdep_hardirqs_on+0x7c/0x110 [ 812.466570][T14134] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 812.466611][T14134] ? __pfx___mutex_lock+0x10/0x10 [ 812.466647][T14134] ? tomoyo_path_number_perm+0x295/0x580 [ 812.466697][T14134] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 812.466742][T14134] snd_pcm_oss_get_formats+0x7e/0x340 [ 812.466778][T14134] ? find_held_lock+0x2b/0x80 [ 812.466802][T14134] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 812.466839][T14134] ? __might_fault+0x13b/0x190 [ 812.466876][T14134] snd_pcm_oss_ioctl+0x2efb/0x37a0 [ 812.466914][T14134] ? find_held_lock+0x2b/0x80 [ 812.466937][T14134] ? hook_file_ioctl_common+0x145/0x410 [ 812.466967][T14134] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 812.467009][T14134] ? __fget_files+0x20e/0x3c0 [ 812.467036][T14134] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 812.467077][T14134] __x64_sys_ioctl+0x193/0x200 [ 812.467115][T14134] do_syscall_64+0xcd/0x230 [ 812.467155][T14134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.467180][T14134] RIP: 0033:0x7f8d5e38e969 [ 812.467200][T14134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.467228][T14134] RSP: 002b:00007f8d5f240038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 812.467258][T14134] RAX: ffffffffffffffda RBX: 00007f8d5e5b6160 RCX: 00007f8d5e38e969 [ 812.467282][T14134] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000007 [ 812.467298][T14134] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 812.467313][T14134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.467328][T14134] R13: 0000000000000000 R14: 00007f8d5e5b6160 R15: 00007fff7158c758 [ 812.467360][T14134] [ 813.247148][T14148] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1910'. [ 813.868836][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.875722][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.486111][ T5137] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 815.486147][ T5137] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 815.501455][ T5137] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 815.501489][ T5137] Bluetooth: hci0: adv larger than maximum supported [ 815.515885][ T5137] Bluetooth: hci0: adv larger than maximum supported [ 815.522620][ T5137] Bluetooth: hci0: Malformed LE Event: 0x0d [ 815.574482][T14144] kexec: Could not allocate control_code_buffer [ 816.019618][T14181] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1917'. [ 816.930076][T14184] Invalid ELF header magic: != ELF [ 820.343309][T14232] FAULT_INJECTION: forcing a failure. [ 820.343309][T14232] name failslab, interval 1, probability 0, space 0, times 0 [ 820.484434][T14232] CPU: 0 UID: 0 PID: 14232 Comm: syz.0.1929 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 820.484475][T14232] Tainted: [U]=USER [ 820.484483][T14232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.484497][T14232] Call Trace: [ 820.484504][T14232] [ 820.484515][T14232] dump_stack_lvl+0x16c/0x1f0 [ 820.484556][T14232] should_fail_ex+0x512/0x640 [ 820.484591][T14232] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 820.484623][T14232] should_failslab+0xc2/0x120 [ 820.484654][T14232] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 820.484682][T14232] ? __alloc_skb+0x2b2/0x380 [ 820.484713][T14232] __alloc_skb+0x2b2/0x380 [ 820.484739][T14232] ? __pfx___alloc_skb+0x10/0x10 [ 820.484769][T14232] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 820.484806][T14232] netlink_alloc_large_skb+0x69/0x130 [ 820.484839][T14232] netlink_sendmsg+0x6a1/0xdd0 [ 820.484875][T14232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 820.484917][T14232] sock_write_iter+0x4fc/0x5b0 [ 820.484953][T14232] ? __pfx_sock_write_iter+0x10/0x10 [ 820.484999][T14232] ? bpf_lsm_file_permission+0x9/0x10 [ 820.485021][T14232] ? security_file_permission+0x71/0x210 [ 820.485063][T14232] ? rw_verify_area+0xcf/0x680 [ 820.485103][T14232] vfs_write+0x5bd/0x1180 [ 820.485127][T14232] ? __pfx_sock_write_iter+0x10/0x10 [ 820.485165][T14232] ? __pfx_vfs_write+0x10/0x10 [ 820.485186][T14232] ? find_held_lock+0x2b/0x80 [ 820.485227][T14232] ksys_write+0x205/0x240 [ 820.485250][T14232] ? __pfx_ksys_write+0x10/0x10 [ 820.485272][T14232] ? rcu_is_watching+0x12/0xc0 [ 820.485302][T14232] do_syscall_64+0xcd/0x230 [ 820.485339][T14232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.485363][T14232] RIP: 0033:0x7f778cd8e969 [ 820.485382][T14232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 820.485405][T14232] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 820.485425][T14232] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 820.485441][T14232] RDX: 00000000000002fb RSI: 0000200000000000 RDI: 0000000000000003 [ 820.485460][T14232] RBP: 00007f778db66090 R08: 0000000000000000 R09: 0000000000000000 [ 820.485475][T14232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 820.485489][T14232] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 820.485518][T14232] [ 824.160047][T14276] FAULT_INJECTION: forcing a failure. [ 824.160047][T14276] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 824.222168][T14276] CPU: 0 UID: 0 PID: 14276 Comm: syz.3.1940 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 824.222211][T14276] Tainted: [U]=USER [ 824.222219][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 824.222235][T14276] Call Trace: [ 824.222244][T14276] [ 824.222254][T14276] dump_stack_lvl+0x16c/0x1f0 [ 824.222297][T14276] should_fail_ex+0x512/0x640 [ 824.222338][T14276] strncpy_from_user+0x3b/0x2e0 [ 824.222375][T14276] getname_flags.part.0+0x8f/0x550 [ 824.222413][T14276] getname_flags+0x93/0xf0 [ 824.222450][T14276] __x64_sys_linkat+0xc4/0x130 [ 824.222480][T14276] do_syscall_64+0xcd/0x230 [ 824.222519][T14276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.222549][T14276] RIP: 0033:0x7fbdd458e969 [ 824.222568][T14276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 824.222592][T14276] RSP: 002b:00007fbdd5468038 EFLAGS: 00000246 ORIG_RAX: 0000000000000109 [ 824.222615][T14276] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa0 RCX: 00007fbdd458e969 [ 824.222631][T14276] RDX: ffffffffffffff9c RSI: 0000000000000000 RDI: 0000000000000003 [ 824.222646][T14276] RBP: 00007fbdd5468090 R08: 0000000000001000 R09: 0000000000000000 [ 824.222661][T14276] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 824.222676][T14276] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 824.222706][T14276] [ 824.373959][ C0] vkms_vblank_simulate: vblank timer overrun [ 829.173374][T14331] 0x000000000000-0x000000020000 : "" [ 829.257103][T14331] ftl_cs: FTL header not found. [ 829.763595][T14336] netlink: 'syz.4.1954': attribute type 2 has an invalid length. [ 832.586206][T14355] Invalid ELF header magic: != ELF [ 832.758894][T14361] Invalid ELF header magic: != ELF [ 837.130094][T14397] Invalid ELF header magic: != ELF [ 839.353897][T14420] netlink: 'syz.2.1971': attribute type 2 has an invalid length. [ 839.383665][T14415] Invalid ELF header magic: != ELF [ 843.475518][T14442] netlink: 'syz.0.1976': attribute type 2 has an invalid length. [ 853.214504][T14566] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input39 [ 853.578859][T14573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2005'. [ 