last executing test programs: 11m51.654871879s ago: executing program 3 (id=61): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, 0x0, 0xc9c8) r1 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) writev$auto(r1, &(0x7f0000002bc0)={0x0, 0x7}, 0x7) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) adjtimex$auto(&(0x7f00000000c0)={0x9, 0x0, 0x867b, 0x4, 0x4, 0x776, 0xffff8000, 0x0, 0x6, 0xefee, 0xb, {0x7, 0x1}, 0xffffffffffffffff, 0x1, 0x2, 0x4, 0x0, 0x5, 0x0, 0x755, 0x10, 0x4, 0x1}) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r0) r4 = socket(0x10, 0x2, 0x6) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c0000107473e3b7c1b3ca4d0b6dc812f0794a65147f9547dbc3f758033eec6ade13c13ffcebe63040a26b7dbe982ad437270ae086d1b169ca928cefb83afa9f0d26c1b3f80aad70aa009a1e1a30b405f3d618a1b14b42f915dd3773702c021f463c1260beb7fd708cbdf07026965c36f5cf606661990f7f5ca7960418f3bc1ab1e3acc729736700eacc6769d2733bb1be95c28f29722c99245033904126f898f050198b2cff0a52173f80c80650a6eda4eb8106b7fb759e281592e72622c6f83689f8a18ca6e5bc", @ANYRES16=r5, @ANYBLOB="010028bd7000fcdbdf251100000018001e8014002280100046800c00f78008002300", @ANYRES32=0x0, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) 11m49.064210614s ago: executing program 3 (id=64): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000002c40)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x4}, @NFSD_A_SERVER_SOCK_ADDR={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000) r2 = getsockopt$auto_SO_PEERPIDFD(r0, 0x4, 0x4d, &(0x7f0000000040)='/sys/kernel/debug/dynamic_debug/control\x00', &(0x7f0000000240)=0x765) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) r4 = socket(0x2, 0x2, 0x88) setsockopt$auto(r4, 0x88, 0xa, &(0x7f0000000000)='\xba\xba\xd3\xc8[&P\x9c\xe7AJz\'\x91\xce=B}v+7n\xa2r0\x92\xc3\x0eE\x96\xf63\xec\xe0\xb2\f\xa86v\xeb\xf1\xcb\xd4\xa9\v\xe1\xcc\x18', 0x80000e) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3ff, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(r3, &(0x7f0000000280)={{&(0x7f00000000c0)="f8f364fd4c79ec37e2cfb4bec2eb0b90cbdfdd9cceaa04b4e7a81e6783ca9805e85af34a7eb337bcf773", 0x0, &(0x7f0000000200)={&(0x7f0000000100)="f4ed90944b0a3b9f90864f2ee9874dcb9742796ce22884b01f9d2a1f3057ce9126e578b7140f24a14218889a94ae5ef345625283d6e0bad563d0fbfa9cb5f1be8b5def9ffd929877b8b5f4f6827afdc84fc1c81f268ce42e431ae21333a2f275a4e569cd4aee217cea658de7f72190f91f2eaa931f33920970b2528d2f5eb1d8ea1e128abae68d209ea771eab5c077cabc2ee09bedb59469a83477d8446db64adc659f96be7b4d6de9edeb167894aa900ccadf1f84d8f35ceeedff48c58423407e9888642b8f7fbd3df5c11f18518cd16795163bf25aa1ef5693b126565899b258953ee6c7f76fb9f9c76456059ef5", 0xf1b}, 0x8000, &(0x7f0000000300)="4fdc9ae8bdc6ea771478d4d77d3ec0ad14e40f45f0e43432cbd1d6e5d17afa7af72ab05b5681a1d8b508adf23abda576ddcd10b9ae85f3ac58ade278f0d8ad04f01833554069bf92c541c734336e4e3a72f96b7bdba695b0f9ec61902c2aa579d8de28ef4dd1a0272a0fec94f3db", 0x4, 0x101}, 0x7f}, 0xa87, 0x8) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x40, &(0x7f00000002c0)={0x0, 0xffffffffffffffff}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc4) io_uring_register$auto(0x2, 0x14, 0x0, 0x20) ioctl$auto_IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, 0x0) 11m48.069219278s ago: executing program 3 (id=66): socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xd, 0x3, 0xeb1, 0xfffffffffffffffe, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x2800000000000a}, 0x9) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) bind$auto(0x3, &(0x7f0000000080), 0x6b) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket(0x2c, 0x80003, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/locks\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', &(0x7f0000000300)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)') 11m47.488284463s ago: executing program 3 (id=69): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sethostname$auto(0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x1) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/traceSMB\x00', 0x40c01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) process_madvise$auto(0x3, 0x0, 0xb, 0xc15, 0x8000000000000000) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, 0x0, 0x1a3642, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x1, 0x0, 0x80000000) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) write$auto_clear_warn_once_fops_(r2, &(0x7f0000000040)="68cdd5", 0x3) 11m42.618823928s ago: executing program 3 (id=74): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x0, 0x8, 0xd6, 0x7, 0x9, 0x0, 0x10001, 0x1, 0x2, {0x8}, 0x1, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0x5, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, 0x0, 0x100000a3d9) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mmap$auto(0x0, 0x2020009, 0xfffffffffffffffb, 0x12, 0xfffffffffffffffa, 0x8000) msgget$auto(0xa, 0x77d9) msgsnd$auto(0x7, &(0x7f0000000140)={0x6, 0x9}, 0x8001, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_open_procfs$namespace(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x73) socket(0xa, 0x801, 0x84) clone$auto(0x20003b46, 0x1, 0x0, 0x0, 0x20000000020002) getsockopt$auto(0x6, 0x84, 0x7b, 0x0, &(0x7f00000000c0)=0x10000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_PPPIOCSNPMODE(r2, 0x4008744b, &(0x7f0000000100)={0x9, 0x2}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) 11m40.946755735s ago: executing program 3 (id=78): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0) write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000100)='1', 0x1) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x80) r3 = socket(0x10, 0x2, 0x0) mprotect$auto(0x6, 0x9, 0x5) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/023/001\x00', 0x315000, 0x0) ioctl$auto_USBDEVFS_SETINTERFACE(r5, 0x80085504, &(0x7f0000000100)={0x9, 0xf}) sendmsg$auto_CGROUPSTATS_CMD_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="2500250718130000000400000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c990}, 0x4090) close_range$auto(r1, r3, 0x1) fcntl$auto(0x3, 0x4, 0xa553) r6 = getpgrp(0xffffffffffffffff) getpgid(r6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = socket(0xa, 0x801, 0x84) setsockopt$auto(r7, 0x10000000084, 0x8, 0x0, 0x3) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xa0fc}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 11m25.155791453s ago: executing program 32 (id=78): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0) write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000100)='1', 0x1) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x80) r3 = socket(0x10, 0x2, 0x0) mprotect$auto(0x6, 0x9, 0x5) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/023/001\x00', 0x315000, 0x0) ioctl$auto_USBDEVFS_SETINTERFACE(r5, 0x80085504, &(0x7f0000000100)={0x9, 0xf}) sendmsg$auto_CGROUPSTATS_CMD_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="2500250718130000000400000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c990}, 0x4090) close_range$auto(r1, r3, 0x1) fcntl$auto(0x3, 0x4, 0xa553) r6 = getpgrp(0xffffffffffffffff) getpgid(r6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = socket(0xa, 0x801, 0x84) setsockopt$auto(r7, 0x10000000084, 0x8, 0x0, 0x3) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xa0fc}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 5m21.764657017s ago: executing program 4 (id=1268): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r0) sendmsg$auto_WG_CMD_SET_DEVICE(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000000000)={0x2c, r1, 0x21, 0x70bd26, 0x25dfdbfa, {}, [@WGDEVICE_A_PEERS={0x4}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x841}, 0x80) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x101000, 0x0) ioctl$auto_UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000000)=0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$auto_UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000040)={0x80000000, 0x7, 0x2}) sendmsg$auto_NL80211_CMD_SET_MPATH(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="20e6ff00f27b0da07b8d22dc6131d8ec896928f95a2ac16b286e2e8ef939f7d8e31e129300ed6b4677fe6c622fec73", @ANYRES16=r4, @ANYBLOB="390128bd7000fedbdf25160000000c0099000800000000000000"], 0x20}}, 0x20000000) ioctl$auto_UI_DEV_DESTROY(r2, 0x5502, 0x0) 5m21.258985499s ago: executing program 4 (id=1269): landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x3, 0x2e1b}, 0xf4, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/zram0/initstate\x00', 0x101000, 0x0) creat$auto(&(0x7f0000000040)='./file0\x00', 0x81) syz_genetlink_get_family_id$auto_wireguard(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x5, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x8, 0x0, 0x6, [0x0, 0x3, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0xfffffffffffffffd, 0x8, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0xfffffffffffffffa, 0xffffffff, 0x0, 0x10]}, 0x1fe, 0x81) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x3, 0x5, 0xe) io_uring_setup$auto(0x6, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x121102, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0xf34) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/1:13/strict_limit\x00', 0xa081, 0x0) write$auto_proc_gid_map_operations_base(r2, &(0x7f0000000380)="fe2369d716f330434c9fe3aa2ad93bf990576d26d7518b2edb842929a572a9c915535aad9a88a4b9600ff42e4c2373c33e674c7bede020cb01c64100d33c27b6412f17a6939c2a667a652366993f9082be41b1b0d04186aaeed4bf858449714e68a6a0d062405eb02d87db55a99bb1677ca50df4725c0073031e7a2817eccce5f3b6e9579c43f205a9528a833c6276e8f2a85eb8aaa9fe1e24fa7c1a6e9a6b17520d7f1e4457bcaae9fcdd41920ce7d95ef51f6a5d67a25b38a4e8b52e012d17cdfad8cf700e34e14e2ea367fc93e48c", 0xd0) 5m20.00329253s ago: executing program 4 (id=1272): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r0 = socket(0x26, 0x5, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x4, 0xa, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000140)="3f5eed81f21e40db41202bf3c4578b1a0ba8d5dfd20a3f28517b7912bf1f0b40c3d9dd32b7185b8152ad364fbb7ccd181300b3eb697cd9f6f09cc05d2e66ade9e8f6fa38b4ffaedfd283a5e33cbe3806f54ce8d65beb866074d82c07bb601f71507af802f985a3140e760fb296f83faf6be1fa6151e1aed6ff7f61", 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) listen$auto(r2, 0xffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x1, 0x92, 0x40000000000a5, 0x8000) mmap$auto(0xfffffffffffffffd, 0x7b, 0xdf, 0x14, r2, 0x8000) write$auto(0x3, 0x0, 0x1) r3 = fspick$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x6) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'virt_wifi0\x00'}) mkdir$auto(&(0x7f0000000080)='./file0\x00', 0x7ff) open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x42) ioperm$auto(0x7, 0x6, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) clock_adjtime$auto(0x0, &(0x7f0000000040)={0x9, 0x0, 0x7, 0xfffffffff7fffffe, 0x9, 0x1, 0x7, 0x0, 0x7, 0x8, 0x5, {0x3ff, 0x7}, 0xfffffffffffffff6, 0xa5, 0xa, 0x13c, 0x0, 0x6, 0x100000000, 0x800000000000007, 0x5, 0x90, 0xfffffff5}) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) select$auto(0x80000001, &(0x7f00000001c0)={[0xbb3e, 0x28ec000000000000, 0x3, 0x2, 0x0, 0x7, 0x0, 0x5, 0x1, 0x0, 0x101, 0xe855, 0x7ff, 0x7, 0x29d58a2c, 0x10000]}, &(0x7f0000000240)={[0x3ff, 0x5, 0x0, 0x7, 0x5eb59c84, 0x8307, 0x10000, 0x6, 0xffffffffffffffc0, 0x3d200000000, 0x4, 0x100000001, 0x1, 0x7fff, 0x9]}, &(0x7f00000002c0)={[0x2, 0x2, 0x9, 0x0, 0xdeac, 0x4, 0xfff, 0x4, 0x7, 0xfffffffffffffe49, 0x5c2, 0x8, 0x6e, 0xdd8, 0x2, 0x8]}, &(0x7f0000000340)={0x365, 0x5}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x3, 0x7) socket(0x2, 0x1, 0x0) 5m14.939059879s ago: executing program 4 (id=1288): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptywf\x00', 0x20000, 0x0) ioctl$auto_TIOCGETD2(r1, 0x5424, &(0x7f00000000c0)) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x88000, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) getsockopt$auto_SO_RCVTIMEO_NEW(0xffffffffffffffff, 0x56809fdb, 0x42, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c5c87000000", @ANYRES16=0x0, @ANYBLOB="9bf22abd7000fcdbdf25010000000800090001"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xcb) shmctl$auto_IPC_STAT(0x8001, 0x2, &(0x7f0000000300)={{0x2, 0xee01, 0xee00, 0x1, 0x9, 0x4}, 0xfffffff7, 0x4, 0xffffffffffffffff, 0x6, @inferred=0xffffffffffffffff, @raw=0x2, 0x2, 0x0, &(0x7f0000000100)="11d811554397a17d3049fe710a4cc69225f44edb0624223d5794d9dd794daf83b89298522ed706b873b1ed6a2b37e09be0a5d7dc09c7fe1132f711a1407c75b653d31853dca67f6927963bffc484b120e79e06f30f4b6d3d9f06f1c5d98d2097fd88ef4f8045e1bff83b81d56eb9deca41e536464d01244d02ff658d340bea78a9be956585e7b413ae53a7f592227bb8946035ba67923d2258847e3cb1fb42e9e4889f553b94f245e59349bcbf2133189bbff571dd345a789dc6", &(0x7f0000000240)="d1981f3272fb9177804f1985418ef4098d183bb0c6a0dfabd94c326b95158d1b178e309f6c349a98b8f74b04fdb56ef42076f11b5f385d456858c54ebe6fc61a53ce4f29106641c930f6c6813e7b87659c71e8cf43588a4c1ca15b923ba97a9cdd50fb9c296fcdfa577f710c627b98a8666591fb95607c06b93c2128e5b2eab66b00f05d8c92f9537b64ff7c35941881b2a06478862b924af5c1217b2c3cd452fdda0052235324e5971e166e65"}) setresuid$auto(r4, 0xee01, 0x0) 5m14.488615612s ago: executing program 4 (id=1291): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:96/stable_pages_required\x00', 0xc2280, 0x0) pread64$auto(r0, 0x0, 0x8, 0x0) 5m14.099161563s ago: executing program 4 (id=1295): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/mcfilter\x00', 0x2180, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x1a1382, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x4, 0x0, 0xffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x800, 0x0) ioctl$auto(r0, 0x90006442, 0xc35) acct$auto(&(0x7f0000000000)='/dev/ptyw5\x00') r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/nilfs2/features/README\x00', 0x40, 0x0) getuid() read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/6, 0x6) sendmsg$auto_NETDEV_CMD_NAPI_GET(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(r2, 0x0, 0x4d52) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x567) 4m59.078790214s ago: executing program 33 (id=1295): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/mcfilter\x00', 0x2180, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x1a1382, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x4, 0x0, 0xffffffff, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x800, 0x0) ioctl$auto(r0, 0x90006442, 0xc35) acct$auto(&(0x7f0000000000)='/dev/ptyw5\x00') r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/nilfs2/features/README\x00', 0x40, 0x0) getuid() read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/6, 0x6) sendmsg$auto_NETDEV_CMD_NAPI_GET(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(r2, 0x0, 0x4d52) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x567) 31.244364353s ago: executing program 5 (id=2450): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0xfffffdef) rseq$auto(&(0x7f0000000000)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x405, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x4008000) sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) writev$auto(r0, 0x0, 0x7) openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, 0x0, 0x454002, 0x0) setresuid$auto(0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 29.008671062s ago: executing program 5 (id=2458): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) r0 = socket(0x28, 0x5, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/radio29\x00', 0x40140, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) ustat$auto(0x801, 0x0) keyctl$auto(0xa, 0xfffffffffffffffd, 0x2, 0x628, 0xfffffffffffffffd) bind$auto(r0, &(0x7f0000000080)=@in={0x28, 0x4e20, @multicast2}, 0x68) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x2, 0x73) sendto$auto(r1, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2c483400200ff803636166b00"}, 0x1c) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) r2 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0) close_range$auto(r2, r2, 0x6) r3 = prctl$auto_PR_MPX_ENABLE_MANAGEMENT(0x2b, 0x7fffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r2) sendmsg$auto_NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xf4, r4, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_SCAN_SSIDS={0xb5, 0x2d, 0x0, 0x1, [@typed={0x79, 0x117, 0x0, 0x0, @binary="d9d80269b59f58d4e4e5773583885654dbac9e5bdf5860576d9d8e950f09685dfa322cc968ef9595fc4c1aaa52d19189da31cef568a17706cfd0a2bac6966ed759e0134b30e8910d76b5e3a5cc4b55cde74b6a04a354f795cf9ec2931c464c7fe96ac0816ac57bf2c822524f12fe47f24ec4eab6f0"}, @typed={0x8, 0x133, 0x0, 0x0, @fd=r2}, @generic="a1c0687e7e9d0d5a6179b38c883dd28b9f5e75c34bad693fff", @typed={0x14, 0xd0, 0x0, 0x0, @ipv6=@mcast2}]}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x2}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x3db}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40}, 0x4000048) read$auto(0x3, 0x0, 0x80) r5 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r5, 0x0, 0x9) 24.528747769s ago: executing program 5 (id=2467): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x82001, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xf663, 0x15) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x200000000000, 0x0, 0x20000000}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = epoll_create$auto(0x3e) epoll_ctl$auto(r4, 0x1, 0x8000000000000000, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PVERSION(r4, 0x80045700, &(0x7f0000000200)=0xfff) ioctl$auto_TIOCSBRK2(r4, 0x5427, &(0x7f0000000200)="cb004205eddcd7160744d62683785f9eff7b4f21615f27df3eafbdc355ccf2c270fb763bba86588c2bd2a018269e1f1a6098dd88d6903a3b14c58a1841c216ae887a8aebc497dafba8319c9629b00fe66683e654a152f12c3637b5ee53372c8107ce781858ed3ac821452171c3c5425c1567497b662777d0b550863681c4c43f892826f368703e68a575aecca2ee4cdeb4f9a5409aba73c6faff904424de6e29838e0ce892616a800bc62f7bca3176e56d9fbf0dea663ea6d001d74666be3f6c07398c8d7c7b8b37cdafd572886f51cd97c3d2c330a44448b57b8949126cda4dbc67109d26955b01c352d9400b6e") close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(r3, 