last executing test programs: 2m38.07104984s ago: executing program 2 (id=1185): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000280), 0x88c0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) pipe$auto(&(0x7f0000001480)=0xffffffffffffffff) vmsplice$auto(r0, 0x0, 0x5, 0x1) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socket(0x10, 0x2, 0x5) getrandom$auto(0x0, 0x6000000, 0x3) bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0x8ca99, @value=0x7, 0xa}, 0xc) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/028/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video49\x00', 0x8a603, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/netlink\x00', 0xa0080, 0x0) pread64$auto(r1, 0x0, 0x1fffe001, 0xb) 2m36.853683075s ago: executing program 2 (id=1190): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)={0x2c, r0, 0x13, 0x70bd26, 0x25dfdbdd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x3}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x7ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r5) sendmsg$auto_NL80211_CMD_STOP_AP(r5, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r6, 0x129, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5a88314c8e109829}, 0x14) 2m36.629552928s ago: executing program 2 (id=1191): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xab40, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "c7cf304e861f2a8acaf0b8ad66b934da325e48c1fb459f7e8f1ac879b1076ce4", @raw=0x51d2}) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r1, 0xa, 0x8df) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000800), 0x10100, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x49c, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) sendfile$auto(r1, r3, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x80000000000006, 0x70624ce7, 0xff, 0x6, 0xaed, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x1, 0x400000000005b8, 0xe, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x7, 0x9, 0xa38, 0xa68, 0x3, 0xfffffffffffffffd, 0x8, 0x404000000000, 0x7, 0x1]}, 0x1ff, 0xd) write$auto(0xffffffffffffffff, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) r4 = socket(0xa, 0x1, 0x84) getsockopt$auto(r4, 0x0, 0x484, 0x0, 0x0) 2m35.352873297s ago: executing program 2 (id=1196): r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000100), 0xffffffffffffffff) timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r1, 0x7904a4a47fe859c7, 0x70bd22, 0x25dfdbfc}, 0x14}}, 0x40810) 2m35.159364679s ago: executing program 2 (id=1198): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xab40, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "c7cf304e861f2a8acaf0b8ad66b934da325e48c1fb459f7e8f1ac879b1076ce4", @raw=0x51d2}) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r1, 0xa, 0x8df) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000800), 0x10100, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x49c, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) sendfile$auto(r1, r3, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x80000000000006, 0x70624ce7, 0xff, 0x6, 0xaed, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x1, 0x400000000005b8, 0xe, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x7, 0x9, 0xa38, 0xa68, 0x3, 0xfffffffffffffffd, 0x8, 0x404000000000, 0x7, 0x1]}, 0x1ff, 0xd) write$auto(0xffffffffffffffff, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) r4 = socket(0xa, 0x1, 0x84) getsockopt$auto(r4, 0x0, 0x484, 0x0, 0x0) 2m33.843400717s ago: executing program 2 (id=1202): ioctl$auto_VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000000)={0x80000001, 0xffffffffffffffff}) r1 = fspick$auto(r0, &(0x7f0000000080)='./file0\x00', 0xfffffffd) mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0xeb1, r1, 0x10) r2 = socket(0x2, 0x3, 0x100) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/num_grat_arp\x00', 0xc8282, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kallsyms\x00', 0x101000, 0x0) pread64$auto(r4, 0x0, 0x800, 0x800000000002) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x180, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) r6 = socket(0x2, 0x801, 0x100) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0x40054) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r7, r6, 0x9c, 0x0, 0x1, @relative_fd, 0x5}, 0x96) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x0, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x1, 0x2e, 0x0, 0x9) r8 = prctl$auto_PR_SET_UNALIGN(0x6, 0x4, 0x0, 0x5ca, 0x9) ioctl$auto(r8, 0x5, r1) 2m18.650019215s ago: executing program 32 (id=1202): ioctl$auto_VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000000)={0x80000001, 0xffffffffffffffff}) r1 = fspick$auto(r0, &(0x7f0000000080)='./file0\x00', 0xfffffffd) mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0xeb1, r1, 0x10) r2 = socket(0x2, 0x3, 0x100) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/num_grat_arp\x00', 0xc8282, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kallsyms\x00', 0x101000, 0x0) pread64$auto(r4, 0x0, 0x800, 0x800000000002) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x180, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x3, 0xff) r6 = socket(0x2, 0x801, 0x100) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0x40054) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r7, r6, 0x9c, 0x0, 0x1, @relative_fd, 0x5}, 0x96) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x0, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x1, 0x2e, 0x0, 0x9) r8 = prctl$auto_PR_SET_UNALIGN(0x6, 0x4, 0x0, 0x5ca, 0x9) ioctl$auto(r8, 0x5, r1) 57.1455921s ago: executing program 3 (id=1523): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xab40, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "c7cf304e861f2a8acaf0b8ad66b934da325e48c1fb459f7e8f1ac879b1076ce4", @raw=0x51d2}) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r1, 0xa, 0x8df) socket(0xa, 0x2, 0x0) socket(0xa, 0x3, 0xff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000800), 0x10100, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x49c, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) sendfile$auto(r1, r2, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x80000000000006, 0x70624ce7, 0xff, 0x6, 0xaed, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x1, 0x400000000005b8, 0xe, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x7, 0x9, 0xa38, 0xa68, 0x3, 0xfffffffffffffffd, 0x8, 0x404000000000, 0x7, 0x1]}, 0x1ff, 0xd) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) write$auto(r3, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) r4 = socket(0xa, 0x1, 0x84) getsockopt$auto(r4, 0x0, 0x484, 0x0, 0x0) 56.527629723s ago: executing program 3 (id=1526): r0 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x88041, 0x0) write$auto_lowpan_enable_fops_(r0, &(0x7f0000000040)='3', 0x1) 56.288722032s ago: executing program 3 (id=1528): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xab40, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "c7cf304e861f2a8acaf0b8ad66b934da325e48c1fb459f7e8f1ac879b1076ce4", @raw=0x51d2}) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r1, 0xa, 0x8df) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000800), 0x10100, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x49c, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) sendfile$auto(r1, r3, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x80000000000006, 0x70624ce7, 0xff, 0x6, 0xaed, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x1, 0x400000000005b8, 0xe, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x7, 0x9, 0xa38, 0xa68, 0x3, 0xfffffffffffffffd, 0x8, 0x404000000000, 0x7, 0x1]}, 0x1ff, 0xd) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) write$auto(r4, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) r5 = socket(0xa, 0x1, 0x84) getsockopt$auto(r5, 0x0, 0x484, 0x0, 0x0) 55.022606639s ago: executing program 3 (id=1532): open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0x403) r0 = socket(0x11, 0x3, 0x9) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, &(0x7f0000000180), 0x6, 0x1000}, 0x5}, 0x2, 0x100) 54.808395282s ago: executing program 3 (id=1534): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd2/queue/nr_requests\x00', 0x1a1842, 0x0) write$auto(r0, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a00), 0xffffffffffffffff) open(&(0x7f0000000000)='./file0\x00', 0xa48c2, 0x4) socket(0x2, 0x801, 0x100) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x8, 0x8243, 0x0, 0x0, 0x4) getsockopt$auto(0x3, 0x200000000001, 0x3b, 0x0, 0x0) pipe$auto(&(0x7f0000000080)=0xffffffffffffffff) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) read$auto_stat_fops_per_vm_kvm_main(r1, &(0x7f00000000c0)=""/211, 0xd3) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0x109000, 0x0) read$auto(0x3, 0x0, 0x1f40) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$auto(0xffffffffffffffff, 0x4b45, 0x0) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) madvise$auto(0x800, 0xffffffffffff0001, 0x6) madvise$auto(0x0, 0x200007, 0x19) 53.650762449s ago: executing program 3 (id=1541): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) recvmmsg$auto(0xffffffffffffffff, 0x0, 0xc1f, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x7) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xfffffffffffffffc, 0x1f, 0xffffffffffffffff, 0x62) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0xd0800, 0x0) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="19000003d30000", 0x7) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/memory_tiering/memory_tier4/nodelist\x00', 0x800, 0x0) read$auto(r3, 0x0, 0x8000) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSFLAGS(r2, 0x40047459, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) 38.485169436s ago: executing program 33 (id=1541): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) recvmmsg$auto(0xffffffffffffffff, 0x0, 0xc1f, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x7) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xfffffffffffffffc, 0x1f, 0xffffffffffffffff, 0x62) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0xd0800, 0x0) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="19000003d30000", 0x7) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/memory_tiering/memory_tier4/nodelist\x00', 0x800, 0x0) read$auto(r3, 0x0, 0x8000) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSFLAGS(r2, 0x40047459, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) 11.8505249s ago: executing program 5 (id=1658): open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x1b}, 0x403) r0 = socket(0x11, 0x3, 0x9) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={0x0, 0x49}, 0x5, &(0x7f0000000180), 0x6, 0x1000}, 0x5}, 0x2, 0x100) 11.280449258s ago: executing program 5 (id=1662): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_create$auto(0x4) epoll_pwait$auto(0x3, 0x0, 0x4, 0x81, 0x0, 0x1) close_range$auto(0x2, 0x8000, 0x0) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) pread64$auto(r1, 0x0, 0x100000001, 0x400000000000100) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r2, 0x540a, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f00000001c0)="eeef3e34dd3635e22de458538e01dab89f2b91f49d68ee962d9082cf716e78835113d6f5eee968b08d588db460781f4b6c1e12194d592240f44c4e04107c1584675ecab776125c9d41484eb14e939fc604c98790d0a43e6847b6e96c517615e14e52a415c667cad199080815de1600b3b6f03d848bda571152b793e56387403ae9422b7f61fe27") connect$auto(r0, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x5) brk$auto(0xffffffffffffff67) mmap$auto(0x6, 0xe, 0x8000000000000000, 0x37, r2, 0x8) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r3, 0x5453, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/mtu\x00', 0x103041, 0x0) write$auto(r4, &(0x7f0000000480)='s\xfdys/devices/LNXSYTM:00/LNXSYBUS:00\xe6?d\x862d,\x98{/PNP\x10A03:00/device:08/adr\x00\x00\x88\xc0\xd3\x12\xf1\xee\x15\xcb\x12Q\x91\xd3\xb2s\xad\xfdV\xf9\xee\x17\'H\xa3\xc0\xe3\xfb\x0e\xf3%\xe1/Y\b\xf9\xe0Is\xb6LC\x16\x89<\xe2\xdf\x90\x9a\xe5)\xdd\xe5\xb4f\xae.\xc9\xae\xa3{\xc1\x99\x10+9\xa0\xe0r-\xc8\x17\xaf/\xa7n\xfa\x91\x14TL;A\xb5\x84\x01\xba\x81!iZ\x04\x80\xc8xn\xa2X\x148:N\x0e9P\xfb\xb0\xce\xbdu\x1d\xe9+o\xb9\xea\xa9s\x83\xcf\xce\x96\xbf\x15r\x11\x1a\xd2\xc1\xa4?*\xbb\xf0\xe9\xe3\xc6\v\"\x94\xeb2\x9f\x8a\xce\xban\x97\xf3\x8e\xf3\x05\x8d\xe1/\x86\xbf\x9b\x9a\xb1\xe0\x8b\xee\xf0\x9f\xdf\xfb[\vMxsB\xcd\xb7XH+\x0e\xefhE\x87\xf1\x1a]\xd3\xea\x01\x01\xe4\x03\xb4=\xce\x83c\x1eDc[\x10\x1dR\x8f\xb6l.\f\x8d\xa5\xa1^;', 0xffffffff) mq_timedreceive$auto(0xffffffffffffffff, 0x0, 0x7f, 0x0, 0x0) 9.850964761s ago: executing program 5 (id=1669): mmap$auto(0x0, 0x4, 0x4, 0x40eb1, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r1, 0x0, 0x59, 0x7) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) shmctl$auto_SHM_UNLOCK(0x7, 0xc, &(0x7f0000000140)={{0x80000000, 0xffffffffffffffff, 0xee00, 0x3, 0x19, 0x3, 0x6}, 0xf, 0x8000000000000001, 0x8, 0x9, @raw=0xfff, @raw=0x10001, 0x9a5, 0x0, &(0x7f0000000040)="58fdcd982b58df94aad1590e873ec70799d05ff59bcfb196981b548360fb064f969aeae5e3c7a9082851287a4b05f654bcb1a439aeddb350b1d5dfe0745435f19bde734414b62c5435b72e6e1692506437c943737ef44b73f8fd456ef2fddcd3a390e4617572b66daeb618dfd53dbc5e45c1890808cc0816b9cd787279cf86c6763fb6ab47bc61f8b2e1987d10ca8968716f3ccd337a9073f1cec080ee031edc40dbe8ee1e5f06e9977a40a03a318e90f5a4837d1d01bb7bcf94c6bc3c5e82e06932ecbc83ad565c93419973abf1abaca2e8276ced67cec67da87668c0aeeb64eceaa026f2acf2995eaf06472da93eca", &(0x7f0000000680)="6eede673cdef22a674d13911e9f5a917d84c176e88c2f5c159f6e98b71089c9a926266ba9fcf2cad82b5ea3ac62e14488ef08e18f1d7ffa19771f9d15f23cadbd5c0eda48fadb8ddc8fc1064a9aa151d8fdebe8bce7a0337c85e6dc969063d0b95913b38921119331ed873a4a1dc737a20d1475a5ce8ac7840077d8913fda2459ef4288398eecf4676f0a08fcc1efa99e9f3561d36aca23768c950f26cd97eb02b537ee2acc389ae8f11e12437c4c82d6ca97fd50c68094945081c018c238b5f294d5080ed25d3222c0c49df4e22cee734dfe84e29f3cb5796c6b4678fdb74467950ff263980d7f6a41764bbccb1bfcadb3e48c8c8adfd4185f4644e8cae79afe28ccfa7332f76dc1fcafd03a4ca50acce9ff1d599c9de308ccf6084224b26d9a05b76b9582b8ead6c05eb3df971cbc1b7942b2330837ed5abfca5644b8ae4979dfc37ba3f854f099f4e3befb8612a7b40c10f9465bcd688cc45e90ddfdfe968aec4f6bc306c40532dd969f9bac1040aa3c0ea1bcc3ce37242a5163bac3bacd26fbba0f8f1f40401fca00283d9aa978d2a82bcd28bc13ff8c1c1f596e388d09ed298d0096ee7828217dc1d85e408b8f1f44009ab36e27bb81da6a431896f8e0ba1eb9dca4905654eb83706f9d430b370c19ebf06ed9bdbec010249063e93e458ef3dacf165e3c043c90f963a2e051b2af1c10d611eec626f74b4e2ed243e20fc970fb9d93bb97cbdc273f8822bcc89629d01ecd691caa9b77d59fc8c949a6ed429eca1ad51695ea5ecc82ee3648b7e12952309cd16eb6c272017f697e99c59f32ea5fbf9eaae2cf53e6caa90c8387584bd8fa92a539d345550cdf879b96b1998682734dd8487624b590656d30389f6c2b5c5337f7f252d994a1665da02565c966d0a7b89ebf9e965272ce0dd6ac0843ac3fed391cff0969c72f67262a6a3856c4d18264b7f449e08f4d2269e40f8a65f7d91239e84721f4be085a6878c21144d8330789bbc50169990914b460efce9aedde845fab3f57ea65635c119f676765264ea2258f4bde251dca1911624392cce4b465be29e081a280d19020214acb6467d70a3ba25a79bf28156d91ab2ec6b8ca517e4c6414503c1c6df7484a5b72cb3afed81d9fb64ecd6c4c6394aae6281a3b3123bcaa01cc1f46ba030bebed9d2f7639549424eeee2113f85d3c348a9663531776dc4a7e8efb2eaa2ba373f42e758108c37dc59ca7a54204ed09d430a18e7375afccea762b7ef1bba8a781e2a62961e2c7f8baa0dd39a9e36545e4ccd18132a982eab0d6acf9561cd902b674e582137fab913161ffa36eaade52ac4d01ec62d5dac8c0856cd6b4edddf057e2a615424744d540ac4c54c244a7f6049902bb70e6d4c45d89fc2583fa7ccf782bacf59697de137eeb7f67a4759b99ac38d03a0d421bcae1934b5a413d138759ff5d7ff661c50cac9208b32052a9ee60bcd9dab86871bda9ca060b9982687638940f70d7742e22dcba793bbf9ccd849b55927ee526ef46f75d750eed80ecc77de93bb71e16004a1ae60608a0401db5ec3da03c3b970f6672fb05e57c62273f70169a5fe44eb50a97d24a5b126e225e603c9a48459fd62c8a70282f8ad1dda6437b2de42d4d8074d380508a4b8499def049c3df7b927f996771735f3b195ce3dfba6c047b826921959395f0d010c5e5963ddd215b1e0240db14b754b03e3279f96dd6987ee623a30136ba22671a4b1e38e74ed161957f3cd7a385d1063892481b7a62698c289f7383fc204ea851f8436b706f593583d0fb12785536971b9bb603e49fa51b9fb6c3cf2b83daa773970796d4554559089bbd53ce86b6cb8abb22a071f1a21dcff22d82ab33af04ae36c966073eed4f6bd3c9623494deaf1bae6cec02bab8cd875c7e92c58292c906a24f1b10b6107b83c43a2aac9886da30604ef0a7a2081345c2a1b0fcba3dfad9f3c25e36df64a1629b192ee80e56c909b67ca9d307d5372dbd75e2c94d846bee76789c7b85692550fa3a76af9fa7345e8085cc8d694a08d026a478459287579845817e662dbf2be26ea390149ec4aafbc439d9b4b35e3a2e8bd7ed72c9f9599d4806aaaaec5a1e2ea31e193cb5abde1fc1dcf0df00a0b4299e29eda4dd2fc47b7e8714fd0b95031f13405a20e5766b7154bec840f272d8e115026d022bb3e1757e480315d0f28ae65877593bf238b88573feea4cf9a79c9ddddc699023590b6370bfbbb32d6298e2845fb77ed0b7a9817dbee502fcc5852d7f42b4d1ac39443aa55a95cc4cc7fad9423e11ee2fd3dfdc9dfc3e6880ac72408060cc335fb8e9842ec0fbca826a7094f37c7bc6f843c063502c666db7b6e8df8577c39823cdf3869e41c24c41ecfc2664a4d367d82b1548b5e461c832a37f259b15208ca84ff752146cc36cc9a4d10846a9af8e2b0ee97ec7c59808c6020dd0fcf675da7fb122cd5a2476640cf8ee004b1648059244db27338b71d88f1997ae9386ae79b7013077feb226c4ae8c4333b2f59b61041849115f5e3170f177276c30a8e3f021b5973156fafc95625d80db31e0272456dbf213ef77a5d9ae4fd8be9969be035e69530393acd6291e5b4d0bdab58fef7129819dbb9c2a1e1cb99b2866084bd7cd790991c4d92f446c3259562881cb0a184354eff0b93f35716857a1ad016995b8c74776d424d093bde9a51dfdd42f52ea1b3394a6df32ed7c902a72c28617af660cf2072cb623954b0712bc98e7ac5876c2d991e38a547cf51f6458a5077a660a9121b787d10517d8ae27436fc5b1b9138270579105146574eceaa3b9f79659cc25e8ed4125fc777d677498ea1bee843138cad949f4077e3934269b863def8599fe3341afc0070741b46a91e91a364e20fb6fb0fdbb3f800eb75c79e83b3b3de85ba08e92cdb45f301d69861fd0cd72b4ccb15b7b20bfafe3ac7c1cb31f62e12db0693a1a9a129233bc7e8bcca2a673bf3c8914d0948be6d9d284db35c85a5d0f45a50024c08935b32fd8ae78b039214e38fa6e508d2a21c735136e689593e6ce09b8c327f3cf1037fc4eb018f64d6bde714cbb65ce71ca3b4a8782ea577452bbe57eb454628260500582bec279f4f8570f8e6fb611c9206ad034820f5dc95891cb0d8efc89469134efe8a686b6e5aa39ea7dcfa3b63995c44aeea7a42bf90171fd06af289cdfa6dff571ee2025ce9e9d8c893919a783b42e5636fa00adb4024224bf591b0c30595b356a9b4059a5b7b0af36e936119839aab0da05a709a6ee8e184d742db127f934efcfa31387b9664cd1ca78543ad68a613dee568c85bb3d33d79a0b8fe194bca8c1acc732fb14f525f8e7acc59c7291abcb5b12127b2c6d74efa477d6f7593a631d1647c0d1296e654856f45e56317aacea9c09475ca06ae6d57a41595d129c7f5810455e9fb9fab2b01da83acddd6d6000aae819d7099bc53174e0684be79015784662387a36f57c3d832a408e80af29eb3de8c70e41c26160a15348e5662552b4365d13ca57e19be6aafe383bbeb7f99c9185b7e05c9e61715141f47449f77f6968dc8bd38ee31ca591bd8e6b7a5c370a68346447c524ab9f93b5ff3d4cdecb3102dfe1bd062ad52bc6a2d36f893568cf8e0f92cabfa058d256ceca3b3960e7c1f439cb68b2ba610e7fee8942269ce62f93799ab9d1759c25bf1bae50b243e1d5d6d8726b19ec65fea0e40f976fcdf0cf6d33051280bef3593a976ccc93b446066d342c48b94d58d4a0a233068767e1cf86fe730c0f11ba15d6f9c212b571980670abda04df5537a830e57208fd0638fb64c354b170d7ab2bea38324d500119de9c778ac04ab8c85e465574e422c1729a438c2a92c7463b214db7fac9b433cef289a699003f800b5bdef1e063172d6a76229ef2b7b125eb44b9c2f1f74be6b4484cba8c054c3b0fbe3cc710663e8531f6fc433400263ac89b69e62000dbca61c9c93aae69302c2439ff59d7b86db7aeffc3022dbb0597e5e2aab32c2a00be25417604c67864f99ac6a20a7503c0fdbbd679a865c46a24b777bda87b68e8f692580db39f69587f02156ec8b33204d09a18dfd786267d5c112557cbe04fe0cb035b5abd8caada315e3a4270a8f5064e65200c143dd3273765a658ce635b0fbc57a172aa762c625be3848e3b34989d26af766cfd319542033cd1a3c0d706c5a5c7e5c2a7ce79b6a6c092c8afd4a4eefbdc74e0bef2b72dcfa87cc62d5cce1e95ee88d2145d43f13c9e92159c1e3c44612e5b0bd0f3496b166575ad285f030f96757abb713eaca263d5f8ece480df64abf76f2056818591116c849e9512f80653fd886924cd6af5a2785bb5aa74a0bff5b59fa29048e03b918cc59d383f3dddc07bd55ce6dc859c918e90e0d2eeeae1fa5ab6d73df52316c66aec18967ecefb405714b3057bf4a786da49353c03f5b51ff0fa8c71fb648df40e95db5e060000d0119cf8c1848c515277d7d82b3b6975498a816afd784c5b3313b4f91cabd265fe106969d77cf08d9845d594d20089f7e5dbeb2b1d5457a1fe71a2903c8be6ec7efc765edf684b71a7f1edb5b35836d4b6753518c7ca4f28ba000b2a357c7859350239b91cf7abf48694492f0923e4360065758755206c55bb42759bd7aec3addc779f06e5e5d2ae92bea65b1f315c093881ea4e1032af745d9fb0312f21e0e08e7a93d6bb26cc4e696fb2da038945c978fe410483c784b130c3b603a07428e47ef84f464b90787036fd5bc77d9b465b4836ae744f9e8dab77d63853d2da2ac1964297715333415e2684a7b328fcbd442d475367e715a22f7012343f554cdfc026d9ca353aeb2b80a22dfdefa30673c7bfcfe4af167c8a244735228b04554c279a9af0963165dd45e5f9b5bf7e107cc021c48a01df9bd725350ff37e003ae9808a3de9aeca76acd6b413e07b536e90c77697dc5dd505e5a782dd49b995f338f1d811dfe2a562a48086e4527bc33a82b6ce551e5de6e02ee35a3cfd17825433908db1d8100d8182b8493fd0a0c0704bfa5d52d48c387b27d5db6462672225f6f1d12e44821c99e95644e0586005c410ecbcf35b42c962549bf6e635d036d197dba801d06551d7c8c14fd2e94211dcc89a02d9f41049950b9ed5acaa842670aadcc0b2f21fa2fc40f17170c32ce4b23ed6c8f562fdf2e8c462baab133cc620f31141b5a07825521b54a7cbd7eea405fcd575c68c5a7e1b16cd1d77bb362ee0e43433952cdb7b9c092bb2d825f579ef37367251622e9b548ca3a0d2124c3e4d0bbd2736779f8dc4336e0f8e452f81f5f0098184ca6b9a2ef4a0d559ff3e81537f60e913809dd26157481f6aa574e50f68828c698ccd5af1cdd7943bed6f27959070c727cef5cae77dc7393fc1cf281c4c297c68dce56455238139fbc01d2cb75cbae6c3b1a3f473ecdfd7c92a15cf690abd6706371c4c6bc29356500a9dec7e2d45fef6ac784a7566db2030053ef41b07a8411d892585ce3d7403b56ec0f0e58aa50191d0ea061c33ae5d7bf7c9c57289e36ebb01024252709e8131b1e25ec592bd415cdc2e14cf373dc26d8526b60bea7c0f82ba344fba034c185ddf7862dcea6bcdb50cd7eaf68b4dca794f38d1653c2c7ad2197c79f9478101fb2c08df94b0dd8919c2c551dca2a32858853b48eb8138f47aae6ea52ff3b37033bd9a6c51c626e34bb9f546c5bfa6ded339a244f52b3f30cdc2a71a6c95ae7d41f5b9da2137031d7d0fbe233837a3d159eb6b7fa465c2355129ae81a21cb2d72cbdd20a119cd6676607975c112be7a51a67137bbd7ed352c3219"}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x22000, 