853.644919][T14571] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 856.917764][T14618] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 858.706501][T14655] netlink: 'syz.2.2021': attribute type 2 has an invalid length. [ 859.341493][T14669] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2025'. [ 866.636857][T14763] 0x000000000000-0x000000020000 : "" [ 866.655762][T14763] ftl_cs: FTL header not found. [ 867.390987][T14761] Invalid ELF header magic: != ELF [ 868.535678][T14786] Invalid ELF header magic: != ELF [ 870.571468][T14806] netlink: 'syz.4.2056': attribute type 2 has an invalid length. [ 872.383555][T14820] Invalid ELF header magic: != ELF [ 874.600434][T14853] Invalid ELF header magic: != ELF [ 875.313843][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.322078][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.887002][T14867] sp0: Synchronizing with TNC [ 877.048497][T14881] 0x000000000000-0x000000020000 : "" [ 877.092339][T14881] ftl_cs: FTL header not found. [ 877.285510][T14885] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2070'. [ 880.031951][T14926] netlink: 'syz.4.2079': attribute type 2 has an invalid length. [ 880.090016][T14927] netlink: 'syz.3.2080': attribute type 2 has an invalid length. [ 881.414027][T14937] Invalid ELF header magic: != ELF [ 882.748886][T14953] FAULT_INJECTION: forcing a failure. [ 882.748886][T14953] name fail_futex, interval 1, probability 0, space 0, times 0 [ 882.799983][T14953] CPU: 1 UID: 0 PID: 14953 Comm: syz.0.2086 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 882.800027][T14953] Tainted: [U]=USER [ 882.800035][T14953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 882.800050][T14953] Call Trace: [ 882.800059][T14953] [ 882.800069][T14953] dump_stack_lvl+0x16c/0x1f0 [ 882.800111][T14953] should_fail_ex+0x512/0x640 [ 882.800155][T14953] get_futex_key+0x49e/0x1000 [ 882.800179][T14953] ? __kmalloc_noprof+0x223/0x510 [ 882.800207][T14953] ? security_prepare_creds+0x30/0x270 [ 882.800243][T14953] ? do_syscall_64+0xcd/0x230 [ 882.800280][T14953] ? __pfx_get_futex_key+0x10/0x10 [ 882.800316][T14953] futex_wake+0xe7/0x4e0 [ 882.800350][T14953] ? __pfx_futex_wake+0x10/0x10 [ 882.800384][T14953] ? __lock_acquire+0x5ca/0x1ba0 [ 882.800424][T14953] do_futex+0x1e3/0x350 [ 882.800452][T14953] ? __pfx_do_futex+0x10/0x10 [ 882.800477][T14953] ? __pfx__setid_policy_lookup+0x10/0x10 [ 882.800513][T14953] ? find_held_lock+0x2b/0x80 [ 882.800540][T14953] __x64_sys_futex+0x1e0/0x4c0 [ 882.800572][T14953] ? __pfx___x64_sys_futex+0x10/0x10 [ 882.800611][T14953] do_syscall_64+0xcd/0x230 [ 882.800649][T14953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.800674][T14953] RIP: 0033:0x7f778cd8e969 [ 882.800693][T14953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 882.800718][T14953] RSP: 002b:00007f778db450e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 882.800741][T14953] RAX: ffffffffffffffda RBX: 00007f778cfb6088 RCX: 00007f778cd8e969 [ 882.800758][T14953] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f778cfb608c [ 882.800773][T14953] RBP: 00007f778cfb6080 R08: 00007f778db67000 R09: 0000000000000000 [ 882.800788][T14953] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f778cfb608c [ 882.800803][T14953] R13: 0000000000000000 R14: 00007ffef3e37860 R15: 00007ffef3e37948 [ 882.800833][T14953] [ 883.926021][T14961] Invalid ELF header magic: != ELF [ 885.819301][T14978] random: crng reseeded on system resumption [ 885.831092][T14978] FAULT_INJECTION: forcing a failure. [ 885.831092][T14978] name failslab, interval 1, probability 0, space 0, times 0 [ 885.875656][T14978] CPU: 1 UID: 0 PID: 14978 Comm: syz.0.2092 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 885.875715][T14978] Tainted: [U]=USER [ 885.875726][T14978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 885.875747][T14978] Call Trace: [ 885.875760][T14978] [ 885.875772][T14978] dump_stack_lvl+0x16c/0x1f0 [ 885.875829][T14978] should_fail_ex+0x512/0x640 [ 885.875877][T14978] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 885.875918][T14978] should_failslab+0xc2/0x120 [ 885.875962][T14978] __kmalloc_cache_noprof+0x6a/0x3e0 [ 885.876000][T14978] ? memory_bm_create+0x154/0x810 [ 885.876039][T14978] memory_bm_create+0x154/0x810 [ 885.876092][T14978] create_basic_memory_bitmaps+0x10f/0x680 [ 885.876142][T14978] snapshot_open+0x235/0x2b0 [ 885.876182][T14978] ? __pfx_snapshot_open+0x10/0x10 [ 885.876223][T14978] misc_open+0x35d/0x420 [ 885.876256][T14978] ? __pfx_misc_open+0x10/0x10 [ 885.876285][T14978] chrdev_open+0x231/0x6a0 [ 885.876323][T14978] ? __pfx_apparmor_file_open+0x10/0x10 [ 885.876371][T14978] ? __pfx_chrdev_open+0x10/0x10 [ 885.876413][T14978] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 885.876471][T14978] do_dentry_open+0x741/0x1c10 [ 885.876498][T14978] ? __pfx_chrdev_open+0x10/0x10 [ 885.876531][T14978] vfs_open+0x82/0x3f0 [ 885.876567][T14978] path_openat+0x1e5e/0x2d40 [ 885.876611][T14978] ? __pfx_path_openat+0x10/0x10 [ 885.876645][T14978] do_filp_open+0x20b/0x470 [ 885.876670][T14978] ? __pfx_do_filp_open+0x10/0x10 [ 885.876717][T14978] ? alloc_fd+0x471/0x7d0 [ 885.876748][T14978] do_sys_openat2+0x11b/0x1d0 [ 885.876782][T14978] ? __pfx_do_sys_openat2+0x10/0x10 [ 885.876818][T14978] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 885.876860][T14978] __x64_sys_openat+0x174/0x210 [ 885.876895][T14978] ? __pfx___x64_sys_openat+0x10/0x10 [ 885.876931][T14978] ? rcu_is_watching+0x12/0xc0 [ 885.876963][T14978] do_syscall_64+0xcd/0x230 [ 885.877002][T14978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.877027][T14978] RIP: 0033:0x7f778cd8e969 [ 885.877047][T14978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 885.877071][T14978] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 885.877095][T14978] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 885.877111][T14978] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 885.877127][T14978] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 885.877143][T14978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 885.877158][T14978] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 885.877189][T14978] [ 886.362962][T14984] Invalid ELF header magic: != ELF [ 886.709052][T14996] input: f¬ as /devices/virtual/input/input47 [ 887.971707][T15005] Invalid ELF header magic: != ELF [ 890.180388][T15024] Invalid ELF header magic: != ELF [ 895.109111][T15087] netlink: 'syz.4.2114': attribute type 2 has an invalid length. [ 896.827919][T15103] netlink: 'syz.2.2118': attribute type 2 has an invalid length. [ 897.396615][T15110] netlink: 'syz.2.2119': attribute type 2 has an invalid length. [ 899.021098][T15131] netlink: 'syz.2.2125': attribute type 2 has an invalid length. [ 899.397420][T15137] netlink: 'syz.0.2128': attribute type 2 has an invalid length. [ 905.106739][T15198] random: crng reseeded on system resumption [ 905.131231][T15198] FAULT_INJECTION: forcing a failure. [ 905.131231][T15198] name failslab, interval 1, probability 0, space 0, times 0 [ 905.173419][T15198] CPU: 1 UID: 0 PID: 15198 Comm: syz.2.2142 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 905.173485][T15198] Tainted: [U]=USER [ 905.173497][T15198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 905.173517][T15198] Call Trace: [ 