0x9, 0x820e, 0x29, 0x0, 0x18) socket(0x2a, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x800005411, 0x38) ioctl$auto_UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f00000001c0)={0xcb, 0xe, 0x6}) 24.480740124s ago: executing program 1 (id=2468): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_active\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r1 = prctl$auto_PR_SET_MM_ARG_END(0xc, 0x9, 0x0, 0x1, 0x4) sendto$auto(r1, &(0x7f00000000c0), 0xff, 0x7fff, 0x0, 0x7fff) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) socket(0x18, 0x2, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2881, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) write$auto(r6, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000002c0), 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) pread64$auto(r0, 0x0, 0x4, 0xc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x5c5440, 0x0) read$auto(0x3, 0x0, 0x80) unlink$auto(&(0x7f0000000040)='./file0\x00') r7 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r7, 0x0, 0x9) 21.674248925s ago: executing program 5 (id=2470): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, 0x0, 0x1) r1 = getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, 0x0, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/net/teql0/statistics/rx_compressed\x00', 0xc2700, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), r3) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)={0x30, r4, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_COOKIE={0xc, 0xf, 0xb3c}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xb}, @L2TP_ATTR_UDP_CSUM={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20004040) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) close_range$auto(0x2, 0x8, 0x0) creat$auto(0x0, 0x4) creat$auto(0x0, 0x9) open(0x0, 0x22242, 0x155) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8000, 0x0) 21.400331862s ago: executing program 1 (id=2471): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mknod$auto(0x0, 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0xfffffdef) 20.024993959s ago: executing program 1 (id=2475): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x82001, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mlockall$auto(0x7f) madvise$auto(0x0, 0xf663, 0x15) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(r1, 0x9, 0x820e, 0x29, 0x0, 0x18) socket(0x2a, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x800005411, 0x38) r2 = socket(0x11, 0x2, 0x4) bpf$auto(0x0, &(0x7f0000000000)=@iter_create={r2, 0x8}, 0xa3) ioctl$auto_UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f00000001c0)={0xcb, 0xe, 0x6}) 18.814918578s ago: executing program 5 (id=2478): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1e00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyz2\x00', 0x10400, 0x0) socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4020aea5, 0x38) 17.478961217s ago: executing program 5 (id=2481): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, 0x0, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) mmap$auto(0x0, 0x1, 0x4000000000df, 0x44eb2, 0x3, 0x300000000000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r3, 0xc0104d08, 0x7) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r4, 0x40025504, 0xea3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x2, 0x0, 0x29e, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40008815}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20008841) sendmsg$auto_NFC_CMD_ENABLE_SE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x5c, 0x0, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_NAME={0x8, 0x2, '\xeb$,]'}, @NFC_ATTR_VENDOR_DATA={0x8, 0x1f, "fce6eeb0"}, @NFC_ATTR_FIRMWARE_NAME={0xf, 0x14, '/proc/mtrr\x00'}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffff}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x3}, @NFC_ATTR_VENDOR_ID={0x8}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x890}, 0x4800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) 16.93417389s ago: executing program 1 (id=2483): r0 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20) fallocate$auto(r0, 0x4, 0x5b, 0x1) execve$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x12) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x5c1900, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, 0x0) r3 = socket(0xa, 0x3, 0x5) sendmsg$auto_IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x4048811}, 0x48001) r4 = socketpair$auto(0x1d, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r4) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x4e703, 0x0) r6 = epoll_create1$auto(0xf0) close_range$auto(0x0, r6, 0xfffffffc) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) bind$auto(0x3, &(0x7f0000000080)=@qipcrtr={0x2a, 0x1, 0x1}, 0x6b) unshare$auto(0x40000080) init_module$auto(0x0, 0xffff9, 0x0) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x10) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/ping_group_range\x00', 0x202, 0x0) sendfile$auto(r7, r7, 0x0, 0x4) r8 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000006880), 0x140, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r8, 0x550c, 0x0) ioctl$auto_BLKRRPART(r5, 0x125f, 0x1000000) 16.207539093s ago: executing program 2 (id=2484): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mknod$auto(0x0, 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0xfffffdef) 15.024462604s ago: executing program 2 (id=2485): mmap$auto(0x0, 0x20008, 0x4000000000db, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xffff, 0x5, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0x25, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/system/memory/memory0/phys_device\x00', 0x80000, 0x0) fcntl$auto(0xffffffffffffffff, 0xbc, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)='5', 0x1) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r4, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) fcntl$auto_F_SETLK(r4, 0x6, 0x0) bpf$auto(0x8, &(0x7f00000001c0)=@bpf_attr_0={0x7, 0xb5, 0x10, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0xa821, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r5, 0x802c550a, &(0x7f00000001c0)=ANY=[@ANYBLOB="028006000000000005"]) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) read$auto(r2, 0x0, 0x20) write$auto_sg_fops_sg(r1, &(0x7f00000001c0)="bf5b1a8c24000000dbcbc7a996eea7f3804ca6c7591afff6578d2f5f520f687f316ba7327b581cd8d58309037c0ae2c71a", 0x31) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000000340)=ANY=[@ANYRESOCT=0x0, @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/pagemap\x00', 0x181400, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0) 13.481909548s ago: executing program 2 (id=2486): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0xf395c107493d70cc, 0x0) socket(0x0, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @host}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x35}}, 0x54) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/mem\x00', 0x2001, 0x0) truncate$auto(&(0x7f00000000c0)='./cgroup\x00', 0x100000000000001) lseek$auto(r0, 0x8001, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) lremovexattr$auto(0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = mq_open$auto(&(0x7f0000000440)='\xbe\xf2\x82\xe7\x14g\xb5\xeeMQ\x13\xa2_g\xbf\t\xfa\xf2_N\xb0{\xf9\xb57v\xeeG\xd9l\xbf\x86q w\x96\xd9\xe9\xa8\xe1\xf0\xc7\x1f\x1e\xc4\xc4\x89u\x83\xe8}\xbd\x7fO\x91\xc1UVW.\xb6\xad\x04u\x02w.\xec`O\xc1\x0e\x15\xe7:\xc9\x1bK\xcddY\x03\x95\xd1\xae\xc1\x9b\x96\x9faj\xd2\xfc\xfc\x1f7\xaf\xcan\xf6\xc0wK\xce\xe7Q\xae\xc9Hg\x01\xef\xda[\xe5\xa3\xa3%\'\x8f\xcf\x96X:\x04Dkt\x7f\xde\x80\x01\xddX\x91\x88\xa1\t\xc3\xf1\xfe[\x93$O8 b\xb4\x92\xf4\xbc\xc5\xb9\x989\xfcF\xec\xdc@\xdd\xdaeM\xe0U\xc8;\xf5\xe7$Q8\xd2\x87\xdd\xc5\x9d\xc5\xe8\xb5\xb5\xb8\xdfD\xd0\xe8t\x8aS\xaa\xbe\xaa\xba\x9e^0\x1a\xf8Y\xf5Jp\bu\xba\x98\x00\xf0H5\xa9u\x0e\xc4\x04\x13\xf58p\x9f\x11\xc07\xefS*|\xd87\x12\xd8\xce\xde0\xd82;\xcd\x18\r\xccI\x99\n\xd2\x86\xbbx\t\xf1\b\'\xcd\x1e\xb0AN\x98\xeer\xde@@\x1cVd\xact\xb8q\x8a\xc0\xcf\xe9wv\x92/\\\xffL\x99\x992Y\xc0\xa0\xc5\xa90\xf4<\x8c\x10\xd5.\xde\xe5Ir}\n\'H1m\x82\xbf\xcf\x00\xbd\xe3\x93c\x82\xd3\x7f)X\xf4\xa5\a\bb\xc1\xa7)\xd3\x10\x00G1\xb4V\xbb\xf8\xf2T\x13d\xc4T\xf1\xd6\xec4\xb0p\x9f\xa9\x88\x1e\x8d\x06\r\xedL\x80\xd8Y\x8a\x8cA\x1dk\xe9\xdc-V\xb2?\xda\x9f8\x19\x1a\x8as\xa3s\xb6\x06Fz\xf9P\xf6+6\x1b\x8f\xcel\x87\xb1\xc7\xce\xe3\x80', 0xdd1, 0xe, 0x0) mq_notify$auto(r2, 0x0) unshare$auto(0x40000080) mmap$auto(0x1000000000000, 0x2020009, 0x400000000003, 0xeb2, 0xfffffffffffffffb, 0x7ffd) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) open(0x0, 0x80002, 0x81) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000180), 0x40500, 0x0) ioctl$auto_SIOCGIFHWADDR(r3, 0x8927, 0x0) ioctl$auto(r1, 0x4b74, r1) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x4) fcntl$auto(0x0, 0x407, 0x100000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) 5.943071183s ago: executing program 0 (id=2487): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, 0x0, 0x1) r1 = getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, 0x0, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/net/teql0/statistics/rx_compressed\x00', 0xc2700, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), r3) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x1c, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x11e789c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)={0x30, r4, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_COOKIE={0xc, 0xf, 0xb3c}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0xb}, @L2TP_ATTR_UDP_CSUM={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20004040) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) close_range$auto(0x2, 0x8, 0x0) creat$auto(0x0, 0x4) creat$auto(0x0, 0x9) open(0x0, 0x22242, 0x155) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8000, 0x0) 4.742410087s ago: executing program 0 (id=2488): r0 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20) fallocate$auto(r0, 0x4, 0x5b, 0x1) execve$auto(0x0, 0x0, 0x0) setsockopt$auto_SO_RCVLOWAT(r0, 0x939, 0x12, &(0x7f00000000c0)='/dev/snd/timer\x00', 0xb10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r2, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(r1, 0x89f2, r1) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r3 = memfd_create$auto(0x0, 0x12) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) landlock_create_ruleset$auto(&(0x7f00000007c0)={0x1}, 0x8, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, 0x0) socket(0xa, 0x3, 0x5) sendmsg$auto_IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x16}}, 0x48811) r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x541c, r6) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x4e703, 0x0) ioctl$auto_BLKRRPART(r7, 0x125f, 0x1000000) 3.545937708s ago: executing program 1 (id=2489): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, 0x0, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) mmap$auto(0x0, 0x1, 0x4000000000df, 0x44eb2, 0x3, 0x300000000000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r3, 0xc0104d08, 0x7) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r4, 0x40025504, 0xea3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x2, 0x0, 0x29e, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40008815}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20008841) sendmsg$auto_NFC_CMD_ENABLE_SE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x5c, 0x0, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_NAME={0x8, 0x2, '\xeb$,]'}, @NFC_ATTR_VENDOR_DATA={0x8, 0x1f, "fce6eeb0"}, @NFC_ATTR_FIRMWARE_NAME={0xf, 0x14, '/proc/mtrr\x00'}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffff}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x3}, @NFC_ATTR_VENDOR_ID={0x8}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x890}, 0x4800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) 3.110582617s ago: executing program 0 (id=2490): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pwr_btn\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) close_range$auto(0x2, 0xa, 0x0) socket(0x10, 0x2, 0x4) write$auto(0x3, 0x0, 0xf6) 2.831262571s ago: executing program 0 (id=2491): socket(0x2, 0x5, 0x0) unshare$auto(0x40000080) r0 = openat$auto_nsim_dev_hwstats_l3_disable_fops_hwstats(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim0/hwstats/l3/enable_ifindex\x00', 0x841, 0x0) write$auto(r0, &(0x7f0000000280)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/bluetooth/hci4\x00', 0x1, 0x0) r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$auto(r1, &(0x7f0000000c40)='ethtool\x00', 0x58) socket(0x2b, 0x80000, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8955, 0x0) ioctl$auto_I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) unshare$auto(0x5) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f00000002c0)=""/182, 0xb6) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/bond0/queues/rx-7/rps_cpus\x00', 0x143680, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000080)=""/86, 0x56) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r4, &(0x7f00000001c0)={0x0, 0xfffffffffffffec2, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYRES64, @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYBLOB="c82c871a4d926dabf0fc20633ab5f73f6b0f5568182f61d5e06bfe6bb514092da7284d649acda9ed3c9fe360cca726c8c4f9ed15738b717eff77248d178c4d1b34d7c6dd77e52edd379c6f5205b313c4c06f0895e85c9a4ad0dd11b89e7cba5aaf8413f9c2bc8095300e42540a1b0eac58a0227477c07d70230172f3e4abb671bdabccc6ff3858348a61aabf", @ANYRESOCT=r0], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x44800) getegid() openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109080, 0x0) shmget$auto(0xa, 0x10563, 0x568d1af2) shmat$auto(0x0, 0x0, 0x873) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x40000, 0x0) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 2.194210649s ago: executing program 2 (id=2492): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x82001, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xf663, 0x15) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mtdblock0\x00', 0x10d441, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) close_range$auto(0xffffffffffffffff, r1, 0x5) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x9, 0x8, 0xffffffffffffffff, [0x4], {0x6, 0x8000, 0xf, 0x2bf, 0x100, 0x7f, 0x101, 0x6, 0x1}, {0x100, 0x1, 0x52, 0x9, 0x1, 0x40, 0x76c5, 0x8, 0x5}}) io_uring_enter$auto(r0, 0x5, 0x820e, 0x26, 0x0, 0x18) socket(0x2a, 0x1, 0xffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) socket(0x0, 0x3, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x800005411, 0x38) r2 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x500, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0) ioctl$auto(r4, 0x4b49, 0x1) ioctl$auto(r3, 0x9010642e, 0xffffffffffffffff) r5 = fanotify_init$auto(0x5, 0x2000000000002) r6 = open(&(0x7f0000000000)='./bus\x00', 0x101000, 0x45) fanotify_mark$auto(r5, 0x451, 0xa, r6, 0x0) fanotify_mark$auto(r5, 0x451, 0x800000a, r2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semctl$auto(0x10201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) 2.071248513s ago: executing program 34 (id=2481): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, 0x0, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) mmap$auto(0x0, 0x1, 0x4000000000df, 0x44eb2, 0x3, 0x300000000000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r3, 0xc0104d08, 0x7) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r4, 0x40025504, 0xea3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x2, 0x0, 0x29e, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40008815}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20008841) sendmsg$auto_NFC_CMD_ENABLE_SE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x5c, 0x0, 0x4, 0x70bd26, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_NAME={0x8, 0x2, '\xeb$,]'}, @NFC_ATTR_VENDOR_DATA={0x8, 0x1f, "fce6eeb0"}, @NFC_ATTR_FIRMWARE_NAME={0xf, 0x14, '/proc/mtrr\x00'}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x5}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffff}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x3}, @NFC_ATTR_VENDOR_ID={0x8}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x890}, 0x4800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) 1.352401895s ago: executing program 0 (id=2494): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80002, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x401, r2, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f0000000500)=@bpf_attr_11={0x5, 0x200ffffffff, 0x9, 0x5, 0xf870e9f, 0x7, 0x8}, 0x9) 948.616177ms ago: executing program 2 (id=2495): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1e00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyz2\x00', 0x10400, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4020aea5, 0x38) 718.99378ms ago: executing program 1 (id=2496): ioperm$auto(0x7, 0x6, 0xffffffffffff4064) map_shadow_stack$auto(0x2, 0x10003, 0xb) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/hid_cougar/parameters/g6_is_space\x00', 0x129102, 0x0) write$auto(r0, &(0x7f0000000000)='y\x8c', 0x2) socket(0xa, 0x801, 0x84) syz_genetlink_get_family_id$auto_netdev(&(0x7f00000000c0), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x1, 0x84) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0) write$auto(r2, 0x0, 0xe) getsockopt$auto(r1, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0xa0002, 0x0) read$auto_v4l2_fops_v4l2_dev(r3, &(0x7f0000000080)=""/27, 0x1b) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x840, 0x0) ioctl$auto(r4, 0x560a, 0x7) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x1a1382, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x22000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002b7000fcdbdf25042e760dffd0c0d9b3921ebe0d4b36ed95"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4001) socket(0x10, 