0x0) close_range$auto(0x2, 0xa, 0x0) msgctl$auto_MSG_INFO(0xa, 0xc, &(0x7f0000000240)={{0x80000001, 0x0, 0xee00, 0x3, 0x2, 0x6, 0x29}, &(0x7f00000001c0)=0xfe, &(0x7f0000000200)=0x5, 0x25bc, 0xddae, 0x193, 0x8, 0x1, 0x3, 0x1, 0x0, @raw=0x1ff, @raw=0xfffffffe}) msgctl$auto_MSG_STAT(0x1, 0xb, &(0x7f0000000340)={{0x8, r2, r3, 0x1, 0x9, 0xff}, &(0x7f00000002c0)=0xbd, &(0x7f0000000300)=0x9, 0x2, 0x401, 0x9, 0x4, 0x2, 0x2, 0x5, 0x6, @raw=0x3, @raw=0x7}) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/oom_adj\x00', 0x81, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000400), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'dummy0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)=ANY=[@ANYBLOB="88000000", @ANYRES16=r4, @ANYBLOB="00032cbd7000fcdbdf25140000004400018014000200776731000000000000000000000000001400020070696d3672656700000000000000000008000100", @ANYRES32=r5, @ANYBLOB="08ff7f0011008000000040a6d5740800000008000f00e2000000080004000100000008000e00c8090000040018000700000800"/64], 0x88}, 0x1, 0x0, 0x0, 0x40000}, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) r6 = socket(0x2, 0x6, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, r6, 0x0) epoll_wait$auto(0x5, 0x0, 0x2, 0xfffffffd) r7 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r8 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/snd/pcmC0D0c\x00', 0x80900, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS2(r8, 0xc2604111, 0x0) setns(r7, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000000)=0x4, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/devices/platform/dummy_hcd.1/usb2/bmAttributes\x00', 0x0, 0x0) 9.073490539s ago: executing program 1 (id=1670): open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x1b}, 0x403) r0 = socket(0x11, 0x3, 0x9) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, 0x0, 0x6, 0x1000}, 0x5}, 0x2, 0x100) 8.70557563s ago: executing program 1 (id=1672): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x82001, 0x0) mmap$auto(0x0, 0x2020009, 0x1ff, 0xeb3, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x5) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, 0x0, 0x6a) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2b00, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) socket(0x80000000000000a, 0x2, 0x0) mmap$auto(0x2, 0x2005, 0xdf, 0x15, 0x401, 0x5) socket(0x2, 0x1, 0x0) socket(0x2a, 0x800, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_ctl$auto(0x5, 0x9, r0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x161342, 0x141) open(&(0x7f0000000080)='./file0\x00', 0x22000, 0x50) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) fcntl$auto(0x0, 0x407, 0x100000) 8.463953394s ago: executing program 5 (id=1673): close_range$auto(0x2, 0xffffffffffffffff, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/028/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcpu$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = prctl$auto(0x53564d41, 0x0, 0x0, 0xd, 0xf4ff) r1 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps\x00', 0x101000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f0000000040)=""/93, 0x5d) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) close_range$auto(0x2, 0xa, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev7\x00', 0x141083, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfd, 0x8000) move_mount$auto(r0, 0x0, 0xffffffffffffff9c, 0x0, 0x4) setsockopt$auto(0x3, 0x0, 0x24, 0x0, 0x28) socket(0x6, 0x2, 0x0) madvise$auto(0x0, 0x23, 0x18) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x10000009, 0xfffbf38f, &(0x7f00000000c0)={{0x1000000000100, 0x9947}, {0x8000, 0x9}}, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x4038ae7a, 0x38) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/tty29/power/runtime_active_time\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000003c0)=""/4096, 0x1000) 7.052789349s ago: executing program 1 (id=1674): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xab40, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "c7cf304e861f2a8acaf0b8ad66b934da325e48c1fb459f7e8f1ac879b1076ce4", @raw=0x51d2}) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000800), 0x10100, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x49c, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) sendfile$auto(r1, r3, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x80000000000006, 0x70624ce7, 0xff, 0x6, 0xaed, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x1, 0x400000000005b8, 0xe, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x7, 0x9, 0xa38, 0xa68, 0x3, 0xfffffffffffffffd, 0x8, 0x404000000000, 0x7, 0x1]}, 0x1ff, 0xd) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) write$auto(r4, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) r5 = socket(0xa, 0x1, 0x84) getsockopt$auto(r5, 0x0, 0x484, 0x0, 0x0) 4.951300237s ago: executing program 4 (id=1683): r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000100), 0xffffffffffffffff) readv$auto(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x541b, 0x10000000000402) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="a5e357fd4133f0430f92a400cc93"], 0x14}}, 0x40810) 3.640939544s ago: executing program 4 (id=1684): r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r1, 0x7904a4a47fe859c7, 0x70bd22, 0x25dfdbfc}, 0x14}}, 0x40810) (fail_nth: 8) 2.968656992s ago: executing program 1 (id=1685): r0 = prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x0, 0xffffffffffffffff, 0x6, 0x7) write$auto(r0, &(0x7f0000000000)='\'\x00', 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x40000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x6, 0x0) getsockopt$auto(0x4, 0x200000000, 0x9, 0xfffffffffffffffc, 0x0) r2 = semctl$auto_SEM_INFO(0x3, 0xfffffff9, 0x13, 0x8) prctl$auto_PR_SET_MM_START_STACK(0x46, 0x5, r2, 0xcd8, 0x100) madvise$auto(0x0, 0x20499d, 0x9) ioctl$auto(0xffffffffffffffff, 0x40046205, 0x9) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c7c44008917001600", @ANYRESDEC, @ANYBLOB="01002bbd7000fcdbdf250400000008000c0003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4044820) 2.968159261s ago: executing program 4 (id=1686): mmap$auto(0x0, 0x7, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_LINK_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, r1, 0xd35, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x61cf770a5abe6d4a}, 0x8010) recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x84, 0x6f, 0x0, 0x0) r4 = socket(0x18, 0x5, 0x1) connect$auto(r4, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 2.694977316s ago: executing program 0 (id=1693): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) bpf$auto(0x5, &(0x7f0000000100)=@bpf_attr_3={0x6, 0x5, 0xffffffffffff8001, 0x9, 0x8, 0x7ff, 0x2, 0x9, 0x6, "4e963b0004000000000800", 0x0, 0x401, 0xffffffffffffffff, 0x4, 0x4, 0x1, 0x5, 0x865, 0x6, 0x9, @attach_prog_fd, 0x9, 0x7fffffffffffffff, 0x4, 0x0, 0x6}, 0x201) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/rpc/nfsd.export/content\x00', 0x0, 0x0) pread64$auto(r0, &(0x7f0000000040)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\x8d\xa8\xcfM9\\\xd6\xcfUq\x05#\xed\x1c\xd1G\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xbasG\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1', 0x3ff, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) listen$auto(0xffffffffffffffff, 0x8) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x801, 0x10008, 0x400, 0x1000049, 0xffffffffffffffff, 0x20000000000804, 0x3}, 0x6f3) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.693657865s ago: executing program 4 (id=1687): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x200, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) sched_setscheduler$auto(0x0, 0x8, &(0x7f0000000000)={0xfff}) fcntl$auto(r1, 0x402, 0x2) prctl$auto(0x23, 0xa, 0xd929, 0x0, 0x0) r2 = fcntl$auto(r1, 0x402, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x80091, 0x0) writev$auto(r3, &(0x7f0000000000)={0x0, 0x710d}, 0x8000000000000001) msgctl$auto_IPC_RMID(0x6, 0x0, &(0x7f0000002700)={{0x1, 0x0, 0x0, 0x4, 0x7, 0x4, 0x90}, &(0x7f0000002680)=0x3, &(0x7f00000026c0)=0x1, 0xfffffffffffffffe, 0x97, 0x2, 0x5, 0xd72a, 0xfb8, 0x59, 0x3}) pread64$auto(r0, 0x0, 0x3f, 0x7fff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) recvmmsg$auto(r2, &(0x7f0000001540)={{&(0x7f0000001380)="09c016331236064167b10709eaeed95717361fe423a6aebf3135ac96661c8578175d05f3f3e510f1d33fc1e63870ba256583ad155df26cc5941a2b2b6e47911621da8c61e82d8b986638db9906fc273b0de39737b2764cd92057e787cce05e04fb523ce66cfee2910624f1156be595f2ede9f2359448589f19bd10f91c8f682e4a32d254f0c16366d59b9d3c5b63a760ccc76bcad4f0046dac76a1ee9280acec4755602a2b8b03d4d0a1ade94a1cc22228d030841079a252f9345e570303fac39137e3efdc9a389d87df404284c16e5e80da33ddf6c46fd12d19dc14f1fc3a625e334e55ca2f08fb93ea504d6224c6f83ee255c3", 0xfff, &(0x7f0000000140)={&(0x7f00000000c0)="3d73dc8eb3cc8be7002d00f361f76989acc1ef12fb2393dfe55e6b62ae7840362e24552a3216f0790f4670fd87482c7649671360528ee98233ab569f90943e21cd15f0ca160e0cf904109703afcd8c06f5", 0x3}, 0x6, &(0x7f0000001480)="fb148f64071b84f6562ba314effceb81b6d570eea79d824d1a7eebc2791f6351682d16b04a68c9e249ed46314013901a90338e4aa716c2ba9554827101d99203b83041b73deb2007068aeee6571207d607efd8130902b01ee555087cf3b0be6b80103a3c278aafbef46e33bc9bdac38a5bb620ca0291860a6c2a98d730a59c08c517a542ed628e0187a7c833f7f96d4165b71e", 0x2, 0x7}}, 0xfffffe01, 0x0, &(0x7f0000001580)={0x0, 0x60}) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) close_range$auto(0x2, 0x8000, 0x0) open(&(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x400, 0xd1) mmap$auto(0x3, 0x4020029, 0x6, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x2, 0x200000000001, 0xb4, 0x9, 0x8, 0x10007, 0x80, 0x4, 0x0, 0xa, 0x1, 0x202, 0x0, 0x84, [0x6, 0x2, 0x0, 0x2, 0x0, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x2006, 0x0, 0xfffffffffffbfffe, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x4, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x4, 0x100, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x8, 0xa38, 0x0, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x7, 0xc567]}, 0x1fe, 0xd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x40000000, 0x800c000}, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/blkio.bfq.io_serviced\x00', 0x8202, 0x0) 2.43047848s ago: executing program 0 (id=1688): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000002540)={0x0, 0xec0, &(0x7f0000002500)={&(0x7f0000002580)={0x24, r1, 0x9ec6579d452c1f15, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x25, 0x0, 0x0, @uid}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x20000080) 2.221988352s ago: executing program 0 (id=1689): setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r0, 0x5404, 0x3) move_pages$auto(0x0, 0x0, &(0x7f00000005c0)=&(0x7f0000000800)="af4e8e19dbb9fd4a27b56b3915f1b35d75ba311db4936cb1984cec34204c8599645e200b0a7a45ff256488843c3ddf1a6c7f9ad7f92e4191b0ea48e3661281651e54a8cfd0ed827ced7b982aff18d2073425d0c26bc38aa51b7ad5689858c33c60bad23eb278709c1af0798b5cf81b34e2b693a01a1f211d847c36698f4d26f9359f0b7e3ee17b7c52ca0a814abcd34e3334044c1d1a07325025071c4ef596803eb38ba704b82765b37b40835a7395ebc6cd8cff5515", 0x0, 0x0, 0x4) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa19219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc0d621178012495837d6a220eeaaf498ccc01", 0xfe04) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:00.0/devspec\x00', 0x101000, 0x0) read$auto(0x3, 0x0, 0x80) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129843, 0x0) socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0xb9}, 0x3) r4 = socket(0xa, 0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r4, 0x0) 1.678024155s ago: executing program 0 (id=1690): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000002580)={0x24, r1, 0x9ec6579d452c1f15, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x25, 0x0, 0x0, @uid}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x20000080) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) ioctl$auto(r2, 0xab04, 0xffffffffffffffff) getsockopt$auto_SO_SNDBUF(r0, 0x1, 0x7, &(0x7f0000000000)='TIPCv2\x00', &(0x7f0000000080)=0x8) 1.525141534s ago: executing program 5 (id=1691): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) keyctl$auto(0x4, 0xffffffffffffffff, 0x5, 0x800, 0xa) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xab40, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "c7cf304e861f2a8acaf0b8ad66b934da325e48c1fb459f7e8f1ac879b1076ce4", @raw=0x51d2}) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r1, 0xa, 0x8df) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000800), 0x10100, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x49c, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) sendfile$auto(r1, r3, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x80000000000006, 0x70624ce7, 0xff, 0x6, 0xaed, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x1, 0x400000000005b8, 0xe, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x7, 0x9, 0xa38, 0xa68, 0x3, 0xfffffffffffffffd, 0x8, 0x404000000000, 0x7, 0x1]}, 0x1ff, 0xd) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) write$auto(r4, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) r5 = socket(0xa, 0x1, 0x84) getsockopt$auto(r5, 0x0, 0x484, 0x0, 0x0) 951.070454ms ago: executing program 0 (id=1692): mmap$auto(0xfffffffffffffffc, 0x2020009, 0x7f, 0x200000000eb1, 0xffffffffffffffff, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r0, 0x5427, 0xffffffffffffffff) 947.183802ms ago: executing program 4 (id=1694): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0106"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='#\x00\x00\x00', @ANYBLOB='.\x00'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="210026bd7000fcdbdf250100000006000100040000000c0003000200000000000000060001000500000006000100010000000c0003000300000000000000"], 0x44}, 0x1, 0x0, 0x0, 0xb92cf85b28d08f2c}, 0xc000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto_SO_DOMAIN(0xffffffffffffffff, 0x8, 0x27, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8001, 0x1ff, 0x1001, 0x5, 0x40, 0x1ffde, 0x9, 0x3, 0x9, 0x2, 0x80003, 0x4, 0x200000000001, 0xbd, 0x3, 0xb, 0x10007, 0x80, 0x2a0, 0x0, 0xa, 0x22000, 0x2, 0x4, 0x84, [0x3, 0x1, 0x800200000000, 0x6, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x70624ce7, 0x1, 0xffffffeffffffffd, 0x8, 0x8, 0x10, 0x6, 0x0, 0xfffffffffffbfffd, 0x2000000005, 0x10000000000001, 0x10000000000, 0xe, 0x7, 0xfffffffffffffe00, 0x0, 0x0, 0x5, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x50973992, 0xfffffffffffffffa, 0x8000000000008, 0xfffffffffffffffc, 0xa, 0xa38, 0x3, 0x2, 0xfffffffffffffff9, 0x1, 0x6044, 0x7, 0xc567, 0xfffffffffffffff7]}, 0x1fe, 0x9) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) memfd_create$auto(0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x6, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) 615.755728ms ago: executing program 1 (id=1695): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x10, 0x3, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x2}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x24008040) 459.265614ms ago: executing program 4 (id=1696): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8004) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(r0, 0x64c8, 0x1e2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x15, 0x0, 0x9, 0x0, 0x1f, 0x2}, 0x800007}, 0x5, 0x20000003) r1 = socket(0xa, 0x2, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000140), 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0xfffffffffffffffe}, 0x104) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = socket(0x2, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x40}}, 0x55) io_uring_setup$auto(0x6, 0x0) connect$auto(r3, &(0x7f0000000000)=@l2tp={0x2, 0x0, @multicast2, 0x1}, 0x7f) write$auto(0x3, 0x0, 0xfdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20800, 0x0) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) 312.185211ms ago: executing program 1 (id=1697): mmap$auto(0x0, 0x1000000000200004, 0x204000000000e3, 0x18, 0xd, 0x0) ioperm$auto(0x0, 0x3, 0x1) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000100)) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x7ff, 0x7, 0x9}) bind$auto(0x3, 0x0, 0x6b) rt_sigaction$auto(0x4, &(0x7f0000000300)={&(0x7f0000000240)=0x0, 0x0, 0x0, {0x1}}, 0x0, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff) mkdir$auto(&(0x7f00000001c0)='}[,&*}\x00', 0xc001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x44000, 0x0) r5 = semctl$auto_GETPID(0x3ff, 0x101, 0xb, 0x9) gettid() rt_sigaction$auto(0xfffff0d8, &(0x7f0000000680)={&(0x7f00000005c0)=&(0x7f00000002c0)=0x9, 0xb249, &(0x7f0000000640)=&(0x7f0000000600)=0xe, {0xae06}}, &(0x7f00000007c0)={&(0x7f0000000700)=&(0x7f00000006c0)=0x4, 0x1, &(0x7f0000000780)=&(0x7f0000000740)=0xf8, {0xb9f}}, 0x8) sendmsg$auto_NL802154_CMD_SET_ACKREQ_DEFAULT(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10010280}, 0xc, &(0x7f0000000200)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="ab42c84d", @ANYRES16=r4, @ANYBLOB="01002abd7000fddbdf2513000000e3021980cd0221803cb5114a0c28a66af872e9b73e64b8f0a6853568475304bba42d9976cc06b75ee59dde8457d6013abe2925e8b71ecdddf8f4705de5fd45b26936eae7403059a9cabe825e0bafd506f139b39c579ee35ec0a0cab088b31d68737b1e975fff601266faf77f020c60f5e8d2a6011f07fb3acca5c839a3f5237facf2707505fabe046ae8bba78c8a46513ca6f90504004b80e47d6ce6f52fe73f0325c8b601d8ed557f6056119e60b66d86ec4b7c0637b903b3ba91ed1efe9877ba652dffb6493331aed542707416e3d79f01c97eefaa3320bebb08003700", @ANYRES32=r5, @ANYBLOB="98ddb9061d5b547542135200b1f4e98ef34ded6276613eb66adf2e34af3ef0c6448aeca1696fe6e2178ff7eb95dcb0b5d3b6fc2e62bd32efdee66c705810c9cd30510293c3e2ea71aadc429a7421e1ad89258a449af9a1c63116e9a171cb311bf5619236f5a56c4af17b0a7539d6809b78ce827f03f698c7f0aeee1c9966d2f888d0a4db3cf72b302a676c97c804004d806200df80e27091bb513fa24f3a511f8784faf05f256e4b52230f7c354ccb73501f0827295a89b06a0d455e272f18c6d83f2d1b8ab44c88cacd5986d0d3812400e8800400a980040029800800a10003000000040019800400c78004009a8004004d8000006a6a06f62c7d6f08338fc745d95011fed95b66f91ea3829b637d5d997b7aa3d7743c493762f9c2ca548729b98e79c60acc96a7354c20d5a0642239a56b878d9636ec3b268ac16fbfbf559f5a9861ce7cf6cad6da0e3b054547dca528e665bca133cf047e6376dccc3d3e4044e1764daca5763223001bbba377e66352b652dbf4f42a77279235f1b8acc7800e47c78627c9fab5268f575e5d88a0f327c8cb504896b7eadf5c3fc2d9c88f4ccf5c9c3e5d903c941176a7a4e3f42b716d9b631558e17029a737545aa920d2e58ff8913c4e233b6f4b68304a227a2ea263337462bd90a8f3770d5c67bdf34c621cdfe801c1c124fa22854ab195b7350000003efbccc9b7bea708007e00", @ANYRES32=r0, @ANYBLOB="00050007007f00000008002700ff010000"], 0x308}, 0x1, 0x0, 0x0, 0x910}, 0x1) r6 = gettid() rt_sigqueueinfo$auto(r6, 0x1, 0x0) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r7, 0x8000) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(0x0, r8) r9 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r9, 0x0, 0x1001) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) 264.30417ms ago: executing program 0 (id=1698): mmap$auto(0x0, 0x1000000000200004, 0x204000000000e3, 