905.173529][T15198] [ 905.173543][T15198] dump_stack_lvl+0x16c/0x1f0 [ 905.173601][T15198] should_fail_ex+0x512/0x640 [ 905.173652][T15198] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 905.173690][T15198] should_failslab+0xc2/0x120 [ 905.173736][T15198] __kmalloc_cache_noprof+0x6a/0x3e0 [ 905.173771][T15198] ? memory_bm_create+0x154/0x810 [ 905.173811][T15198] memory_bm_create+0x154/0x810 [ 905.173872][T15198] create_basic_memory_bitmaps+0x10f/0x680 [ 905.173921][T15198] snapshot_open+0x235/0x2b0 [ 905.173962][T15198] ? __pfx_snapshot_open+0x10/0x10 [ 905.174010][T15198] misc_open+0x35d/0x420 [ 905.174043][T15198] ? __pfx_misc_open+0x10/0x10 [ 905.174072][T15198] chrdev_open+0x231/0x6a0 [ 905.174111][T15198] ? __pfx_apparmor_file_open+0x10/0x10 [ 905.174158][T15198] ? __pfx_chrdev_open+0x10/0x10 [ 905.174201][T15198] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 905.174265][T15198] do_dentry_open+0x741/0x1c10 [ 905.174303][T15198] ? __pfx_chrdev_open+0x10/0x10 [ 905.174352][T15198] vfs_open+0x82/0x3f0 [ 905.174407][T15198] path_openat+0x1e5e/0x2d40 [ 905.174469][T15198] ? __pfx_path_openat+0x10/0x10 [ 905.174517][T15198] do_filp_open+0x20b/0x470 [ 905.174554][T15198] ? __pfx_do_filp_open+0x10/0x10 [ 905.174625][T15198] ? alloc_fd+0x471/0x7d0 [ 905.174670][T15198] do_sys_openat2+0x11b/0x1d0 [ 905.174717][T15198] ? __pfx_do_sys_openat2+0x10/0x10 [ 905.174769][T15198] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 905.174829][T15198] __x64_sys_openat+0x174/0x210 [ 905.174875][T15198] ? __pfx___x64_sys_openat+0x10/0x10 [ 905.174925][T15198] ? rcu_is_watching+0x12/0xc0 [ 905.174970][T15198] do_syscall_64+0xcd/0x230 [ 905.175027][T15198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.175063][T15198] RIP: 0033:0x7f8d5e38e969 [ 905.175092][T15198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 905.175127][T15198] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 905.175159][T15198] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 905.175181][T15198] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 905.175204][T15198] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 905.175225][T15198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 905.175247][T15198] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 905.175289][T15198] [ 905.603719][T15214] FAULT_INJECTION: forcing a failure. [ 905.603719][T15214] name fail_futex, interval 1, probability 0, space 0, times 0 [ 905.673195][T15214] CPU: 1 UID: 0 PID: 15214 Comm: syz.3.2145 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 905.673250][T15214] Tainted: [U]=USER [ 905.673261][T15214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 905.673280][T15214] Call Trace: [ 905.673291][T15214] [ 905.673304][T15214] dump_stack_lvl+0x16c/0x1f0 [ 905.673358][T15214] should_fail_ex+0x512/0x640 [ 905.673415][T15214] get_futex_key+0x49e/0x1000 [ 905.673455][T15214] ? __pfx_get_futex_key+0x10/0x10 [ 905.673505][T15214] futex_wake+0xe7/0x4e0 [ 905.673544][T15214] ? rcu_is_watching+0x12/0xc0 [ 905.673581][T15214] ? __pfx_futex_wake+0x10/0x10 [ 905.673644][T15214] do_futex+0x1e3/0x350 [ 905.673682][T15214] ? __pfx_do_futex+0x10/0x10 [ 905.673717][T15214] ? __might_fault+0xe3/0x190 [ 905.673776][T15214] mm_release+0x24e/0x300 [ 905.673816][T15214] do_exit+0x898/0x2c30 [ 905.673859][T15214] ? __pfx_try_to_wake_up+0x10/0x10 [ 905.673900][T15214] ? __pfx_do_exit+0x10/0x10 [ 905.673946][T15214] ? do_raw_spin_lock+0x12c/0x2b0 [ 905.673995][T15214] ? find_held_lock+0x2b/0x80 [ 905.674034][T15214] do_group_exit+0xd3/0x2a0 [ 905.674083][T15214] get_signal+0x2673/0x26d0 [ 905.674126][T15214] ? __lock_acquire+0x5ca/0x1ba0 [ 905.674177][T15214] ? __pfx_get_signal+0x10/0x10 [ 905.674215][T15214] ? do_futex+0x122/0x350 [ 905.674252][T15214] ? __pfx_do_futex+0x10/0x10 [ 905.674293][T15214] arch_do_signal_or_restart+0x8f/0x7a0 [ 905.674342][T15214] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 905.674416][T15214] syscall_exit_to_user_mode+0x150/0x2a0 [ 905.674469][T15214] do_syscall_64+0xda/0x230 [ 905.674523][T15214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.674557][T15214] RIP: 0033:0x7fbdd458e969 [ 905.674584][T15214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 905.674618][T15214] RSP: 002b:00007fbdd54680e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 905.674650][T15214] RAX: 0000000000000001 RBX: 00007fbdd47b5fa8 RCX: 00007fbdd458e969 [ 905.674670][T15214] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbdd47b5fac [ 905.674691][T15214] RBP: 00007fbdd47b5fa0 R08: 00007fbdd5469000 R09: 0000000000000000 [ 905.674712][T15214] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdd47b5fac [ 905.674739][T15214] R13: 0000000000000000 R14: 00007fff38b36680 R15: 00007fff38b36768 [ 905.674782][T15214] [ 908.405389][T15248] sp0: Synchronizing with TNC [ 909.896791][T15276] netlink: 'syz.2.2158': attribute type 2 has an invalid length. [ 910.277989][T15273] Invalid ELF header magic: != ELF [ 911.839163][T15286] Invalid ELF header magic: != ELF [ 915.023940][T15325] netlink: 'syz.3.2169': attribute type 2 has an invalid length. [ 916.848845][T15343] sp0: Synchronizing with TNC [ 917.089098][T15348] FAULT_INJECTION: forcing a failure. [ 917.089098][T15348] name failslab, interval 1, probability 0, space 0, times 0 [ 917.135891][T15348] CPU: 1 UID: 0 PID: 15348 Comm: syz.2.2174 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 917.135934][T15348] Tainted: [U]=USER [ 917.135942][T15348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 917.135958][T15348] Call Trace: [ 917.135971][T15348] [ 917.135981][T15348] dump_stack_lvl+0x16c/0x1f0 [ 917.136022][T15348] should_fail_ex+0x512/0x640 [ 917.136058][T15348] ? __kmalloc_noprof+0xbf/0x510 [ 917.136087][T15348] ? lsm_blob_alloc+0x68/0x90 [ 917.136107][T15348] should_failslab+0xc2/0x120 [ 917.136138][T15348] __kmalloc_noprof+0xd2/0x510 [ 917.136172][T15348] lsm_blob_alloc+0x68/0x90 [ 917.136195][T15348] security_prepare_creds+0x30/0x270 [ 917.136233][T15348] prepare_creds+0x56f/0x7d0 [ 917.136272][T15348] __sys_setregid+0x101/0x910 [ 917.136297][T15348] ? rcu_is_watching+0x12/0xc0 [ 917.136323][T15348] do_syscall_64+0xcd/0x230 [ 917.136361][T15348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.136386][T15348] RIP: 0033:0x7f8d5e38e969 [ 917.136406][T15348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 917.136431][T15348] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 917.136454][T15348] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 917.136470][T15348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 917.136484][T15348] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 917.136499][T15348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 917.136513][T15348] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 917.136543][T15348] [ 917.708592][T15350] FAULT_INJECTION: forcing a failure. [ 917.708592][T15350] name failslab, interval 1, probability 0, space 0, times 0 [ 917.763730][T15350] CPU: 0 UID: 0 PID: 15350 Comm: syz.2.2175 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 917.763788][T15350] Tainted: [U]=USER [ 917.763800][T15350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 917.763821][T15350] Call Trace: [ 917.763833][T15350] [ 917.763847][T15350] dump_stack_lvl+0x16c/0x1f0 [ 917.763903][T15350] should_fail_ex+0x512/0x640 [ 917.763954][T15350] ? __kmalloc_noprof+0xbf/0x510 [ 917.763997][T15350] ? lsm_blob_alloc+0x68/0x90 [ 917.764027][T15350] should_failslab+0xc2/0x120 [ 917.764072][T15350] __kmalloc_noprof+0xd2/0x510 [ 917.764122][T15350] lsm_blob_alloc+0x68/0x90 [ 917.764155][T15350] security_prepare_creds+0x30/0x270 [ 917.764209][T15350] prepare_creds+0x56f/0x7d0 [ 917.764265][T15350] __sys_setregid+0x101/0x910 [ 917.764301][T15350] ? rcu_is_watching+0x12/0xc0 [ 917.764337][T15350] do_syscall_64+0xcd/0x230 [ 917.764393][T15350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.764429][T15350] RIP: 0033:0x7f8d5e38e969 [ 917.764454][T15350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 917.764490][T15350] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 917.764523][T15350] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 917.764546][T15350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 917.764567][T15350] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 917.764589][T15350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 917.764610][T15350] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 917.764664][T15350] [ 919.401135][T15380] sp0: Synchronizing with TNC [ 919.442801][T15381] sp1: Synchronizing with TNC [ 919.769767][T15390] sp2: Synchronizing with TNC [ 921.572281][T15413] sp0: Synchronizing with TNC [ 922.663730][T15424] sp1: Synchronizing with TNC [ 922.953000][T15429] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2191'. [ 924.428945][T15444] Invalid ELF header magic: != ELF [ 924.534936][T15445] Invalid ELF header magic: != ELF [ 924.638740][T15451] netlink: 'syz.0.2196': attribute type 2 has an invalid length. [ 927.130336][T15472] netlink: 'syz.3.2199': attribute type 2 has an invalid length. [ 927.165157][T15469] Invalid ELF header magic: != ELF [ 928.210835][T15482] can: request_module (can-proto-3) failed. [ 929.827211][T15500] FAULT_INJECTION: forcing a failure. [ 929.827211][T15500] name failslab, interval 1, probability 0, space 0, times 0 [ 929.843022][T15500] CPU: 1 UID: 0 PID: 15500 Comm: syz.0.2206 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 929.843063][T15500] Tainted: [U]=USER [ 929.843072][T15500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 929.843087][T15500] Call Trace: [ 929.843095][T15500] [ 929.843105][T15500] dump_stack_lvl+0x16c/0x1f0 [ 929.843148][T15500] should_fail_ex+0x512/0x640 [ 929.843184][T15500] ? __kmalloc_noprof+0xbf/0x510 [ 929.843214][T15500] ? lsm_blob_alloc+0x68/0x90 [ 929.843234][T15500] should_failslab+0xc2/0x120 [ 929.843265][T15500] __kmalloc_noprof+0xd2/0x510 [ 929.843299][T15500] lsm_blob_alloc+0x68/0x90 [ 929.843320][T15500] security_prepare_creds+0x30/0x270 [ 929.843358][T15500] prepare_creds+0x56f/0x7d0 [ 929.843397][T15500] __sys_setregid+0x101/0x910 [ 929.843422][T15500] ? rcu_is_watching+0x12/0xc0 [ 929.843448][T15500] do_syscall_64+0xcd/0x230 [ 929.843486][T15500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.843511][T15500] RIP: 0033:0x7f778cd8e969 [ 929.843530][T15500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 929.843555][T15500] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 929.843578][T15500] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 929.843595][T15500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 929.843610][T15500] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 929.843625][T15500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.843639][T15500] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 929.843670][T15500] [ 930.968423][T15506] netlink: 'syz.2.2208': attribute type 2 has an invalid length. [ 931.296908][T15509] sp0: Synchronizing with TNC syzkaller syzkaller login: [ 934.088199][T15552] Invalid ELF header magic: != ELF [ 934.198416][T15567] sp1: Synchronizing with TNC [ 936.753548][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.759973][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.512166][T15590] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2228'. [ 938.285924][T15613] sp1: Synchronizing with TNC syzkaller syzkaller login: [ 939.981259][T15618] random: crng reseeded on system resumption [ 939.993745][T15618] FAULT_INJECTION: forcing a failure. [ 939.993745][T15618] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 940.007564][T15618] CPU: 0 UID: 0 PID: 15618 Comm: syz.2.2233 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 940.007622][T15618] Tainted: [U]=USER [ 940.007634][T15618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 940.007655][T15618] Call Trace: [ 940.007667][T15618] [ 940.007681][T15618] dump_stack_lvl+0x16c/0x1f0 [ 940.007739][T15618] should_fail_ex+0x512/0x640 [ 940.007800][T15618] should_fail_alloc_page+0xe7/0x130 [ 940.007848][T15618] prepare_alloc_pages+0x3c2/0x610 [ 940.007909][T15618] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 940.007962][T15618] ? stack_trace_save+0x8e/0xc0 [ 940.008000][T15618] ? __pfx_stack_trace_save+0x10/0x10 [ 940.008033][T15618] ? stack_depot_save_flags+0x28/0xa50 [ 940.008086][T15618] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 940.008130][T15618] ? kasan_save_stack+0x42/0x60 [ 940.008164][T15618] ? kasan_save_stack+0x33/0x60 [ 940.008196][T15618] ? kasan_save_track+0x14/0x30 [ 940.008237][T15618] ? vfs_open+0x82/0x3f0 [ 940.008276][T15618] ? path_openat+0x1e5e/0x2d40 [ 940.008327][T15618] ? do_filp_open+0x20b/0x470 [ 940.008355][T15618] ? do_sys_openat2+0x11b/0x1d0 [ 940.008400][T15618] ? __x64_sys_openat+0x174/0x210 [ 940.008446][T15618] ? do_syscall_64+0xcd/0x230 [ 940.008495][T15618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.008531][T15618] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 940.008577][T15618] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 940.008624][T15618] ? policy_nodemask+0xea/0x4e0 [ 940.008668][T15618] alloc_pages_mpol+0x1fb/0x550 [ 940.008712][T15618] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 940.008767][T15618] alloc_pages_noprof+0x131/0x390 [ 940.008813][T15618] get_zeroed_page_noprof+0x14/0x50 [ 940.008865][T15618] get_image_page+0x18/0x190 [ 940.008901][T15618] alloc_rtree_node+0x3c/0xb0 [ 940.008935][T15618] memory_bm_create+0x515/0x810 [ 940.008989][T15618] create_basic_memory_bitmaps+0x10f/0x680 [ 940.009038][T15618] snapshot_open+0x235/0x2b0 [ 940.009079][T15618] ? __pfx_snapshot_open+0x10/0x10 [ 940.009122][T15618] misc_open+0x35d/0x420 [ 940.009156][T15618] ? __pfx_misc_open+0x10/0x10 [ 940.009187][T15618] chrdev_open+0x231/0x6a0 [ 940.009224][T15618] ? __pfx_apparmor_file_open+0x10/0x10 [ 940.009272][T15618] ? __pfx_chrdev_open+0x10/0x10 [ 940.009324][T15618] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 940.009389][T15618] do_dentry_open+0x741/0x1c10 [ 940.009428][T15618] ? __pfx_chrdev_open+0x10/0x10 [ 940.009478][T15618] vfs_open+0x82/0x3f0 [ 940.009531][T15618] path_openat+0x1e5e/0x2d40 [ 940.009583][T15618] ? __pfx_path_openat+0x10/0x10 [ 940.009627][T15618] do_filp_open+0x20b/0x470 [ 940.009662][T15618] ? __pfx_do_filp_open+0x10/0x10 [ 940.009728][T15618] ? alloc_fd+0x471/0x7d0 [ 940.009774][T15618] do_sys_openat2+0x11b/0x1d0 [ 940.009824][T15618] ? __pfx_do_sys_openat2+0x10/0x10 [ 940.009891][T15618] __x64_sys_openat+0x174/0x210 [ 