0x2, 0xc) bind$auto(0x3, 0x0, 0x6b) select$auto(0xc, &(0x7f00000000c0)={[0x3, 0xcc, 0xfffffffffffffff8, 0x7, 0x9, 0x0, 0x8000003, 0x5, 0x3, 0x0, 0x0, 0x5, 0x3, 0x1, 0xb, 0x8a]}, &(0x7f0000000240)={[0x3, 0xec6c, 0x9, 0x200000000000000, 0x5, 0xffffffffffffffff, 0x9a, 0x100, 0x6, 0xd, 0xebd, 0x9, 0x6, 0x1, 0x5, 0x8]}, &(0x7f00000002c0)={[0xfffffffffffffff7, 0x8000, 0x10, 0xa8c, 0xffff, 0x5, 0xf, 0x7ff, 0x4, 0x7, 0x2, 0x7, 0x8, 0x6, 0x7, 0x97]}, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x4, 0x0) 673.464077ms ago: executing program 0 (id=2497): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r0) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000003180)={0x14, r1, 0x737, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x6000091}, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000140)) write$auto(r2, 0x0, 0x7396) r3 = syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x200, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) r4 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_gtp(0x0, r4) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x20000000) iopl$auto(0x3) getpgid(0x0) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000000c0)) ioctl$auto_SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000001c0)) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0) read$auto(0x3, 0x0, 0x80) r6 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r6, 0x0, 0x9) 0s ago: executing program 2 (id=2498): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x82001, 0x0) ioctl$auto_UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000040)=&(0x7f0000000000)='/dev/uinput\x00') mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xf663, 0x15) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(r1, 0x9, 0x820e, 0x29, 0x0, 0x18) socket(0x2a, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x800005411, 0x38) ioctl$auto_UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f00000001c0)={0xcb, 0xe, 0x6}) kernel console output (not intermixed with test programs): s+0x4e/0x130 [ 672.791024][T14595] ? stack_depot_save_flags+0x28/0x9c0 [ 672.791063][T14595] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 672.791105][T14595] ? kasan_save_stack+0x42/0x60 [ 672.791137][T14595] ? kasan_save_stack+0x33/0x60 [ 672.791169][T14595] ? kasan_save_track+0x14/0x30 [ 672.791206][T14595] ? vfs_open+0x82/0x3f0 [ 672.791226][T14595] ? path_openat+0x1e88/0x2d80 [ 672.791255][T14595] ? do_filp_open+0x20c/0x470 [ 672.791285][T14595] ? do_sys_openat2+0x17a/0x1e0 [ 672.791308][T14595] ? __x64_sys_openat+0x175/0x210 [ 672.791332][T14595] ? do_syscall_64+0xcd/0x250 [ 672.791361][T14595] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.791397][T14595] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 672.791432][T14595] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 672.791470][T14595] ? policy_nodemask+0xea/0x4e0 [ 672.791519][T14595] alloc_pages_mpol+0x1fc/0x540 [ 672.791545][T14595] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 672.791579][T14595] alloc_pages_noprof+0x131/0x390 [ 672.791606][T14595] get_zeroed_page_noprof+0x14/0x50 [ 672.791636][T14595] get_image_page+0x18/0x190 [ 672.791661][T14595] alloc_rtree_node+0x3c/0xb0 [ 672.791687][T14595] memory_bm_create+0x517/0x810 [ 672.791725][T14595] create_basic_memory_bitmaps+0x111/0x680 [ 672.791759][T14595] snapshot_open+0x235/0x2b0 [ 672.791787][T14595] ? __pfx_snapshot_open+0x10/0x10 [ 672.791816][T14595] misc_open+0x35a/0x420 [ 672.791843][T14595] ? __pfx_misc_open+0x10/0x10 [ 672.791867][T14595] chrdev_open+0x237/0x6a0 [ 672.791905][T14595] ? __pfx_apparmor_file_open+0x10/0x10 [ 672.791936][T14595] ? __pfx_chrdev_open+0x10/0x10 [ 672.791975][T14595] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 672.792015][T14595] do_dentry_open+0x735/0x1c40 [ 672.792049][T14595] ? __pfx_chrdev_open+0x10/0x10 [ 672.792087][T14595] ? inode_permission+0xdd/0x5f0 [ 672.792118][T14595] vfs_open+0x82/0x3f0 [ 672.792141][T14595] ? may_open+0x1f2/0x400 [ 672.792172][T14595] path_openat+0x1e88/0x2d80 [ 672.792218][T14595] ? __pfx_path_openat+0x10/0x10 [ 672.792252][T14595] ? __pfx___lock_acquire+0x10/0x10 [ 672.792283][T14595] ? lock_acquire.part.0+0x11b/0x380 [ 672.792316][T14595] ? find_held_lock+0x2d/0x110 [ 672.792351][T14595] do_filp_open+0x20c/0x470 [ 672.792387][T14595] ? __pfx_do_filp_open+0x10/0x10 [ 672.792420][T14595] ? find_held_lock+0x2d/0x110 [ 672.792472][T14595] ? alloc_fd+0x41f/0x760 [ 672.792522][T14595] do_sys_openat2+0x17a/0x1e0 [ 672.792549][T14595] ? __pfx_do_sys_openat2+0x10/0x10 [ 672.792591][T14595] __x64_sys_openat+0x175/0x210 [ 672.792620][T14595] ? __pfx___x64_sys_openat+0x10/0x10 [ 672.792662][T14595] do_syscall_64+0xcd/0x250 [ 672.792697][T14595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.792732][T14595] RIP: 0033:0x7f1ebf78d169 [ 672.792753][T14595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.792775][T14595] RSP: 002b:00007f1ec05f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 672.792800][T14595] RAX: ffffffffffffffda RBX: 00007f1ebf9a5fa0 RCX: 00007f1ebf78d169 [ 672.792818][T14595] RDX: 0000000000180b01 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 672.792835][T14595] RBP: 00007f1ebf80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 672.792851][T14595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.792866][T14595] R13: 0000000000000000 R14: 00007f1ebf9a5fa0 R15: 00007fff3d0a7f38 [ 672.792900][T14595] [ 674.282231][T14613] FAULT_INJECTION: forcing a failure. [ 674.282231][T14613] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 674.298585][T14613] CPU: 1 UID: 0 PID: 14613 Comm: syz.0.2059 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 674.298623][T14613] Tainted: [U]=USER [ 674.298631][T14613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 674.298643][T14613] Call Trace: [ 674.298651][T14613] [ 674.298660][T14613] dump_stack_lvl+0x16c/0x1f0 [ 674.298695][T14613] should_fail_ex+0x50a/0x650 [ 674.298733][T14613] _copy_from_user+0x2e/0xd0 [ 674.298759][T14613] drm_ioctl+0x501/0xc00 [ 674.298789][T14613] ? __pfx_drm_mode_revoke_lease_ioctl+0x10/0x10 [ 674.298819][T14613] ? __pfx_drm_ioctl+0x10/0x10 [ 674.298845][T14613] ? __pfx_lock_release+0x10/0x10 [ 674.298874][T14613] ? trace_lock_acquire+0x14e/0x1f0 [ 674.298910][T14613] ? __pfx_drm_ioctl+0x10/0x10 [ 674.298933][T14613] __x64_sys_ioctl+0x190/0x200 [ 674.298962][T14613] do_syscall_64+0xcd/0x250 [ 674.298993][T14613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.299024][T14613] RIP: 0033:0x7f85a318d169 [ 674.299042][T14613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.299062][T14613] RSP: 002b:00007f85a4058038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 674.299081][T14613] RAX: ffffffffffffffda RBX: 00007f85a33a5fa0 RCX: 00007f85a318d169 [ 674.299096][T14613] RDX: 00000000000001e2 RSI: 00000000000064c9 RDI: 0000000000000003 [ 674.299110][T14613] RBP: 00007f85a4058090 R08: 0000000000000000 R09: 0000000000000000 [ 674.299125][T14613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 674.299145][T14613] R13: 0000000000000000 R14: 00007f85a33a5fa0 R15: 00007ffd601805f8 [ 674.299179][T14613] [ 674.467132][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.519586][T14611] FAULT_INJECTION: forcing a failure. [ 674.519586][T14611] name failslab, interval 1, probability 0, space 0, times 0 [ 674.582184][T14611] CPU: 0 UID: 0 PID: 14611 Comm: syz.2.2058 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 674.582227][T14611] Tainted: [U]=USER [ 674.582236][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 674.582251][T14611] Call Trace: [ 674.582260][T14611] [ 674.582270][T14611] dump_stack_lvl+0x16c/0x1f0 [ 674.582312][T14611] should_fail_ex+0x50a/0x650 [ 674.582358][T14611] ? fs_reclaim_acquire+0xae/0x150 [ 674.582392][T14611] should_failslab+0xc2/0x120 [ 674.582417][T14611] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 674.582457][T14611] ? alloc_empty_file+0x73/0x1e0 [ 674.582486][T14611] alloc_empty_file+0x73/0x1e0 [ 674.582514][T14611] path_openat+0xe1/0x2d80 [ 674.582545][T14611] ? hlock_class+0x4e/0x130 [ 674.582570][T14611] ? __lock_acquire+0x15a9/0x3c40 [ 674.582613][T14611] ? __pfx_path_openat+0x10/0x10 [ 674.582648][T14611] ? __pfx___lock_acquire+0x10/0x10 [ 674.582678][T14611] ? lock_acquire.part.0+0x11b/0x380 [ 674.582711][T14611] ? find_held_lock+0x2d/0x110 [ 674.582741][T14611] do_filp_open+0x20c/0x470 [ 674.582777][T14611] ? __pfx_do_filp_open+0x10/0x10 [ 674.582809][T14611] ? find_held_lock+0x2d/0x110 [ 674.582856][T14611] ? alloc_fd+0x41f/0x760 [ 674.582898][T14611] do_sys_openat2+0x17a/0x1e0 [ 674.582925][T14611] ? __pfx_do_sys_openat2+0x10/0x10 [ 674.582951][T14611] ? __pfx___might_resched+0x10/0x10 [ 674.582996][T14611] __x64_sys_openat+0x175/0x210 [ 674.583022][T14611] ? __pfx___x64_sys_openat+0x10/0x10 [ 674.583061][T14611] do_syscall_64+0xcd/0x250 [ 674.583095][T14611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.583129][T14611] RIP: 0033:0x7f0ca158d169 [ 674.583149][T14611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.583172][T14611] RSP: 002b:00007f0ca2309038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 674.583209][T14611] RAX: ffffffffffffffda RBX: 00007f0ca17a5fa0 RCX: 00007f0ca158d169 [ 674.583227][T14611] RDX: 0000000000000400 RSI: 0000400000007480 RDI: ffffffffffffff9c [ 674.583246][T14611] RBP: 00007f0ca160e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 674.583262][T14611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 674.583278][T14611] R13: 0000000000000000 R14: 00007f0ca17a5fa0 R15: 00007ffe80621428 [ 674.583310][T14611] [ 676.506614][T14648] FAULT_INJECTION: forcing a failure. [ 676.506614][T14648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 676.547386][T14648] CPU: 1 UID: 0 PID: 14648 Comm: syz.0.2069 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 676.547423][T14648] Tainted: [U]=USER [ 676.547431][T14648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 676.547444][T14648] Call Trace: [ 676.547451][T14648] [ 676.547461][T14648] dump_stack_lvl+0x16c/0x1f0 [ 676.547495][T14648] should_fail_ex+0x50a/0x650 [ 676.547532][T14648] _copy_to_user+0x32/0xd0 [ 676.547558][T14648] drm_ioctl+0x5fe/0xc00 [ 676.547588][T14648] ? __pfx_drm_mode_revoke_lease_ioctl+0x10/0x10 [ 676.547616][T14648] ? __pfx_drm_ioctl+0x10/0x10 [ 676.547638][T14648] ? __pfx_lock_release+0x10/0x10 [ 676.547666][T14648] ? trace_lock_acquire+0x14e/0x1f0 [ 676.547708][T14648] ? __pfx_drm_ioctl+0x10/0x10 [ 676.547732][T14648] __x64_sys_ioctl+0x190/0x200 [ 676.547762][T14648] do_syscall_64+0xcd/0x250 [ 676.547793][T14648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.547823][T14648] RIP: 0033:0x7f85a318d169 [ 676.547842][T14648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.547862][T14648] RSP: 002b:00007f85a4058038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 676.547896][T14648] RAX: ffffffffffffffda RBX: 00007f85a33a5fa0 RCX: 00007f85a318d169 [ 676.547911][T14648] RDX: 00000000000001e2 RSI: 00000000000064c9 RDI: 0000000000000003 [ 676.547926][T14648] RBP: 00007f85a4058090 R08: 0000000000000000 R09: 0000000000000000 [ 676.547939][T14648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 676.547953][T14648] R13: 0000000000000000 R14: 00007f85a33a5fa0 R15: 00007ffd601805f8 [ 676.547982][T14648] [ 676.725102][ C1] vkms_vblank_simulate: vblank timer overrun [ 677.476097][T14659] Process accounting resumed [ 678.021794][T14684] FAULT_INJECTION: forcing a failure. [ 678.021794][T14684] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 678.043580][T14684] CPU: 1 UID: 0 PID: 14684 Comm: syz.0.2080 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 678.043615][T14684] Tainted: [U]=USER [ 678.043623][T14684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 678.043635][T14684] Call Trace: [ 678.043641][T14684] [ 678.043649][T14684] dump_stack_lvl+0x16c/0x1f0 [ 678.043680][T14684] should_fail_ex+0x50a/0x650 [ 678.043719][T14684] _copy_to_user+0x32/0xd0 [ 678.043743][T14684] simple_read_from_buffer+0xd0/0x160 [ 678.043784][T14684] proc_fail_nth_read+0x198/0x270 [ 678.043812][T14684] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 678.043842][T14684] ? rw_verify_area+0xcf/0x680 [ 678.043867][T14684] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 678.043891][T14684] vfs_read+0x1df/0xbf0 [ 678.043923][T14684] ? __fget_files+0x1fc/0x3a0 [ 678.043955][T14684] ? __pfx___mutex_lock+0x10/0x10 [ 678.043985][T14684] ? __pfx_vfs_read+0x10/0x10 [ 678.044024][T14684] ? __fget_files+0x206/0x3a0 [ 678.044066][T14684] ksys_read+0x12b/0x250 [ 678.044094][T14684] ? __pfx_ksys_read+0x10/0x10 [ 678.044133][T14684] do_syscall_64+0xcd/0x250 [ 678.044167][T14684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.044199][T14684] RIP: 0033:0x7f85a318bb7c [ 678.044218][T14684] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 678.044239][T14684] RSP: 002b:00007f85a4058030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 678.044259][T14684] RAX: ffffffffffffffda RBX: 00007f85a33a5fa0 RCX: 00007f85a318bb7c [ 678.044274][T14684] RDX: 000000000000000f RSI: 00007f85a40580a0 RDI: 0000000000000004 [ 678.044288][T14684] RBP: 00007f85a4058090 R08: 0000000000000000 R09: 0000000000000000 [ 678.044301][T14684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 678.044314][T14684] R13: 0000000000000000 R14: 00007f85a33a5fa0 R15: 00007ffd601805f8 [ 678.044345][T14684] [ 678.056190][T14679] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2079'. [ 678.435109][T14679] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 678.670172][T14692] FAULT_INJECTION: forcing a failure. [ 678.670172][T14692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 678.700798][T14692] CPU: 0 UID: 0 PID: 14692 Comm: syz.5.2083 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 678.700836][T14692] Tainted: [U]=USER [ 678.700843][T14692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 678.700857][T14692] Call Trace: [ 678.700865][T14692] [ 678.700874][T14692] dump_stack_lvl+0x16c/0x1f0 [ 678.700909][T14692] should_fail_ex+0x50a/0x650 [ 678.700955][T14692] _copy_to_user+0x32/0xd0 [ 678.700983][T14692] do_pipe2+0x144/0x1d0 [ 678.701017][T14692] ? __pfx_do_pipe2+0x10/0x10 [ 678.701052][T14692] ? rcu_is_watching+0x12/0xc0 [ 678.701085][T14692] __x64_sys_pipe+0x33/0x50 [ 678.701106][T14692] do_syscall_64+0xcd/0x250 [ 678.701138][T14692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.701170][T14692] RIP: 0033:0x7f61e878d169 [ 678.701189][T14692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.701212][T14692] RSP: 002b:00007f61e96ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 678.701235][T14692] RAX: ffffffffffffffda RBX: 00007f61e89a5fa0 RCX: 00007f61e878d169 [ 678.701252][T14692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 678.701266][T14692] RBP: 00007f61e880e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 678.701281][T14692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.701296][T14692] R13: 0000000000000000 R14: 00007f61e89a5fa0 R15: 00007ffca364d3f8 [ 678.701327][T14692] [ 679.269417][T14702] Process accounting resumed [ 679.388066][T14710] netlink: 62 bytes leftover after parsing attributes in process `syz.5.2089'. [ 679.990199][T14736] sctp: [Deprecated]: syz.5.2095 (pid 14736) Use of struct sctp_assoc_value in delayed_ack socket option. [ 679.990199][T14736] Use struct sctp_sack_info instead [ 680.645734][T14747] Process accounting resumed [ 680.730384][T14760] hub 2-0:1.0: USB hub found [ 680.747053][T14760] hub 2-0:1.0: 1 port detected [ 682.579194][T14792] Process accounting resumed [ 683.006863][T14801] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock [ 683.099869][T14801] svc: failed to register nfsdv3 RPC service (errno 111). [ 683.134548][T14801] svc: failed to register nfsaclv3 RPC service (errno 111). [ 684.184475][T14818] FAULT_INJECTION: forcing a failure. [ 684.184475][T14818] name fail_futex, interval 1, probability 0, space 0, times 0 [ 684.217357][T14818] CPU: 0 UID: 60929 PID: 14818 Comm: syz.1.2117 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 684.217392][T14818] Tainted: [U]=USER [ 684.217399][T14818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 684.217418][T14818] Call Trace: [ 684.217424][T14818] [ 684.217436][T14818] dump_stack_lvl+0x16c/0x1f0 [ 684.217467][T14818] should_fail_ex+0x50a/0x650 [ 684.217500][T14818] ? __lock_acquire+0x15a9/0x3c40 [ 684.217535][T14818] get_futex_key+0x4a3/0x1000 [ 684.217563][T14818] ? __pfx_get_futex_key+0x10/0x10 [ 684.217595][T14818] futex_wake+0xe8/0x4e0 [ 684.217625][T14818] ? __pfx_futex_wake+0x10/0x10 [ 684.217655][T14818] ? find_held_lock+0x2d/0x110 [ 684.217684][T14818] do_futex+0x1e5/0x350 [ 684.217710][T14818] ? __pfx_do_futex+0x10/0x10 [ 684.217735][T14818] ? __might_fault+0xe3/0x190 [ 684.217759][T14818] ? __might_fault+0xe3/0x190 [ 684.217783][T14818] mm_release+0x24e/0x300 [ 684.217811][T14818] do_exit+0x886/0x2d70 [ 684.217837][T14818] ? get_signal+0x8f7/0x26c0 [ 684.217867][T14818] ? __pfx_do_exit+0x10/0x10 [ 684.217890][T14818] ? do_raw_spin_lock+0x12d/0x2c0 [ 684.217912][T14818] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 684.217946][T14818] do_group_exit+0xd3/0x2a0 [ 684.217972][T14818] get_signal+0x24ed/0x26c0 [ 684.218014][T14818] ? __pfx_get_signal+0x10/0x10 [ 684.218048][T14818] ? __pfx_do_futex+0x10/0x10 [ 684.218078][T14818] arch_do_signal_or_restart+0x90/0x7e0 [ 684.218105][T14818] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 684.218145][T14818] ? set_cred_ucounts+0x10f/0x200 [ 684.218180][T14818] syscall_exit_to_user_mode+0x150/0x2a0 [ 684.218211][T14818] do_syscall_64+0xda/0x250 [ 684.218241][T14818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.218273][T14818] RIP: 0033:0x7f1ebf78d169 [ 684.218291][T14818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 684.218312][T14818] RSP: 