0x18, 0xd, 0x0) ioperm$auto(0x0, 0x3, 0x1) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000100)) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x7ff, 0x7, 0x9}) bind$auto(0x3, 0x0, 0x6b) rt_sigaction$auto(0x4, &(0x7f0000000300)={&(0x7f0000000240)=0x0, 0x0, 0x0, {0x1}}, 0x0, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), 0xffffffffffffffff) mkdir$auto(&(0x7f00000001c0)='}[,&*}\x00', 0xc001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', 0x0, 0x44000, 0x0) r5 = semctl$auto_GETPID(0x3ff, 0x101, 0xb, 0x9) gettid() rt_sigaction$auto(0xfffff0d8, &(0x7f0000000680)={&(0x7f00000005c0)=&(0x7f00000002c0)=0x9, 0xb249, &(0x7f0000000640)=&(0x7f0000000600)=0xe, {0xae06}}, &(0x7f00000007c0)={&(0x7f0000000700)=&(0x7f00000006c0)=0x4, 0x1, &(0x7f0000000780)=&(0x7f0000000740)=0xf8, {0xb9f}}, 0x8) sendmsg$auto_NL802154_CMD_SET_ACKREQ_DEFAULT(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10010280}, 0xc, &(0x7f0000000200)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="ab42c84d", @ANYRES16=r4, @ANYBLOB="01002abd7000fddbdf2513000000e3021980cd0221803cb5114a0c28a66af872e9b73e64b8f0a6853568475304bba42d9976cc06b75ee59dde8457d6013abe2925e8b71ecdddf8f4705de5fd45b26936eae7403059a9cabe825e0bafd506f139b39c579ee35ec0a0cab088b31d68737b1e975fff601266faf77f020c60f5e8d2a6011f07fb3acca5c839a3f5237facf2707505fabe046ae8bba78c8a46513ca6f90504004b80e47d6ce6f52fe73f0325c8b601d8ed557f6056119e60b66d86ec4b7c0637b903b3ba91ed1efe9877ba652dffb6493331aed542707416e3d79f01c97eefaa3320bebb08003700", @ANYRES32=r5, @ANYBLOB="98ddb9061d5b547542135200b1f4e98ef34ded6276613eb66adf2e34af3ef0c6448aeca1696fe6e2178ff7eb95dcb0b5d3b6fc2e62bd32efdee66c705810c9cd30510293c3e2ea71aadc429a7421e1ad89258a449af9a1c63116e9a171cb311bf5619236f5a56c4af17b0a7539d6809b78ce827f03f698c7f0aeee1c9966d2f888d0a4db3cf72b302a676c97c804004d806200df80e27091bb513fa24f3a511f8784faf05f256e4b52230f7c354ccb73501f0827295a89b06a0d455e272f18c6d83f2d1b8ab44c88cacd5986d0d3812400e8800400a980040029800800a10003000000040019800400c78004009a8004004d8000006a6a06f62c7d6f08338fc745d95011fed95b66f91ea3829b637d5d997b7aa3d7743c493762f9c2ca548729b98e79c60acc96a7354c20d5a0642239a56b878d9636ec3b268ac16fbfbf559f5a9861ce7cf6cad6da0e3b054547dca528e665bca133cf047e6376dccc3d3e4044e1764daca5763223001bbba377e66352b652dbf4f42a77279235f1b8acc7800e47c78627c9fab5268f575e5d88a0f327c8cb504896b7eadf5c3fc2d9c88f4ccf5c9c3e5d903c941176a7a4e3f42b716d9b631558e17029a737545aa920d2e58ff8913c4e233b6f4b68304a227a2ea263337462bd90a8f3770d5c67bdf34c621cdfe801c1c124fa22854ab195b7350000003efbccc9b7bea708007e00", @ANYRES32=r0, @ANYBLOB="00050007007f00000008002700ff010000"], 0x308}, 0x1, 0x0, 0x0, 0x910}, 0x1) r6 = gettid() rt_sigqueueinfo$auto(r6, 0x1, 0x0) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r7, 0x8000) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(0x0, r8) r9 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r9, 0x0, 0x1001) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) 0s ago: executing program 5 (id=1699): r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci1/rfkill6\x00', 0x82000, 0x0) r1 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) sendmsg$auto_NL80211_CMD_CONNECT(r1, 0x0, 0x4000000) clone$auto(0xd2d4, 0x101, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x7, 0x1977, 0x7, 0x5, 0x7181, 0x8002, 0x7, 0x3, 0x9, 0x5, 0x80003, 0x4, 0x200000000000, 0xb4, 0x9, 0x8, 0x10006, 0x4000080, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0xd363, [0x4000000003, 0xa7a2d9f, 0x0, 0x2, 0xcb, 0x2000, 0x0, 0xe, 0x70624ce7, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x8, 0x0, 0x8, 0x0, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x8005, 0xfffffffffffffe00, 0x3, 0x0, 0x5, 0x400000000005b8, 0x5, 0x0, 0x100, 0x0, 0x6, 0x100002, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xffff, 0x0, 0x3, 0xfffffffffffffffc, 0x9, 0x8, 0x7, 0xc567]}, 0x1fe, 0xd) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x880}, 0x40000) recvmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x2, 0x0, 0x4, 0x0, 0x1, 0x8}, 0x5}, 0xfffffff9, 0x10, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r2, 0xfffffffffffffd09, &(0x7f00000001c0)) mbind$auto(0x0, 0x100400004, 0x100000000, 0x0, 0x7, 0x2) ioctl$auto_FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) read$auto(0xffffffffffffffff, 0x0, 0x20) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x40000000009b72, 0x7, 0x28000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/tty/ptys9/uevent\x00', 0x8000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram8\x00', 0x40001, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x7, 0x7, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x80, 0x0) kernel console output (not intermixed with test programs): a failed: -4 [ 377.757350][T10743] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 377.802280][T10743] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 377.809306][T10743] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 377.853187][T10743] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 377.877585][T10750] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 377.950345][T10743] CPU0 is offline. [ 378.007305][T10751] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 378.320348][T10649] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 378.358797][T10758] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 378.431390][T10649] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 378.504711][T10649] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 378.575199][T10649] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 379.096643][T10770] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 379.165146][T10754] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 379.195749][T10754] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 379.248778][T10774] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 379.268865][T10754] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 379.307255][T10649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 379.314590][T10754] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 379.320573][T10754] CPU0 is offline. [ 379.417365][T10649] 8021q: adding VLAN 0 to HW filter on device team0 [ 379.525536][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.533888][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.599210][T10773] Process accounting resumed [ 379.688621][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.697927][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 379.867486][T10781] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 380.037647][T10786] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 380.285684][T10793] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 380.523731][T10649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 380.606117][T10797] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 380.727583][T10798] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 381.236099][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 381.314736][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 381.397620][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 381.561185][T10788] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 381.581808][T10788] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 381.629488][T10788] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 381.677537][T10788] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 381.719492][T10788] CPU0 is offline. [ 381.784910][T10649] veth0_vlan: entered promiscuous mode [ 381.828322][T10649] veth1_vlan: entered promiscuous mode [ 381.989688][T10649] veth0_macvtap: entered promiscuous mode [ 382.029976][T10649] veth1_macvtap: entered promiscuous mode [ 382.111728][T10649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 382.178966][T10649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.245531][T10649] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 382.327722][T10649] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 382.369663][T10649] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 382.387059][T10827] FAULT_INJECTION: forcing a failure. [ 382.387059][T10827] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 382.423163][T10649] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 382.454316][T10827] CPU: 1 UID: 0 PID: 10827 Comm: syz.0.1279 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 382.454352][T10827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 382.454367][T10827] Call Trace: [ 382.454374][T10827] [ 382.454383][T10827] dump_stack_lvl+0x16c/0x1f0 [ 382.454420][T10827] should_fail_ex+0x50a/0x650 [ 382.454461][T10827] _copy_to_user+0x32/0xd0 [ 382.454488][T10827] simple_read_from_buffer+0xd0/0x160 [ 382.454520][T10827] proc_fail_nth_read+0x198/0x270 [ 382.454549][T10827] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 382.454580][T10827] ? rw_verify_area+0xcf/0x680 [ 382.454609][T10827] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 382.454636][T10827] vfs_read+0x1df/0xbf0 [ 382.454667][T10827] ? __fget_files+0x1fc/0x3a0 [ 382.454700][T10827] ? __pfx___mutex_lock+0x10/0x10 [ 382.454730][T10827] ? __pfx_vfs_read+0x10/0x10 [ 382.454768][T10827] ? __fget_files+0x206/0x3a0 [ 382.454808][T10827] ksys_read+0x12b/0x250 [ 382.454838][T10827] ? __pfx_ksys_read+0x10/0x10 [ 382.454876][T10827] do_syscall_64+0xcd/0x250 [ 382.454908][T10827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.454941][T10827] RIP: 0033:0x7fbf2e18bb7c [ 382.454958][T10827] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 382.454982][T10827] RSP: 002b:00007fbf2f074030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 382.455005][T10827] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18bb7c [ 382.455027][T10827] RDX: 000000000000000f RSI: 00007fbf2f0740a0 RDI: 0000000000000004 [ 382.455043][T10827] RBP: 00007fbf2f074090 R08: 0000000000000000 R09: 0000000000000000 [ 382.455058][T10827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.455073][T10827] R13: 0000000000000000 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 382.455102][T10827] [ 382.650824][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.681802][T10649] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.690681][T10649] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.699540][T10649] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.708531][T10649] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.077206][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 383.477827][ T7665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.530932][ T7665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.635671][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 383.643204][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 383.655782][ T7665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.669233][T10838] nvme_fabrics: missing parameter 'transport=%s' [ 383.692845][ T7665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.715438][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 383.722394][T10844] program syz.3.1284 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 383.744360][T10838] nvme_fabrics: missing parameter 'nqn=%s' [ 384.198835][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.205710][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.659802][T10837] Process accounting resumed [ 384.715864][T10852] FAULT_INJECTION: forcing a failure. [ 384.715864][T10852] name failslab, interval 1, probability 0, space 0, times 0 [ 384.796461][T10852] CPU: 1 UID: 0 PID: 10852 Comm: syz.4.1242 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 384.796496][T10852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 384.796511][T10852] Call Trace: [ 384.796519][T10852] [ 384.796529][T10852] dump_stack_lvl+0x16c/0x1f0 [ 384.796565][T10852] should_fail_ex+0x50a/0x650 [ 384.796602][T10852] ? fs_reclaim_acquire+0xae/0x150 [ 384.796633][T10852] ? tomoyo_realpath_from_path+0xb9/0x720 [ 384.796666][T10852] should_failslab+0xc2/0x120 [ 384.796688][T10852] __kmalloc_noprof+0xcb/0x510 [ 384.796722][T10852] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 384.796761][T10852] tomoyo_realpath_from_path+0xb9/0x720 [ 384.796795][T10852] ? tomoyo_path_number_perm+0x235/0x590 [ 384.796825][T10852] ? tomoyo_path_number_perm+0x235/0x590 [ 384.796855][T10852] tomoyo_path_number_perm+0x248/0x590 [ 384.796881][T10852] ? tomoyo_path_number_perm+0x235/0x590 [ 384.796911][T10852] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 384.796962][T10852] ? __pfx_lock_release+0x10/0x10 [ 384.796994][T10852] ? trace_lock_acquire+0x14e/0x1f0 [ 384.797024][T10852] ? lock_acquire+0x2f/0xb0 [ 384.797062][T10852] ? __fget_files+0x40/0x3a0 [ 384.797100][T10852] ? __fget_files+0x206/0x3a0 [ 384.797138][T10852] security_file_ioctl+0x9b/0x240 [ 384.797169][T10852] __x64_sys_ioctl+0xb7/0x200 [ 384.797200][T10852] do_syscall_64+0xcd/0x250 [ 384.797234][T10852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.797269][T10852] RIP: 0033:0x7f59fff8d169 [ 384.797287][T10852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.797313][T10852] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 384.797336][T10852] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 384.797352][T10852] RDX: 0000000000000009 RSI: 0000000000004b4d RDI: 0000000000000003 [ 384.797367][T10852] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 384.797382][T10852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.797397][T10852] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 384.797426][T10852] [ 384.797436][T10852] ERROR: Out of memory at tomoyo_realpath_from_path. [ 385.313705][T10838] svc: failed to register nfsdv3 RPC service (errno 111). [ 385.392415][T10838] svc: failed to register nfsaclv3 RPC service (errno 111). [ 385.796561][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 386.535135][T10880] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1292'. [ 386.555450][T10884] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1291'. [ 386.572058][T10886] [U] [ 386.575199][T10886] [U] [ 386.577941][T10886] [U] [ 386.580926][T10886] [U] [ 386.642955][T10886] [U] [ 386.645842][T10886] [U] [ 386.648683][T10886] [U] [ 386.651402][T10886] [U] [ 386.743774][T10886] [U] [ 386.746857][T10886] [U] [ 386.749589][T10886] [U] [ 386.752355][T10886] [U] [ 386.774020][T10872] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 386.801506][T10872] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 386.843123][T10872] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 386.850222][T10886] [U] [ 386.853489][T10886] [U] [ 386.856491][T10886] [U] [ 386.860185][T10886] [U] [ 386.883495][T10872] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 386.908382][T10872] CPU0 is offline. [ 386.954574][T10886] [U] [ 386.957561][T10886] [U] [ 386.961158][T10886] [U] [ 386.963994][T10886] [U] [ 387.149915][T10886] [U] [ 387.152782][T10886] [U] [ 387.155707][T10886] [U] [ 387.158584][T10886] [U] [ 387.383296][T10886] [U] [ 387.386081][T10886] [U] [ 387.388908][T10886] [U] [ 387.391851][T10886] [U] [ 387.541016][T10886] [U] [ 387.543800][T10886] [U] [ 387.546539][T10886] [U] [ 387.549257][T10886] [U] [ 387.617125][T10906] FAULT_INJECTION: forcing a failure. [ 387.617125][T10906] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 387.710824][T10906] CPU: 1 UID: 0 PID: 10906 Comm: syz.1.1297 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 387.710857][T10906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 387.710873][T10906] Call Trace: [ 387.710881][T10906] [ 387.710890][T10906] dump_stack_lvl+0x16c/0x1f0 [ 387.710926][T10906] should_fail_ex+0x50a/0x650 [ 387.710964][T10906] ? __pfx___might_resched+0x10/0x10 [ 387.711005][T10906] should_fail_alloc_page+0xe7/0x130 [ 387.711030][T10906] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 387.711062][T10906] ? hlock_class+0x4e/0x130 [ 387.711090][T10906] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 387.711130][T10906] ? hlock_class+0x4e/0x130 [ 387.711154][T10906] ? mark_lock+0xb5/0xc60 [ 387.711188][T10906] ? __pfx_mark_lock+0x10/0x10 [ 387.711223][T10906] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 387.711270][T10906] ? hlock_class+0x4e/0x130 [ 387.711295][T10906] ? __pfx_mark_lock+0x10/0x10 [ 387.711333][T10906] ? hlock_class+0x4e/0x130 [ 387.711356][T10906] ? __lock_acquire+0xcc5/0x3c40 [ 387.711389][T10906] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 387.711428][T10906] ? policy_nodemask+0xea/0x4e0 [ 387.711468][T10906] alloc_pages_mpol+0x1fc/0x540 [ 387.711492][T10906] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 387.711523][T10906] folio_alloc_mpol_noprof+0x36/0x2f0 [ 387.711558][T10906] vma_alloc_folio_noprof+0xee/0x1b0 [ 387.711585][T10906] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 387.711613][T10906] ? find_held_lock+0x2d/0x110 [ 387.711650][T10906] do_pte_missing+0x202f/0x3e10 [ 387.711696][T10906] __handle_mm_fault+0x1166/0x2c60 [ 387.711739][T10906] ? __pfx___handle_mm_fault+0x10/0x10 [ 387.711773][T10906] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 387.711822][T10906] ? find_vma+0xc0/0x140 [ 387.711850][T10906] ? __pfx_find_vma+0x10/0x10 [ 387.711881][T10906] handle_mm_fault+0x3fa/0xaa0 [ 387.711921][T10906] do_user_addr_fault+0x7a3/0x13f0 [ 387.711961][T10906] exc_page_fault+0x5c/0xc0 [ 387.711990][T10906] asm_exc_page_fault+0x26/0x30 [ 387.712021][T10906] RIP: 0010:rep_movs_alternative+0x15/0x70 [ 387.712045][T10906] Code: cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 [ 387.712071][T10906] RSP: 0018:ffffc9000b19faf8 EFLAGS: 00050202 [ 387.712091][T10906] RAX: 0000000000000035 RBX: 0000000000000004 RCX: 0000000000000004 [ 387.712106][T10906] RDX: ffffed100f913801 RSI: ffff88807c89c000 RDI: 0000400000001600 [ 387.712123][T10906] RBP: 0000400000001600 R08: 0000000000000000 R09: ffffed100f913800 [ 387.712138][T10906] R10: ffff88807c89c003 R11: 0000000000000002 R12: ffffc9000b19fda0 [ 387.712153][T10906] R13: 0000400000001604 R14: ffff88807c89c000 R15: 00007ffffffff000 [ 387.712182][T10906] _copy_to_iter+0x385/0x1560 [ 387.712209][T10906] ? trace_lock_acquire+0x14e/0x1f0 [ 387.712235][T10906] ? __pfx_lock_release+0x10/0x10 [ 387.712268][T10906] ? __pfx__copy_to_iter+0x10/0x10 [ 387.712292][T10906] ? __virt_addr_valid+0x1a4/0x590 [ 387.712319][T10906] ? __virt_addr_valid+0x5e/0x590 [ 387.712342][T10906] ? __phys_addr_symbol+0x30/0x80 [ 387.712364][T10906] ? __check_object_size+0x488/0x710 [ 387.712391][T10906] seq_read_iter+0xd00/0x12b0 [ 387.712432][T10906] kernfs_fop_read_iter+0x414/0x580 [ 387.712457][T10906] ? rw_verify_area+0xcf/0x680 [ 387.712489][T10906] vfs_read+0x886/0xbf0 [ 387.712533][T10906] ? __pfx_vfs_read+0x10/0x10 [ 387.712587][T10906] ksys_read+0x12b/0x250 [ 387.712618][T10906] ? __pfx_ksys_read+0x10/0x10 [ 387.712658][T10906] do_syscall_64+0xcd/0x250 [ 387.712691][T10906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.712723][T10906] RIP: 0033:0x7f252738d169 [ 387.712741][T10906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.712766][T10906] RSP: 002b:00007f252824b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 387.712787][T10906] RAX: ffffffffffffffda RBX: 00007f25275a5fa0 RCX: 00007f252738d169 [ 387.712804][T10906] RDX: 000000000000ff70 RSI: 0000400000001600 RDI: 0000000000000003 [ 387.712818][T10906] RBP: 00007f252824b090 R08: 0000000000000000 R09: 0000000000000000 [ 387.712832][T10906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.712845][T10906] R13: 0000000000000000 R14: 00007f25275a5fa0 R15: 00007ffd631f2ea8 [ 387.712875][T10906] [ 388.165137][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.247169][T10892] kexec: Could not allocate control_code_buffer [ 388.254657][T10886] [U] [ 388.385500][T10911] FAULT_INJECTION: forcing a failure. [ 388.385500][T10911] name failslab, interval 1, probability 0, space 0, times 0 [ 388.399017][T10911] CPU: 1 UID: 0 PID: 10911 Comm: syz.4.1301 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 388.399051][T10911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 388.399068][T10911] Call Trace: [ 388.399077][T10911] [ 388.399088][T10911] dump_stack_lvl+0x16c/0x1f0 [ 388.399124][T10911] should_fail_ex+0x50a/0x650 [ 388.399164][T10911] ? fs_reclaim_acquire+0xae/0x150 [ 388.399197][T10911] ? pty_common_install+0xe1/0xb30 [ 388.399222][T10911] should_failslab+0xc2/0x120 [ 388.399246][T10911] __kmalloc_cache_noprof+0x68/0x410 [ 