940.009941][T15618] ? __pfx___x64_sys_openat+0x10/0x10 [ 940.009994][T15618] ? rcu_is_watching+0x12/0xc0 [ 940.010040][T15618] do_syscall_64+0xcd/0x230 [ 940.010095][T15618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.010132][T15618] RIP: 0033:0x7f8d5e38e969 [ 940.010160][T15618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.010187][T15618] RSP: 002b:00007f8d5f282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 940.010210][T15618] RAX: ffffffffffffffda RBX: 00007f8d5e5b5fa0 RCX: 00007f8d5e38e969 [ 940.010227][T15618] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 940.010244][T15618] RBP: 00007f8d5e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 940.010259][T15618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.010274][T15618] R13: 0000000000000000 R14: 00007f8d5e5b5fa0 R15: 00007fff7158c758 [ 940.010313][T15618] [ 940.931535][T15630] Invalid ELF header magic: != ELF [ 941.699322][T15647] Invalid ELF header magic: != ELF [ 942.347216][T15659] Invalid ELF header magic: != ELF [ 944.656271][T15671] sp1: Synchronizing with TNC [ 945.827470][T15682] Invalid ELF header magic: != ELF [ 947.532027][T15711] FAULT_INJECTION: forcing a failure. [ 947.532027][T15711] name failslab, interval 1, probability 0, space 0, times 0 [ 947.726106][T15711] CPU: 0 UID: 0 PID: 15711 Comm: syz.3.2252 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 947.726165][T15711] Tainted: [U]=USER [ 947.726177][T15711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 947.726198][T15711] Call Trace: [ 947.726214][T15711] [ 947.726229][T15711] dump_stack_lvl+0x16c/0x1f0 [ 947.726286][T15711] should_fail_ex+0x512/0x640 [ 947.726336][T15711] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 947.726374][T15711] ? __pfx_mon_text_open+0x10/0x10 [ 947.726428][T15711] should_failslab+0xc2/0x120 [ 947.726472][T15711] __kmalloc_cache_noprof+0x6a/0x3e0 [ 947.726507][T15711] ? lockdep_init_map_type+0x5c/0x280 [ 947.726554][T15711] ? mon_text_open+0xd5/0x4f0 [ 947.726612][T15711] ? __pfx_mon_text_open+0x10/0x10 [ 947.726665][T15711] mon_text_open+0xd5/0x4f0 [ 947.726719][T15711] ? __pfx_mon_text_open+0x10/0x10 [ 947.726780][T15711] ? __debugfs_file_get+0x1fe/0x840 [ 947.726822][T15711] ? __pfx___debugfs_file_get+0x10/0x10 [ 947.726861][T15711] ? __pfx_apparmor_file_open+0x10/0x10 [ 947.726907][T15711] ? lockdown_is_locked_down+0x3f/0x130 [ 947.726958][T15711] ? bpf_lsm_locked_down+0x9/0x10 [ 947.727001][T15711] ? __pfx_mon_text_open+0x10/0x10 [ 947.727053][T15711] full_proxy_open_regular+0x1b6/0x360 [ 947.727103][T15711] do_dentry_open+0x741/0x1c10 [ 947.727141][T15711] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 947.727196][T15711] vfs_open+0x82/0x3f0 [ 947.727247][T15711] path_openat+0x1e5e/0x2d40 [ 947.727299][T15711] ? __pfx_path_openat+0x10/0x10 [ 947.727346][T15711] do_filp_open+0x20b/0x470 [ 947.727382][T15711] ? __pfx_do_filp_open+0x10/0x10 [ 947.727449][T15711] ? alloc_fd+0x471/0x7d0 [ 947.727494][T15711] do_sys_openat2+0x11b/0x1d0 [ 947.727541][T15711] ? __pfx_do_sys_openat2+0x10/0x10 [ 947.727608][T15711] __x64_sys_openat+0x174/0x210 [ 947.727656][T15711] ? __pfx___x64_sys_openat+0x10/0x10 [ 947.727708][T15711] ? rcu_is_watching+0x12/0xc0 [ 947.727761][T15711] do_syscall_64+0xcd/0x230 [ 947.727820][T15711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.727855][T15711] RIP: 0033:0x7fbdd458e969 [ 947.727883][T15711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 947.727918][T15711] RSP: 002b:00007fbdd5468038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 947.727953][T15711] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa0 RCX: 00007fbdd458e969 [ 947.727977][T15711] RDX: 0000000000082000 RSI: 0000200000000380 RDI: ffffffffffffff9c [ 947.728000][T15711] RBP: 00007fbdd4610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 947.728022][T15711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 947.728043][T15711] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 947.728090][T15711] [ 948.295394][T15719] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49 [ 948.600774][T15723] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2263'. [ 948.807134][T15729] FAULT_INJECTION: forcing a failure. [ 948.807134][T15729] name fail_futex, interval 1, probability 0, space 0, times 0 [ 948.820786][T15729] CPU: 1 UID: 0 PID: 15729 Comm: syz.3.2256 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 948.820828][T15729] Tainted: [U]=USER [ 948.820837][T15729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 948.820853][T15729] Call Trace: [ 948.820861][T15729] [ 948.820870][T15729] dump_stack_lvl+0x16c/0x1f0 [ 948.820913][T15729] should_fail_ex+0x512/0x640 [ 948.820966][T15729] get_futex_key+0x49e/0x1000 [ 948.820992][T15729] ? __kmalloc_noprof+0x223/0x510 [ 948.821021][T15729] ? security_prepare_creds+0x30/0x270 [ 948.821059][T15729] ? do_syscall_64+0xcd/0x230 [ 948.821096][T15729] ? __pfx_get_futex_key+0x10/0x10 [ 948.821132][T15729] futex_wake+0xe7/0x4e0 [ 948.821166][T15729] ? __pfx_futex_wake+0x10/0x10 [ 948.821201][T15729] ? __lock_acquire+0x5ca/0x1ba0 [ 948.821241][T15729] do_futex+0x1e3/0x350 [ 948.821268][T15729] ? __pfx_do_futex+0x10/0x10 [ 948.821292][T15729] ? __pfx__setid_policy_lookup+0x10/0x10 [ 948.821328][T15729] ? find_held_lock+0x2b/0x80 [ 948.821355][T15729] __x64_sys_futex+0x1e0/0x4c0 [ 948.821386][T15729] ? __pfx___x64_sys_futex+0x10/0x10 [ 948.821424][T15729] do_syscall_64+0xcd/0x230 [ 948.821463][T15729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 948.821488][T15729] RIP: 0033:0x7fbdd458e969 [ 948.821507][T15729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 948.821531][T15729] RSP: 002b:00007fbdd54680e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 948.821554][T15729] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa8 RCX: 00007fbdd458e969 [ 948.821571][T15729] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbdd47b5fac [ 948.821586][T15729] RBP: 00007fbdd47b5fa0 R08: 00007fbdd5469000 R09: 0000000000000000 [ 948.821602][T15729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdd47b5fac [ 948.821617][T15729] R13: 0000000000000000 R14: 00007fff38b36680 R15: 00007fff38b36768 [ 948.821663][T15729] [ 949.904067][T15739] Invalid ELF header magic: != ELF [ 953.566374][T15782] FAULT_INJECTION: forcing a failure. [ 953.566374][T15782] name failslab, interval 1, probability 0, space 0, times 0 [ 953.605927][T15782] CPU: 0 UID: 0 PID: 15782 Comm: syz.0.2268 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 953.605987][T15782] Tainted: [U]=USER [ 953.606000][T15782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 953.606026][T15782] Call Trace: [ 953.606038][T15782] [ 953.606052][T15782] dump_stack_lvl+0x16c/0x1f0 [ 953.606110][T15782] should_fail_ex+0x512/0x640 [ 953.606162][T15782] ? __kmalloc_noprof+0xbf/0x510 [ 953.606206][T15782] ? lsm_blob_alloc+0x68/0x90 [ 953.606235][T15782] should_failslab+0xc2/0x120 [ 953.606280][T15782] __kmalloc_noprof+0xd2/0x510 [ 953.606328][T15782] lsm_blob_alloc+0x68/0x90 [ 953.606360][T15782] security_prepare_creds+0x30/0x270 [ 953.606415][T15782] prepare_creds+0x56f/0x7d0 [ 953.606468][T15782] __sys_setregid+0x101/0x910 [ 953.606502][T15782] ? rcu_is_watching+0x12/0xc0 [ 953.606541][T15782] do_syscall_64+0xcd/0x230 [ 