002b:00007f1ec05f40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 684.218335][T14818] RAX: fffffffffffffe00 RBX: 00007f1ebf9a5fa8 RCX: 00007f1ebf78d169 [ 684.218351][T14818] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1ebf9a5fa8 [ 684.218365][T14818] RBP: 00007f1ebf9a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 684.218380][T14818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ebf9a5fac [ 684.218395][T14818] R13: 0000000000000000 R14: 00007fff3d0a7e50 R15: 00007fff3d0a7f38 [ 684.218453][T14818] [ 684.471171][ C0] vkms_vblank_simulate: vblank timer overrun [ 684.827398][T14833] hub 2-0:1.0: USB hub found [ 684.888855][T14833] hub 2-0:1.0: 1 port detected [ 684.963846][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 684.970235][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.163256][T14916] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(2167421857.1732221457.1749447520), cmd(8) [ 688.897231][T14923] Process accounting resumed [ 688.945627][T14927] Process accounting resumed [ 690.699566][T14968] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2158'. [ 690.847940][T14964] Process accounting resumed [ 690.852991][T14968] hsr_slave_0: left promiscuous mode [ 690.912624][T14968] hsr_slave_1: left promiscuous mode [ 693.948052][T14999] hub 2-0:1.0: USB hub found [ 693.952964][T14999] hub 2-0:1.0: 1 port detected [ 694.331640][T15003] Process accounting resumed [ 694.449359][T15012] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 694.877443][T15020] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input160 [ 696.256522][T15034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2175'. [ 696.363357][T15034] hsr_slave_0: left promiscuous mode [ 696.377668][T15034] hsr_slave_1: left promiscuous mode [ 696.408336][T15034] bridge0: port 3(hsr0) entered disabled state [ 696.516357][T15034] hsr0 (unregistering): left promiscuous mode [ 696.516429][T15034] bridge0: port 3(hsr0) entered disabled state [ 698.059493][T15066] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2182'. [ 699.031021][T15091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2188'. [ 699.097799][T15091] hsr_slave_0: left promiscuous mode [ 699.153421][T15091] hsr_slave_1: left promiscuous mode [ 699.250587][T15099] ecryptfs_miscdev_write: Invalid packet size [111] [ 699.773288][T15095] rtc_cmos 00:00: Alarms can be up to one day in the future [ 700.853319][T15126] Process accounting resumed [ 702.557652][T15157] Process accounting resumed [ 703.722335][T15188] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input165 [ 705.077598][T15198] KVM: debugfs: duplicate directory 15198-3 [ 705.109684][T15205] Process accounting resumed [ 705.386976][T15211] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 705.487871][T15216] ecryptfs_miscdev_write: Invalid packet size [111] [ 706.959165][T11848] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 707.013958][ T29] audit: type=1800 audit(4295459082.984:35): pid=15245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2228" name="dbroot" dev="configfs" ino=54033 res=0 errno=0 [ 707.019779][T15245] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input166 [ 707.118306][ T29] audit: type=1804 audit(4295459082.984:36): pid=15245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2228" name="/newroot/sys/kernel/config/target/dbroot" dev="configfs" ino=54033 res=1 errno=0 [ 707.141534][ C0] vkms_vblank_simulate: vblank timer overrun [ 708.383833][T15258] FAULT_INJECTION: forcing a failure. [ 708.383833][T15258] name failslab, interval 1, probability 0, space 0, times 0 [ 708.453666][T15258] CPU: 1 UID: 0 PID: 15258 Comm: syz.2.2231 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 708.453708][T15258] Tainted: [U]=USER [ 708.453717][T15258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 708.453731][T15258] Call Trace: [ 708.453738][T15258] [ 708.453748][T15258] dump_stack_lvl+0x16c/0x1f0 [ 708.453792][T15258] should_fail_ex+0x50a/0x650 [ 708.453830][T15258] ? fs_reclaim_acquire+0xae/0x150 [ 708.453871][T15258] should_failslab+0xc2/0x120 [ 708.453895][T15258] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 708.453933][T15258] ? security_file_alloc+0x34/0x2b0 [ 708.453978][T15258] security_file_alloc+0x34/0x2b0 [ 708.454009][T15258] init_file+0x93/0x4c0 [ 708.454034][T15258] alloc_empty_file+0x91/0x1e0 [ 708.454060][T15258] path_openat+0xe1/0x2d80 [ 708.454098][T15258] ? rcu_is_watching+0x12/0xc0 [ 708.454124][T15258] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 708.454154][T15258] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 708.454189][T15258] ? arch_stack_walk+0xa7/0x100 [ 708.454213][T15258] ? __pfx_path_openat+0x10/0x10 [ 708.454248][T15258] ? __asan_memcpy+0x3c/0x60 [ 708.454282][T15258] do_file_open_root+0x323/0x610 [ 708.454314][T15258] ? __lock_acquire+0x15a9/0x3c40 [ 708.454347][T15258] ? __pfx_do_file_open_root+0x10/0x10 [ 708.454381][T15258] ? __lock_acquire+0x15a9/0x3c40 [ 708.454440][T15258] ? lock_acquire.part.0+0x11b/0x380 [ 708.454475][T15258] ? find_held_lock+0x2d/0x110 [ 708.454499][T15258] ? find_held_lock+0x2d/0x110 [ 708.454524][T15258] file_open_root+0x2a8/0x450 [ 708.454554][T15258] ? __pfx_file_open_root+0x10/0x10 [ 708.454582][T15258] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 708.454605][T15258] ? lockref_get+0x15/0x50 [ 708.454636][T15258] kernel_read_file_from_path_initns+0x18a/0x260 [ 708.454669][T15258] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 708.454699][T15258] ? _request_firmware+0x500/0x1470 [ 708.454743][T15258] _request_firmware+0x746/0x1470 [ 708.454792][T15258] ? __pfx__request_firmware+0x10/0x10 [ 708.454824][T15258] ? __pfx___mutex_lock+0x10/0x10 [ 708.454879][T15258] request_firmware+0x35/0x50 [ 708.454920][T15258] reg_reload_regdb+0x8a/0x460 [ 708.454958][T15258] ? __pfx_reg_reload_regdb+0x10/0x10 [ 708.454999][T15258] ? nl80211_pre_doit+0x1b0/0xb10 [ 708.455034][T15258] genl_family_rcv_msg_doit+0x202/0x2f0 [ 708.455075][T15258] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 708.455114][T15258] ? trace_cap_capable+0x1a2/0x210 [ 708.455153][T15258] ? bpf_lsm_capable+0x9/0x10 [ 708.455181][T15258] ? security_capable+0x7e/0x260 [ 708.455211][T15258] genl_rcv_msg+0x565/0x800 [ 708.455249][T15258] ? __pfx_genl_rcv_msg+0x10/0x10 [ 708.455283][T15258] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 708.455309][T15258] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 708.455345][T15258] ? __pfx_nl80211_post_doit+0x10/0x10 [ 708.455394][T15258] netlink_rcv_skb+0x16b/0x440 [ 708.455429][T15258] ? __pfx_genl_rcv_msg+0x10/0x10 [ 708.455468][T15258] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 708.455515][T15258] ? down_read+0xc9/0x330 [ 708.455551][T15258] ? __pfx_down_read+0x10/0x10 [ 708.455585][T15258] ? netlink_deliver_tap+0x1ae/0xd30 [ 708.455620][T15258] genl_rcv+0x28/0x40 [ 708.455651][T15258] netlink_unicast+0x53c/0x7f0 [ 708.455687][T15258] ? __pfx_netlink_unicast+0x10/0x10 [ 708.455725][T15258] ? __phys_addr_symbol+0x30/0x80 [ 708.455750][T15258] ? __check_object_size+0x488/0x710 [ 708.455781][T15258] netlink_sendmsg+0x8b8/0xd70 [ 708.455818][T15258] ? __pfx_netlink_sendmsg+0x10/0x10 [ 708.455873][T15258] ____sys_sendmsg+0xaaf/0xc90 [ 708.455901][T15258] ? copy_msghdr_from_user+0x10b/0x160 [ 708.455943][T15258] ? __pfx_____sys_sendmsg+0x10/0x10 [ 708.455991][T15258] ___sys_sendmsg+0x135/0x1e0 [ 708.456028][T15258] ? __pfx____sys_sendmsg+0x10/0x10 [ 708.456077][T15258] ? __pfx_lock_release+0x10/0x10 [ 708.456108][T15258] ? trace_lock_acquire+0x14e/0x1f0 [ 708.456148][T15258] ? __fget_files+0x206/0x3a0 [ 708.456190][T15258] __sys_sendmsg+0x16e/0x220 [ 708.456228][T15258] ? __pfx___sys_sendmsg+0x10/0x10 [ 708.456260][T15258] ? __x64_sys_futex+0x1e1/0x4c0 [ 708.456307][T15258] do_syscall_64+0xcd/0x250 [ 708.456340][T15258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.456371][T15258] RIP: 0033:0x7f0ca158d169 [ 708.456392][T15258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.456416][T15258] RSP: 002b:00007f0ca2309038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 708.456437][T15258] RAX: ffffffffffffffda RBX: 00007f0ca17a5fa0 RCX: 00007f0ca158d169 [ 708.456453][T15258] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 000000000000000c [ 708.456467][T15258] RBP: 00007f0ca160e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 708.456481][T15258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 708.456495][T15258] R13: 0000000000000000 R14: 00007f0ca17a5fa0 R15: 00007ffe80621428 [ 708.456528][T15258] [ 708.456618][T15258] platform regulatory.0: loading /lib/firmware/updates/6.14.0-rc5-syzkaller-00016-g48a5eed9ad58/regulatory.db failed with error -12 [ 708.629635][T15268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2236'. [ 708.770136][T15258] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 708.983189][T15258] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 709.074193][T15271] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 709.105161][T15271] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 709.122579][T15271] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 709.190058][T15268] FAULT_INJECTION: forcing a failure. [ 709.190058][T15268] name failslab, interval 1, probability 0, space 0, times 0 [ 709.209611][T15272] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 709.278081][T15268] CPU: 0 UID: 0 PID: 15268 Comm: syz.1.2236 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 709.278124][T15268] Tainted: [U]=USER [ 709.278134][T15268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 709.278149][T15268] Call Trace: [ 709.278157][T15268] [ 709.278167][T15268] dump_stack_lvl+0x16c/0x1f0 [ 709.278208][T15268] should_fail_ex+0x50a/0x650 [ 709.278246][T15268] ? fs_reclaim_acquire+0xae/0x150 [ 709.278282][T15268] should_failslab+0xc2/0x120 [ 709.278307][T15268] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 709.278344][T15268] ? __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 709.278384][T15268] __kvm_mmu_topup_memory_cache+0x18f/0x600 [ 709.278427][T15268] mmu_topup_memory_caches+0x25/0x170 [ 709.278459][T15268] kvm_mmu_load+0xda/0x22a0 [ 709.278488][T15268] ? kvm_apic_has_interrupt+0xb6/0x190 [ 709.278525][T15268] ? __pfx_kvm_apic_has_interrupt+0x10/0x10 [ 709.278560][T15268] ? kvm_guest_time_update+0x71e/0xeb0 [ 709.278592][T15268] ? __pfx_kvm_mmu_load+0x10/0x10 [ 709.278621][T15268] ? kvm_cpu_has_injectable_intr+0x9b/0x1a0 [ 709.278658][T15268] ? kvm_check_and_inject_events+0x725/0x12e0 [ 709.278685][T15268] ? record_steal_time+0x61/0xbe0 [ 709.278716][T15268] vcpu_run+0x338e/0x4f50 [ 709.278746][T15268] ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10 [ 709.278785][T15268] ? __pfx_vcpu_run+0x10/0x10 [ 709.278810][T15268] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 709.278847][T15268] ? rcu_is_watching+0x12/0xc0 [ 709.278873][T15268] ? trace_lock_acquire+0x14e/0x1f0 [ 709.278899][T15268] ? __local_bh_enable_ip+0xa4/0x120 [ 709.278945][T15268] ? lockdep_hardirqs_on+0x7c/0x110 [ 709.278976][T15268] ? kvm_arch_vcpu_ioctl_run+0x1a8/0x17f0 [ 709.279012][T15268] ? kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 709.279038][T15268] kvm_arch_vcpu_ioctl_run+0x865/0x17f0 [ 709.279072][T15268] kvm_vcpu_ioctl+0x5ea/0x16b0 [ 709.279106][T15268] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 709.279151][T15268] ? __pfx_lock_release+0x10/0x10 [ 709.279180][T15268] ? trace_lock_acquire+0x14e/0x1f0 [ 709.279215][T15268] ? __fget_files+0x206/0x3a0 [ 709.279251][T15268] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 709.279279][T15268] __x64_sys_ioctl+0x190/0x200 [ 709.279308][T15268] do_syscall_64+0xcd/0x250 [ 709.279339][T15268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.279369][T15268] RIP: 0033:0x7f1ebf78d169 [ 709.279387][T15268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 709.279409][T15268] RSP: 002b:00007f1ec05f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 709.279433][T15268] RAX: ffffffffffffffda RBX: 00007f1ebf9a5fa0 RCX: 00007f1ebf78d169 [ 709.279449][T15268] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 709.279466][T15268] RBP: 00007f1ebf80e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 709.279480][T15268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 709.279494][T15268] R13: 0000000000000000 R14: 00007f1ebf9a5fa0 R15: 00007fff3d0a7f38 [ 709.279524][T15268] [ 709.323259][T15275] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 2: bad block bitmap checksum [ 709.806600][T15277] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 3: bad block bitmap checksum [ 710.755997][T15285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2240'. [ 710.993919][T10110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 711.005571][T10110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 711.028575][T10110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 711.038204][T10110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 711.045968][T10110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 711.053795][T10110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 711.457633][T15290] chnl_net:caif_netlink_parms(): no params data found [ 711.603417][T15290] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.658796][T15290] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.684702][T15290] bridge_slave_0: entered allmulticast mode [ 711.706417][T15290] bridge_slave_0: entered promiscuous mode [ 711.733095][T15290] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.750881][T15290] bridge0: port 2(bridge_slave_1) entered disabled state [ 711.766148][T15290] bridge_slave_1: entered allmulticast mode [ 711.784103][T15290] bridge_slave_1: entered promiscuous mode [ 711.931527][T15290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.966654][T15290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.190133][T15290] team0: Port device team_slave_0 added [ 712.217299][T15290] team0: Port device team_slave_1 added [ 712.382823][T15290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 712.400070][T15290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.464011][T15290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 712.502209][T15290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 712.540290][T15290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.639589][T15290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 712.900887][T15290] hsr_slave_0: entered promiscuous mode [ 712.907319][T15290] hsr_slave_1: entered promiscuous mode [ 713.131700][T10110] Bluetooth: hci1: command tx timeout [ 713.475814][T15290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.706050][T15318] can0: slcan on pty244. [ 713.782313][T15290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.898966][T15290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.910645][T15318] can0 (unregistered): slcan off pty244. [ 714.374972][T15290] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 714.424254][T15290] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 714.456611][T15290] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 714.496663][T15290] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 714.706729][T15290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 714.772666][T15290] 8021q: adding VLAN 0 to HW filter on device team0 [ 714.808865][T11514] bridge0: port 1(bridge_slave_0) entered blocking state [ 714.816120][T11514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 714.908196][T11514] bridge0: port 2(bridge_slave_1) entered blocking state [ 714.915346][T11514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 715.141139][T15333] FAULT_INJECTION: forcing a failure. [ 715.141139][T15333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 715.187093][T15333] CPU: 0 UID: 0 PID: 15333 Comm: syz.1.2250 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 715.187133][T15333] Tainted: [U]=USER [ 715.187140][T15333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 715.187154][T15333] Call Trace: [ 715.187162][T15333] [ 715.187172][T15333] dump_stack_lvl+0x16c/0x1f0 [ 715.187212][T15333] should_fail_ex+0x50a/0x650 [ 715.187252][T15333] core_sys_select+0x91b/0xb80 [ 715.187293][T15333] ? __pfx_core_sys_select+0x10/0x10 [ 715.187355][T15333] ? read_tsc+0x9/0x20 [ 715.187379][T15333] ? ktime_get_ts64+0x256/0x400 [ 715.187428][T15333] kern_select+0x15e/0x1e0 [ 715.187460][T15333] ? __pfx_kern_select+0x10/0x10 [ 715.187492][T15333] ? xfd_validate_state+0x5d/0x180 [ 715.187525][T15333] ? rcu_is_watching+0x12/0xc0 [ 715.187555][T15333] __x64_sys_select+0xbd/0x160 [ 715.187586][T15333] ? do_syscall_64+0x91/0x250 [ 715.187615][T15333] ? lockdep_hardirqs_on+0x7c/0x110 [ 715.187645][T15333] do_syscall_64+0xcd/0x250 [ 715.187678][T15333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.187711][T15333] RIP: 0033:0x7f1ebf78d169 [ 715.187731][T15333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.187753][T15333] RSP: 002b:00007f1ec05d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 715.187778][T15333] RAX: ffffffffffffffda RBX: 00007f1ebf9a6080 RCX: 00007f1ebf78d169 [ 715.187794][T15333] RDX: 0000400000000180 RSI: 0000400000000100 RDI: 00000000000000be [ 715.187810][T15333] RBP: 00007f1ebf80e2a0 R08: 0000400000000040 R09: 0000000000000000 [ 715.187825][T15333] R10: 0000400000000240 R11: 0000000000000246 R12: 0000000000000000 [ 715.187841][T15333] R13: 0000000000000000 R14: 00007f1ebf9a6080 R15: 00007fff3d0a7f38 [ 715.187869][T15333] [ 715.196554][T10110] Bluetooth: hci1: command tx timeout [ 715.823228][T15343] FAULT_INJECTION: forcing a failure. [ 715.823228][T15343] name failslab, interval 1, probability 0, space 0, times 0 [ 715.872145][T15343] CPU: 0 UID: 60929 PID: 15343 Comm: syz.5.2252 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 715.872184][T15343] Tainted: [U]=USER [ 715.872192][T15343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 715.872205][T15343] Call