388.399287][T10911] pty_common_install+0xe1/0xb30 [ 388.399319][T10911] ? __pfx_pty_install+0x10/0x10 [ 388.399346][T10911] tty_init_dev.part.0+0x99/0x660 [ 388.399381][T10911] tty_open+0xac1/0xf80 [ 388.399412][T10911] ? chrdev_open+0x10e/0x6a0 [ 388.399453][T10911] ? __pfx_tty_open+0x10/0x10 [ 388.399483][T10911] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 388.399541][T10911] ? lock_acquire+0x2f/0xb0 [ 388.399573][T10911] ? chrdev_open+0x80/0x6a0 [ 388.399612][T10911] ? __pfx_tty_open+0x10/0x10 [ 388.399643][T10911] chrdev_open+0x237/0x6a0 [ 388.399678][T10911] ? __pfx_apparmor_file_open+0x10/0x10 [ 388.399709][T10911] ? __pfx_chrdev_open+0x10/0x10 [ 388.399750][T10911] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 388.399788][T10911] do_dentry_open+0x735/0x1c40 [ 388.399822][T10911] ? __pfx_chrdev_open+0x10/0x10 [ 388.399864][T10911] vfs_open+0x82/0x3f0 [ 388.399886][T10911] ? may_open+0x1f2/0x400 [ 388.399915][T10911] path_openat+0x1e88/0x2d80 [ 388.399959][T10911] ? __pfx_path_openat+0x10/0x10 [ 388.399994][T10911] ? __pfx___lock_acquire+0x10/0x10 [ 388.400025][T10911] ? lock_acquire.part.0+0x11b/0x380 [ 388.400058][T10911] ? find_held_lock+0x2d/0x110 [ 388.400086][T10911] do_filp_open+0x20c/0x470 [ 388.400122][T10911] ? __pfx_do_filp_open+0x10/0x10 [ 388.400155][T10911] ? find_held_lock+0x2d/0x110 [ 388.400199][T10911] ? alloc_fd+0x41f/0x760 [ 388.400241][T10911] do_sys_openat2+0x17a/0x1e0 [ 388.400266][T10911] ? __pfx_do_sys_openat2+0x10/0x10 [ 388.400302][T10911] __x64_sys_openat+0x175/0x210 [ 388.400329][T10911] ? __pfx___x64_sys_openat+0x10/0x10 [ 388.400366][T10911] do_syscall_64+0xcd/0x250 [ 388.400400][T10911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.400440][T10911] RIP: 0033:0x7f59fff8d169 [ 388.400460][T10911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.400485][T10911] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 388.400516][T10911] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 388.400532][T10911] RDX: 0000000000040000 RSI: 0000400000000100 RDI: ffffffffffffff9c [ 388.400547][T10911] RBP: 00007f5a0000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 388.400563][T10911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 388.400577][T10911] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 388.400606][T10911] [ 388.706139][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.908957][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 388.915613][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 388.921971][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 388.928477][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 390.074126][T10947] [U] [ 390.076996][T10947] [U] [ 390.079716][T10947] [U] [ 390.082430][T10947] [U] [ 390.144446][T10947] [U] [ 390.147234][T10947] [U] [ 390.150085][T10947] [U] [ 390.152838][T10947] [U] [ 390.241901][T10947] [U] [ 390.244673][T10947] [U] [ 390.247458][T10947] [U] [ 390.250241][T10947] [U] [ 390.320925][T10947] [U] [ 390.323786][T10947] [U] [ 390.326837][T10947] [U] [ 390.329587][T10947] [U] [ 390.441976][T10947] [U] [ 390.444800][T10947] [U] [ 390.447613][T10947] [U] [ 390.450357][T10947] [U] [ 390.587163][T10947] [U] [ 390.590035][T10947] [U] [ 390.592771][T10947] [U] [ 390.595497][T10947] [U] [ 390.789117][T10947] [U] [ 390.791944][T10947] [U] [ 390.794669][T10947] [U] [ 390.797416][T10947] [U] [ 390.911948][T10959] EXT4-fs error: 6 callbacks suppressed [ 390.911968][T10959] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 390.979754][T10947] [U] [ 390.982524][T10947] [U] [ 390.985261][T10947] [U] [ 390.987981][T10947] [U] [ 391.148461][T10947] [U] [ 391.328041][T10952] kexec: Could not allocate control_code_buffer [ 391.936153][T10971] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 392.101111][T10973] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 392.296685][T10978] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 392.366193][T10975] sp0: Synchronizing with TNC [ 392.420457][T10982] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 392.500028][T10980] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1317'. [ 392.554633][T10985] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 392.879154][T10989] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 393.050707][T10995] zero sized request [ 393.112180][T10991] FAULT_INJECTION: forcing a failure. [ 393.112180][T10991] name failslab, interval 1, probability 0, space 0, times 0 [ 393.193228][T10991] CPU: 1 UID: 0 PID: 10991 Comm: syz.1.1319 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 393.193266][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 393.193282][T10991] Call Trace: [ 393.193290][T10991] [ 393.193300][T10991] dump_stack_lvl+0x16c/0x1f0 [ 393.193337][T10991] should_fail_ex+0x50a/0x650 [ 393.193375][T10991] ? fs_reclaim_acquire+0xae/0x150 [ 393.193418][T10991] should_failslab+0xc2/0x120 [ 393.193441][T10991] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 393.193479][T10991] ? prepare_creds+0x2e/0x750 [ 393.193513][T10991] prepare_creds+0x2e/0x750 [ 393.193542][T10991] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.193581][T10991] lookup_user_key+0x394/0x12f0 [ 393.193656][T10991] ? __pfx_lookup_user_key+0x10/0x10 [ 393.193701][T10991] ? __pfx_lock_release+0x10/0x10 [ 393.193735][T10991] ? trace_lock_acquire+0x14e/0x1f0 [ 393.193770][T10991] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 393.193803][T10991] ? _copy_from_user+0x59/0xd0 [ 393.193830][T10991] ? memdup_user+0x88/0xd0 [ 393.193863][T10991] __do_sys_request_key+0x1c0/0x3d0 [ 393.193903][T10991] ? __pfx___do_sys_request_key+0x10/0x10 [ 393.193952][T10991] do_syscall_64+0xcd/0x250 [ 393.193986][T10991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.194020][T10991] RIP: 0033:0x7f252738d169 [ 393.194039][T10991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.194063][T10991] RSP: 002b:00007f252824b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 393.194085][T10991] RAX: ffffffffffffffda RBX: 00007f25275a5fa0 RCX: 00007f252738d169 [ 393.194102][T10991] RDX: 0000400000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 393.194117][T10991] RBP: 00007f252740e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 393.194132][T10991] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 393.194153][T10991] R13: 0000000000000000 R14: 00007f25275a5fa0 R15: 00007ffd631f2ea8 [ 393.194181][T10991] [ 393.633345][T11003] [U] [ 393.636239][T11003] [U] [ 393.638964][T11003] [U] [ 393.641694][T11003] [U] [ 393.673215][T11003] [U] [ 393.676146][T11003] [U] [ 393.678905][T11003] [U] [ 393.681650][T11003] [U] [ 393.712738][T11003] [U] [ 393.715878][T11003] [U] [ 393.718604][T11003] [U] [ 393.721348][T11003] [U] [ 393.759836][T11003] [U] [ 393.762803][T11003] [U] [ 393.765866][T11003] [U] [ 393.768992][T11003] [U] [ 393.793534][T11003] [U] [ 393.796430][T11003] [U] [ 393.799170][T11003] [U] [ 393.802174][T11003] [U] [ 393.957288][T11003] [U] [ 393.960773][T11003] [U] [ 393.963704][T11003] [U] [ 393.966548][T11003] [U] [ 394.134804][T11003] [U] [ 394.137691][T11003] [U] [ 394.140715][T11003] [U] [ 394.143441][T11003] [U] [ 394.282715][T11025] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 394.395425][T11003] [U] [ 394.398767][T11003] [U] [ 394.401497][T11003] [U] [ 394.404336][T11003] [U] [ 394.513342][T11003] [U] [ 394.516131][T11003] [U] [ 394.519020][T11003] [U] [ 394.521914][T11003] [U] [ 394.650777][T11003] [U] [ 394.851992][T11008] kexec: Could not allocate control_code_buffer [ 396.981002][T11060] zero sized request [ 397.627400][T11064] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 397.660685][T11064] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 397.714976][T11064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 397.755365][T11064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 397.785604][T11064] CPU0 is offline. [ 399.099184][T11103] FAULT_INJECTION: forcing a failure. [ 399.099184][T11103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.235481][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 399.368543][T11103] CPU: 1 UID: 0 PID: 11103 Comm: syz.1.1348 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 399.368577][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 399.368591][T11103] Call Trace: [ 399.368604][T11103] [ 399.368615][T11103] dump_stack_lvl+0x16c/0x1f0 [ 399.368650][T11103] should_fail_ex+0x50a/0x650 [ 399.368692][T11103] _copy_to_user+0x32/0xd0 [ 399.368719][T11103] rng_dev_read+0x1f1/0x800 [ 399.368755][T11103] ? __pfx_virtio_read+0x10/0x10 [ 399.368790][T11103] ? __pfx_rng_dev_read+0x10/0x10 [ 399.368828][T11103] ? bpf_lsm_file_permission+0x9/0x10 [ 399.368865][T11103] ? security_file_permission+0x71/0x210 [ 399.368898][T11103] ? rw_verify_area+0xcf/0x680 [ 399.368927][T11103] ? __pfx_rng_dev_read+0x10/0x10 [ 399.368962][T11103] vfs_read+0x1df/0xbf0 [ 399.368994][T11103] ? __fget_files+0x1fc/0x3a0 [ 399.369028][T11103] ? __pfx_lock_release+0x10/0x10 [ 399.369062][T11103] ? __pfx_vfs_read+0x10/0x10 [ 399.369095][T11103] ? lock_acquire+0x2f/0xb0 [ 399.369126][T11103] ? __fget_files+0x40/0x3a0 [ 399.369162][T11103] ? __fget_files+0x206/0x3a0 [ 399.369203][T11103] ksys_read+0x12b/0x250 [ 399.369235][T11103] ? __pfx_ksys_read+0x10/0x10 [ 399.369274][T11103] do_syscall_64+0xcd/0x250 [ 399.369308][T11103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.369342][T11103] RIP: 0033:0x7f252738d169 [ 399.369360][T11103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.369386][T11103] RSP: 002b:00007f252824b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 399.369409][T11103] RAX: ffffffffffffffda RBX: 00007f25275a5fa0 RCX: 00007f252738d169 [ 399.369426][T11103] RDX: 00000000fffffe82 RSI: 0000400000000040 RDI: 0000000000000004 [ 399.369442][T11103] RBP: 00007f252824b090 R08: 0000000000000000 R09: 0000000000000000 [ 399.369457][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 399.369471][T11103] R13: 0000000000000000 R14: 00007f25275a5fa0 R15: 00007ffd631f2ea8 [ 399.369499][T11103] [ 399.715123][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 399.815035][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 399.815105][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 400.428328][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.118716][T11147] [U] [ 402.122062][T11147] [U] [ 402.124811][T11147] [U] [ 402.127552][T11147] [U] [ 402.343554][T11147] [U] [ 402.346377][T11147] [U] [ 402.349119][T11147] [U] [ 402.351838][T11147] [U] [ 402.502385][T11147] [U] [ 402.505456][T11147] [U] [ 402.508584][T11147] [U] [ 402.511408][T11147] [U] [ 402.741864][T11147] [U] [ 402.744700][T11147] [U] [ 402.747456][T11147] [U] [ 402.750205][T11147] [U] [ 402.875655][T11157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1363'. [ 402.901890][T11147] [U] [ 402.904771][T11147] [U] [ 402.907613][T11147] [U] [ 402.910885][T11147] [U] [ 403.058303][T11147] [U] [ 403.336708][T11169] FAULT_INJECTION: forcing a failure. [ 403.336708][T11169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.405766][T11169] CPU: 1 UID: 0 PID: 11169 Comm: syz.4.1365 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 403.405802][T11169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 403.405816][T11169] Call Trace: [ 403.405824][T11169] [ 403.405833][T11169] dump_stack_lvl+0x16c/0x1f0 [ 403.405870][T11169] should_fail_ex+0x50a/0x650 [ 403.405911][T11169] _copy_to_user+0x32/0xd0 [ 403.405939][T11169] simple_read_from_buffer+0xd0/0x160 [ 403.405972][T11169] proc_fail_nth_read+0x198/0x270 [ 403.406001][T11169] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 403.406032][T11169] ? rw_verify_area+0xcf/0x680 [ 403.406061][T11169] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 403.406089][T11169] vfs_read+0x1df/0xbf0 [ 403.406121][T11169] ? __fget_files+0x1fc/0x3a0 [ 403.406155][T11169] ? __pfx___mutex_lock+0x10/0x10 [ 403.406186][T11169] ? __pfx_vfs_read+0x10/0x10 [ 403.406224][T11169] ? __fget_files+0x206/0x3a0 [ 403.406265][T11169] ksys_read+0x12b/0x250 [ 403.406295][T11169] ? __pfx_ksys_read+0x10/0x10 [ 403.406334][T11169] do_syscall_64+0xcd/0x250 [ 403.406367][T11169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.406400][T11169] RIP: 0033:0x7f59fff8bb7c [ 403.406419][T11169] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 403.406445][T11169] RSP: 002b:00007f5a00e88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 403.406467][T11169] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8bb7c [ 403.406483][T11169] RDX: 000000000000000f RSI: 00007f5a00e880a0 RDI: 0000000000000004 [ 403.406502][T11169] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 403.406517][T11169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.406532][T11169] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 403.406561][T11169] [ 403.605457][ C1] vkms_vblank_simulate: vblank timer overrun [ 403.647566][T11171] FAULT_INJECTION: forcing a failure. [ 403.647566][T11171] name failslab, interval 1, probability 0, space 0, times 0 [ 403.660404][T11171] CPU: 1 UID: 0 PID: 11171 Comm: syz.1.1367 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 403.660436][T11171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 403.660452][T11171] Call Trace: [ 403.660462][T11171] [ 403.660478][T11171] dump_stack_lvl+0x16c/0x1f0 [ 403.660515][T11171] should_fail_ex+0x50a/0x650 [ 403.660554][T11171] ? fs_reclaim_acquire+0xae/0x150 [ 403.660588][T11171] ? tomoyo_encode2+0x100/0x3e0 [ 403.660620][T11171] should_failslab+0xc2/0x120 [ 403.660644][T11171] __kmalloc_noprof+0xcb/0x510 [ 403.660687][T11171] tomoyo_encode2+0x100/0x3e0 [ 403.660723][T11171] tomoyo_encode+0x29/0x50 [ 403.660755][T11171] tomoyo_realpath_from_path+0x19d/0x720 [ 403.660796][T11171] tomoyo_check_open_permission+0x2ad/0x3c0 [ 403.660827][T11171] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 403.660865][T11171] ? map_id_range_down+0x2bb/0x3a0 [ 403.660918][T11171] ? __pfx_hook_file_open+0x10/0x10 [ 403.660947][T11171] ? lock_acquire+0x2f/0xb0 [ 403.660979][T11171] ? mnt_get_write_access+0x6a/0x300 [ 403.661008][T11171] tomoyo_file_open+0x6b/0x90 [ 403.661047][T11171] security_file_open+0x84/0x1e0 [ 403.661080][T11171] do_dentry_open+0x57c/0x1c40 [ 403.661118][T11171] ? inode_permission+0xdd/0x5f0 [ 403.661147][T11171] vfs_open+0x82/0x3f0 [ 403.661169][T11171] ? may_open+0x1f2/0x400 [ 403.661198][T11171] path_openat+0x1e88/0x2d80 [ 403.661243][T11171] ? __pfx_path_openat+0x10/0x10 [ 403.661279][T11171] ? __pfx___lock_acquire+0x10/0x10 [ 403.661311][T11171] ? lock_acquire.part.0+0x11b/0x380 [ 403.661345][T11171] ? find_held_lock+0x2d/0x110 [ 403.661374][T11171] do_filp_open+0x20c/0x470 [ 403.661410][T11171] ? __pfx_do_filp_open+0x10/0x10 [ 403.661445][T11171] ? find_held_lock+0x2d/0x110 [ 403.661495][T11171] ? alloc_fd+0x41f/0x760 [ 403.661537][T11171] do_sys_openat2+0x17a/0x1e0 [ 403.661563][T11171] ? __pfx_do_sys_openat2+0x10/0x10 [ 403.661600][T11171] __x64_sys_openat+0x175/0x210 [ 403.661626][T11171] ? __pfx___x64_sys_openat+0x10/0x10 [ 403.661668][T11171] do_syscall_64+0xcd/0x250 [ 403.661702][T11171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.661736][T11171] RIP: 0033:0x7f252738d169 [ 403.661756][T11171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.661781][T11171] RSP: 002b:00007f252824b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 403.661803][T11171] RAX: ffffffffffffffda RBX: 00007f25275a5fa0 RCX: 00007f252738d169 [ 403.661819][T11171] RDX: 0000000000080401 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 403.661835][T11171] RBP: 00007f252740e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 403.661850][T11171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.661864][T11171] R13: 0000000000000000 R14: 00007f25275a5fa0 R15: 00007ffd631f2ea8 [ 403.661894][T11171] [ 403.661918][T11171] ERROR: Out of memory at tomoyo_realpath_from_path. [ 404.120147][T11173] FAULT_INJECTION: forcing a failure. [ 404.120147][T11173] name failslab, interval 1, probability 0, space 0, times 0 [ 404.145113][T11173] CPU: 1 UID: 0 PID: 11173 Comm: syz.4.1368 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 404.145146][T11173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 404.145163][T11173] Call Trace: [ 404.145171][T11173] [ 404.145181][T11173] dump_stack_lvl+0x16c/0x1f0 [ 404.145273][T11173] should_fail_ex+0x50a/0x650 [ 404.145313][T11173] ? fs_reclaim_acquire+0xae/0x150 [ 404.145355][T11173] ? ioam6_net_init+0x49/0x170 [ 404.145381][T11173] should_failslab+0xc2/0x120 [ 404.145404][T11173] __kmalloc_cache_noprof+0x68/0x410 [ 404.145441][T11173] ? rhashtable_init_noprof+0x55e/0x7e0 [ 404.145480][T11173] ? __pfx_ioam6_net_init+0x10/0x10 [ 404.145506][T11173] ioam6_net_init+0x49/0x170 [ 404.145533][T11173] ? __pfx_ioam6_net_init+0x10/0x10 [ 404.145559][T11173] ops_init+0x1df/0x5f0 [ 404.145598][T11173] setup_net+0x21f/0x860 [ 404.145636][T11173] ? __pfx_setup_net+0x10/0x10 [ 404.145671][T11173] ? down_read_killable+0xcc/0x380 [ 404.145706][T11173] ? __pfx_down_read_killable+0x10/0x10 [ 404.145740][T11173] ? __raw_spin_lock_init+0x3a/0x110 [ 404.145782][T11173] ? debug_mutex_init+0x37/0x70 [ 404.145810][T11173] copy_net_ns+0x2a6/0x5f0 [ 404.145836][T11173] create_new_namespaces+0x3ea/0xad0 [ 404.145882][T11173] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 404.145924][T11173] ksys_unshare+0x45d/0xa40 [ 404.145950][T11173] ? __pfx_ksys_unshare+0x10/0x10 [ 404.145974][T11173] ? xfd_validate_state+0x5d/0x180 [ 404.146018][T11173] __x64_sys_unshare+0x31/0x40 [ 404.146042][T11173] do_syscall_64+0xcd/0x250 [ 404.146075][T11173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.146110][T11173] RIP: 0033:0x7f59fff8d169 [ 404.146129][T11173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.146155][T11173] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 404.146177][T11173] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 404.146195][T11173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 404.146217][T11173] RBP: 00007f5a0000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 404.146234][T11173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.146250][T11173] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 404.146281][T11173] [ 404.401250][ C1] vkms_vblank_simulate: vblank timer overrun [ 404.484846][T11178] nfs: Unknown parameter '±ðCÕ?