953.606596][T15782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 953.606642][T15782] RIP: 0033:0x7f778cd8e969 [ 953.606669][T15782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 953.606707][T15782] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 953.606742][T15782] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 953.606764][T15782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 953.606786][T15782] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 953.606808][T15782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 953.606829][T15782] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 953.606874][T15782] [ 953.646950][T15789] sp1: Synchronizing with TNC [ 955.585390][T15815] Invalid ELF header magic: != ELF [ 957.167647][T15841] FAULT_INJECTION: forcing a failure. [ 957.167647][T15841] name failslab, interval 1, probability 0, space 0, times 0 [ 957.223430][T15841] CPU: 0 UID: 0 PID: 15841 Comm: syz.0.2281 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 957.223491][T15841] Tainted: [U]=USER [ 957.223504][T15841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 957.223524][T15841] Call Trace: [ 957.223536][T15841] [ 957.223549][T15841] dump_stack_lvl+0x16c/0x1f0 [ 957.223607][T15841] should_fail_ex+0x512/0x640 [ 957.223657][T15841] ? __kmalloc_noprof+0xbf/0x510 [ 957.223698][T15841] ? lsm_blob_alloc+0x68/0x90 [ 957.223726][T15841] should_failslab+0xc2/0x120 [ 957.223757][T15841] __kmalloc_noprof+0xd2/0x510 [ 957.223790][T15841] lsm_blob_alloc+0x68/0x90 [ 957.223813][T15841] security_prepare_creds+0x30/0x270 [ 957.223851][T15841] prepare_creds+0x56f/0x7d0 [ 957.223890][T15841] __sys_setregid+0x101/0x910 [ 957.223914][T15841] ? rcu_is_watching+0x12/0xc0 [ 957.223940][T15841] do_syscall_64+0xcd/0x230 [ 957.223978][T15841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.224002][T15841] RIP: 0033:0x7f778cd8e969 [ 957.224058][T15841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 957.224083][T15841] RSP: 002b:00007f778db66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 957.224106][T15841] RAX: ffffffffffffffda RBX: 00007f778cfb5fa0 RCX: 00007f778cd8e969 [ 957.224123][T15841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 957.224138][T15841] RBP: 00007f778ce10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 957.224152][T15841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 957.224167][T15841] R13: 0000000000000000 R14: 00007f778cfb5fa0 R15: 00007ffef3e37948 [ 957.224204][T15841] [ 960.834371][T15877] sp1: Synchronizing with TNC [ 963.178307][T15902] Invalid ELF header magic: != ELF [ 964.495407][T15915] Invalid ELF header magic: != ELF [ 965.461477][T15931] FAULT_INJECTION: forcing a failure. [ 965.461477][T15931] name failslab, interval 1, probability 0, space 0, times 0 [ 965.494618][T15931] CPU: 0 UID: 0 PID: 15931 Comm: syz.3.2300 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 965.494689][T15931] Tainted: [U]=USER [ 965.494702][T15931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 965.494724][T15931] Call Trace: [ 965.494736][T15931] [ 965.494749][T15931] dump_stack_lvl+0x16c/0x1f0 [ 965.494808][T15931] should_fail_ex+0x512/0x640 [ 965.494858][T15931] ? __kmalloc_noprof+0xbf/0x510 [ 965.494902][T15931] ? lsm_blob_alloc+0x68/0x90 [ 965.494933][T15931] should_failslab+0xc2/0x120 [ 965.494979][T15931] __kmalloc_noprof+0xd2/0x510 [ 965.495028][T15931] lsm_blob_alloc+0x68/0x90 [ 965.495061][T15931] security_prepare_creds+0x30/0x270 [ 965.495116][T15931] prepare_creds+0x56f/0x7d0 [ 965.495169][T15931] __sys_setregid+0x101/0x910 [ 965.495203][T15931] ? rcu_is_watching+0x12/0xc0 [ 965.495237][T15931] do_syscall_64+0xcd/0x230 [ 965.495289][T15931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.495324][T15931] RIP: 0033:0x7fbdd458e969 [ 965.495351][T15931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 965.495387][T15931] RSP: 002b:00007fbdd5468038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 965.495421][T15931] RAX: ffffffffffffffda RBX: 00007fbdd47b5fa0 RCX: 00007fbdd458e969 [ 965.495446][T15931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 965.495468][T15931] RBP: 00007fbdd4610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 965.495490][T15931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 965.495511][T15931] R13: 0000000000000000 R14: 00007fbdd47b5fa0 R15: 00007fff38b36768 [ 965.495556][T15931] [ 967.938157][T15955] ubi: mtd0 is already attached to ubi0 [ 969.065300][T15963] sp1: Synchronizing with TNC [ 970.862078][T15989] sp1: Synchronizing with TNC [ 972.448610][T16005] Invalid ELF header magic: != ELF [ 974.974090][T16040] FAULT_INJECTION: forcing a failure. [ 974.974090][T16040] name fail_futex, interval 1, probability 0, space 0, times 0 [ 974.993181][T16040] CPU: 0 UID: 0 PID: 16040 Comm: syz.4.2323 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 974.993238][T16040] Tainted: [U]=USER [ 974.993250][T16040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 974.993271][T16040] Call Trace: [ 974.993282][T16040] [ 974.993295][T16040] dump_stack_lvl+0x16c/0x1f0 [ 974.993352][T16040] should_fail_ex+0x512/0x640 [ 974.993410][T16040] get_futex_key+0x49e/0x1000 [ 974.993453][T16040] ? __pfx_get_futex_key+0x10/0x10 [ 974.993490][T16040] ? unwind_get_return_address+0x59/0xa0 [ 974.993532][T16040] ? arch_stack_walk+0xa6/0x100 [ 974.993583][T16040] futex_wait_setup+0x78/0x290 [ 974.993632][T16040] ? stack_trace_save+0x8e/0xc0 [ 974.993671][T16040] __futex_wait+0x266/0x3c0 [ 974.993720][T16040] ? __pfx___futex_wait+0x10/0x10 [ 974.993774][T16040] ? __pfx_futex_wake_mark+0x10/0x10 [ 974.993840][T16040] futex_wait+0xe8/0x380 [ 974.993883][T16040] ? __pfx_futex_wait+0x10/0x10 [ 974.993933][T16040] ? __lock_acquire+0x5ca/0x1ba0 [ 974.993990][T16040] do_futex+0x229/0x350 [ 974.994029][T16040] ? __pfx_do_futex+0x10/0x10 [ 974.994072][T16040] ? __pfx__setid_policy_lookup+0x10/0x10 [ 974.994123][T16040] ? find_held_lock+0x2b/0x80 [ 974.994162][T16040] __x64_sys_futex+0x1e0/0x4c0 [ 974.994205][T16040] ? __pfx___x64_sys_futex+0x10/0x10 [ 974.994259][T16040] do_syscall_64+0xcd/0x230 [ 974.994315][T16040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 974.994350][T16040] RIP: 0033:0x7f9d02f8e969 [ 974.994378][T16040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 974.994414][T16040] RSP: 002b:00007f9d03e830e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 974.994448][T16040] RAX: ffffffffffffffda RBX: 00007f9d031b5fa8 RCX: 00007f9d02f8e969 [ 974.994470][T16040] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9d031b5fa8 [ 974.994493][T16040] RBP: 00007f9d031b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 974.994515][T16040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d031b5fac [ 974.994538][T16040] R13: 0000000000000000 R14: 00007ffdb6e79eb0 R15: 00007ffdb6e79f98 [ 974.994582][T16040] [ 975.212455][ C0] vkms_vblank_simulate: vblank timer overrun [ 978.524740][T16095] sp1: Synchronizing with TNC [ 978.650833][T16097] FAULT_INJECTION: forcing a failure. [ 978.650833][T16097] name failslab, interval 1, probability 0, space 0, times 0 [ 978.663797][T16097] CPU: 0 UID: 0 PID: 16097 Comm: syz.4.2333 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 978.663837][T16097] Tainted: [U]=USER [ 978.663845][T16097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 