Trace: [ 715.872213][T15343] [ 715.872222][T15343] dump_stack_lvl+0x16c/0x1f0 [ 715.872257][T15343] should_fail_ex+0x50a/0x650 [ 715.872292][T15343] ? fs_reclaim_acquire+0xae/0x150 [ 715.872323][T15343] should_failslab+0xc2/0x120 [ 715.872345][T15343] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 715.872378][T15343] ? __pfx_acct_collect+0x10/0x10 [ 715.872410][T15343] ? taskstats_exit+0x656/0xbe0 [ 715.872442][T15343] ? acct_update_integrals+0x3e7/0x4b0 [ 715.872478][T15343] taskstats_exit+0x656/0xbe0 [ 715.872510][T15343] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 715.872534][T15343] ? __pfx_taskstats_exit+0x10/0x10 [ 715.872568][T15343] ? _raw_spin_unlock_irq+0x23/0x50 [ 715.872593][T15343] ? __seccomp_filter_orphan+0x18/0x110 [ 715.872617][T15343] ? __put_seccomp_filter+0x16/0xf0 [ 715.872651][T15343] do_exit+0x845/0x2d70 [ 715.872675][T15343] ? get_signal+0x8f7/0x26c0 [ 715.872704][T15343] ? __pfx_do_exit+0x10/0x10 [ 715.872724][T15343] ? do_raw_spin_lock+0x12d/0x2c0 [ 715.872745][T15343] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 715.872771][T15343] do_group_exit+0xd3/0x2a0 [ 715.872798][T15343] get_signal+0x24ed/0x26c0 [ 715.872841][T15343] ? __pfx_get_signal+0x10/0x10 [ 715.872876][T15343] ? __pfx_do_futex+0x10/0x10 [ 715.872905][T15343] arch_do_signal_or_restart+0x90/0x7e0 [ 715.872932][T15343] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 715.872963][T15343] ? set_cred_ucounts+0x10f/0x200 [ 715.872997][T15343] syscall_exit_to_user_mode+0x150/0x2a0 [ 715.873025][T15343] do_syscall_64+0xda/0x250 [ 715.873054][T15343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.873091][T15343] RIP: 0033:0x7f61e878d169 [ 715.873109][T15343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.873130][T15343] RSP: 002b:00007f61e96ba0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 715.873152][T15343] RAX: fffffffffffffe00 RBX: 00007f61e89a5fa8 RCX: 00007f61e878d169 [ 715.873168][T15343] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f61e89a5fa8 [ 715.873183][T15343] RBP: 00007f61e89a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 715.873197][T15343] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61e89a5fac [ 715.873211][T15343] R13: 0000000000000000 R14: 00007ffca364d310 R15: 00007ffca364d3f8 [ 715.873242][T15343] [ 716.174477][T15290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 716.397978][T15290] veth0_vlan: entered promiscuous mode [ 716.465057][T15290] veth1_vlan: entered promiscuous mode [ 716.565948][T15290] veth0_macvtap: entered promiscuous mode [ 716.596665][T15290] veth1_macvtap: entered promiscuous mode [ 716.637150][T15290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 716.669066][T15290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.691619][T15290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 716.726451][T15290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.757936][T15290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.778027][T15290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 716.805785][T15290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 716.827016][T15290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 716.842680][T15290] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.877667][T15290] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.907240][T15290] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 716.916912][T15290] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 717.162341][ T7163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 717.243038][ T7163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 717.316807][ T6486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 717.357663][ T6486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 717.427283][T10110] Bluetooth: hci1: command tx timeout [ 719.139519][T11848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 719.163355][T11848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 719.183280][T11848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 719.193098][T11848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 719.202184][T11848] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 719.211159][T11848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 719.494249][T10110] Bluetooth: hci1: command tx timeout [ 719.508035][T15015] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 719.608287][T15370] Process accounting paused [ 720.418285][ T6486] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.603027][T15376] chnl_net:caif_netlink_parms(): no params data found [ 720.854858][ T6486] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.249764][T10110] Bluetooth: hci3: command tx timeout [ 721.404964][ T6486] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.601135][T15408] FAULT_INJECTION: forcing a failure. [ 721.601135][T15408] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 721.655218][T15408] CPU: 0 UID: 0 PID: 15408 Comm: syz.5.2268 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 721.655257][T15408] Tainted: [U]=USER [ 721.655266][T15408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 721.655280][T15408] Call Trace: [ 721.655287][T15408] [ 721.655297][T15408] dump_stack_lvl+0x16c/0x1f0 [ 721.655347][T15408] should_fail_ex+0x50a/0x650 [ 721.655389][T15408] _copy_from_user+0x2e/0xd0 [ 721.655416][T15408] core_sys_select+0x318/0xb80 [ 721.655456][T15408] ? __pfx_core_sys_select+0x10/0x10 [ 721.655530][T15408] ? read_tsc+0x9/0x20 [ 721.655557][T15408] ? ktime_get_ts64+0x256/0x400 [ 721.655593][T15408] kern_select+0x15e/0x1e0 [ 721.655623][T15408] ? __pfx_kern_select+0x10/0x10 [ 721.655654][T15408] ? xfd_validate_state+0x5d/0x180 [ 721.655687][T15408] ? rcu_is_watching+0x12/0xc0 [ 721.655718][T15408] __x64_sys_select+0xbd/0x160 [ 721.655748][T15408] ? do_syscall_64+0x91/0x250 [ 721.655775][T15408] ? lockdep_hardirqs_on+0x7c/0x110 [ 721.655803][T15408] do_syscall_64+0xcd/0x250 [ 721.655835][T15408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.655867][T15408] RIP: 0033:0x7f61e878d169 [ 721.655888][T15408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.655911][T15408] RSP: 002b:00007f61e9699038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 721.655935][T15408] RAX: ffffffffffffffda RBX: 00007f61e89a6080 RCX: 00007f61e878d169 [ 721.655952][T15408] RDX: 0000400000000180 RSI: 0000400000000100 RDI: 00000000000000be [ 721.655968][T15408] RBP: 00007f61e880e2a0 R08: 0000400000000040 R09: 0000000000000000 [ 721.655984][T15408] R10: 0000400000000240 R11: 0000000000000246 R12: 0000000000000000 [ 721.655999][T15408] R13: 0000000000000000 R14: 00007f61e89a6080 R15: 00007ffca364d3f8 [ 721.656031][T15408] [ 721.860341][ T6486] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.129204][T15376] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.151271][T15376] bridge0: port 1(bridge_slave_0) entered disabled state [ 722.166346][T15376] bridge_slave_0: entered allmulticast mode [ 722.183132][T15376] bridge_slave_0: entered promiscuous mode [ 722.201962][T15376] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.226203][T15376] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.248275][T15376] bridge_slave_1: entered allmulticast mode [ 722.269213][T15376] bridge_slave_1: entered promiscuous mode [ 722.433338][T15376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 722.471148][T15376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.771559][T15376] team0: Port device team_slave_0 added [ 722.817388][T15376] team0: Port device team_slave_1 added [ 722.982511][ T6486] team0: left allmulticast mode [ 722.999278][ T6486] team_slave_0: left allmulticast mode [ 723.024410][ T6486] team_slave_1: left allmulticast mode [ 723.045642][ T6486] team0: left promiscuous mode [ 723.060678][ T6486] team_slave_0: left promiscuous mode [ 723.085999][ T6486] team_slave_1: left promiscuous mode [ 723.112854][ T6486] bridge0: port 3(team0) entered disabled state [ 723.151870][ T6486] bridge_slave_1: left allmulticast mode [ 723.170205][ T6486] bridge_slave_1: left promiscuous mode [ 723.210575][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.237979][ T6486] bridge_slave_0: left allmulticast mode [ 723.254026][ T6486] bridge_slave_0: left promiscuous mode [ 723.260488][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.314603][T10110] Bluetooth: hci3: command tx timeout [ 724.620069][ T6486] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 724.640530][ T6486] bond0 (unregistering): Released all slaves [ 724.798059][T15376] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 724.808620][T15376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 724.965481][T15376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 725.198314][ T6486] ovs_êˆ$-: left promiscuous mode [ 725.287918][T15376] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 725.307738][T15376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 725.383801][T10110] Bluetooth: hci3: command tx timeout [ 725.389573][T15376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 725.770111][T15447] FAULT_INJECTION: forcing a failure. [ 725.770111][T15447] name failslab, interval 1, probability 0, space 0, times 0 [ 725.809221][T15447] CPU: 0 UID: 0 PID: 15447 Comm: syz.2.2277 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 725.809265][T15447] Tainted: [U]=USER [ 725.809275][T15447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 725.809290][T15447] Call Trace: [ 725.809297][T15447] [ 725.809307][T15447] dump_stack_lvl+0x16c/0x1f0 [ 725.809349][T15447] should_fail_ex+0x50a/0x650 [ 725.809387][T15447] ? fs_reclaim_acquire+0xae/0x150 [ 725.809423][T15447] should_failslab+0xc2/0x120 [ 725.809449][T15447] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 725.809488][T15447] ? __alloc_skb+0x2b1/0x380 [ 725.809527][T15447] __alloc_skb+0x2b1/0x380 [ 725.809560][T15447] ? __pfx___alloc_skb+0x10/0x10 [ 725.809593][T15447] ? __pfx_mark_lock+0x10/0x10 [ 725.809627][T15447] ? __local_bh_enable_ip+0xa4/0x120 [ 725.809662][T15447] ? lockdep_hardirqs_on+0x7c/0x110 [ 725.809697][T15447] alloc_skb_with_frags+0xe4/0x850 [ 725.809724][T15447] ? hlock_class+0x4e/0x130 [ 725.809752][T15447] sock_alloc_send_pskb+0x7f1/0x980 [ 725.809784][T15447] ? __lock_acquire+0xcc5/0x3c40 [ 725.809825][T15447] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 725.809859][T15447] ? __pfx___lock_acquire+0x10/0x10 [ 725.809892][T15447] ? __pfx_mark_lock+0x10/0x10 [ 725.809921][T15447] ? hlock_class+0x4e/0x130 [ 725.809945][T15447] ? mark_lock+0xb5/0xc60 [ 725.809982][T15447] __ip_append_data+0x2433/0x4160 [ 725.810022][T15447] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 725.810076][T15447] ? ip_dst_mtu_maybe_forward.constprop.0+0x311/0x6e0 [ 725.810114][T15447] ? __pfx___ip_append_data+0x10/0x10 [ 725.810143][T15447] ? __pfx___lock_acquire+0x10/0x10 [ 725.810178][T15447] ip_make_skb+0x27d/0x300 [ 725.810212][T15447] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 725.810251][T15447] ? __pfx_ip_make_skb+0x10/0x10 [ 725.810301][T15447] ? udp_sendmsg+0x18c7/0x2a30 [ 725.810335][T15447] udp_sendmsg+0x18c7/0x2a30 [ 725.810375][T15447] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 725.810413][T15447] ? __pfx_udp_sendmsg+0x10/0x10 [ 725.810462][T15447] ? __pfx___might_resched+0x10/0x10 [ 725.810505][T15447] ? aa_sk_perm+0x2f5/0xb20 [ 725.810544][T15447] ? __pfx_udp_sendmsg+0x10/0x10 [ 725.810578][T15447] inet_sendmsg+0x105/0x140 [ 725.810618][T15447] ____sys_sendmsg+0x98c/0xc90 [ 725.810646][T15447] ? copy_msghdr_from_user+0x10b/0x160 [ 725.810680][T15447] ? __pfx_____sys_sendmsg+0x10/0x10 [ 725.810705][T15447] ? __lock_acquire+0xcc5/0x3c40 [ 725.810740][T15447] ? hlock_class+0x4e/0x130 [ 725.810765][T15447] ? __lock_acquire+0x15a9/0x3c40 [ 725.810805][T15447] ___sys_sendmsg+0x135/0x1e0 [ 725.810841][T15447] ? __pfx____sys_sendmsg+0x10/0x10 [ 725.810874][T15447] ? __pfx___lock_acquire+0x10/0x10 [ 725.810943][T15447] ? __pfx___might_resched+0x10/0x10 [ 725.810977][T15447] ? __might_fault+0xe3/0x190 [ 725.811007][T15447] __sys_sendmmsg+0x201/0x420 [ 725.811054][T15447] ? __pfx___sys_sendmmsg+0x10/0x10 [ 725.811101][T15447] ? __pfx_do_futex+0x10/0x10 [ 725.811148][T15447] ? xfd_validate_state+0x5d/0x180 [ 725.811183][T15447] ? rcu_is_watching+0x12/0xc0 [ 725.811214][T15447] __x64_sys_sendmmsg+0x9c/0x100 [ 725.811245][T15447] ? lockdep_hardirqs_on+0x7c/0x110 [ 725.811275][T15447] do_syscall_64+0xcd/0x250 [ 725.811308][T15447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.811343][T15447] RIP: 0033:0x7f0ca158d169 [ 725.811363][T15447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 725.811387][T15447] RSP: 002b:00007f0ca2309038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 725.811426][T15447] RAX: ffffffffffffffda RBX: 00007f0ca17a5fa0 RCX: 00007f0ca158d169 [ 725.811444][T15447] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 725.811460][T15447] RBP: 00007f0ca160e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 725.811476][T15447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.811490][T15447] R13: 0000000000000000 R14: 00007f0ca17a5fa0 R15: 00007ffe80621428 [ 725.811521][T15447] [ 726.685045][T15450] FAULT_INJECTION: forcing a failure. [ 726.685045][T15450] name fail_futex, interval 1, probability 0, space 0, times 0 [ 726.731126][T15450] CPU: 1 UID: 0 PID: 15450 Comm: syz.2.2278 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 726.731169][T15450] Tainted: [U]=USER [ 726.731178][T15450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 726.731192][T15450] Call Trace: [ 726.731199][T15450] [ 726.731210][T15450] dump_stack_lvl+0x16c/0x1f0 [ 726.731258][T15450] should_fail_ex+0x50a/0x650 [ 726.731299][T15450] ? __pfx___lock_acquire+0x10/0x10 [ 726.731336][T15450] get_futex_key+0x4a3/0x1000 [ 726.731368][T15450] ? __pfx_get_futex_key+0x10/0x10 [ 726.731401][T15450] ? fd_install+0x223/0x750 [ 726.731438][T15450] futex_wake+0xe8/0x4e0 [ 726.731475][T15450] ? __pfx_futex_wake+0x10/0x10 [ 726.731512][T15450] ? rcu_is_watching+0x12/0xc0 [ 726.731538][T15450] ? io_uring_setup+0x1762/0x2200 [ 726.731570][T15450] do_futex+0x1e5/0x350 [ 726.731600][T15450] ? __pfx_do_futex+0x10/0x10 [ 726.731633][T15450] ? __pfx___might_resched+0x10/0x10 [ 726.731673][T15450] __x64_sys_futex+0x1e1/0x4c0 [ 726.731706][T15450] ? __pfx___x64_sys_futex+0x10/0x10 [ 726.731737][T15450] ? rcu_is_watching+0x12/0xc0 [ 726.731772][T15450] do_syscall_64+0xcd/0x250 [ 726.731806][T15450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.731839][T15450] RIP: 0033:0x7f0ca158d169 [ 726.731859][T15450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.731883][T15450] RSP: 002b:00007f0ca23090e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 726.731907][T15450] RAX: ffffffffffffffda RBX: 00007f0ca17a5fa8 RCX: 00007f0ca158d169 [ 726.731926][T15450] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0ca17a5fac [ 726.731942][T15450] RBP: 00007f0ca17a5fa0 R08: 00007f0ca230a000 R09: 0000000000000000 [ 726.731959][T15450] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f0ca17a5fac [ 726.731976][T15450] R13: 0000000000000000 R14: 00007ffe80621340 R15: 00007ffe80621428 [ 726.732007][T15450] [ 727.408174][T15376] hsr_slave_0: entered promiscuous mode [ 727.429388][T15376] hsr_slave_1: entered promiscuous mode [ 727.446386][T15376] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 727.455666][T10110] Bluetooth: hci3: command tx timeout [ 727.481505][T15376] Cannot create hsr debugfs directory [ 727.593264][T15451] Process accounting resumed [ 728.947489][ T6486] veth1_macvtap: left promiscuous mode [ 728.968581][ T6486] veth0_macvtap: left promiscuous mode [ 730.089644][ T6486] team0 (unregistering): Port device team_slave_1 removed [ 730.228981][ T6486] team0 (unregistering): Port device team_slave_0 removed [ 730.371056][T15483] Falling back ldisc for pty19. [ 731.857677][T15376] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 731.915938][T15376] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 731.968696][T15376] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 732.001801][T15376] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 732.303908][T15376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 732.330404][T15506] mkiss: ax0: crc mode is auto. [ 732.551411][T15376] 8021q: adding VLAN 0 to HW filter on device team0 [ 732.602714][T12907] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.609919][T12907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.651927][ T7163] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.659133][ T7163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.867584][T15521] FAULT_INJECTION: forcing a failure. [ 732.867584][T15521] name fail_futex, interval 1, probability 0, space 0, times 0 [ 732.906656][T15521] CPU: 1 UID: 60929 PID: 15521 Comm: syz.2.2301 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 732.906696][T15521] Tainted: [U]=USER [ 732.906704][T15521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 732.906718][T15521] Call Trace: [ 732.906726][T15521] [ 732.906735][T15521] dump_stack_lvl+0x16c/0x1f0 [ 732.906770][T15521] should_fail_ex+0x50a/0x650 [ 732.906805][T15521] ? __lock_acquire+0x15a9/0x3c40 [ 732.906835][T15521] get_futex_key+0x1c3/0x1000 [ 732.906865][T15521] ? __pfx_get_futex_key+0x10/0x10 [ 732.906901][T15521] futex_wake+0xe8/0x4e0 [ 732.906935][T15521] ? __pfx_futex_wake+0x10/0x10 [ 732.906970][T15521] ? find_held_lock+0x2d/0x110 [ 732.907002][T15521] do_futex+0x1e5/0x350 [ 732.907030][T15521] ? __pfx_do_futex+0x10/0x10 [ 732.907057][T15521] ? __might_fault+0xe3/0x190 [ 732.907080][T15521] ? __might_fault+0xe3/0x190 [ 732.907103][T15521] mm_release+0x24e/0x300 [ 732.907133][T15521] do_exit+0x886/0x2d70 [ 732.907158][T15521] ? get_signal+0x8f7/0x26c0 [ 732.907189][T15521] ? __pfx_do_exit+0x10/0x10 [ 732.907211][T15521] ? do_raw_spin_lock+0x12d/0x2c0 [ 732.907234][T15521] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 