Ö9_Ì@‰Í¼]ÒŠcÖSïvaÖ—ª5Ÿ–¤l&¡ž‰Êa—¨wO1·û¾; [ 404.484846][T11178] )ãON¢ê¦ìM£|¼Ú ÑÕgÁ›•Œ~uâ2HØòF&”2 [ 408.623561][T11232] dump_stack_lvl+0x16c/0x1f0 [ 408.623597][T11232] should_fail_ex+0x50a/0x650 [ 408.623633][T11232] ? __pfx___might_resched+0x10/0x10 [ 408.623674][T11232] should_fail_alloc_page+0xe7/0x130 [ 408.623699][T11232] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 408.623736][T11232] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 408.623779][T11232] ? __pfx_mark_lock+0x10/0x10 [ 408.623934][T11232] ? __pfx___lock_acquire+0x10/0x10 [ 408.623967][T11232] ? mark_lock+0xb5/0xc60 [ 408.623998][T11232] ? find_held_lock+0x2d/0x110 [ 408.624025][T11232] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 408.624082][T11232] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 408.624127][T11232] ? policy_nodemask+0xea/0x4e0 [ 408.624172][T11232] alloc_pages_mpol+0x1fc/0x540 [ 408.624197][T11232] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 408.624220][T11232] ? find_held_lock+0x2d/0x110 [ 408.624251][T11232] folio_alloc_mpol_noprof+0x36/0x2f0 [ 408.624280][T11232] shmem_alloc_folio+0x135/0x160 [ 408.624320][T11232] shmem_alloc_and_add_folio+0x48e/0xc10 [ 408.624352][T11232] ? shmem_huge_global_enabled+0x72/0x6b0 [ 408.624378][T11232] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 408.624409][T11232] ? shmem_allowable_huge_orders+0xd0/0x410 [ 408.624443][T11232] shmem_get_folio_gfp+0x689/0x1530 [ 408.624477][T11232] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 408.624507][T11232] ? filemap_map_pages+0xf92/0x16b0 [ 408.624540][T11232] shmem_fault+0x200/0xae0 [ 408.624569][T11232] ? __pfx_shmem_fault+0x10/0x10 [ 408.624602][T11232] ? do_pte_missing+0xde9/0x3e10 [ 408.624638][T11232] ? __pfx_lock_release+0x10/0x10 [ 408.624676][T11232] __do_fault+0x10a/0x490 [ 408.624705][T11232] do_pte_missing+0xecf/0x3e10 [ 408.624740][T11232] ? do_raw_spin_unlock+0x172/0x230 [ 408.624765][T11232] ? __pmd_alloc+0x3c2/0x870 [ 408.624798][T11232] __handle_mm_fault+0x1166/0x2c60 [ 408.624848][T11232] ? __pfx___handle_mm_fault+0x10/0x10 [ 408.624883][T11232] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 408.624934][T11232] ? find_vma+0xc0/0x140 [ 408.624962][T11232] ? __pfx_find_vma+0x10/0x10 [ 408.624994][T11232] handle_mm_fault+0x3fa/0xaa0 [ 408.625035][T11232] do_user_addr_fault+0x7a3/0x13f0 [ 408.625076][T11232] exc_page_fault+0x5c/0xc0 [ 408.625107][T11232] asm_exc_page_fault+0x26/0x30 [ 408.625141][T11232] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 408.625167][T11232] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 408.625192][T11232] RSP: 0018:ffffc9000bc6fa58 EFLAGS: 00050206 [ 408.625212][T11232] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000038 [ 408.625227][T11232] RDX: fffff5200178df5c RSI: 0000000000000000 RDI: ffffc9000bc6faa8 [ 408.625243][T11232] RBP: 0000000000000038 R08: 0000000000000001 R09: fffff5200178df5b [ 408.625259][T11232] R10: ffffc9000bc6fadf R11: 0000000000000000 R12: 0000000000000000 [ 408.625275][T11232] R13: ffffc9000bc6faa8 R14: ffffc9000bc6fb90 R15: ffffc9000bc6faa8 [ 408.625307][T11232] _copy_from_user+0x98/0xd0 [ 408.625336][T11232] copy_msghdr_from_user+0x99/0x160 [ 408.625373][T11232] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 408.625413][T11232] ? __pfx___lock_acquire+0x10/0x10 [ 408.625453][T11232] ___sys_recvmsg+0xdc/0x1a0 [ 408.625488][T11232] ? __pfx____sys_recvmsg+0x10/0x10 [ 408.625524][T11232] ? __pfx_lock_release+0x10/0x10 [ 408.625555][T11232] ? trace_lock_acquire+0x14e/0x1f0 [ 408.625601][T11232] do_recvmmsg+0x2f8/0x740 [ 408.625641][T11232] ? __pfx_do_recvmmsg+0x10/0x10 [ 408.625674][T11232] ? vfs_write+0x306/0x1150 [ 408.625712][T11232] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 408.625753][T11232] ? __fget_files+0x206/0x3a0 [ 408.625793][T11232] __x64_sys_recvmmsg+0x239/0x290 [ 408.625831][T11232] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 408.625883][T11232] do_syscall_64+0xcd/0x250 [ 408.625916][T11232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.625949][T11232] RIP: 0033:0x7f59fff8d169 [ 408.625970][T11232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.625993][T11232] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 408.626014][T11232] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 408.626030][T11232] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000003 [ 408.626045][T11232] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 408.626060][T11232] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 408.626075][T11232] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 408.626103][T11232] [ 409.116083][ C1] vkms_vblank_simulate: vblank timer overrun [ 409.665724][T11234] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1387'. [ 409.896559][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 409.903027][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 409.909549][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 411.216437][T11179] Process accounting paused [ 411.587041][ T29] audit: type=1326 audit(4294967460.110:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.3.1392" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8eecb8d169 code=0x0 [ 412.184836][T11261] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1395'. [ 412.489293][T11266] FAULT_INJECTION: forcing a failure. [ 412.489293][T11266] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.518726][T11268] [U] [ 412.521511][T11268] [U] [ 412.524395][T11268] [U] [ 412.527149][T11268] [U] [ 412.568796][T11266] CPU: 1 UID: 0 PID: 11266 Comm: syz.4.1397 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 412.568832][T11266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 412.568849][T11266] Call Trace: [ 412.568856][T11266] [ 412.568865][T11266] dump_stack_lvl+0x16c/0x1f0 [ 412.568901][T11266] should_fail_ex+0x50a/0x650 [ 412.568950][T11266] _copy_from_user+0x2e/0xd0 [ 412.568976][T11266] copy_msghdr_from_user+0x99/0x160 [ 412.569011][T11266] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 412.569054][T11266] ? get_pid_task+0xfc/0x250 [ 412.569083][T11266] ___sys_sendmsg+0xff/0x1e0 [ 412.569118][T11266] ? __pfx____sys_sendmsg+0x10/0x10 [ 412.569173][T11266] ? __pfx_vfs_write+0x10/0x10 [ 412.569207][T11266] ? do_sys_openat2+0xb1/0x1e0 [ 412.569235][T11266] __sys_sendmsg+0x16e/0x220 [ 412.569269][T11266] ? __pfx___sys_sendmsg+0x10/0x10 [ 412.569319][T11266] do_syscall_64+0xcd/0x250 [ 412.569352][T11266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.569385][T11266] RIP: 0033:0x7f59fff8d169 [ 412.569404][T11266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.569429][T11266] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 412.569452][T11266] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 412.569467][T11266] RDX: 0000000000008010 RSI: 0000400000000900 RDI: 0000000000000001 [ 412.569481][T11266] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 412.569495][T11266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.569509][T11266] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 412.569536][T11266] [ 412.965295][T11268] [U] [ 412.968079][T11268] [U] [ 412.970820][T11268] [U] [ 412.973537][T11268] [U] [ 413.024537][T11268] [U] [ 413.027326][T11268] [U] [ 413.030131][T11268] [U] [ 413.032843][T11268] [U] [ 413.157783][T11268] [U] [ 413.160568][T11268] [U] [ 413.163290][T11268] [U] [ 413.166035][T11268] [U] [ 413.364523][T11268] [U] [ 413.367305][T11268] [U] [ 413.370083][T11268] [U] [ 413.372808][T11268] [U] [ 413.544828][T11268] [U] [ 413.547703][T11268] [U] [ 413.550471][T11268] [U] [ 413.553314][T11268] [U] [ 413.686838][T11268] [U] [ 413.689883][T11268] [U] [ 413.692670][T11268] [U] [ 413.695513][T11268] [U] [ 414.179783][T11268] [U] [ 414.351782][T11272] kexec: Could not allocate control_code_buffer [ 414.967236][T11291] [U] [ 414.970007][T11291] [U] [ 414.972749][T11291] [U] [ 414.975497][T11291] [U] [ 415.015659][T11291] [U] [ 415.018514][T11291] [U] [ 415.021264][T11291] [U] [ 415.023993][T11291] [U] [ 415.085436][T11291] [U] [ 415.088206][T11291] [U] [ 415.091014][T11291] [U] [ 415.093755][T11291] [U] [ 415.230492][T11291] [U] [ 415.233350][T11291] [U] [ 415.236183][T11291] [U] [ 415.238916][T11291] [U] [ 415.316474][T11291] [U] [ 415.319312][T11291] [U] [ 415.322122][T11291] [U] [ 415.324845][T11291] [U] [ 415.416492][T11291] [U] [ 415.419280][T11291] [U] [ 415.422007][T11291] [U] [ 415.424724][T11291] [U] [ 415.524721][T11291] [U] [ 415.527487][T11291] [U] [ 415.530205][T11291] [U] [ 415.532924][T11291] [U] [ 415.695632][T11291] [U] [ 415.700520][T11291] [U] [ 415.703430][T11291] [U] [ 415.706488][T11291] [U] [ 415.798563][T11291] [U] [ 415.801460][T11291] [U] [ 415.804258][T11291] [U] [ 415.807183][T11291] [U] [ 415.858084][T11291] [U] [ 415.860851][T11291] [U] [ 415.863593][T11291] [U] [ 415.866326][T11291] [U] [ 415.930274][T11291] [U] [ 415.933058][T11291] [U] [ 415.935779][T11291] [U] [ 415.938518][T11291] [U] [ 416.043184][T11291] [U] [ 416.427051][T11319] [U] [ 416.429822][T11319] [U] [ 416.432666][T11319] [U] [ 416.435581][T11319] [U] [ 416.500594][T11319] [U] [ 416.503384][T11319] [U] [ 416.506206][T11319] [U] [ 416.508964][T11319] [U] [ 416.608094][T11319] [U] [ 416.610877][T11319] [U] [ 416.613599][T11319] [U] [ 416.616317][T11319] [U] [ 416.706949][T11319] [U] [ 416.709769][T11319] [U] [ 416.713362][T11319] [U] [ 416.716091][T11319] [U] [ 416.826869][T11319] [U] [ 416.829648][T11319] [U] [ 416.832372][T11319] [U] [ 416.835243][T11319] [U] [ 416.858502][T11312] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 416.875821][T11312] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 416.900787][T11312] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 416.934724][T11312] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 416.963139][T11312] CPU0 is offline. [ 417.002300][T11319] [U] [ 417.005193][T11319] [U] [ 417.007969][T11319] [U] [ 417.010910][T11319] [U] [ 417.216391][T11319] [U] [ 417.219239][T11319] [U] [ 417.221976][T11319] [U] [ 417.224727][T11319] [U] [ 417.320457][T11319] [U] [ 417.323244][T11319] [U] [ 417.325967][T11319] [U] [ 417.328727][T11319] [U] [ 417.409336][T11289] Process accounting paused [ 417.521383][T11319] [U] [ 417.618164][T11325] kexec: Could not allocate control_code_buffer [ 418.594378][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 418.661709][T11351] nfs: Unknown parameter '±ðCÕ?Ö9_Ì@‰Í¼]ÒŠcÖSïvaÖ—ª5Ÿ–¤l&¡ž‰Êa—¨wO1·û¾; [ 418.661709][T11351] )ãON¢ê¦ìM£|¼Ú ÑÕgÁ›•Œ~uâ2HØòF&”2 [ 420.629681][T11374] dump_stack_lvl+0x16c/0x1f0 [ 420.629716][T11374] should_fail_ex+0x50a/0x650 [ 420.629755][T11374] ? fs_reclaim_acquire+0xae/0x150 [ 420.629789][T11374] should_failslab+0xc2/0x120 [ 420.629813][T11374] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 420.629852][T11374] ? shmem_alloc_inode+0x25/0x50 [ 420.629890][T11374] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 420.629931][T11374] shmem_alloc_inode+0x25/0x50 [ 420.629965][T11374] alloc_inode+0x5d/0x230 [ 420.629992][T11374] new_inode+0x22/0x210 [ 420.630020][T11374] shmem_get_inode+0x194/0xf00 [ 420.630059][T11374] ? __vm_enough_memory+0x184/0x3f0 [ 420.630098][T11374] __shmem_file_setup+0x16f/0x300 [ 420.630125][T11374] shmem_zero_setup+0x93/0x1b0 [ 420.630156][T11374] __mmap_region+0x2021/0x2760 [ 420.630182][T11374] ? __pfx___mmap_region+0x10/0x10 [ 420.630212][T11374] ? hlock_class+0x4e/0x130 [ 420.630236][T11374] ? mark_lock+0xb5/0xc60 [ 420.630276][T11374] ? schedule+0x298/0x350 [ 420.630331][T11374] ? mm_get_unmapped_area+0x95/0xe0 [ 420.630369][T11374] mmap_region+0x1ab/0x3f0 [ 420.630395][T11374] do_mmap+0xd8d/0x11b0 [ 420.630430][T11374] ? __pfx_do_mmap+0x10/0x10 [ 420.630462][T11374] ? __pfx_down_write_killable+0x10/0x10 [ 420.630501][T11374] vm_mmap_pgoff+0x203/0x3a0 [ 420.630539][T11374] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 420.630577][T11374] ? __x64_sys_futex+0x1e1/0x4c0 [ 420.630605][T11374] ? __x64_sys_futex+0x1ea/0x4c0 [ 420.630637][T11374] ksys_mmap_pgoff+0x7d/0x5c0 [ 420.630667][T11374] ? rcu_is_watching+0x12/0xc0 [ 420.630695][T11374] __x64_sys_mmap+0x125/0x190 [ 420.630733][T11374] do_syscall_64+0xcd/0x250 [ 420.630766][T11374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.630800][T11374] RIP: 0033:0x7fbf2e18d169 [ 420.630828][T11374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.630855][T11374] RSP: 002b:00007fbf2f074038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 420.630879][T11374] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18d169 [ 420.630896][T11374] RDX: 0000000001000003 RSI: 0000000002020009 RDI: 0000001000000000 [ 420.630912][T11374] RBP: 00007fbf2e20e2a0 R08: fffffffffffffffa R09: 0000000000008000 [ 420.630935][T11374] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 420.630951][T11374] R13: 0000000000000000 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 420.630981][T11374] [ 421.425958][T11380] FAULT_INJECTION: forcing a failure. [ 421.425958][T11380] name failslab, interval 1, probability 0, space 0, times 0 [ 421.484617][T11380] CPU: 1 UID: 0 PID: 11380 Comm: syz.3.1424 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 421.484655][T11380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 421.484670][T11380] Call Trace: [ 421.484677][T11380] [ 421.484686][T11380] dump_stack_lvl+0x16c/0x1f0 [ 421.484724][T11380] should_fail_ex+0x50a/0x650 [ 421.484762][T11380] ? fs_reclaim_acquire+0xae/0x150 [ 421.484795][T11380] ? snd_midi_event_new+0x6f/0x210 [ 421.484840][T11380] should_failslab+0xc2/0x120 [ 421.484863][T11380] __kmalloc_cache_noprof+0x68/0x410 [ 421.484904][T11380] snd_midi_event_new+0x6f/0x210 [ 421.484943][T11380] snd_virmidi_input_open+0x107/0x4a0 [ 421.484972][T11380] open_substream+0x478/0x9b0 [ 421.485002][T11380] rawmidi_open_priv+0x511/0x6e0 [ 421.485036][T11380] snd_rawmidi_open+0x4bf/0xbd0 [ 421.485072][T11380] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 421.485108][T11380] ? __pfx_default_wake_function+0x10/0x10 [ 421.485145][T11380] ? kobject_get_unless_zero+0x157/0x1e0 [ 421.485182][T11380] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 421.485212][T11380] snd_open+0x1fe/0x450 [ 421.485254][T11380] ? __pfx_snd_open+0x10/0x10 [ 421.485277][T11380] chrdev_open+0x237/0x6a0 [ 421.485313][T11380] ? __pfx_apparmor_file_open+0x10/0x10 [ 421.485343][T11380] ? __pfx_chrdev_open+0x10/0x10 [ 421.485382][T11380] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 421.485420][T11380] do_dentry_open+0x735/0x1c40 [ 421.485454][T11380] ? __pfx_chrdev_open+0x10/0x10 [ 421.485491][T11380] ? inode_permission+0xdd/0x5f0 [ 421.485519][T11380] vfs_open+0x82/0x3f0 [ 421.485541][T11380] ? may_open+0x1f2/0x400 [ 421.485570][T11380] path_openat+0x1e88/0x2d80 [ 421.485615][T11380] ? __pfx_path_openat+0x10/0x10 [ 421.485649][T11380] ? __pfx___lock_acquire+0x10/0x10 [ 421.485681][T11380] ? lock_acquire.part.0+0x11b/0x380 [ 421.485716][T11380] ? find_held_lock+0x2d/0x110 [ 421.485889][T11380] do_filp_open+0x20c/0x470 [ 421.485926][T11380] ? __pfx_do_filp_open+0x10/0x10 [ 421.485960][T11380] ? find_held_lock+0x2d/0x110 [ 421.486004][T11380] ? alloc_fd+0x41f/0x760 [ 421.486045][T11380] do_sys_openat2+0x17a/0x1e0 [ 421.486070][T11380] ? __pfx_do_sys_openat2+0x10/0x10 [ 421.486108][T11380] __x64_sys_openat+0x175/0x210 [ 421.486134][T11380] ? __pfx___x64_sys_openat+0x10/0x10 [ 421.486172][T11380] do_syscall_64+0xcd/0x250 [ 421.486204][T11380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.486238][T11380] RIP: 0033:0x7f8eecb8d169 [ 421.486464][T11380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.486493][T11380] RSP: 002b:00007f8eec9b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 421.486518][T11380] RAX: ffffffffffffffda RBX: 00007f8eecda6160 RCX: 00007f8eecb8d169 [ 421.486535][T11380] RDX: 0000000000080102 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 421.486551][T11380] RBP: 00007f8eecc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 421.486566][T11380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.486581][T11380] R13: 0000000000000000 R14: 00007f8eecda6160 R15: 00007ffcc2629cb8 [ 421.486625][T11380] [ 422.218786][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 422.224948][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 422.231044][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 422.237666][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 423.035585][T11393] FAULT_INJECTION: forcing a failure. [ 423.035585][T11393] name failslab, interval 1, probability 0, space 0, times 0 [ 423.086108][T11393] CPU: 1 UID: 0 PID: 11393 Comm: syz.4.1431 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 423.086144][T11393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 423.086158][T11393] Call Trace: [ 423.086165][T11393] [ 423.086176][T11393] dump_stack_lvl+0x16c/0x1f0 [ 423.086212][T11393] should_fail_ex+0x50a/0x650 [ 423.086251][T11393] ? fs_reclaim_acquire+0xae/0x150 [ 423.086284][T11393] should_failslab+0xc2/0x120 [ 423.086307][T11393] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 423.086345][T11393] ? lockdep_init_map_type+0x16d/0x7d0 [ 423.086381][T11393] ? security_inode_alloc+0x3b/0x2b0 [ 423.086412][T11393] security_inode_alloc+0x3b/0x2b0 [ 423.086439][T11393] inode_init_always_gfp+0xce4/0x1030 [ 423.086497][T11393] alloc_inode+0x82/0x230 [ 423.086521][T11393] sock_alloc+0x40/0x280 [ 423.086560][T11393] __sock_create+0xc1/0x8d0 [ 423.086591][T11393] __sys_socket+0x14f/0x260 [ 423.086620][T11393] ? __pfx___sys_socket+0x10/0x10 [ 423.086648][T11393] ? rcu_is_watching+0x12/0xc0 [ 423.086684][T11393] __x64_sys_socket+0x72/0xb0 [ 423.086711][T11393] ? lockdep_hardirqs_on+0x7c/0x110 [ 423.086740][T11393] do_syscall_64+0xcd/0x250 [ 423.086773][T11393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.086806][T11393] RIP: 0033:0x7f59fff8d169 [ 423.086824][T11393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.086848][T11393] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 423.086871][T11393] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 423.086888][T11393] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 423.086903][T11393] RBP: 00007f5a0000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 423.086919][T11393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.086935][T11393] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 423.086963][T11393] [ 423.086994][T11393] socket: no more sockets [ 425.074010][T11417] nfs: Unknown parameter '±ðCÕ?Ö9_Ì@‰Í¼]ÒŠcÖSïvaÖ—ª5Ÿ–¤l&¡ž‰Êa—¨wO1·û¾; [ 425.074010][T11417] )ãON¢ê¦ìM£|¼Ú ÑÕgÁ›•Œ~uâ2HØòF&”2 [ 427.270842][T11449] dump_stack_lvl+0x16c/0x1f0 [ 427.270878][T11449] should_fail_ex+0x50a/0x650 [ 427.270915][T11449] ? __pfx___might_resched+0x10/0x10 [ 427.270955][T11449] should_fail_alloc_page+0xe7/0x130 [ 427.270979][T11449] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 427.271020][T11449] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 427.271060][T11449] ? __pfx_mark_lock+0x10/0x10 [ 427.271090][T11449] ? __pfx_stack_trace_save+0x10/0x10 [ 427.271117][T11449] ? stack_depot_save_flags+0x28/0x9c0 [ 427.271155][T11449] ? __pfx_mark_lock+0x10/0x10 [ 427.271189][T11449] ? kasan_save_stack+0x42/0x60 [ 427.271222][T11449] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 427.271271][T11449] ? hlock_class+0x4e/0x130 [ 427.271298][T11449] ? hlock_class+0x4e/0x130 [ 427.271332][T11449] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 427.271374][T11449] ? policy_nodemask+0xea/0x4e0 [ 427.271414][T11449] alloc_pages_mpol+0x1fc/0x540 [ 427.271436][T11449] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 427.271466][T11449] alloc_pages_noprof+0x131/0x390 [ 427.271488][T11449] pte_alloc_one+0x20/0x390 [ 427.271526][T11449] do_pte_missing+0x1aff/0x3e10 [ 427.271570][T11449] ? do_raw_spin_unlock+0x172/0x230 [ 427.271595][T11449] ? __pmd_alloc+0x3c2/0x870 [ 427.271627][T11449] __handle_mm_fault+0x1166/0x2c60 [ 427.271675][T11449] ? __pfx___handle_mm_fault+0x10/0x10 [ 427.271711][T11449] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 427.271760][T11449] ? find_vma+0xc0/0x140 [ 427.271787][T11449] ? __pfx_find_vma+0x10/0x10 [ 427.271817][T11449] handle_mm_fault+0x3fa/0xaa0 [ 427.271856][T11449] do_user_addr_fault+0x7a3/0x13f0 [ 427.271894][T11449] exc_page_fault+0x5c/0xc0 [ 427.271922][T11449] asm_exc_page_fault+0x26/0x30 [ 427.271953][T11449] RIP: 0010:copy_iovec_from_user+0x84/0x170 [ 427.271979][T11449] Code: e8 d1 a0 f9 fc 4d 85 ff 0f 85 c6 00 00 00 e8 53 a6 f9 fc 0f 01 cb 0f ae e8 49 bf 00 00 00 00 00 fc ff df e8 3e a6 f9 fc 31 db <48> 8b 45 08 31 ff 89 de 49 89 c6 e8 2c a1 f9 fc 85 db 0f 85 b1 00 [ 427.272002][T11449] RSP: 0018:ffffc9000b1ff8e8 EFLAGS: 00050246 [ 427.272021][T11449] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84c0395f [ 427.272035][T11449] RDX: ffff888020fb0000 RSI: ffffffff84c03982 RDI: 0000000000000006 [ 427.272050][T11449] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 [ 427.272064][T11449] R10: 00000000000010a0 R11: 0000000000000000 R12: ffff888051af4000 [ 427.272079][T11449] R13: 000000000000010a R14: 00007ffffffff000 R15: dffffc0000000000 [ 427.272101][T11449] ? copy_iovec_from_user+0x5f/0x170 [ 427.272125][T11449] ? copy_iovec_from_user+0x82/0x170 [ 427.272152][T11449] ? copy_iovec_from_user+0x82/0x170 [ 427.272179][T11449] iovec_from_user.part.0+0x65/0x130 [ 427.272207][T11449] __import_iovec+0xd6/0x6a0 [ 427.272240][T11449] import_iovec+0x108/0x140 [ 427.272275][T11449] copy_msghdr_from_user+0xfa/0x160 [ 427.272312][T11449] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 427.272360][T11449] ___sys_sendmsg+0xff/0x1e0 [ 427.272396][T11449] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.272441][T11449] ? trace_lock_acquire+0x14e/0x1f0 [ 427.272479][T11449] ? __pfx_lock_release+0x10/0x10 [ 427.272511][T11449] ? proc_fail_nth_write+0xa0/0x250 [ 427.272540][T11449] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 427.272572][T11449] __sys_sendmmsg+0x201/0x420 [ 427.272610][T11449] ? __pfx___sys_sendmmsg+0x10/0x10 [ 427.272651][T11449] ? do_sys_openat2+0xb1/0x1e0 [ 427.272676][T11449] ? __pfx_do_sys_openat2+0x10/0x10 [ 427.272714][T11449] ? ksys_write+0x1ba/0x250 [ 427.272745][T11449] ? __pfx_ksys_write+0x10/0x10 [ 427.272782][T11449] __x64_sys_sendmmsg+0x9c/0x100 [ 427.272816][T11449] ? lockdep_hardirqs_on+0x7c/0x110 [ 427.272843][T11449] do_syscall_64+0xcd/0x250 [ 427.272875][T11449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.272907][T11449] RIP: 0033:0x7f8eecb8d169 [ 427.272924][T11449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.272946][T11449] RSP: 002b:00007f8eec9f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 427.272967][T11449] RAX: ffffffffffffffda RBX: 00007f8eecda5fa0 RCX: 00007f8eecb8d169 [ 427.272982][T11449] RDX: 0000000000000200 RSI: 0000400000000040 RDI: 0000000000000003 [ 427.272996][T11449] RBP: 00007f8eec9f9090 R08: 0000000000000000 R09: 0000000000000000 [ 427.273010][T11449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.273024][T11449] R13: 0000000000000000 R14: 00007f8eecda5fa0 R15: 00007ffcc2629cb8 [ 427.273052][T11449] [ 427.742082][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.377418][T11456] [U] [ 428.380186][T11456] [U] [ 428.382937][T11456] [U] [ 428.385679][T11456] [U] [ 428.408643][T11456] [U] [ 428.411407][T11456] [U] [ 428.414289][T11456] [U] [ 428.417039][T11456] [U] [ 428.435311][T11456] [U] [ 428.438149][T11456] [U] [ 428.441029][T11456] [U] [ 428.443847][T11456] [U] [ 428.483145][T11456] [U] [ 428.485983][T11456] [U] [ 428.488739][T11456] [U] [ 428.492013][T11456] [U] [ 428.574442][T11456] [U] [ 428.577228][T11456] [U] [ 428.580072][T11456] [U] [ 428.582830][T11456] [U] [ 428.698364][T11456] [U] [ 428.701152][T11456] [U] [ 428.703998][T11456] [U] [ 428.706920][T11456] [U] [ 428.836905][T11456] [U] [ 428.839677][T11456] [U] [ 428.842391][T11456] [U] [ 428.845104][T11456] [U] [ 428.946945][T11456] [U] [ 428.949710][T11456] [U] [ 428.952441][T11456] [U] [ 428.955246][T11456] [U] [ 429.023493][T11456] [U] [ 429.026263][T11456] [U] [ 429.028979][T11456] [U] [ 429.031966][T11456] [U] [ 429.134343][T11456] [U] [ 429.229678][T11459] kexec: Could not allocate control_code_buffer [ 429.862642][T11455] Invalid ELF header magic: != ELF [ 430.362118][T11489] nfs: Unknown parameter '±ðCÕ?