978.663860][T16097] Call Trace: [ 978.663875][T16097] [ 978.663885][T16097] dump_stack_lvl+0x16c/0x1f0 [ 978.663927][T16097] should_fail_ex+0x512/0x640 [ 978.663964][T16097] ? __kmalloc_noprof+0xbf/0x510 [ 978.663994][T16097] ? lsm_blob_alloc+0x68/0x90 [ 978.664014][T16097] should_failslab+0xc2/0x120 [ 978.664045][T16097] __kmalloc_noprof+0xd2/0x510 [ 978.664079][T16097] lsm_blob_alloc+0x68/0x90 [ 978.664101][T16097] security_prepare_creds+0x30/0x270 [ 978.664140][T16097] prepare_creds+0x56f/0x7d0 [ 978.664179][T16097] __sys_setregid+0x101/0x910 [ 978.664203][T16097] ? rcu_is_watching+0x12/0xc0 [ 978.664229][T16097] do_syscall_64+0xcd/0x230 [ 978.664268][T16097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 978.664292][T16097] RIP: 0033:0x7f9d02f8e969 [ 978.664312][T16097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 978.664336][T16097] RSP: 002b:00007f9d03e83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 978.664359][T16097] RAX: ffffffffffffffda RBX: 00007f9d031b5fa0 RCX: 00007f9d02f8e969 [ 978.664375][T16097] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 978.664390][T16097] RBP: 00007f9d03010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 978.664405][T16097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 978.664419][T16097] R13: 0000000000000000 R14: 00007f9d031b5fa0 R15: 00007ffdb6e79f98 [ 978.664448][T16097] [ 982.827896][T16138] sp1: Synchronizing with TNC [ 983.961236][T16146] Invalid ELF header magic: != ELF [ 986.578292][T16161] Invalid ELF header magic: != ELF [ 986.806653][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 986.817017][ T5824] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 986.828243][ T5824] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 986.836698][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 986.845982][ T5824] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 987.274652][ T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.514019][ T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.732647][ T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.852919][ T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.480181][T16166] chnl_net:caif_netlink_parms(): no params data found [ 988.624909][ T53] bridge_slave_1: left allmulticast mode [ 988.631999][ T53] bridge_slave_1: left promiscuous mode [ 988.644324][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 988.715393][ T53] bridge_slave_0: left allmulticast mode [ 988.725855][ T53] bridge_slave_0: left promiscuous mode [ 988.744150][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.912414][T16111] Bluetooth: hci1: command tx timeout [ 990.831926][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 990.885967][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 990.914244][ T53] bond0 (unregistering): Released all slaves [ 990.996223][T16111] Bluetooth: hci1: command tx timeout [ 991.225578][ T53] HfR: left promiscuous mode [ 991.647982][T16166] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.665584][T16166] bridge0: port 1(bridge_slave_0) entered disabled state [ 991.714238][T16166] bridge_slave_0: entered allmulticast mode [ 991.753520][T16166] bridge_slave_0: entered promiscuous mode [ 991.823281][T16166] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.832114][T16166] bridge0: port 2(bridge_slave_1) entered disabled state [ 991.840005][T16166] bridge_slave_1: entered allmulticast mode [ 991.851321][T16166] bridge_slave_1: entered promiscuous mode [ 992.099241][T16166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 992.154604][T16166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 992.258693][T16230] Invalid ELF header magic: != ELF [ 992.782923][T16166] team0: Port device team_slave_0 added [ 993.042914][T16252] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2361'. [ 993.065853][T16111] Bluetooth: hci1: command tx timeout [ 993.334787][T16166] team0: Port device team_slave_1 added [ 994.065049][T16166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 994.086173][T16166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 994.433641][T16166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 994.525263][T16166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 994.575178][T16166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 994.653937][T16166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 995.146678][T16111] Bluetooth: hci1: command tx timeout [ 995.303620][T16166] hsr_slave_0: entered promiscuous mode [ 995.325289][T16166] hsr_slave_1: entered promiscuous mode [ 995.347438][T16166] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 995.359370][T16166] Cannot create hsr debugfs directory [ 996.495976][ T53] hsr_slave_0: left promiscuous mode [ 996.530774][ T53] hsr_slave_1: left promiscuous mode [ 996.538215][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 996.555772][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 996.575861][T16281] ================================================================== [ 996.584020][T16281] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 996.592016][T16281] Read of size 8 at addr ffff888027cd5800 by task syz.3.2365/16281 [ 996.599968][T16281] [ 996.602347][T16281] CPU: 0 UID: 0 PID: 16281 Comm: syz.3.2365 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 996.602404][T16281] Tainted: [U]=USER [ 996.602417][T16281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 996.602440][T16281] Call Trace: [ 996.602452][T16281] [ 996.602465][T16281] dump_stack_lvl+0x116/0x1f0 [ 996.602521][T16281] print_report+0xc3/0x670 [ 996.602563][T16281] ? __virt_addr_valid+0x5e/0x590 [ 996.602609][T16281] ? __phys_addr+0xc6/0x150 [ 996.602656][T16281] ? force_devcd_write+0x312/0x340 [ 996.602705][T16281] kasan_report+0xe0/0x110 [ 996.602748][T16281] ? force_devcd_write+0x312/0x340 [ 996.602802][T16281] force_devcd_write+0x312/0x340 [ 996.602852][T16281] ? __pfx_force_devcd_write+0x10/0x10 [ 996.602903][T16281] ? __debugfs_file_get+0x1fe/0x840 [ 996.602950][T16281] ? __pfx___debugfs_file_get+0x10/0x10 [ 996.602997][T16281] full_proxy_write+0x13f/0x200 [ 996.603041][T16281] vfs_write+0x25c/0x1180 [ 996.603074][T16281] ? __pfx_full_proxy_write+0x10/0x10 [ 996.603118][T16281] ? __pfx___mutex_lock+0x10/0x10 [ 996.603170][T16281] ? __pfx_vfs_write+0x10/0x10 [ 996.603209][T16281] ? __fget_files+0x20e/0x3c0 [ 996.603248][T16281] ksys_write+0x12a/0x240 [ 996.603282][T16281] ? __pfx_ksys_write+0x10/0x10 [ 996.603316][T16281] ? rcu_is_watching+0x12/0xc0 [ 996.603355][T16281] do_syscall_64+0xcd/0x230 [ 996.603409][T16281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 996.603445][T16281] RIP: 0033:0x7fbdd458e969 [ 996.603473][T16281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 996.603510][T16281] RSP: 002b:00007fbdd5447038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 996.603542][T16281] RAX: ffffffffffffffda RBX: 00007fbdd47b6080 RCX: 00007fbdd458e969 [ 996.603566][T16281] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 996.603588][T16281] RBP: 00007fbdd4610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 996.603610][T16281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 996.603631][T16281] R13: 0000000000000000 R14: 00007fbdd47b6080 R15: 00007fff38b36768 [ 