732.907260][T15521] do_group_exit+0xd3/0x2a0 [ 732.907285][T15521] get_signal+0x24ed/0x26c0 [ 732.907327][T15521] ? __pfx_get_signal+0x10/0x10 [ 732.907360][T15521] ? __pfx_do_futex+0x10/0x10 [ 732.907390][T15521] arch_do_signal_or_restart+0x90/0x7e0 [ 732.907425][T15521] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 732.907457][T15521] ? set_cred_ucounts+0x10f/0x200 [ 732.907492][T15521] syscall_exit_to_user_mode+0x150/0x2a0 [ 732.907520][T15521] do_syscall_64+0xda/0x250 [ 732.907548][T15521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.907577][T15521] RIP: 0033:0x7f0ca158d169 [ 732.907595][T15521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.907616][T15521] RSP: 002b:00007f0ca23090e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 732.907636][T15521] RAX: fffffffffffffe00 RBX: 00007f0ca17a5fa8 RCX: 00007f0ca158d169 [ 732.907651][T15521] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0ca17a5fa8 [ 732.907664][T15521] RBP: 00007f0ca17a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 732.907678][T15521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ca17a5fac [ 732.907692][T15521] R13: 0000000000000000 R14: 00007ffe80621340 R15: 00007ffe80621428 [ 732.907723][T15521] [ 733.392696][T15376] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 733.427081][T15376] veth0_vlan: entered promiscuous mode [ 733.486863][T15376] veth1_vlan: entered promiscuous mode [ 733.583548][T15376] veth0_macvtap: entered promiscuous mode [ 733.624959][T15376] veth1_macvtap: entered promiscuous mode [ 733.689257][T15376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.774296][T15376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.993420][T15376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 734.004572][T15376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.021013][T15376] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 734.035342][T15376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.047375][T15376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.057957][T15376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.069462][T15376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.080002][T15376] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.107897][T15376] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.119221][T15376] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 734.150834][T15376] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.164579][T15376] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.187511][T15376] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.196267][T15376] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.226121][T15514] Process accounting paused [ 734.394306][T12905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.436439][T12905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 734.502029][ T6487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.518048][ T6487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 735.607029][T15559] ecryptfs_miscdev_write: Invalid packet size [111] [ 735.638725][T15555] ERROR: Out of memory at tomoyo_memory_ok. [ 736.559989][T15575] FAULT_INJECTION: forcing a failure. [ 736.559989][T15575] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 736.595047][T15575] CPU: 1 UID: 0 PID: 15575 Comm: syz.5.2312 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 736.595085][T15575] Tainted: [U]=USER [ 736.595092][T15575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 736.595105][T15575] Call Trace: [ 736.595117][T15575] [ 736.595127][T15575] dump_stack_lvl+0x16c/0x1f0 [ 736.595163][T15575] should_fail_ex+0x50a/0x650 [ 736.595203][T15575] _copy_to_user+0x32/0xd0 [ 736.595231][T15575] snd_timer_user_params.isra.0+0x239/0x8f0 [ 736.595270][T15575] ? __pfx_snd_timer_user_params.isra.0+0x10/0x10 [ 736.595315][T15575] ? tomoyo_path_number_perm+0x46d/0x590 [ 736.595353][T15575] __snd_timer_user_ioctl.isra.0+0x1093/0x2640 [ 736.595386][T15575] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 736.595416][T15575] ? __mutex_trylock_common+0xea/0x250 [ 736.595450][T15575] ? __pfx___mutex_trylock_common+0x10/0x10 [ 736.595483][T15575] ? snd_timer_user_ioctl+0x4a/0xb0 [ 736.595513][T15575] ? rcu_is_watching+0x12/0xc0 [ 736.595538][T15575] ? trace_contention_end+0xee/0x140 [ 736.595571][T15575] ? __mutex_lock+0x1cc/0xb10 [ 736.595598][T15575] ? snd_timer_user_ioctl+0x4a/0xb0 [ 736.595625][T15575] ? __pfx___mutex_lock+0x10/0x10 [ 736.595658][T15575] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 736.595706][T15575] snd_timer_user_ioctl+0x72/0xb0 [ 736.595733][T15575] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 736.595763][T15575] __x64_sys_ioctl+0x190/0x200 [ 736.595793][T15575] do_syscall_64+0xcd/0x250 [ 736.595826][T15575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.595857][T15575] RIP: 0033:0x7f61e878d169 [ 736.595877][T15575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 736.595899][T15575] RSP: 002b:00007f61e96ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 736.595922][T15575] RAX: ffffffffffffffda RBX: 00007f61e89a5fa0 RCX: 00007f61e878d169 [ 736.595939][T15575] RDX: 0000000000000000 RSI: 0000000040505412 RDI: 0000000000000002 [ 736.595953][T15575] RBP: 00007f61e96ba090 R08: 0000000000000000 R09: 0000000000000000 [ 736.595968][T15575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 736.595982][T15575] R13: 0000000000000000 R14: 00007f61e89a5fa0 R15: 00007ffca364d3f8 [ 736.596014][T15575] [ 737.975313][T15601] ecryptfs_miscdev_write: Invalid packet size [111] [ 738.831925][T15597] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 738.845195][T15597] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 738.851483][T15597] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 738.860156][T15597] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 738.885024][T15597] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 738.905467][T15597] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 738.920810][T15597] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 738.941763][T15597] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 739.235276][T15619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2324'. [ 739.344988][T15619] FAULT_INJECTION: forcing a failure. [ 739.344988][T15619] name failslab, interval 1, probability 0, space 0, times 0 [ 739.380793][T15619] CPU: 1 UID: 0 PID: 15619 Comm: syz.0.2324 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 739.380833][T15619] Tainted: [U]=USER [ 739.380842][T15619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 739.380857][T15619] Call Trace: [ 739.380865][T15619] [ 739.380875][T15619] dump_stack_lvl+0x16c/0x1f0 [ 739.380915][T15619] should_fail_ex+0x50a/0x650 [ 739.380952][T15619] ? fs_reclaim_acquire+0xae/0x150 [ 739.380987][T15619] ? ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 739.381028][T15619] should_failslab+0xc2/0x120 [ 739.381053][T15619] __kmalloc_cache_noprof+0x68/0x410 [ 739.381087][T15619] ? ieee80211_txq_set_params+0x1c4/0x2f0 [ 739.381127][T15619] ieee80211_init_rate_ctrl_alg+0x175/0x6b0 [ 739.381164][T15619] ieee80211_register_hw+0x20cd/0x4060 [ 739.381211][T15619] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 739.381245][T15619] ? net_generic+0xea/0x2a0 [ 739.381278][T15619] ? lockdep_init_map_type+0x16d/0x7d0 [ 739.381317][T15619] ? __asan_memset+0x23/0x50 [ 739.381348][T15619] ? __hrtimer_init+0x106/0x2c0 [ 739.381387][T15619] mac80211_hwsim_new_radio+0x304e/0x54e0 [ 739.381438][T15619] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 739.381482][T15619] hwsim_new_radio_nl+0xb42/0x12b0 [ 739.381519][T15619] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 739.381566][T15619] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 739.381605][T15619] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 739.381650][T15619] genl_family_rcv_msg_doit+0x202/0x2f0 [ 739.381688][T15619] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 739.381724][T15619] ? trace_cap_capable+0x1a2/0x210 [ 739.381759][T15619] ? bpf_lsm_capable+0x9/0x10 [ 739.381785][T15619] ? security_capable+0x7e/0x260 [ 739.381810][T15619] ? ns_capable+0xd7/0x110 [ 739.381845][T15619] genl_rcv_msg+0x565/0x800 [ 739.381882][T15619] ? __pfx_genl_rcv_msg+0x10/0x10 [ 739.381920][T15619] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 739.381967][T15619] netlink_rcv_skb+0x16b/0x440 [ 739.382009][T15619] ? __pfx_genl_rcv_msg+0x10/0x10 [ 739.382050][T15619] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 739.382101][T15619] ? down_read+0xc9/0x330 [ 739.382135][T15619] ? __pfx_down_read+0x10/0x10 [ 739.382169][T15619] ? netlink_deliver_tap+0x1ae/0xd30 [ 739.382204][T15619] genl_rcv+0x28/0x40 [ 739.382237][T15619] netlink_unicast+0x53c/0x7f0 [ 739.382274][T15619] ? __pfx_netlink_unicast+0x10/0x10 [ 739.382308][T15619] ? __phys_addr_symbol+0x30/0x80 [ 739.382333][T15619] ? __check_object_size+0x488/0x710 [ 739.382362][T15619] netlink_sendmsg+0x8b8/0xd70 [ 739.382403][T15619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 739.382448][T15619] ____sys_sendmsg+0xaaf/0xc90 [ 739.382478][T15619] ? copy_msghdr_from_user+0x10b/0x160 [ 739.382513][T15619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 739.382559][T15619] ___sys_sendmsg+0x135/0x1e0 [ 739.382596][T15619] ? __pfx____sys_sendmsg+0x10/0x10 [ 739.382645][T15619] ? __pfx_lock_release+0x10/0x10 [ 739.382677][T15619] ? trace_lock_acquire+0x14e/0x1f0 [ 739.382719][T15619] ? __fget_files+0x206/0x3a0 [ 739.382760][T15619] __sys_sendmsg+0x16e/0x220 [ 739.382794][T15619] ? __pfx___sys_sendmsg+0x10/0x10 [ 739.382829][T15619] ? __x64_sys_futex+0x1e1/0x4c0 [ 739.382882][T15619] do_syscall_64+0xcd/0x250 [ 739.382917][T15619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.382950][T15619] RIP: 0033:0x7f2e15d8d169 [ 739.382971][T15619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.382995][T15619] RSP: 002b:00007f2e16be8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 739.383026][T15619] RAX: ffffffffffffffda RBX: 00007f2e15fa5fa0 RCX: 00007f2e15d8d169 [ 739.383042][T15619] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 739.383059][T15619] RBP: 00007f2e15e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 739.383074][T15619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.383090][T15619] R13: 0000000000000000 R14: 00007f2e15fa5fa0 R15: 00007ffd2addefb8 [ 739.383124][T15619] [ 739.383138][T15619] ieee80211 phy51: Failed to select rate control algorithm [ 739.485963][T15624] FAULT_INJECTION: forcing a failure. [ 739.485963][T15624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 739.819543][T15624] CPU: 1 UID: 0 PID: 15624 Comm: syz.1.2325 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 739.819578][T15624] Tainted: [U]=USER [ 739.819586][T15624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 739.819599][T15624] Call Trace: [ 739.819607][T15624] [ 739.819616][T15624] dump_stack_lvl+0x16c/0x1f0 [ 739.819651][T15624] should_fail_ex+0x50a/0x650 [ 739.819690][T15624] _copy_to_user+0x32/0xd0 [ 739.819717][T15624] simple_read_from_buffer+0xd0/0x160 [ 739.819749][T15624] proc_fail_nth_read+0x198/0x270 [ 739.819779][T15624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 739.819810][T15624] ? rw_verify_area+0xcf/0x680 [ 739.819837][T15624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 739.819865][T15624] vfs_read+0x1df/0xbf0 [ 739.819895][T15624] ? __fget_files+0x1fc/0x3a0 [ 739.819928][T15624] ? __pfx___mutex_lock+0x10/0x10 [ 739.819958][T15624] ? __pfx_vfs_read+0x10/0x10 [ 739.820004][T15624] ? __fget_files+0x206/0x3a0 [ 739.820044][T15624] ksys_read+0x12b/0x250 [ 739.820073][T15624] ? __pfx_ksys_read+0x10/0x10 [ 739.820112][T15624] do_syscall_64+0xcd/0x250 [ 739.820144][T15624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.820175][T15624] RIP: 0033:0x7f544278bb7c [ 739.820194][T15624] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 739.820216][T15624] RSP: 002b:00007f54405d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 739.820239][T15624] RAX: ffffffffffffffda RBX: 00007f54429a6080 RCX: 00007f544278bb7c [ 739.820256][T15624] RDX: 000000000000000f RSI: 00007f54405d50a0 RDI: 0000000000000005 [ 739.820270][T15624] RBP: 00007f54405d5090 R08: 0000000000000000 R09: 0000000000000000 [ 739.820284][T15624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 739.820298][T15624] R13: 0000000000000000 R14: 00007f54429a6080 R15: 00007ffddbd66318 [ 739.820330][T15624] [ 740.277839][T10110] Bluetooth: hci2: command 0x0419 tx timeout [ 740.619087][T15636] FAULT_INJECTION: forcing a failure. [ 740.619087][T15636] name fail_futex, interval 1, probability 0, space 0, times 0 [ 740.653922][T15636] CPU: 1 UID: 60929 PID: 15636 Comm: syz.2.2327 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 740.653957][T15636] Tainted: [U]=USER [ 740.653964][T15636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 740.653976][T15636] Call Trace: [ 740.653983][T15636] [ 740.653990][T15636] dump_stack_lvl+0x16c/0x1f0 [ 740.654024][T15636] should_fail_ex+0x50a/0x650 [ 740.654054][T15636] ? __lock_acquire+0x15a9/0x3c40 [ 740.654088][T15636] get_futex_key+0x4a3/0x1000 [ 740.654118][T15636] ? __pfx_get_futex_key+0x10/0x10 [ 740.654155][T15636] futex_wake+0xe8/0x4e0 [ 740.654189][T15636] ? __pfx_futex_wake+0x10/0x10 [ 740.654223][T15636] ? find_held_lock+0x2d/0x110 [ 740.654256][T15636] do_futex+0x1e5/0x350 [ 740.654283][T15636] ? __pfx_do_futex+0x10/0x10 [ 740.654308][T15636] ? __might_fault+0xe3/0x190 [ 740.654334][T15636] ? __might_fault+0xe3/0x190 [ 740.654360][T15636] mm_release+0x24e/0x300 [ 740.654393][T15636] do_exit+0x886/0x2d70 [ 740.654420][T15636] ? get_signal+0x8f7/0x26c0 [ 740.654453][T15636] ? __pfx_do_exit+0x10/0x10 [ 740.654477][T15636] ? do_raw_spin_lock+0x12d/0x2c0 [ 740.654499][T15636] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 740.654526][T15636] do_group_exit+0xd3/0x2a0 [ 740.654552][T15636] get_signal+0x24ed/0x26c0 [ 740.654596][T15636] ? __pfx_get_signal+0x10/0x10 [ 740.654640][T15636] ? __pfx_do_futex+0x10/0x10 [ 740.654670][T15636] arch_do_signal_or_restart+0x90/0x7e0 [ 740.654699][T15636] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 740.654732][T15636] ? set_cred_ucounts+0x10f/0x200 [ 740.654770][T15636] syscall_exit_to_user_mode+0x150/0x2a0 [ 740.654802][T15636] do_syscall_64+0xda/0x250 [ 740.654841][T15636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.654873][T15636] RIP: 0033:0x7f0ca158d169 [ 740.654892][T15636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.654914][T15636] RSP: 002b:00007f0c9f3f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 740.654936][T15636] RAX: fffffffffffffe00 RBX: 00007f0ca17a6088 RCX: 00007f0ca158d169 [ 740.654950][T15636] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0ca17a6088 [ 740.654962][T15636] RBP: 00007f0ca17a6080 R08: 0000000000000000 R09: 0000000000000000 [ 740.654976][T15636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ca17a608c [ 740.654988][T15636] R13: 0000000000000000 R14: 00007ffe80621340 R15: 00007ffe80621428 [ 740.655016][T15636] [ 741.035176][T10110] Bluetooth: hci3: command 0x0c1a tx timeout [ 741.041288][T10110] Bluetooth: hci1: command 0x0c1a tx timeout [ 741.047589][T10110] Bluetooth: hci0: command 0x0c1a tx timeout [ 741.197482][T15646] ecryptfs_miscdev_write: Invalid packet size [111] [ 742.850678][T15688] ecryptfs_miscdev_write: Invalid packet size [111] [ 743.051614][T11848] Bluetooth: hci1: command 0x0c1a tx timeout [ 743.051885][T10110] Bluetooth: hci3: command 0x0c1a tx timeout [ 744.606997][T15720] HfR: entered promiscuous mode [ 744.636834][T15720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2352'. [ 744.666405][T15720] HfR: left promiscuous mode [ 744.713880][T15721] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2352'. [ 744.843839][T10110] Bluetooth: hci0: unexpected event 0x32 length: 10 > 9 [ 745.031312][T15725] FAULT_INJECTION: forcing a failure. [ 745.031312][T15725] name fail_futex, interval 1, probability 0, space 0, times 0 [ 745.104251][T15725] CPU: 1 UID: 60929 PID: 15725 Comm: syz.5.2354 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 745.104292][T15725] Tainted: [U]=USER [ 745.104300][T15725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 745.104313][T15725] Call Trace: [ 745.104320][T15725] [ 745.104329][T15725] dump_stack_lvl+0x16c/0x1f0 [ 745.104365][T15725] should_fail_ex+0x50a/0x650 [ 745.104401][T15725] ? __lock_acquire+0x15a9/0x3c40 [ 745.104435][T15725] get_futex_key+0xac1/0x1000 [ 745.104465][T15725] ? __pfx_get_futex_key+0x10/0x10 [ 745.104504][T15725] futex_wake+0xe8/0x4e0 [ 745.104538][T15725] ? __pfx_futex_wake+0x10/0x10 [ 745.104573][T15725] ? find_held_lock+0x2d/0x110 [ 745.104605][T15725] do_futex+0x1e5/0x350 [ 745.104633][T15725] ? __pfx_do_futex+0x10/0x10 [ 745.104660][T15725] ? __might_fault+0xe3/0x190 [ 745.104685][T15725] ? __might_fault+0xe3/0x190 [ 745.104713][T15725] mm_release+0x24e/0x300 [ 745.104746][T15725] do_exit+0x886/0x2d70 [ 745.104773][T15725] ? get_signal+0x8f7/0x26c0 [ 745.104807][T15725] ? __pfx_do_exit+0x10/0x10 [ 745.104831][T15725] ? do_raw_spin_lock+0x12d/0x2c0 [ 745.104854][T15725] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 745.104880][T15725] do_group_exit+0xd3/0x2a0 [ 745.104907][T15725] get_signal+0x24ed/0x26c0 [ 745.104952][T15725] ? __pfx_get_signal+0x10/0x10 [ 745.104987][T15725] ? __pfx_do_futex+0x10/0x10 [ 745.105018][T15725] arch_do_signal_or_restart+0x90/0x7e0 [ 745.105046][T15725] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 745.105081][T15725] ? set_cred_ucounts+0x10f/0x200 [ 745.105119][T15725] syscall_exit_to_user_mode+0x150/0x2a0 [ 745.105151][T15725] do_syscall_64+0xda/0x250 [ 745.105183][T15725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.105228][T15725] RIP: 0033:0x7f61e878d169 [ 745.105247][T15725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.105269][T15725] RSP: 002b:00007f61e96ba0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 