Ö9_Ì@‰Í¼]ÒŠcÖSïvaÖ—ª5Ÿ–¤l&¡ž‰Êa—¨wO1·û¾; [ 430.362118][T11489] )ãON¢ê¦ìM£|¼Ú ÑÕgÁ›•Œ~uâ2HØòF&”2 [ 437.419361][T11657] dump_stack_lvl+0x16c/0x1f0 [ 437.419398][T11657] should_fail_ex+0x50a/0x650 [ 437.419465][T11657] ? __pfx___might_resched+0x10/0x10 [ 437.419508][T11657] should_fail_alloc_page+0xe7/0x130 [ 437.419534][T11657] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 437.419572][T11657] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 437.419613][T11657] ? hlock_class+0x4e/0x130 [ 437.419639][T11657] ? mark_lock+0xb5/0xc60 [ 437.419674][T11657] ? __pfx_mark_lock+0x10/0x10 [ 437.419711][T11657] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 437.419752][T11657] ? hlock_class+0x4e/0x130 [ 437.419775][T11657] ? mark_lock+0xb5/0xc60 [ 437.419807][T11657] ? hlock_class+0x4e/0x130 [ 437.419836][T11657] ? hlock_class+0x4e/0x130 [ 437.419860][T11657] ? __lock_acquire+0xcc5/0x3c40 [ 437.419895][T11657] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 437.419934][T11657] ? policy_nodemask+0xea/0x4e0 [ 437.419974][T11657] alloc_pages_mpol+0x1fc/0x540 [ 437.419998][T11657] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 437.420021][T11657] ? __lock_acquire+0x15a9/0x3c40 [ 437.420059][T11657] folio_alloc_mpol_noprof+0x36/0x2f0 [ 437.420088][T11657] vma_alloc_folio_noprof+0xee/0x1b0 [ 437.420115][T11657] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 437.420143][T11657] ? find_held_lock+0x2d/0x110 [ 437.420173][T11657] do_pte_missing+0x202f/0x3e10 [ 437.420219][T11657] __handle_mm_fault+0x1166/0x2c60 [ 437.420263][T11657] ? __pfx___handle_mm_fault+0x10/0x10 [ 437.420297][T11657] ? follow_page_pte+0x3ac/0x1490 [ 437.420332][T11657] ? __pfx_lock_release+0x10/0x10 [ 437.420387][T11657] handle_mm_fault+0x3fa/0xaa0 [ 437.420435][T11657] __get_user_pages+0x773/0x36f0 [ 437.420477][T11657] ? __pfx_mt_find+0x10/0x10 [ 437.420510][T11657] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 437.420544][T11657] ? __pfx___get_user_pages+0x10/0x10 [ 437.420581][T11657] ? __mm_populate+0x21d/0x380 [ 437.420622][T11657] populate_vma_page_range+0x27f/0x3a0 [ 437.420660][T11657] ? __pfx_populate_vma_page_range+0x10/0x10 [ 437.420701][T11657] ? __pfx_find_vma_intersection+0x10/0x10 [ 437.420734][T11657] ? vm_mmap_pgoff+0x29b/0x3a0 [ 437.420771][T11657] __mm_populate+0x1d6/0x380 [ 437.420809][T11657] ? __pfx___mm_populate+0x10/0x10 [ 437.420847][T11657] ? up_write+0x1b2/0x520 [ 437.420886][T11657] vm_mmap_pgoff+0x2d3/0x3a0 [ 437.420923][T11657] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 437.420955][T11657] ? fd_install+0x223/0x750 [ 437.420993][T11657] ? __x64_sys_futex+0x1e1/0x4c0 [ 437.421021][T11657] ? __x64_sys_futex+0x1ea/0x4c0 [ 437.421054][T11657] ksys_mmap_pgoff+0x7d/0x5c0 [ 437.421084][T11657] ? rcu_is_watching+0x12/0xc0 [ 437.421112][T11657] __x64_sys_mmap+0x125/0x190 [ 437.421149][T11657] do_syscall_64+0xcd/0x250 [ 437.421184][T11657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.421218][T11657] RIP: 0033:0x7f252738d169 [ 437.421238][T11657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.421262][T11657] RSP: 002b:00007f252824b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 437.421284][T11657] RAX: ffffffffffffffda RBX: 00007f25275a5fa0 RCX: 00007f252738d169 [ 437.421300][T11657] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 437.421314][T11657] RBP: 00007f252740e2a0 R08: 0000000000000007 R09: 0000000000028000 [ 437.421329][T11657] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 437.421343][T11657] R13: 0000000000000000 R14: 00007f25275a5fa0 R15: 00007ffd631f2ea8 [ 437.421371][T11657] [ 438.366151][T11661] vivid-010: ================= START STATUS ================= [ 438.374038][T11661] vivid-010: Generate PTS: true [ 438.389240][T11661] vivid-010: Generate SCR: true [ 438.403753][T11661] tpg source WxH: 640x360 (Y'CbCr) [ 438.426420][T11661] tpg field: 1 [ 438.429861][T11661] tpg crop: 640x360@0x0 [ 438.454725][T11661] tpg compose: 640x360@0x0 [ 438.484376][T11661] tpg colorspace: 8 [ 438.494356][T11661] tpg transfer function: 0/0 [ 438.509564][T11661] tpg Y'CbCr encoding: 0/0 [ 438.526689][T11661] tpg quantization: 0/0 [ 438.544388][T11661] tpg RGB range: 0/2 [ 438.554270][T11661] vivid-010: ================== END STATUS ================== [ 438.852081][T11658] CPU: 1 UID: 0 PID: 11658 Comm: syz.4.1493 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 438.852116][T11658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 438.852131][T11658] Call Trace: [ 438.852139][T11658] [ 438.852148][T11658] dump_stack_lvl+0x16c/0x1f0 [ 438.852184][T11658] should_fail_ex+0x50a/0x650 [ 438.852222][T11658] ? fs_reclaim_acquire+0xae/0x150 [ 438.852254][T11658] ? tomoyo_realpath_from_path+0xb9/0x720 [ 438.852288][T11658] should_failslab+0xc2/0x120 [ 438.852310][T11658] __kmalloc_noprof+0xcb/0x510 [ 438.852345][T11658] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 438.852385][T11658] tomoyo_realpath_from_path+0xb9/0x720 [ 438.852417][T11658] ? tomoyo_path_number_perm+0x235/0x590 [ 438.852446][T11658] ? tomoyo_path_number_perm+0x235/0x590 [ 438.852477][T11658] tomoyo_path_number_perm+0x248/0x590 [ 438.852504][T11658] ? tomoyo_path_number_perm+0x235/0x590 [ 438.852534][T11658] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 438.852595][T11658] ? __pfx_lock_release+0x10/0x10 [ 438.852628][T11658] ? trace_lock_acquire+0x14e/0x1f0 [ 438.852661][T11658] ? lock_acquire+0x2f/0xb0 [ 438.852693][T11658] ? __fget_files+0x40/0x3a0 [ 438.852729][T11658] ? __fget_files+0x206/0x3a0 [ 438.852766][T11658] security_file_ioctl+0x9b/0x240 [ 438.852798][T11658] __x64_sys_ioctl+0xb7/0x200 [ 438.852829][T11658] do_syscall_64+0xcd/0x250 [ 438.852861][T11658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.852895][T11658] RIP: 0033:0x7f59fff8d169 [ 438.852912][T11658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.852935][T11658] RSP: 002b:00007f5a00e67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 438.852958][T11658] RAX: ffffffffffffffda RBX: 00007f5a001a6080 RCX: 00007f59fff8d169 [ 438.852975][T11658] RDX: 0000000000000000 RSI: 0000000000002201 RDI: 0000000000000005 [ 438.852990][T11658] RBP: 00007f5a00e67090 R08: 0000000000000000 R09: 0000000000000000 [ 438.853005][T11658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 438.853019][T11658] R13: 0000000000000000 R14: 00007f5a001a6080 R15: 00007ffdb8ae5588 [ 438.853048][T11658] [ 439.077127][T11658] ERROR: Out of memory at tomoyo_realpath_from_path. [ 439.444470][T11645] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 439.451324][T11645] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 439.534622][T11645] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 439.564513][T11645] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 439.570530][T11645] CPU0 is offline. [ 441.554360][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 441.560516][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 441.639597][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 441.645836][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 441.742923][T11727] netlink: 350 bytes leftover after parsing attributes in process `syz.4.1508'. [ 442.075303][T11721] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 442.099439][T11721] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 442.129561][T11721] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 442.156976][T11721] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 442.170158][T11721] CPU0 is offline. [ 443.179307][T11750] FAULT_INJECTION: forcing a failure. [ 443.179307][T11750] name failslab, interval 1, probability 0, space 0, times 0 [ 443.264796][T11750] CPU: 1 UID: 0 PID: 11750 Comm: syz.0.1517 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 443.264850][T11750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 443.264865][T11750] Call Trace: [ 443.264873][T11750] [ 443.264883][T11750] dump_stack_lvl+0x16c/0x1f0 [ 443.264919][T11750] should_fail_ex+0x50a/0x650 [ 443.264956][T11750] ? fs_reclaim_acquire+0xae/0x150 [ 443.264993][T11750] ? xfrm_hash_alloc+0xd1/0x100 [ 443.265027][T11750] should_failslab+0xc2/0x120 [ 443.265049][T11750] __kmalloc_noprof+0xcb/0x510 [ 443.265085][T11750] ? xfrm_state_init+0x378/0x630 [ 443.265117][T11750] ? xfrm_state_init+0x3d4/0x630 [ 443.265153][T11750] ? __pfx_xfrm_net_init+0x10/0x10 [ 443.265195][T11750] xfrm_hash_alloc+0xd1/0x100 [ 443.265231][T11750] xfrm_net_init+0x245/0xcb0 [ 443.265272][T11750] ? __pfx_xfrm_net_init+0x10/0x10 [ 443.265314][T11750] ops_init+0x1df/0x5f0 [ 443.265353][T11750] setup_net+0x21f/0x860 [ 443.265391][T11750] ? __pfx_setup_net+0x10/0x10 [ 443.265426][T11750] ? down_read_killable+0xcc/0x380 [ 443.265465][T11750] ? __pfx_down_read_killable+0x10/0x10 [ 443.265503][T11750] ? __raw_spin_lock_init+0x3a/0x110 [ 443.265544][T11750] ? debug_mutex_init+0x37/0x70 [ 443.265571][T11750] copy_net_ns+0x2a6/0x5f0 [ 443.265597][T11750] create_new_namespaces+0x3ea/0xad0 [ 443.265641][T11750] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 443.265682][T11750] ksys_unshare+0x45d/0xa40 [ 443.265707][T11750] ? __pfx_ksys_unshare+0x10/0x10 [ 443.265730][T11750] ? xfd_validate_state+0x5d/0x180 [ 443.265771][T11750] __x64_sys_unshare+0x31/0x40 [ 443.265795][T11750] do_syscall_64+0xcd/0x250 [ 443.265828][T11750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.265861][T11750] RIP: 0033:0x7fbf2e18d169 [ 443.265879][T11750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.265904][T11750] RSP: 002b:00007fbf2f074038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 443.265927][T11750] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18d169 [ 443.265943][T11750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 443.265958][T11750] RBP: 00007fbf2e20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 443.265973][T11750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 443.265987][T11750] R13: 0000000000000000 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 443.266015][T11750] [ 443.909877][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 444.177599][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 444.234252][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 444.240569][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 444.534382][T11770] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 444.540588][T11770] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 444.608274][T11770] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 444.667290][T11770] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 444.730991][T11770] CPU0 is offline. [ 445.396713][T11786] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1527'. [ 445.636851][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.643401][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.149035][T11792] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 446.191818][T11792] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 446.228467][T11792] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 446.262421][T11792] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 446.287393][T11792] CPU0 is offline. [ 447.458806][T11824] Process accounting resumed [ 447.570855][T11813] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 447.601011][T11813] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 447.630717][T11813] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 447.652881][T11813] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 447.680034][T11813] CPU0 is offline. [ 449.383381][T11863] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1547'. [ 449.474883][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 449.634373][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 449.640592][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 449.714323][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 450.036602][T11875] [ 450.691214][T11873] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 450.728883][T11873] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 450.780663][T11873] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 450.829941][T11873] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 450.866938][T11873] CPU0 is offline. [ 450.901204][T11886] FAULT_INJECTION: forcing a failure. [ 450.901204][T11886] name failslab, interval 1, probability 0, space 0, times 0 [ 450.973822][T11886] CPU: 1 UID: 0 PID: 11886 Comm: syz.0.1554 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 450.973859][T11886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 450.973874][T11886] Call Trace: [ 450.973882][T11886] [ 450.973891][T11886] dump_stack_lvl+0x16c/0x1f0 [ 450.973927][T11886] should_fail_ex+0x50a/0x650 [ 450.973965][T11886] ? fs_reclaim_acquire+0xae/0x150 [ 450.973998][T11886] should_failslab+0xc2/0x120 [ 450.974021][T11886] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 450.974058][T11886] ? vm_area_dup+0x21/0x2f0 [ 450.974096][T11886] vm_area_dup+0x21/0x2f0 [ 450.974134][T11886] __split_vma+0x181/0x1160 [ 450.974173][T11886] ? __pfx___split_vma+0x10/0x10 [ 450.974207][T11886] ? mark_lock+0xb5/0xc60 [ 450.974241][T11886] ? __lock_acquire+0xcc5/0x3c40 [ 450.974279][T11886] vms_gather_munmap_vmas+0x1c3/0x1730 [ 450.974322][T11886] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 450.974361][T11886] ? mas_walk+0x6a6/0x910 [ 450.974403][T11886] __mmap_region+0x328/0x2760 [ 450.974427][T11886] ? __pfx___mmap_region+0x10/0x10 [ 450.974456][T11886] ? hlock_class+0x4e/0x130 [ 450.974480][T11886] ? mark_lock+0xb5/0xc60 [ 450.974513][T11886] ? __pfx_mark_lock+0x10/0x10 [ 450.974547][T11886] ? hlock_class+0x4e/0x130 [ 450.974601][T11886] ? rcu_is_watching+0x12/0xc0 [ 450.974625][T11886] ? trace_cap_capable+0x1a2/0x210 [ 450.974656][T11886] mmap_region+0x1ab/0x3f0 [ 450.974683][T11886] do_mmap+0xd8d/0x11b0 [ 450.974718][T11886] ? __pfx_do_mmap+0x10/0x10 [ 450.974748][T11886] ? __pfx_down_write_killable+0x10/0x10 [ 450.974787][T11886] vm_mmap_pgoff+0x203/0x3a0 [ 450.974825][T11886] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 450.974860][T11886] ? __fget_files+0x206/0x3a0 [ 450.974898][T11886] ksys_mmap_pgoff+0x32c/0x5c0 [ 450.974927][T11886] ? __pfx_ksys_write+0x10/0x10 [ 450.974962][T11886] __x64_sys_mmap+0x125/0x190 [ 450.975000][T11886] do_syscall_64+0xcd/0x250 [ 450.975032][T11886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.975064][T11886] RIP: 0033:0x7fbf2e18d169 [ 450.975082][T11886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.975105][T11886] RSP: 002b:00007fbf2f074038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 450.975126][T11886] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18d169 [ 450.975142][T11886] RDX: 0000000000000001 RSI: 000000000000401f RDI: 0000400000ffc000 [ 450.975156][T11886] RBP: 00007fbf2f074090 R08: 0000000000000003 R09: 0000000000000000 [ 450.975171][T11886] R10: 000000000008e051 R11: 0000000000000246 R12: 0000000000000001 [ 450.975184][T11886] R13: 0000000000000000 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 450.975212][T11886] [ 451.767402][T11890] Unable to find swap-space signature [ 452.354524][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 452.754464][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 452.834305][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 452.916179][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 460.392405][T11992] FAULT_INJECTION: forcing a failure. [ 460.392405][T11992] name failslab, interval 1, probability 0, space 0, times 0 [ 460.469526][T11992] CPU: 1 UID: 0 PID: 11992 Comm: syz.0.1588 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 460.469561][T11992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 460.469576][T11992] Call Trace: [ 460.469583][T11992] [ 460.469602][T11992] dump_stack_lvl+0x16c/0x1f0 [ 460.469639][T11992] should_fail_ex+0x50a/0x650 [ 460.469678][T11992] ? fs_reclaim_acquire+0xae/0x150 [ 460.469711][T11992] should_failslab+0xc2/0x120 [ 460.469734][T11992] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 460.469771][T11992] ? find_held_lock+0x2d/0x110 [ 460.469797][T11992] ? __d_alloc+0x31/0xaa0 [ 460.469822][T11992] __d_alloc+0x31/0xaa0 [ 460.469850][T11992] d_alloc_pseudo+0x1c/0xc0 [ 460.469879][T11992] alloc_file_pseudo+0xd0/0x230 [ 460.469906][T11992] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 460.469932][T11992] ? alloc_fd+0x41f/0x760 [ 460.469969][T11992] sock_alloc_file+0x50/0x210 [ 460.470008][T11992] __sys_socket+0x1c2/0x260 [ 460.470035][T11992] ? __pfx___sys_socket+0x10/0x10 [ 460.470063][T11992] ? rcu_is_watching+0x12/0xc0 [ 460.470093][T11992] __x64_sys_socket+0x72/0xb0 [ 460.470118][T11992] ? lockdep_hardirqs_on+0x7c/0x110 [ 460.470146][T11992] do_syscall_64+0xcd/0x250 [ 460.470178][T11992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.470212][T11992] RIP: 0033:0x7fbf2e18d169 [ 460.470229][T11992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.470252][T11992] RSP: 002b:00007fbf2f074038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 460.470274][T11992] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18d169 [ 460.470290][T11992] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000022 [ 460.470304][T11992] RBP: 00007fbf2e20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 460.470318][T11992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 460.470332][T11992] R13: 0000000000000000 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 460.470360][T11992] [ 461.327832][T11993] delete_channel: no stack [ 464.071422][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 464.085008][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 464.093517][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 464.103054][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 464.112284][ T5841] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 464.120122][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 465.230347][T12026] chnl_net:caif_netlink_parms(): no params data found [ 466.197128][ T54] Bluetooth: hci4: command tx timeout [ 466.362980][T12026] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.385941][T12026] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.444568][T12026] bridge_slave_0: entered allmulticast mode [ 466.477228][T12026] bridge_slave_0: entered promiscuous mode [ 466.521375][T12026] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.570510][T12026] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.620474][T12026] bridge_slave_1: entered allmulticast mode [ 466.652884][T12026] bridge_slave_1: entered promiscuous mode [ 467.098026][T12062] FAULT_INJECTION: forcing a failure. [ 467.098026][T12062] name failslab, interval 1, probability 0, space 0, times 0 [ 