996.603661][T16281] [ 996.603674][T16281] [ 996.823043][T16281] Allocated by task 5822: [ 996.827403][T16281] kasan_save_stack+0x33/0x60 [ 996.832117][T16281] kasan_save_track+0x14/0x30 [ 996.836825][T16281] __kasan_kmalloc+0xaa/0xb0 [ 996.841442][T16281] vhci_open+0x4c/0x430 [ 996.845633][T16281] misc_open+0x35d/0x420 [ 996.849989][T16281] chrdev_open+0x231/0x6a0 [ 996.854436][T16281] do_dentry_open+0x741/0x1c10 [ 996.859228][T16281] vfs_open+0x82/0x3f0 [ 996.863333][T16281] path_openat+0x1e5e/0x2d40 [ 996.867949][T16281] do_filp_open+0x20b/0x470 [ 996.872479][T16281] do_sys_openat2+0x11b/0x1d0 [ 996.877189][T16281] __x64_sys_openat+0x174/0x210 [ 996.882076][T16281] do_syscall_64+0xcd/0x230 [ 996.886616][T16281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 996.892534][T16281] [ 996.894873][T16281] Freed by task 6484: [ 996.898864][T16281] kasan_save_stack+0x33/0x60 [ 996.903581][T16281] kasan_save_track+0x14/0x30 [ 996.908288][T16281] kasan_save_free_info+0x3b/0x60 [ 996.913376][T16281] __kasan_slab_free+0x51/0x70 [ 996.918170][T16281] kfree+0x2b6/0x4d0 [ 996.922088][T16281] vhci_release+0xbb/0xf0 [ 996.926459][T16281] __fput+0x3ff/0xb70 [ 996.930471][T16281] task_work_run+0x14d/0x240 [ 996.935099][T16281] do_exit+0xafb/0x2c30 [ 996.939290][T16281] do_group_exit+0xd3/0x2a0 [ 996.943831][T16281] get_signal+0x2673/0x26d0 [ 996.948365][T16281] arch_do_signal_or_restart+0x8f/0x7a0 [ 996.953944][T16281] syscall_exit_to_user_mode+0x150/0x2a0 [ 996.959755][T16281] do_syscall_64+0xda/0x230 [ 996.964294][T16281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 996.970214][T16281] [ 996.972552][T16281] The buggy address belongs to the object at ffff888027cd5800 [ 996.972552][T16281] which belongs to the cache kmalloc-1k of size 1024 [ 996.986629][T16281] The buggy address is located 0 bytes inside of [ 996.986629][T16281] freed 1024-byte region [ffff888027cd5800, ffff888027cd5c00) [ 997.000366][T16281] [ 997.002716][T16281] The buggy address belongs to the physical page: [ 997.009162][T16281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27cd0 [ 997.017945][T16281] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 997.026462][T16281] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 997.034040][T16281] page_type: f5(slab) [ 997.038052][T16281] raw: 00fff00000000040 ffff88801b441dc0 ffffea00004d9200 dead000000000002 [ 997.046664][T16281] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 997.055276][T16281] head: 00fff00000000040 ffff88801b441dc0 ffffea00004d9200 dead000000000002 [ 997.063971][T16281] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 997.072665][T16281] head: 00fff00000000003 ffffea00009f3401 00000000ffffffff 00000000ffffffff [ 997.081371][T16281] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 997.090057][T16281] page dumped because: kasan: bad access detected [ 997.096484][T16281] page_owner tracks the page as allocated [ 997.102206][T16281] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 12, tgid 12 (kworker/u8:0), ts 15642887224, free_ts 0 [ 997.120568][T16281] post_alloc_hook+0x181/0x1b0 [ 997.125375][T16281] get_page_from_freelist+0x135c/0x3920 [ 997.130957][T16281] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 997.136898][T16281] new_slab+0x94/0x340 [ 997.140989][T16281] ___slab_alloc+0xd9c/0x1940 [ 997.145694][T16281] __slab_alloc.constprop.0+0x56/0xb0 [ 997.151109][T16281] __kmalloc_cache_node_noprof+0x100/0x420 [ 997.157117][T16281] blk_mq_alloc_and_init_hctx+0x639/0x11c0 [ 997.162957][T16281] __blk_mq_realloc_hw_ctxs+0x495/0x610 [ 997.168534][T16281] blk_mq_realloc_hw_ctxs+0x583/0x670 [ 997.173936][T16281] blk_mq_init_allocated_queue+0x3b1/0x1230 [ 997.179872][T16281] blk_mq_alloc_queue+0x1c2/0x290 [ 997.184938][T16281] scsi_alloc_sdev+0x88f/0xd80 [ 997.189741][T16281] scsi_probe_and_add_lun+0x76b/0xd80 [ 997.195160][T16281] __scsi_scan_target+0x1e8/0x580 [ 997.200205][T16281] scsi_scan_channel+0x149/0x1e0 [ 997.205162][T16281] page_owner free stack trace missing [ 997.210542][T16281] [ 997.212884][T16281] Memory state around the buggy address: [ 997.218536][T16281] ffff888027cd5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 997.226713][T16281] ffff888027cd5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 997.234798][T16281] >ffff888027cd5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 997.242966][T16281] ^ [ 997.247052][T16281] ffff888027cd5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 997.255131][T16281] ffff888027cd5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 997.263210][T16281] ================================================================== [ 997.272403][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 997.280059][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 997.298001][T16281] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 997.305744][T16281] CPU: 0 UID: 0 PID: 16281 Comm: syz.3.2365 Tainted: G U 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) [ 997.319420][T16281] Tainted: [U]=USER [ 997.323240][T16281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 997.333317][T16281] Call Trace: [ 997.336611][T16281] [ 997.339565][T16281] dump_stack_lvl+0x3d/0x1f0 [ 997.344200][T16281] panic+0x71c/0x800 [ 997.348156][T16281] ? __pfx_panic+0x10/0x10 [ 997.352608][T16281] ? mark_held_locks+0x49/0x80 [ 997.357443][T16281] ? preempt_schedule_thunk+0x16/0x30 [ 997.362856][T16281] ? force_devcd_write+0x312/0x340 [ 997.368040][T16281] ? preempt_schedule_common+0x44/0xc0 [ 997.373559][T16281] ? force_devcd_write+0x312/0x340 [ 997.378734][T16281] check_panic_on_warn+0xab/0xb0 [ 997.383770][T16281] end_report+0x107/0x170 [ 997.388155][T16281] kasan_report+0xee/0x110 [ 997.392616][T16281] ? force_devcd_write+0x312/0x340 [ 997.397776][T16281] force_devcd_write+0x312/0x340 [ 997.402755][T16281] ? __pfx_force_devcd_write+0x10/0x10 [ 997.408253][T16281] ? __debugfs_file_get+0x1fe/0x840 [ 997.413488][T16281] ? __pfx___debugfs_file_get+0x10/0x10 [ 997.419079][T16281] full_proxy_write+0x13f/0x200 [ 997.423965][T16281] vfs_write+0x25c/0x1180 [ 997.428332][T16281] ? __pfx_full_proxy_write+0x10/0x10 [ 997.433737][T16281] ? __pfx___mutex_lock+0x10/0x10 [ 997.438826][T16281] ? __pfx_vfs_write+0x10/0x10 [ 997.443656][T16281] ? __fget_files+0x20e/0x3c0 [ 997.448394][T16281] ksys_write+0x12a/0x240 [ 997.452780][T16281] ? __pfx_ksys_write+0x10/0x10 [ 997.457680][T16281] ? rcu_is_watching+0x12/0xc0 [ 997.462764][T16281] do_syscall_64+0xcd/0x230 [ 997.467336][T16281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 997.473293][T16281] RIP: 0033:0x7fbdd458e969 [ 997.477746][T16281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 997.497479][T16281] RSP: 002b:00007fbdd5447038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 997.506016][T16281] RAX: ffffffffffffffda RBX: 00007fbdd47b6080 RCX: 00007fbdd458e969 [ 997.514012][T16281] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 997.522012][T16281] RBP: 00007fbdd4610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 997.530019][T16281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 997.538020][T16281] R13: 0000000000000000 R14: 00007fbdd47b6080 R15: 00007fff38b36768 [ 997.546035][T16281] [ 997.549355][T16281] Kernel Offset: disabled [ 997.553709][T16281] Rebooting in 86400 seconds..