745.105292][T15725] RAX: fffffffffffffe00 RBX: 00007f61e89a5fa8 RCX: 00007f61e878d169 [ 745.105308][T15725] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f61e89a5fa8 [ 745.105323][T15725] RBP: 00007f61e89a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 745.105338][T15725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61e89a5fac [ 745.105353][T15725] R13: 0000000000000000 R14: 00007ffca364d310 R15: 00007ffca364d3f8 [ 745.105383][T15725] [ 745.375987][T10110] Bluetooth: hci1: command 0x0c1a tx timeout [ 745.382223][T10110] Bluetooth: hci3: command 0x0c1a tx timeout [ 746.079577][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.086361][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.325707][T15756] FAULT_INJECTION: forcing a failure. [ 748.325707][T15756] name fail_futex, interval 1, probability 0, space 0, times 0 [ 748.383696][T15756] CPU: 1 UID: 60929 PID: 15756 Comm: syz.1.2365 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 748.383735][T15756] Tainted: [U]=USER [ 748.383744][T15756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 748.383759][T15756] Call Trace: [ 748.383768][T15756] [ 748.383778][T15756] dump_stack_lvl+0x16c/0x1f0 [ 748.383815][T15756] should_fail_ex+0x50a/0x650 [ 748.383853][T15756] ? lock_acquire+0x2f/0xb0 [ 748.383897][T15756] get_futex_key+0x4a3/0x1000 [ 748.383927][T15756] ? is_bpf_text_address+0x94/0x1a0 [ 748.383960][T15756] ? kernel_text_address+0x8d/0x100 [ 748.383995][T15756] ? __pfx_get_futex_key+0x10/0x10 [ 748.384025][T15756] ? arch_stack_walk+0xa7/0x100 [ 748.384058][T15756] futex_wait_setup+0x78/0x290 [ 748.384100][T15756] __futex_wait+0x267/0x3c0 [ 748.384134][T15756] ? __pfx___futex_wait+0x10/0x10 [ 748.384175][T15756] ? __pfx_futex_wake_mark+0x10/0x10 [ 748.384223][T15756] futex_wait+0xe9/0x380 [ 748.384256][T15756] ? __pfx_futex_wait+0x10/0x10 [ 748.384307][T15756] do_futex+0x22b/0x350 [ 748.384337][T15756] ? __pfx_do_futex+0x10/0x10 [ 748.384367][T15756] ? __kmalloc_noprof+0x23b/0x510 [ 748.384407][T15756] __x64_sys_futex+0x1e1/0x4c0 [ 748.384441][T15756] ? __pfx___x64_sys_futex+0x10/0x10 [ 748.384469][T15756] ? set_cred_ucounts+0x10f/0x200 [ 748.384512][T15756] do_syscall_64+0xcd/0x250 [ 748.384546][T15756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 748.384579][T15756] RIP: 0033:0x7f544278d169 [ 748.384600][T15756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.384623][T15756] RSP: 002b:00007f54405f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 748.384647][T15756] RAX: ffffffffffffffda RBX: 00007f54429a5fa8 RCX: 00007f544278d169 [ 748.384664][T15756] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f54429a5fa8 [ 748.384680][T15756] RBP: 00007f54429a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 748.384696][T15756] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54429a5fac [ 748.384712][T15756] R13: 0000000000000000 R14: 00007ffddbd66230 R15: 00007ffddbd66318 [ 748.384744][T15756] [ 748.609180][ C1] vkms_vblank_simulate: vblank timer overrun [ 750.132284][T15779] FAULT_INJECTION: forcing a failure. [ 750.132284][T15779] name failslab, interval 1, probability 0, space 0, times 0 [ 750.145777][T15779] CPU: 1 UID: 60929 PID: 15779 Comm: syz.0.2372 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 750.145814][T15779] Tainted: [U]=USER [ 750.145821][T15779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 750.145835][T15779] Call Trace: [ 750.145842][T15779] [ 750.145851][T15779] dump_stack_lvl+0x16c/0x1f0 [ 750.145885][T15779] should_fail_ex+0x50a/0x650 [ 750.145940][T15779] ? fs_reclaim_acquire+0xae/0x150 [ 750.145972][T15779] should_failslab+0xc2/0x120 [ 750.145996][T15779] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 750.146027][T15779] ? __pfx_acct_collect+0x10/0x10 [ 750.146059][T15779] ? taskstats_exit+0x656/0xbe0 [ 750.146091][T15779] ? acct_update_integrals+0x3e7/0x4b0 [ 750.146127][T15779] taskstats_exit+0x656/0xbe0 [ 750.146159][T15779] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 750.146181][T15779] ? __pfx_taskstats_exit+0x10/0x10 [ 750.146214][T15779] ? _raw_spin_unlock_irq+0x23/0x50 [ 750.146239][T15779] ? __seccomp_filter_orphan+0x18/0x110 [ 750.146264][T15779] ? __put_seccomp_filter+0x16/0xf0 [ 750.146294][T15779] do_exit+0x845/0x2d70 [ 750.146321][T15779] ? get_signal+0x8f7/0x26c0 [ 750.146354][T15779] ? __pfx_do_exit+0x10/0x10 [ 750.146377][T15779] ? do_raw_spin_lock+0x12d/0x2c0 [ 750.146400][T15779] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 750.146426][T15779] do_group_exit+0xd3/0x2a0 [ 750.146453][T15779] get_signal+0x24ed/0x26c0 [ 750.146497][T15779] ? __pfx_get_signal+0x10/0x10 [ 750.146531][T15779] ? __pfx_do_futex+0x10/0x10 [ 750.146560][T15779] arch_do_signal_or_restart+0x90/0x7e0 [ 750.146589][T15779] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 750.146621][T15779] ? set_cred_ucounts+0x10f/0x200 [ 750.146663][T15779] syscall_exit_to_user_mode+0x150/0x2a0 [ 750.146693][T15779] do_syscall_64+0xda/0x250 [ 750.146724][T15779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.146755][T15779] RIP: 0033:0x7f2e15d8d169 [ 750.146774][T15779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 750.146797][T15779] RSP: 002b:00007f2e16be80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 750.146820][T15779] RAX: fffffffffffffe00 RBX: 00007f2e15fa5fa8 RCX: 00007f2e15d8d169 [ 750.146836][T15779] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2e15fa5fa8 [ 750.146851][T15779] RBP: 00007f2e15fa5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 750.146866][T15779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e15fa5fac [ 750.146881][T15779] R13: 0000000000000000 R14: 00007ffd2addeed0 R15: 00007ffd2addefb8 [ 750.146911][T15779] [ 750.409854][ C1] vkms_vblank_simulate: vblank timer overrun [ 750.956824][T15797] ecryptfs_miscdev_write: Invalid packet size [111] [ 751.104442][T15791] Process accounting resumed [ 752.725498][T15833] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2389'. [ 752.750187][T15829] FAULT_INJECTION: forcing a failure. [ 752.750187][T15829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 752.750965][ T29] audit: type=1804 audit(4294967297.874:37): pid=15838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2388" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 752.773701][T15839] ecryptfs_miscdev_write: Invalid packet size [111] [ 752.816368][T15829] CPU: 1 UID: 0 PID: 15829 Comm: syz.1.2388 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 752.816404][T15829] Tainted: [U]=USER [ 752.816411][T15829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 752.816423][T15829] Call Trace: [ 752.816430][T15829] [ 752.816441][T15829] dump_stack_lvl+0x16c/0x1f0 [ 752.816477][T15829] should_fail_ex+0x50a/0x650 [ 752.816516][T15829] _copy_from_user+0x2e/0xd0 [ 752.816543][T15829] memdup_user_nul+0x72/0x110 [ 752.816572][T15829] subsystem_filter_write+0x6a/0x120 [ 752.816602][T15829] ? __pfx_subsystem_filter_write+0x10/0x10 [ 752.816626][T15829] vfs_write+0x24c/0x1150 [ 752.816664][T15829] ? __fget_files+0x1fc/0x3a0 [ 752.816695][T15829] ? __pfx___mutex_lock+0x10/0x10 [ 752.816724][T15829] ? __pfx_vfs_write+0x10/0x10 [ 752.816761][T15829] ? __fget_files+0x206/0x3a0 [ 752.816802][T15829] ksys_write+0x12b/0x250 [ 752.816832][T15829] ? __pfx_ksys_write+0x10/0x10 [ 752.816872][T15829] do_syscall_64+0xcd/0x250 [ 752.816903][T15829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.816934][T15829] RIP: 0033:0x7f544278d169 [ 752.816949][T15829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.816968][T15829] RSP: 002b:00007f54405f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 752.816990][T15829] RAX: ffffffffffffffda RBX: 00007f54429a5fa0 RCX: 00007f544278d169 [ 752.817006][T15829] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000004 [ 752.817020][T15829] RBP: 00007f54405f6090 R08: 0000000000000000 R09: 0000000000000000 [ 752.817034][T15829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.817047][T15829] R13: 0000000000000000 R14: 00007f54429a5fa0 R15: 00007ffddbd66318 [ 752.817079][T15829] [ 753.002309][ C1] vkms_vblank_simulate: vblank timer overrun [ 753.547049][T12905] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 754.422100][T15851] ERROR: Out of memory at tomoyo_memory_ok. [ 755.263410][T15855] FAULT_INJECTION: forcing a failure. [ 755.263410][T15855] name fail_futex, interval 1, probability 0, space 0, times 0 [ 755.310876][T10110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 755.324091][T10110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 755.339823][T10110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 755.351224][T10110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 755.360650][T10110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 755.368841][T10110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 755.370227][T15855] CPU: 0 UID: 60929 PID: 15855 Comm: syz.5.2396 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 755.370264][T15855] Tainted: [U]=USER [ 755.370272][T15855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 755.370287][T15855] Call Trace: [ 755.370295][T15855] [ 755.370304][T15855] dump_stack_lvl+0x16c/0x1f0 [ 755.370343][T15855] should_fail_ex+0x50a/0x650 [ 755.370380][T15855] ? lock_acquire+0x2f/0xb0 [ 755.370417][T15855] get_futex_key+0x4a3/0x1000 [ 755.370445][T15855] ? is_bpf_text_address+0x94/0x1a0 [ 755.370478][T15855] ? kernel_text_address+0x8d/0x100 [ 755.370509][T15855] ? __pfx_get_futex_key+0x10/0x10 [ 755.370538][T15855] ? arch_stack_walk+0xa7/0x100 [ 755.370569][T15855] futex_wait_setup+0x78/0x290 [ 755.370609][T15855] __futex_wait+0x267/0x3c0 [ 755.370644][T15855] ? __pfx___futex_wait+0x10/0x10 [ 755.370683][T15855] ? __pfx_futex_wake_mark+0x10/0x10 [ 755.370729][T15855] futex_wait+0xe9/0x380 [ 755.370761][T15855] ? __pfx_futex_wait+0x10/0x10 [ 755.370809][T15855] do_futex+0x22b/0x350 [ 755.370838][T15855] ? __pfx_do_futex+0x10/0x10 [ 755.370865][T15855] ? __kmalloc_noprof+0x23b/0x510 [ 755.370905][T15855] __x64_sys_futex+0x1e1/0x4c0 [ 755.370937][T15855] ? __pfx___x64_sys_futex+0x10/0x10 [ 755.370964][T15855] ? set_cred_ucounts+0x10f/0x200 [ 755.371004][T15855] do_syscall_64+0xcd/0x250 [ 755.371036][T15855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.371068][T15855] RIP: 0033:0x7f61e878d169 [ 755.371087][T15855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.371109][T15855] RSP: 002b:00007f61e96ba0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 755.371131][T15855] RAX: ffffffffffffffda RBX: 00007f61e89a5fa8 RCX: 00007f61e878d169 [ 755.371149][T15855] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f61e89a5fa8 [ 755.371173][T15855] RBP: 00007f61e89a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 755.371189][T15855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61e89a5fac [ 755.371205][T15855] R13: 0000000000000000 R14: 00007ffca364d310 R15: 00007ffca364d3f8 [ 755.371237][T15855] [ 756.225569][ T6621] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.319851][T15866] netlink: 186 bytes leftover after parsing attributes in process `syz.5.2400'. [ 756.552249][ T6621] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 756.955022][ T29] audit: type=1804 audit(4294967302.106:38): pid=15870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2401" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 757.031981][ T6621] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.053973][T15870] FAULT_INJECTION: forcing a failure. [ 757.053973][T15870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 757.098540][T15856] chnl_net:caif_netlink_parms(): no params data found [ 757.098540][T15870] CPU: 0 UID: 0 PID: 15870 Comm: syz.5.2401 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 757.098575][T15870] Tainted: [U]=USER [ 757.098581][T15870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 757.098591][T15870] Call Trace: [ 757.098597][T15870] [ 757.098605][T15870] dump_stack_lvl+0x16c/0x1f0 [ 757.098641][T15870] should_fail_ex+0x50a/0x650 [ 757.098679][T15870] _copy_to_user+0x32/0xd0 [ 757.098708][T15870] simple_read_from_buffer+0xd0/0x160 [ 757.098739][T15870] proc_fail_nth_read+0x198/0x270 [ 757.098767][T15870] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 757.098797][T15870] ? rw_verify_area+0xcf/0x680 [ 757.098824][T15870] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 757.098851][T15870] vfs_read+0x1df/0xbf0 [ 757.098880][T15870] ? __fget_files+0x1fc/0x3a0 [ 757.098912][T15870] ? __pfx___mutex_lock+0x10/0x10 [ 757.098941][T15870] ? __pfx_vfs_read+0x10/0x10 [ 757.098978][T15870] ? __fget_files+0x206/0x3a0 [ 757.099016][T15870] ksys_read+0x12b/0x250 [ 757.099044][T15870] ? __pfx_ksys_read+0x10/0x10 [ 757.099083][T15870] do_syscall_64+0xcd/0x250 [ 757.099113][T15870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.099153][T15870] RIP: 0033:0x7f61e878bb7c [ 757.099172][T15870] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 757.099194][T15870] RSP: 002b:00007f61e96ba030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 757.099215][T15870] RAX: ffffffffffffffda RBX: 00007f61e89a5fa0 RCX: 00007f61e878bb7c [ 757.099230][T15870] RDX: 000000000000000f RSI: 00007f61e96ba0a0 RDI: 0000000000000005 [ 757.099244][T15870] RBP: 00007f61e96ba090 R08: 0000000000000000 R09: 0000000000000000 [ 757.099265][T15870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 757.099279][T15870] R13: 0000000000000000 R14: 00007f61e89a5fa0 R15: 00007ffca364d3f8 [ 757.099309][T15870] [ 757.508021][ T6621] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.628753][T15877] FAULT_INJECTION: forcing a failure. [ 757.628753][T15877] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 757.686717][T15877] CPU: 0 UID: 0 PID: 15877 Comm: syz.0.2399 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 757.686754][T15877] Tainted: [U]=USER [ 757.686762][T15877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 757.686774][T15877] Call Trace: [ 757.686781][T15877] [ 757.686790][T15877] dump_stack_lvl+0x16c/0x1f0 [ 757.686826][T15877] should_fail_ex+0x50a/0x650 [ 757.686865][T15877] _copy_from_user+0x2e/0xd0 [ 757.686891][T15877] sctp_getsockopt+0x13a6/0x74a0 [ 757.686928][T15877] ? hlock_class+0x4e/0x130 [ 757.686951][T15877] ? mark_lock+0xb5/0xc60 [ 757.686978][T15877] ? aa_label_sk_perm+0x19d/0x5a0 [ 757.687019][T15877] ? __pfx_sctp_getsockopt+0x10/0x10 [ 757.687051][T15877] ? __lock_acquire+0x15a9/0x3c40 [ 757.687094][T15877] ? __pfx___lock_acquire+0x10/0x10 [ 757.687135][T15877] ? find_held_lock+0x2d/0x110 [ 757.687166][T15877] ? __pfx_lock_release+0x10/0x10 [ 757.687201][T15877] ? lock_acquire+0x2f/0xb0 [ 757.687229][T15877] ? __might_fault+0xe3/0x190 [ 757.687253][T15877] ? __might_fault+0xe3/0x190 [ 757.687278][T15877] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 757.687305][T15877] ? do_sock_getsockopt+0x3fe/0x800 [ 757.687329][T15877] do_sock_getsockopt+0x3fe/0x800 [ 757.687356][T15877] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 757.687380][T15877] ? lock_acquire+0x2f/0xb0 [ 757.687406][T15877] ? __fget_files+0x40/0x3a0 [ 757.687441][T15877] ? __fget_files+0x206/0x3a0 [ 757.687479][T15877] __sys_getsockopt+0x12f/0x260 [ 757.687517][T15877] __x64_sys_getsockopt+0xbd/0x160 [ 757.687545][T15877] ? do_syscall_64+0x91/0x250 [ 757.687573][T15877] ? lockdep_hardirqs_on+0x7c/0x110 [ 757.687602][T15877] do_syscall_64+0xcd/0x250 [ 757.687633][T15877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.687663][T15877] RIP: 0033:0x7f2e15d8d169 [ 757.687681][T15877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.687706][T15877] RSP: 002b:00007f2e16bc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 757.687728][T15877] RAX: ffffffffffffffda RBX: 00007f2e15fa6080 RCX: 00007f2e15d8d169 [ 757.687744][T15877] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003 [ 757.687758][T15877] RBP: 00007f2e16bc7090 R08: 0000000000000000 R09: 0000000000000000 [ 757.687772][T15877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 757.687787][T15877] R13: 0000000000000000 R14: 00007f2e15fa6080 R15: 00007ffd2addefb8 [ 757.687819][T15877] [ 758.200017][T11848] Bluetooth: hci4: command tx timeout [ 758.291060][T15856] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.319986][T15856] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.338980][T15856] bridge_slave_0: entered allmulticast mode [ 758.368177][T15856] bridge_slave_0: entered promiscuous mode [ 758.413864][T15856] bridge0: port 2(bridge_slave_1) entered blocking state [ 758.442346][T15856] bridge0: port 2(bridge_slave_1) entered disabled state [ 758.449636][T15856] bridge_slave_1: entered allmulticast mode [ 758.488653][T15856] bridge_slave_1: entered promiscuous mode [ 758.659320][T15856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 758.696382][T15856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 758.915783][T15856] team0: Port device team_slave_0 added [ 758.952890][T15856] team0: Port device team_slave_1 added [ 758.971407][ T6621] bridge_slave_1: left allmulticast mode [ 758.977291][ T6621] bridge_slave_1: left promiscuous mode [ 758.993479][ T6621] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.020992][ T6621] bridge_slave_0: left allmulticast mode [ 759.059460][ T6621] bridge_slave_0: left promiscuous mode [ 759.065436][ T6621] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.013263][ T6621] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 760.030396][ T6621] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 760.089366][ T6621] bond0 (unregistering): Released all slaves [ 760.159284][T15856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 760.172793][T15856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 760.242072][T10110] Bluetooth: hci4: command tx timeout [ 760.243306][T15856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 760.300212][ T6621] ovs_êˆ$-: left promiscuous mode [ 760.317398][T15856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 