467.253168][T12026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.318380][T12026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.340998][T12062] CPU: 1 UID: 0 PID: 12062 Comm: syz.4.1603 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 467.341045][T12062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 467.341060][T12062] Call Trace: [ 467.341069][T12062] [ 467.341079][T12062] dump_stack_lvl+0x16c/0x1f0 [ 467.341117][T12062] should_fail_ex+0x50a/0x650 [ 467.341156][T12062] ? fs_reclaim_acquire+0xae/0x150 [ 467.341190][T12062] ? lsm_blob_alloc+0x68/0x90 [ 467.341226][T12062] should_failslab+0xc2/0x120 [ 467.341250][T12062] __kmalloc_noprof+0xcb/0x510 [ 467.341293][T12062] lsm_blob_alloc+0x68/0x90 [ 467.341331][T12062] security_sk_alloc+0x30/0x270 [ 467.341358][T12062] sk_prot_alloc+0x1c7/0x2a0 [ 467.341386][T12062] sk_alloc+0x36/0xb90 [ 467.341419][T12062] __netlink_create+0x5e/0x2c0 [ 467.341448][T12062] __netlink_kernel_create+0xee/0x750 [ 467.341483][T12062] ? __pfx___netlink_kernel_create+0x10/0x10 [ 467.341524][T12062] audit_net_init+0x1af/0x440 [ 467.341555][T12062] ? __pfx_audit_net_init+0x10/0x10 [ 467.341587][T12062] ? __pfx_audit_receive+0x10/0x10 [ 467.341621][T12062] ? __pfx_audit_multicast_bind+0x10/0x10 [ 467.341654][T12062] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 467.341692][T12062] ? __kmalloc_noprof+0x23b/0x510 [ 467.341734][T12062] ? __pfx_audit_net_init+0x10/0x10 [ 467.341763][T12062] ops_init+0x1df/0x5f0 [ 467.341803][T12062] setup_net+0x21f/0x860 [ 467.341841][T12062] ? __pfx_setup_net+0x10/0x10 [ 467.341876][T12062] ? down_read_killable+0xcc/0x380 [ 467.341910][T12062] ? __pfx_down_read_killable+0x10/0x10 [ 467.341944][T12062] ? __raw_spin_lock_init+0x3a/0x110 [ 467.341985][T12062] ? debug_mutex_init+0x37/0x70 [ 467.342013][T12062] copy_net_ns+0x2a6/0x5f0 [ 467.342053][T12062] create_new_namespaces+0x3ea/0xad0 [ 467.342099][T12062] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 467.342142][T12062] ksys_unshare+0x45d/0xa40 [ 467.342169][T12062] ? __pfx_ksys_unshare+0x10/0x10 [ 467.342192][T12062] ? xfd_validate_state+0x5d/0x180 [ 467.342235][T12062] __x64_sys_unshare+0x31/0x40 [ 467.342260][T12062] do_syscall_64+0xcd/0x250 [ 467.342293][T12062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.342327][T12062] RIP: 0033:0x7f59fff8d169 [ 467.342347][T12062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.342372][T12062] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 467.342394][T12062] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 467.342410][T12062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 467.342424][T12062] RBP: 00007f5a0000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 467.342439][T12062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.342453][T12062] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 467.342491][T12062] [ 467.342614][T12062] audit: cannot initialize netlink socket in namespace [ 467.584884][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.342793][ T54] Bluetooth: hci4: command tx timeout [ 468.978529][T12026] team0: Port device team_slave_0 added [ 469.026989][T12026] team0: Port device team_slave_1 added [ 469.450732][T12026] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 469.493594][T12026] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 469.519864][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.646970][T12026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 470.083406][T12026] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 470.104267][T12026] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.245843][T12026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 470.354514][ T54] Bluetooth: hci4: command tx timeout [ 470.898063][T12026] hsr_slave_0: entered promiscuous mode [ 470.935102][T12026] hsr_slave_1: entered promiscuous mode [ 470.965710][T12026] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 470.998952][T12026] Cannot create hsr debugfs directory [ 472.239859][T12026] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 472.358372][T12026] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 472.418827][T12082] FAULT_INJECTION: forcing a failure. [ 472.418827][T12082] name failslab, interval 1, probability 0, space 0, times 0 [ 472.434330][ T54] Bluetooth: hci4: command tx timeout [ 472.455773][T12026] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 472.514606][T12082] CPU: 1 UID: 0 PID: 12082 Comm: syz.0.1608 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 472.514641][T12082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 472.514656][T12082] Call Trace: [ 472.514664][T12082] [ 472.514673][T12082] dump_stack_lvl+0x16c/0x1f0 [ 472.514710][T12082] should_fail_ex+0x50a/0x650 [ 472.514747][T12082] ? fs_reclaim_acquire+0xae/0x150 [ 472.514778][T12082] ? tomoyo_realpath_from_path+0xb9/0x720 [ 472.514811][T12082] should_failslab+0xc2/0x120 [ 472.514833][T12082] __kmalloc_noprof+0xcb/0x510 [ 472.514867][T12082] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 472.514902][T12082] ? rcu_is_watching+0x12/0xc0 [ 472.514929][T12082] tomoyo_realpath_from_path+0xb9/0x720 [ 472.514969][T12082] tomoyo_check_open_permission+0x2ad/0x3c0 [ 472.514998][T12082] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 472.515036][T12082] ? __pfx___lock_acquire+0x10/0x10 [ 472.515081][T12082] ? __pfx_hook_file_open+0x10/0x10 [ 472.515110][T12082] ? lock_acquire+0x2f/0xb0 [ 472.515143][T12082] tomoyo_file_open+0x6b/0x90 [ 472.515181][T12082] security_file_open+0x84/0x1e0 [ 472.515212][T12082] do_dentry_open+0x57c/0x1c40 [ 472.515249][T12082] ? inode_permission+0xdd/0x5f0 [ 472.515277][T12082] vfs_open+0x82/0x3f0 [ 472.515298][T12082] ? may_open+0x1f2/0x400 [ 472.515326][T12082] path_openat+0x1e88/0x2d80 [ 472.515369][T12082] ? __pfx_path_openat+0x10/0x10 [ 472.515403][T12082] ? __pfx___lock_acquire+0x10/0x10 [ 472.515433][T12082] ? lock_acquire.part.0+0x11b/0x380 [ 472.515465][T12082] ? find_held_lock+0x2d/0x110 [ 472.515493][T12082] do_filp_open+0x20c/0x470 [ 472.515541][T12082] ? __pfx_do_filp_open+0x10/0x10 [ 472.515574][T12082] ? find_held_lock+0x2d/0x110 [ 472.515617][T12082] ? alloc_fd+0x41f/0x760 [ 472.515656][T12082] do_sys_openat2+0x17a/0x1e0 [ 472.515680][T12082] ? __pfx_do_sys_openat2+0x10/0x10 [ 472.515707][T12082] ? __fget_files+0x206/0x3a0 [ 472.515745][T12082] __x64_sys_openat+0x175/0x210 [ 472.515770][T12082] ? __pfx___x64_sys_openat+0x10/0x10 [ 472.515794][T12082] ? ksys_write+0x1ba/0x250 [ 472.515835][T12082] do_syscall_64+0xcd/0x250 [ 472.515867][T12082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.515901][T12082] RIP: 0033:0x7fbf2e18d169 [ 472.515918][T12082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.515942][T12082] RSP: 002b:00007fbf2f074038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 472.515964][T12082] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18d169 [ 472.515980][T12082] RDX: 000000000000a101 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 472.515995][T12082] RBP: 00007fbf2f074090 R08: 0000000000000000 R09: 0000000000000000 [ 472.516009][T12082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.516023][T12082] R13: 0000000000000001 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 472.516050][T12082] [ 472.516060][T12082] ERROR: Out of memory at tomoyo_realpath_from_path. [ 473.047549][T12026] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 473.143886][T12086] FAULT_INJECTION: forcing a failure. [ 473.143886][T12086] name failslab, interval 1, probability 0, space 0, times 0 [ 473.254310][T12086] CPU: 1 UID: 0 PID: 12086 Comm: syz.4.1610 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 473.254346][T12086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 473.254361][T12086] Call Trace: [ 473.254368][T12086] [ 473.254377][T12086] dump_stack_lvl+0x16c/0x1f0 [ 473.254412][T12086] should_fail_ex+0x50a/0x650 [ 473.254450][T12086] ? fs_reclaim_acquire+0xae/0x150 [ 473.254489][T12086] should_failslab+0xc2/0x120 [ 473.254511][T12086] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 473.254548][T12086] ? __alloc_skb+0x2b1/0x380 [ 473.254583][T12086] __alloc_skb+0x2b1/0x380 [ 473.254613][T12086] ? __pfx___alloc_skb+0x10/0x10 [ 473.254646][T12086] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 473.254683][T12086] netlink_alloc_large_skb+0x69/0x130 [ 473.254716][T12086] netlink_sendmsg+0x689/0xd70 [ 473.254751][T12086] ? __pfx_netlink_sendmsg+0x10/0x10 [ 473.254792][T12086] ____sys_sendmsg+0xaaf/0xc90 [ 473.254818][T12086] ? copy_msghdr_from_user+0x10b/0x160 [ 473.254852][T12086] ? __pfx_____sys_sendmsg+0x10/0x10 [ 473.254889][T12086] ___sys_sendmsg+0x135/0x1e0 [ 473.254924][T12086] ? __pfx____sys_sendmsg+0x10/0x10 [ 473.254967][T12086] ? __pfx_lock_release+0x10/0x10 [ 473.255000][T12086] ? trace_lock_acquire+0x14e/0x1f0 [ 473.255035][T12086] ? __fget_files+0x206/0x3a0 [ 473.255075][T12086] __sys_sendmsg+0x16e/0x220 [ 473.255109][T12086] ? __pfx___sys_sendmsg+0x10/0x10 [ 473.255159][T12086] do_syscall_64+0xcd/0x250 [ 473.255191][T12086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.255224][T12086] RIP: 0033:0x7f59fff8d169 [ 473.255242][T12086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.255267][T12086] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 473.255290][T12086] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 473.255306][T12086] RDX: 0000000000008000 RSI: 0000400000000140 RDI: 0000000000000003 [ 473.255321][T12086] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 473.255335][T12086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.255354][T12086] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 473.255382][T12086] [ 473.901534][T12088] ptrace attach of "./syz-executor exec"[10649] was attempted by "./syz-executor exec"[12088] [ 474.045833][T12026] 8021q: adding VLAN 0 to HW filter on device bond0 [ 474.104994][T12026] 8021q: adding VLAN 0 to HW filter on device team0 [ 474.185986][T11620] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.193131][T11620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 474.238245][T11620] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.245491][T11620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.588737][T12094] FAULT_INJECTION: forcing a failure. [ 474.588737][T12094] name failslab, interval 1, probability 0, space 0, times 0 [ 474.686329][T12094] CPU: 1 UID: 0 PID: 12094 Comm: syz.0.1614 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 474.686364][T12094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 474.686378][T12094] Call Trace: [ 474.686386][T12094] [ 474.686396][T12094] dump_stack_lvl+0x16c/0x1f0 [ 474.686435][T12094] should_fail_ex+0x50a/0x650 [ 474.686474][T12094] ? fs_reclaim_acquire+0xae/0x150 [ 474.686507][T12094] ? lsm_blob_alloc+0x68/0x90 [ 474.686542][T12094] should_failslab+0xc2/0x120 [ 474.686566][T12094] __kmalloc_noprof+0xcb/0x510 [ 474.686608][T12094] lsm_blob_alloc+0x68/0x90 [ 474.686645][T12094] security_sk_alloc+0x30/0x270 [ 474.686680][T12094] sk_prot_alloc+0x1c7/0x2a0 [ 474.686707][T12094] sk_alloc+0x36/0xb90 [ 474.686740][T12094] __netlink_create+0x5e/0x2c0 [ 474.686769][T12094] __netlink_kernel_create+0xee/0x750 [ 474.686803][T12094] ? __pfx___netlink_kernel_create+0x10/0x10 [ 474.686844][T12094] audit_net_init+0x1af/0x440 [ 474.686874][T12094] ? __pfx_audit_net_init+0x10/0x10 [ 474.686905][T12094] ? __pfx_audit_receive+0x10/0x10 [ 474.686938][T12094] ? __pfx_audit_multicast_bind+0x10/0x10 [ 474.686972][T12094] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 474.687007][T12094] ? __kmalloc_noprof+0x23b/0x510 [ 474.687049][T12094] ? __pfx_audit_net_init+0x10/0x10 [ 474.687078][T12094] ops_init+0x1df/0x5f0 [ 474.687117][T12094] setup_net+0x21f/0x860 [ 474.687156][T12094] ? __pfx_setup_net+0x10/0x10 [ 474.687191][T12094] ? down_read_killable+0xcc/0x380 [ 474.687225][T12094] ? __pfx_down_read_killable+0x10/0x10 [ 474.687259][T12094] ? __raw_spin_lock_init+0x3a/0x110 [ 474.687299][T12094] ? debug_mutex_init+0x37/0x70 [ 474.687328][T12094] copy_net_ns+0x2a6/0x5f0 [ 474.687354][T12094] create_new_namespaces+0x3ea/0xad0 [ 474.687409][T12094] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 474.687452][T12094] ksys_unshare+0x45d/0xa40 [ 474.687478][T12094] ? __pfx_ksys_unshare+0x10/0x10 [ 474.687502][T12094] ? xfd_validate_state+0x5d/0x180 [ 474.687548][T12094] __x64_sys_unshare+0x31/0x40 [ 474.687573][T12094] do_syscall_64+0xcd/0x250 [ 474.687607][T12094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.687641][T12094] RIP: 0033:0x7fbf2e18d169 [ 474.687669][T12094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.687693][T12094] RSP: 002b:00007fbf2f074038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 474.687715][T12094] RAX: ffffffffffffffda RBX: 00007fbf2e3a5fa0 RCX: 00007fbf2e18d169 [ 474.687731][T12094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 474.687746][T12094] RBP: 00007fbf2e20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 474.687761][T12094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.687775][T12094] R13: 0000000000000000 R14: 00007fbf2e3a5fa0 R15: 00007fffebf48298 [ 474.687804][T12094] [ 475.324342][T12094] audit: cannot initialize netlink socket in namespace [ 476.266954][T12091] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 476.275226][T12091] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 476.283148][T12091] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 476.364576][T12091] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 476.370949][T12091] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 476.472512][T12091] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 476.550553][T12026] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.594946][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 476.663125][T12091] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 476.837241][T12091] CPU0 is offline. [ 477.540957][T12120] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1619'. [ 477.552582][T12110] Process accounting paused [ 477.668321][T12026] veth0_vlan: entered promiscuous mode [ 477.765858][T12026] veth1_vlan: entered promiscuous mode [ 477.898444][T12026] veth0_macvtap: entered promiscuous mode [ 477.962053][T12026] veth1_macvtap: entered promiscuous mode [ 478.060545][T12026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 478.137067][T12026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.176768][T12026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 478.214487][T12128] Invalid ELF header magic: != ELF [ 478.226977][T12026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.313516][T12026] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 478.354467][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 478.360931][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 478.390191][T12026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.437423][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 478.443744][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 478.517062][T12026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.564246][T12026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 478.647113][T12026] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 478.707731][T12026] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 478.811839][T12026] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.915442][T12026] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.957260][T12026] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.018737][T12026] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.389318][T12128] netlink: 'syz.4.1621': attribute type 1 has an invalid length. [ 479.865178][T12138] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 479.912389][T12138] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 479.934410][T12138] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 479.964411][T12138] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 479.984547][T12138] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 479.990567][T12138] CPU0 is offline. [ 480.188472][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 480.254234][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 480.517152][T11618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 480.564582][T11618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 481.733194][T12148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 481.769036][T12148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 481.818191][T12148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 481.845470][T12148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 481.883013][T12148] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 481.927186][T12148] CPU0 is offline. [ 482.022157][T12147] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 482.095237][T12147] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 482.182766][T12147] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 482.253815][T12147] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 482.323640][T12147] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 482.394404][T12147] CPU0 is offline. [ 483.703059][T12172] kexec: Could not allocate control_code_buffer [ 483.836027][T12190] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1637'. [ 483.854354][ T29] audit: type=1326 audit(4294967532.380:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12173 comm="syz.5.1633" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faaaad8d169 code=0x0 [ 484.114905][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 484.196011][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 484.275501][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 484.354650][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 485.097400][T12196] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 485.109770][T12196] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 485.151788][T12196] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 485.209302][T12196] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 485.249155][T12196] CPU0 is offline. [ 485.718868][T12203] Invalid ELF header magic: != ELF [ 485.783978][T12215] FAULT_INJECTION: forcing a failure. [ 485.783978][T12215] name failslab, interval 1, probability 0, space 0, times 0 [ 485.899832][T12215] CPU: 1 UID: 0 PID: 12215 Comm: syz.4.1645 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 485.899868][T12215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 485.899884][T12215] Call Trace: [ 485.899891][T12215] [ 485.899900][T12215] dump_stack_lvl+0x16c/0x1f0 [ 485.899936][T12215] should_fail_ex+0x50a/0x650 [ 485.899973][T12215] ? fs_reclaim_acquire+0xae/0x150 [ 485.900006][T12215] should_failslab+0xc2/0x120 [ 485.900029][T12215] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 485.900066][T12215] ? __alloc_skb+0x2b1/0x380 [ 485.900102][T12215] __alloc_skb+0x2b1/0x380 [ 485.900133][T12215] ? __pfx___alloc_skb+0x10/0x10 [ 485.900173][T12215] netlink_alloc_large_skb+0x69/0x130 [ 485.900208][T12215] netlink_sendmsg+0x689/0xd70 [ 485.900244][T12215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.900284][T12215] ____sys_sendmsg+0xaaf/0xc90 [ 485.900309][T12215] ? copy_msghdr_from_user+0x10b/0x160 [ 485.900343][T12215] ? __pfx_____sys_sendmsg+0x10/0x10 [ 485.900374][T12215] ? get_pid_task+0xfc/0x250 [ 485.900404][T12215] ___sys_sendmsg+0x135/0x1e0 [ 485.900438][T12215] ? __pfx____sys_sendmsg+0x10/0x10 [ 485.900493][T12215] ? __pfx_vfs_write+0x10/0x10 [ 485.900526][T12215] ? do_sys_openat2+0xb1/0x1e0 [ 485.900553][T12215] __sys_sendmsg+0x16e/0x220 [ 485.900587][T12215] ? __pfx___sys_sendmsg+0x10/0x10 [ 485.900636][T12215] do_syscall_64+0xcd/0x250 [ 485.900683][T12215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.900725][T12215] RIP: 0033:0x7f59fff8d169 [ 485.900742][T12215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.900766][T12215] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.900788][T12215] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 485.900804][T12215] RDX: 0000000000008010 RSI: 0000400000000900 RDI: 0000000000000001 [ 485.900818][T12215] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 485.900835][T12215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.900850][T12215] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 485.900876][T12215] [ 486.355772][T12203] netlink: 'syz.5.1641': attribute type 1 has an invalid length. [ 486.667543][T11618] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.711520][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 487.214293][ T54] Bluetooth: hci3: command 0x0c1a tx timeout [ 487.220406][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 487.276336][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout [ 487.361364][T11618] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.598905][T11618] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.918807][T11618] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.570572][T12252] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 488.618635][T12250] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 488.657120][T12250] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 488.684795][T11618] bridge_slave_1: left allmulticast mode [ 488.700015][T11618] bridge_slave_1: left promiscuous mode [ 488.716266][T12250] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 488.729920][T12253] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 488.780686][T11618] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.806754][T12250] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 488.854508][T12250] CPU0 is offline. [ 488.919009][T11618] bridge_slave_0: left allmulticast mode [ 488.955323][T11618] bridge_slave_0: left promiscuous mode [ 488.961226][T11618] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.818645][T12264] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1659'. [ 489.914892][T12264] netlink: 23 bytes leftover after parsing attributes in process `syz.1.1659'. [ 490.300001][T12269] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd83 [ 490.676354][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 490.682597][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 490.754375][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 490.834288][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout [ 491.508869][T12290] Invalid ELF header magic: != ELF [ 491.926365][T11618] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 491.983708][T11618] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 492.038590][T11618] bond0 (unregistering): Released all slaves [ 492.255909][T12290] netlink: 'syz.4.1666': attribute type 1 has an invalid length. [ 492.305304][T12307] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 492.440067][T12309] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 492.861574][T12318] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 492.937712][T12303] FAULT_INJECTION: forcing a failure. [ 492.937712][T12303] name failslab, interval 1, probability 0, space 0, times 0 [ 492.997115][T12321] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 493.045059][T12303] CPU: 1 UID: 0 PID: 12303 Comm: syz.0.1668 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 493.045094][T12303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 493.045110][T12303] Call Trace: [ 493.045117][T12303] [ 493.045127][T12303] dump_stack_lvl+0x16c/0x1f0 [ 493.045163][T12303] should_fail_ex+0x50a/0x650 [ 493.045201][T12303] ? fs_reclaim_acquire+0xae/0x150 [ 493.045234][T12303] ? __kthread_create_on_node+0xcb/0x400 [ 493.045260][T12303] should_failslab+0xc2/0x120 [ 493.045283][T12303] __kmalloc_cache_noprof+0x68/0x410 [ 493.045322][T12303] ? __pfx_rescuer_thread+0x10/0x10 [ 493.045354][T12303] __kthread_create_on_node+0xcb/0x400 [ 493.045382][T12303] ? __pfx___kthread_create_on_node+0x10/0x10 [ 493.045413][T12303] ? smc_ib_port_event_work+0x4a0/0xc00 [ 493.045441][T12303] ? __pfx_vsnprintf+0x10/0x10 [ 493.045474][T12303] ? __pfx_rescuer_thread+0x10/0x10 [ 493.045506][T12303] kthread_create_on_node+0xc8/0x110 [ 493.045533][T12303] ? __pfx_kthread_create_on_node+0x10/0x10 [ 493.045558][T12303] ? __pfx_scnprintf+0x10/0x10 [ 493.045600][T12303] init_rescuer+0x322/0x640 [ 493.045630][T12303] ? __pfx_init_rescuer+0x10/0x10 [ 493.045667][T12303] ? wq_adjust_max_active+0x39d/0x4a0 [ 493.045702][T12303] __alloc_workqueue+0xc27/0x1810 [ 493.045734][T12303] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 493.045764][T12303] alloc_workqueue+0xd3/0x200 [ 493.045790][T12303] ? __pfx_alloc_workqueue+0x10/0x10 [ 493.045832][T12303] ? __pfx___debug_object_init+0x10/0x10 [ 493.045871][T12303] nci_register_device+0x397/0xb80 [ 493.045912][T12303] ? __pfx_nci_register_device+0x10/0x10 [ 493.045963][T12303] virtual_ncidev_open+0x141/0x220 [ 493.046000][T12303] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 493.046036][T12303] misc_open+0x35a/0x420 [ 493.046060][T12303] ? __pfx_misc_open+0x10/0x10 [ 493.046082][T12303] chrdev_open+0x237/0x6a0 [ 493.046118][T12303] ? __pfx_apparmor_file_open+0x10/0x10 [ 493.046150][T12303] ? __pfx_chrdev_open+0x10/0x10 [ 493.046188][T12303] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 493.046226][T12303] do_dentry_open+0x735/0x1c40 [ 493.046261][T12303] ? __pfx_chrdev_open+0x10/0x10 [ 493.046298][T12303] ? inode_permission+0xdd/0x5f0 [ 493.046327][T12303] vfs_open+0x82/0x3f0 [ 493.046349][T12303] ? may_open+0x1f2/0x400 [ 493.046379][T12303] path_openat+0x1e88/0x2d80 [ 493.046423][T12303] ? __pfx_path_openat+0x10/0x10 [ 493.046458][T12303] ? __pfx___lock_acquire+0x10/0x10 [ 493.046491][T12303] ? lock_acquire.part.0+0x11b/0x380 [ 493.046524][T12303] ? find_held_lock+0x2d/0x110 [ 493.046553][T12303] do_filp_open+0x20c/0x470 [ 493.046588][T12303] ? __pfx_do_filp_open+0x10/0x10 [ 493.046622][T12303] ? find_held_lock+0x2d/0x110 [ 493.046666][T12303] ? alloc_fd+0x41f/0x760 [ 493.046708][T12303] do_sys_openat2+0x17a/0x1e0 [ 493.046733][T12303] ? __pfx_do_sys_openat2+0x10/0x10 [ 493.046769][T12303] __x64_sys_openat+0x175/0x210 [ 493.046794][T12303] ? __pfx___x64_sys_openat+0x10/0x10 [ 493.046836][T12303] do_syscall_64+0xcd/0x250 [ 493.046870][T12303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.046904][T12303] RIP: 0033:0x7fbf2e18d169 [ 493.046923][T12303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.046946][T12303] RSP: 002b:00007fbf2f053038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 493.046969][T12303] RAX: ffffffffffffffda RBX: 00007fbf2e3a6080 RCX: 00007fbf2e18d169 [ 493.046986][T12303] RDX: 0000000000000002 RSI: 0000400000000400 RDI: ffffffffffffff9c [ 493.047001][T12303] RBP: 00007fbf2e20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 493.047016][T12303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 493.047031][T12303] R13: 0000000000000000 R14: 00007fbf2e3a6080 R15: 00007fffebf48298 [ 493.047060][T12303] [ 493.047070][T12303] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -ENOMEM [ 493.375661][ C1] vkms_vblank_simulate: vblank timer overrun [ 494.625229][T12331] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.730720][T12334] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 494.986051][T11618] hsr_slave_0: left promiscuous mode [ 495.053519][T11618] hsr_slave_1: left promiscuous mode [ 495.113049][T11618] veth1_macvtap: left promiscuous mode [ 495.195417][T11618] veth0_macvtap: left promiscuous mode [ 495.215968][T11618] veth1_vlan: left promiscuous mode [ 495.235179][T11618] veth0_vlan: left promiscuous mode [ 496.963335][T11618] team0 (unregistering): Port device team_slave_1 removed [ 497.027174][T11618] team0 (unregistering): Port device team_slave_0 removed [ 497.745571][T12339] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 497.751794][T12339] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 497.834730][T12339] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 497.872316][T12339] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 497.884023][T12363] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 497.920122][T12339] CPU0 is offline. [ 498.034613][T12365] FAULT_INJECTION: forcing a failure. [ 498.034613][T12365] name failslab, interval 1, probability 0, space 0, times 0 [ 498.082514][T12366] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 498.104220][T12365] CPU: 1 UID: 0 PID: 12365 Comm: syz.4.1684 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 498.104255][T12365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 498.104269][T12365] Call Trace: [ 498.104278][T12365] [ 498.104288][T12365] dump_stack_lvl+0x16c/0x1f0 [ 498.104324][T12365] should_fail_ex+0x50a/0x650 [ 498.104366][T12365] should_failslab+0xc2/0x120 [ 498.104395][T12365] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 498.104432][T12365] ? skb_clone+0x190/0x3f0 [ 498.104470][T12365] skb_clone+0x190/0x3f0 [ 498.104506][T12365] netlink_deliver_tap+0xabd/0xd30 [ 498.104537][T12365] ? __pfx_neightbl_dump_info+0x10/0x10 [ 498.104583][T12365] netlink_dump+0x639/0xd00 [ 498.104615][T12365] ? __pfx_netlink_dump+0x10/0x10 [ 498.104644][T12365] ? __netlink_dump_start+0x154/0x970 [ 498.104684][T12365] ? netlink_lookup+0x259/0x520 [ 498.104713][T12365] ? __pfx_netlink_lookup+0x10/0x10 [ 498.104750][T12365] __netlink_dump_start+0x6ca/0x970 [ 498.104783][T12365] ? __pfx_neightbl_dump_info+0x10/0x10 [ 498.104820][T12365] rtnetlink_rcv_msg+0xb44/0xea0 [ 498.104856][T12365] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 498.104890][T12365] ? __pfx_rtnl_dumpit+0x10/0x10 [ 498.104913][T12365] ? __pfx_neightbl_dump_info+0x10/0x10 [ 498.104959][T12365] netlink_rcv_skb+0x16b/0x440 [ 498.104991][T12365] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 498.105026][T12365] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 498.105073][T12365] ? netlink_deliver_tap+0x1ae/0xd30 [ 498.105108][T12365] netlink_unicast+0x53c/0x7f0 [ 498.105143][T12365] ? __pfx_netlink_unicast+0x10/0x10 [ 498.105176][T12365] ? __phys_addr_symbol+0x30/0x80 [ 498.105199][T12365] ? __check_object_size+0x488/0x710 [ 498.105226][T12365] netlink_sendmsg+0x8b8/0xd70 [ 498.105262][T12365] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.105305][T12365] ____sys_sendmsg+0xaaf/0xc90 [ 498.105331][T12365] ? copy_msghdr_from_user+0x10b/0x160 [ 498.105365][T12365] ? __pfx_____sys_sendmsg+0x10/0x10 [ 498.105408][T12365] ___sys_sendmsg+0x135/0x1e0 [ 498.105444][T12365] ? __pfx____sys_sendmsg+0x10/0x10 [ 498.105488][T12365] ? __pfx_lock_release+0x10/0x10 [ 498.105520][T12365] ? trace_lock_acquire+0x14e/0x1f0 [ 498.105556][T12365] ? __fget_files+0x206/0x3a0 [ 498.105597][T12365] __sys_sendmsg+0x16e/0x220 [ 498.105631][T12365] ? __pfx___sys_sendmsg+0x10/0x10 [ 498.105683][T12365] do_syscall_64+0xcd/0x250 [ 498.105716][T12365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.105749][T12365] RIP: 0033:0x7f59fff8d169 [ 498.105767][T12365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 498.105790][T12365] RSP: 002b:00007f5a00e88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 498.105812][T12365] RAX: ffffffffffffffda RBX: 00007f5a001a5fa0 RCX: 00007f59fff8d169 [ 498.105828][T12365] RDX: 0000000000040810 RSI: 0000400000000280 RDI: 0000000000000003 [ 498.105842][T12365] RBP: 00007f5a00e88090 R08: 0000000000000000 R09: 0000000000000000 [ 498.105856][T12365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 498.105870][T12365] R13: 0000000000000000 R14: 00007f5a001a5fa0 R15: 00007ffdb8ae5588 [ 498.105897][T12365] [ 498.847905][T12371] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.320841][T12383] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.423369][T12386] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.593690][T12389] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 499.795064][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 499.801548][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 499.883882][ T54] Bluetooth: hci4: command 0x0c1a tx timeout [ 499.900149][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 499.966075][T12390] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 500.106045][T12393] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 500.203934][T11618] ref_tracker: net notrefcnt@ffff8880611d81e0 has 1/2 users at [ 500.203934][T11618] sk_alloc+0xa93/0xb90 [ 500.203934][T11618] inet6_create+0x380/0x1320 [ 500.203934][T11618] __sock_create+0x335/0x8d0 [ 500.203934][T11618] udp_sock_create6+0xc8/0x6a0 [ 500.203934][T11618] sctp_udp_sock_start+0x280/0x4b0 [ 500.203934][T11618] proc_sctp_do_udp_port+0x380/0x450 [ 500.203934][T11618] proc_sys_call_handler+0x3c6/0x5a0 [ 500.203934][T11618] iter_file_splice_write+0x90f/0x10b0 [ 500.203934][T11618] direct_splice_actor+0x18f/0x6c0 [ 500.203934][T11618] splice_direct_to_actor+0x346/0xa40 [ 500.203934][T11618] do_splice_direct+0x178/0x250 [ 500.203934][T11618] do_sendfile+0xafb/0xe40 [ 500.203934][T11618] __x64_sys_sendfile64+0x1da/0x220 [ 500.203934][T11618] do_syscall_64+0xcd/0x250 [ 500.203934][T11618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.203934][T11618] [ 500.293493][T11618] ref_tracker: net notrefcnt@ffff8880611d81e0 has 1/2 users at [ 500.293493][T11618] sk_alloc+0xa93/0xb90 [ 500.293493][T11618] inet_create+0x3a1/0x10a0 [ 500.293493][T11618] __sock_create+0x335/0x8d0 [ 500.293493][T11618] udp_sock_create4+0xa7/0x450 [ 500.293493][T11618] sctp_udp_sock_start+0x10b/0x4b0 [ 500.293493][T11618] proc_sctp_do_udp_port+0x380/0x450 [ 500.293493][T11618] proc_sys_call_handler+0x3c6/0x5a0 [ 500.293493][T11618] iter_file_splice_write+0x90f/0x10b0 [ 500.293493][T11618] direct_splice_actor+0x18f/0x6c0 [ 500.293493][T11618] splice_direct_to_actor+0x346/0xa40 [ 500.293493][T11618] do_splice_direct+0x178/0x250 [ 500.293493][T11618] do_sendfile+0xafb/0xe40 [ 500.293493][T11618] __x64_sys_sendfile64+0x1da/0x220 [ 500.293493][T11618] do_syscall_64+0xcd/0x250 [ 500.293493][T11618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.293493][T11618] [ 500.382299][ C1] vkms_vblank_simulate: vblank timer overrun [ 500.746034][T12401] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 500.900565][T12405] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 500.950689][T12408] netlink: 'syz.1.1695': attribute type 1 has an invalid length. [ 501.112065][T12396] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 501.136133][T12396] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 501.204752][T12396] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 501.211324][T12396] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 501.221247][T12412] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 501.292857][T12396] CPU0 is offline. [ 501.397798][T12419] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 501.447392][T11618] ------------[ cut here ]------------ [ 501.453608][T11618] WARNING: CPU: 1 PID: 11618 at lib/ref_tracker.c:179 ref_tracker_dir_exit+0x3e3/0x680 [ 501.463544][T11618] Modules linked in: [ 501.467683][T11618] CPU: 1 UID: 0 PID: 11618 Comm: kworker/u8:28 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 501.478949][T11618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 501.489209][T11618] Workqueue: netns cleanup_net [ 501.494030][T11618] RIP: 0010:ref_tracker_dir_exit+0x3e3/0x680 [ 501.500263][T11618] Code: 11 02 00 00 4d 39 f5 49 8b 06 4d 89 f7 0f 85 0e ff ff ff 48 8b 2c 24 e8 9b 0b c8 fc 48 8b 74 24 18 48 89 ef e8 2e e1 65 06 90 <0f> 0b 90 e8 85 0b c8 fc 48 8d 5d 44 be 04 00 00 00 48 89 df e8 f4 [ 501.520557][T11618] RSP: 0018:ffffc9000bd8fab0 EFLAGS: 00010246 [ 501.527338][T11618] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 501.535479][T11618] RDX: 0000000000000001 RSI: ffffffff8b6ced80 RDI: 0000000000000001 [ 501.543703][T11618] RBP: ffff8880611d81e0 R08: 0000000000000001 R09: fffffbfff2dd7dbb [ 501.551907][T11618] R10: ffffffff96ebeddf R11: 0000000000002ba2 R12: ffff8880611d8230 [ 501.560082][T11618] R13: ffff8880611d8230 R14: ffff8880611d8230 R15: ffff8880611d8230 [ 501.568307][T11618] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 501.577629][T11618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 501.584328][T11618] CR2: 00007fdb4edb1cc4 CR3: 000000006b9f0000 CR4: 00000000003526f0 [ 501.592448][T11618] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 501.601417][T11618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 501.609643][T11618] Call Trace: [ 501.612957][T11618] [ 501.616474][T11618] ? __warn+0xea/0x3c0 [ 501.620590][T11618] ? ref_tracker_dir_exit+0x3e3/0x680 [ 501.626400][T11618] ? report_bug+0x3c0/0x580 [ 501.630961][T11618] ? handle_bug+0x54/0xa0 [ 501.635576][T11618] ? exc_invalid_op+0x17/0x50 [ 501.640298][T11618] ? asm_exc_invalid_op+0x1a/0x20 [ 501.645506][T11618] ? ref_tracker_dir_exit+0x3e3/0x680 [ 501.650951][T11618] ? __pfx_ref_tracker_dir_exit+0x10/0x10 [ 501.656800][T11618] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 501.662633][T11618] ? net_passive_dec+0x7d/0xd0 [ 501.667731][T11618] net_passive_dec+0x89/0xd0 [ 501.672962][T11618] cleanup_net+0x8ac/0xb30 [ 501.677579][T11618] ? __pfx_cleanup_net+0x10/0x10 [ 501.682579][T11618] ? lock_acquire+0x2f/0xb0 [ 501.687227][T11618] ? process_one_work+0x921/0x1ba0 [ 501.692468][T11618] process_one_work+0x9c5/0x1ba0 [ 501.697551][T11618] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 501.703511][T11618] ? __pfx_process_one_work+0x10/0x10 [ 501.709164][T11618] ? assign_work+0x1a0/0x250 [ 501.713831][T11618] worker_thread+0x6c8/0xf00 [ 501.718977][T11618] ? __pfx_worker_thread+0x10/0x10 [ 501.724504][T11618] kthread+0x3af/0x750 [ 501.728611][T11618] ? __pfx_kthread+0x10/0x10 [ 501.733271][T11618] ? lock_acquire+0x2f/0xb0 [ 501.737947][T11618] ? __pfx_kthread+0x10/0x10 [ 501.742589][T11618] ret_from_fork+0x45/0x80 [ 501.747107][T11618] ? __pfx_kthread+0x10/0x10 [ 501.751766][T11618] ret_from_fork_asm+0x1a/0x30 [ 501.756668][T11618] [ 501.759710][T11618] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 501.767302][T11618] CPU: 1 UID: 0 PID: 11618 Comm: kworker/u8:28 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0 [ 501.778973][T11618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 501.789051][T11618] Workqueue: netns cleanup_net [ 501.794408][T11618] Call Trace: [ 501.797809][T11618] [ 501.800769][T11618] dump_stack_lvl+0x3d/0x1f0 [ 501.805535][T11618] panic+0x71d/0x800 [ 501.809492][T11618] ? __pfx_panic+0x10/0x10 [ 501.814157][T11618] ? show_trace_log_lvl+0x29d/0x3d0 [ 501.819636][T11618] ? check_panic_on_warn+0x1f/0xb0 [ 501.824893][T11618] ? ref_tracker_dir_exit+0x3e3/0x680 [ 501.830450][T11618] check_panic_on_warn+0xab/0xb0 [ 501.835563][T11618] __warn+0xf6/0x3c0 [ 501.839694][T11618] ? ref_tracker_dir_exit+0x3e3/0x680 [ 501.845655][T11618] report_bug+0x3c0/0x580 [ 501.850023][T11618] handle_bug+0x54/0xa0 [ 501.854293][T11618] exc_invalid_op+0x17/0x50 [ 501.858912][T11618] asm_exc_invalid_op+0x1a/0x20 [ 501.863793][T11618] RIP: 0010:ref_tracker_dir_exit+0x3e3/0x680 [ 501.869838][T11618] Code: 11 02 00 00 4d 39 f5 49 8b 06 4d 89 f7 0f 85 0e ff ff ff 48 8b 2c 24 e8 9b 0b c8 fc 48 8b 74 24 18 48 89 ef e8 2e e1 65 06 90 <0f> 0b 90 e8 85 0b c8 fc 48 8d 5d 44 be 04 00 00 00 48 89 df e8 f4 [ 501.889486][T11618] RSP: 0018:ffffc9000bd8fab0 EFLAGS: 00010246 [ 501.895593][T11618] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 501.903596][T11618] RDX: 0000000000000001 RSI: ffffffff8b6ced80 RDI: 0000000000000001 [ 501.911746][T11618] RBP: ffff8880611d81e0 R08: 0000000000000001 R09: fffffbfff2dd7dbb [ 501.919850][T11618] R10: ffffffff96ebeddf R11: 0000000000002ba2 R12: ffff8880611d8230 [ 501.927864][T11618] R13: ffff8880611d8230 R14: ffff8880611d8230 R15: ffff8880611d8230 [ 501.935898][T11618] ? __pfx_ref_tracker_dir_exit+0x10/0x10 [ 501.941662][T11618] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 501.947505][T11618] ? net_passive_dec+0x7d/0xd0 [ 501.952287][T11618] net_passive_dec+0x89/0xd0 [ 501.956986][T11618] cleanup_net+0x8ac/0xb30 [ 501.961444][T11618] ? __pfx_cleanup_net+0x10/0x10 [ 501.966510][T11618] ? lock_acquire+0x2f/0xb0 [ 501.971045][T11618] ? process_one_work+0x921/0x1ba0 [ 501.976208][T11618] process_one_work+0x9c5/0x1ba0 [ 501.981211][T11618] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 501.986881][T11618] ? __pfx_process_one_work+0x10/0x10 [ 501.992291][T11618] ? assign_work+0x1a0/0x250 [ 501.996943][T11618] worker_thread+0x6c8/0xf00 [ 502.001607][T11618] ? __pfx_worker_thread+0x10/0x10 [ 502.006787][T11618] kthread+0x3af/0x750 [ 502.010883][T11618] ? __pfx_kthread+0x10/0x10 [ 502.015495][T11618] ? lock_acquire+0x2f/0xb0 [ 502.020025][T11618] ? __pfx_kthread+0x10/0x10 [ 502.024652][T11618] ret_from_fork+0x45/0x80 [ 502.029178][T11618] ? __pfx_kthread+0x10/0x10 [ 502.033823][T11618] ret_from_fork_asm+0x1a/0x30 [ 502.038891][T11618] [ 502.041995][T11618] Kernel Offset: disabled [ 502.046444][T11618] Rebooting in 86400 seconds..