760.351626][T15856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 760.401462][T15856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 760.427828][ T6621] ovsóãƒõ9Ûõ: left promiscuous mode [ 760.621595][T15856] hsr_slave_0: entered promiscuous mode [ 760.628335][T15856] hsr_slave_1: entered promiscuous mode [ 760.647044][T15856] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 760.665998][T15856] Cannot create hsr debugfs directory [ 761.034679][T10110] Bluetooth: hci1: unexpected event 0x32 length: 10 > 9 [ 761.274841][T10110] Bluetooth: hci1: unexpected event 0x32 length: 10 > 9 [ 761.652535][ T6621] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 761.685648][ T6621] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 761.718220][ T6621] veth1_macvtap: left promiscuous mode [ 761.723820][ T6621] veth0_macvtap: left promiscuous mode [ 761.736417][ T6621] veth1_vlan: left promiscuous mode [ 761.741856][ T6621] veth0_vlan: left promiscuous mode [ 762.320755][T10110] Bluetooth: hci4: command tx timeout [ 762.627065][ T6621] team0 (unregistering): Port device team_slave_1 removed [ 762.775532][ T6621] team0 (unregistering): Port device team_slave_0 removed [ 762.882622][T15933] ecryptfs_miscdev_write: Invalid packet size [111] [ 763.928533][T15856] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 763.951262][T15856] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 763.990050][T15856] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 764.021176][T15856] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 764.238165][T15925] Process accounting resumed [ 764.328484][T15856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 764.380609][T10110] Bluetooth: hci4: command tx timeout [ 764.392432][T15856] 8021q: adding VLAN 0 to HW filter on device team0 [ 764.450392][ T7167] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.457578][ T7167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.488714][ T7167] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.495909][ T7167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.553271][T10110] Bluetooth: hci0: unexpected event 0x32 length: 10 > 9 [ 764.643032][T15856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 764.975381][T15856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 765.084707][T15856] veth0_vlan: entered promiscuous mode [ 765.098557][T15953] syz.0.2424(15953): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 765.129534][T15856] veth1_vlan: entered promiscuous mode [ 765.195286][T15856] veth0_macvtap: entered promiscuous mode [ 765.215473][T15856] veth1_macvtap: entered promiscuous mode [ 765.278400][T15856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.296037][T15856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.330141][T15856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.355452][T15856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.385755][T15856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.400752][T15856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.437762][T15856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 765.459606][T15856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.531575][T15856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.554386][T15856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.584187][T15856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.594666][T15856] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.624002][T15856] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.649867][T15856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 765.711152][T15856] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.750293][T15856] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.760769][T15965] Process accounting resumed [ 765.765943][T15856] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.781092][T15856] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.033103][T15976] ecryptfs_miscdev_write: Invalid packet size [111] [ 766.450744][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.463268][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.475850][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.488186][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.500629][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.512989][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.525451][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.537795][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.550216][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.562725][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 766.662896][T12907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.711676][T12907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.747236][ T7163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.809277][ T7163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 769.169275][T10110] Bluetooth: hci4: unexpected event 0x32 length: 10 > 9 [ 770.143694][T16009] FAULT_INJECTION: forcing a failure. [ 770.143694][T16009] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 770.271506][T16015] ecryptfs_miscdev_write: Invalid packet size [111] [ 770.518813][T16009] CPU: 0 UID: 0 PID: 16009 Comm: syz.0.2439 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 770.518852][T16009] Tainted: [U]=USER [ 770.518860][T16009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 770.518873][T16009] Call Trace: [ 770.518880][T16009] [ 770.518889][T16009] dump_stack_lvl+0x16c/0x1f0 [ 770.518926][T16009] should_fail_ex+0x50a/0x650 [ 770.518973][T16009] _copy_from_user+0x2e/0xd0 [ 770.518999][T16009] get_timespec64+0x8c/0x240 [ 770.519027][T16009] ? __pfx_get_timespec64+0x10/0x10 [ 770.519052][T16009] ? ktime_get+0x200/0x310 [ 770.519087][T16009] __x64_sys_futex+0x28a/0x4c0 [ 770.519119][T16009] ? __pfx___x64_sys_futex+0x10/0x10 [ 770.519148][T16009] ? rcu_is_watching+0x12/0xc0 [ 770.519181][T16009] do_syscall_64+0xcd/0x250 [ 770.519214][T16009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.519246][T16009] RIP: 0033:0x7f2e15d8d169 [ 770.519264][T16009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 770.519285][T16009] RSP: 002b:00007ffd2addf118 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 770.519308][T16009] RAX: ffffffffffffffda RBX: 00000000000bc6db RCX: 00007f2e15d8d169 [ 770.519324][T16009] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2e15fa608c [ 770.519339][T16009] RBP: 0000000000000032 R08: 00007f2e16be9000 R09: 000000192addf40f [ 770.519354][T16009] R10: 00007ffd2addf210 R11: 0000000000000246 R12: 00007f2e15fa608c [ 770.519369][T16009] R13: 00007ffd2addf210 R14: 00000000000bc70d R15: 00007ffd2addf230 [ 770.519400][T16009] [ 771.433858][ C1] net_ratelimit: 19057 callbacks suppressed [ 771.433885][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.452256][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.464745][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.477145][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.489542][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.502088][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.514407][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.526822][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.539456][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 771.551912][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.417962][ C1] net_ratelimit: 19051 callbacks suppressed [ 776.417992][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.436377][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.448750][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 776.451530][T16063] FAULT_INJECTION: forcing a failure. [ 776.451530][T16063] name fail_futex, interval 1, probability 0, space 0, times 0 [ 776.461143][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.486221][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.498565][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 776.510989][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.523386][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.535732][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 776.548114][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 776.776313][T16063] CPU: 0 UID: 0 PID: 16063 Comm: syz.2.2455 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 776.776352][T16063] Tainted: [U]=USER [ 776.776360][T16063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 776.776373][T16063] Call Trace: [ 776.776381][T16063] [ 776.776390][T16063] dump_stack_lvl+0x16c/0x1f0 [ 776.776426][T16063] should_fail_ex+0x50a/0x650 [ 776.776458][T16063] ? __pfx___lock_acquire+0x10/0x10 [ 776.776492][T16063] get_futex_key+0x4a3/0x1000 [ 776.776522][T16063] ? __pfx_get_futex_key+0x10/0x10 [ 776.776547][T16063] ? find_held_lock+0x2d/0x110 [ 776.776575][T16063] ? __debug_object_init+0x2dd/0x3e0 [ 776.776608][T16063] futex_wait_setup+0x78/0x290 [ 776.776648][T16063] __futex_wait+0x267/0x3c0 [ 776.776681][T16063] ? __pfx___futex_wait+0x10/0x10 [ 776.776719][T16063] ? __pfx_futex_wake_mark+0x10/0x10 [ 776.776757][T16063] ? ktime_add_safe+0x60/0x70 [ 776.776795][T16063] futex_wait+0xe9/0x380 [ 776.776826][T16063] ? __pfx_futex_wait+0x10/0x10 [ 776.776861][T16063] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 776.776901][T16063] ? __x64_sys_futex+0x3a9/0x4c0 [ 776.776933][T16063] do_futex+0x22b/0x350 [ 776.776960][T16063] ? __pfx_do_futex+0x10/0x10 [ 776.776987][T16063] ? ktime_get+0x200/0x310 [ 776.777012][T16063] ? lockdep_hardirqs_on+0x7c/0x110 [ 776.777040][T16063] ? read_tsc+0x9/0x20 [ 776.777076][T16063] __x64_sys_futex+0x1e1/0x4c0 [ 776.777108][T16063] ? __pfx___x64_sys_futex+0x10/0x10 [ 776.777136][T16063] ? rcu_is_watching+0x12/0xc0 [ 776.777170][T16063] do_syscall_64+0xcd/0x250 [ 776.777202][T16063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.777233][T16063] RIP: 0033:0x7f5c0cf8d169 [ 776.777251][T16063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.777272][T16063] RSP: 002b:00007ffcfc22c358 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 776.777294][T16063] RAX: ffffffffffffffda RBX: 00000000000bdf9f RCX: 00007f5c0cf8d169 [ 776.777307][T16063] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5c0d1a5fac [ 776.777322][T16063] RBP: 0000000000000032 R08: 00007f5c0dd09000 R09: 00000018fc22c64f [ 776.777337][T16063] R10: 00007ffcfc22c450 R11: 0000000000000246 R12: 00007f5c0d1a5fac [ 776.777352][T16063] R13: 00007ffcfc22c450 R14: 00000000000bdfd1 R15: 00007ffcfc22c470 [ 776.777382][T16063] [ 779.159849][T16080] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 779.264321][T16080] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 779.392760][T16080] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 779.477530][T16080] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 779.647045][T16080] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 779.811282][T16080] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 780.085719][T16091] Invalid ELF header magic: != ELF [ 780.128926][T16095] ERROR: Out of memory at tomoyo_memory_ok. [ 781.185990][T10110] Bluetooth: hci0: command 0x0c1a tx timeout [ 781.342541][T10110] Bluetooth: hci3: command 0x0c1a tx timeout [ 781.348632][T10110] Bluetooth: hci1: command 0x0c1a tx timeout [ 781.402068][ C1] net_ratelimit: 20010 callbacks suppressed [ 781.402093][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 781.420495][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 781.422229][T11848] Bluetooth: hci4: command 0x0c1a tx timeout [ 781.432909][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 781.433181][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 781.463284][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 781.475782][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 781.488209][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 781.500616][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 781.513173][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 781.525593][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 783.481464][T10110] Bluetooth: hci4: command 0x0c1a tx timeout [ 784.854287][T16136] FAULT_INJECTION: forcing a failure. [ 784.854287][T16136] name failslab, interval 1, probability 0, space 0, times 0 [ 784.993576][T16136] CPU: 0 UID: 0 PID: 16136 Comm: syz.2.2473 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 784.993618][T16136] Tainted: [U]=USER [ 784.993627][T16136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 784.993642][T16136] Call Trace: [ 784.993651][T16136] [ 784.993661][T16136] dump_stack_lvl+0x16c/0x1f0 [ 784.993700][T16136] should_fail_ex+0x50a/0x650 [ 784.993738][T16136] ? fs_reclaim_acquire+0xae/0x150 [ 784.993774][T16136] ? fuse_dev_alloc+0x8e/0x270 [ 784.993803][T16136] should_failslab+0xc2/0x120 [ 784.993827][T16136] __kmalloc_cache_noprof+0x68/0x410 [ 784.993863][T16136] ? kasan_save_track+0x14/0x30 [ 784.993901][T16136] fuse_dev_alloc+0x8e/0x270 [ 784.993934][T16136] fuse_dev_alloc_install+0x13/0x40 [ 784.993968][T16136] cuse_channel_open+0x100/0x7f0 [ 784.993997][T16136] ? __pfx_cuse_channel_open+0x10/0x10 [ 784.994030][T16136] misc_open+0x35a/0x420 [ 784.994055][T16136] ? __pfx_misc_open+0x10/0x10 [ 784.994079][T16136] chrdev_open+0x237/0x6a0 [ 784.994114][T16136] ? __pfx_apparmor_file_open+0x10/0x10 [ 784.994144][T16136] ? __pfx_chrdev_open+0x10/0x10 [ 784.994183][T16136] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 784.994222][T16136] do_dentry_open+0x735/0x1c40 [ 784.994279][T16136] ? __pfx_chrdev_open+0x10/0x10 [ 784.994323][T16136] vfs_open+0x82/0x3f0 [ 784.994346][T16136] ? may_open+0x1f2/0x400 [ 784.994377][T16136] path_openat+0x1e88/0x2d80 [ 784.994425][T16136] ? __pfx_path_openat+0x10/0x10 [ 784.994460][T16136] ? __pfx___lock_acquire+0x10/0x10 [ 784.994492][T16136] ? lock_acquire.part.0+0x11b/0x380 [ 784.994533][T16136] ? find_held_lock+0x2d/0x110 [ 784.994565][T16136] do_filp_open+0x20c/0x470 [ 784.994601][T16136] ? __pfx_do_filp_open+0x10/0x10 [ 784.994632][T16136] ? find_held_lock+0x2d/0x110 [ 784.994682][T16136] ? alloc_fd+0x41f/0x760 [ 784.994725][T16136] do_sys_openat2+0x17a/0x1e0 [ 784.994751][T16136] ? __pfx_do_sys_openat2+0x10/0x10 [ 784.994790][T16136] __x64_sys_openat+0x175/0x210 [ 784.994817][T16136] ? __pfx___x64_sys_openat+0x10/0x10 [ 784.994859][T16136] do_syscall_64+0xcd/0x250 [ 784.994893][T16136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.994927][T16136] RIP: 0033:0x7f5c0cf8d169 [ 784.994948][T16136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.994971][T16136] RSP: 002b:00007f5c0dd08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 784.994995][T16136] RAX: ffffffffffffffda RBX: 00007f5c0d1a5fa0 RCX: 00007f5c0cf8d169 [ 784.995012][T16136] RDX: 00000000001c1041 RSI: 0000400000000140 RDI: ffffffffffffff9c [ 784.995029][T16136] RBP: 00007f5c0d00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 784.995044][T16136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 784.995058][T16136] R13: 0000000000000000 R14: 00007f5c0d1a5fa0 R15: 00007ffcfc22c1f8 [ 784.995092][T16136] [ 785.746698][T10110] Bluetooth: hci4: command 0x0c1a tx timeout [ 785.833163][T16144] FAULT_INJECTION: forcing a failure. [ 785.833163][T16144] name failslab, interval 1, probability 0, space 0, times 0 [ 785.900435][T16147] FAULT_INJECTION: forcing a failure. [ 785.900435][T16147] name failslab, interval 1, probability 0, space 0, times 0 [ 785.948919][T16144] CPU: 0 UID: 0 PID: 16144 Comm: syz.2.2476 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 785.948960][T16144] Tainted: [U]=USER [ 785.948968][T16144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 785.948982][T16144] Call Trace: [ 785.948989][T16144] [ 785.948999][T16144] dump_stack_lvl+0x16c/0x1f0 [ 785.949036][T16144] should_fail_ex+0x50a/0x650 [ 785.949070][T16144] ? fs_reclaim_acquire+0xae/0x150 [ 785.949102][T16144] ? security_inode_init_security+0x140/0x390 [ 785.949137][T16144] should_failslab+0xc2/0x120 [ 785.949159][T16144] __kmalloc_noprof+0xcb/0x510 [ 785.949199][T16144] security_inode_init_security+0x140/0x390 [ 785.949235][T16144] ? __pfx_shmem_initxattrs+0x10/0x10 [ 785.949268][T16144] ? __pfx_security_inode_init_security+0x10/0x10 [ 785.949305][T16144] ? shmem_get_inode+0x73a/0xf00 [ 785.949345][T16144] shmem_mknod+0x22e/0x450 [ 785.949383][T16144] vfs_create+0x4c2/0x770 [ 785.949426][T16144] do_mknodat+0x3d5/0x5d0 [ 785.949462][T16144] ? __pfx_do_mknodat+0x10/0x10 [ 785.949493][T16144] ? getname_flags.part.0+0x1c5/0x550 [ 785.949527][T16144] __x64_sys_mknod+0x87/0xb0 [ 785.949560][T16144] do_syscall_64+0xcd/0x250 [ 785.949593][T16144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.949624][T16144] RIP: 0033:0x7f5c0cf8d169 [ 785.949643][T16144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 785.949664][T16144] RSP: 002b:00007f5c0dd08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 785.949686][T16144] RAX: ffffffffffffffda RBX: 00007f5c0d1a5fa0 RCX: 00007f5c0cf8d169 [ 785.949702][T16144] RDX: 00000000000000cb RSI: 00000000000000c9 RDI: 0000400000000040 [ 785.949716][T16144] RBP: 00007f5c0d00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 785.949731][T16144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 785.949745][T16144] R13: 0000000000000000 R14: 00007f5c0d1a5fa0 R15: 00007ffcfc22c1f8 [ 785.949782][T16144] [ 785.953870][T16147] CPU: 0 UID: 0 PID: 16147 Comm: syz.2.2476 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 785.953907][T16147] Tainted: [U]=USER [ 785.953915][T16147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 785.953929][T16147] Call Trace: [ 785.953936][T16147] [ 785.953945][T16147] dump_stack_lvl+0x16c/0x1f0 [ 785.953981][T16147] should_fail_ex+0x50a/0x650 [ 785.954016][T16147] ? fs_reclaim_acquire+0xae/0x150 [ 785.954048][T16147] ? lsm_blob_alloc+0x68/0x90 [ 785.954079][T16147] should_failslab+0xc2/0x120 [ 785.954102][T16147] __kmalloc_noprof+0xcb/0x510 [ 785.954141][T16147] lsm_blob_alloc+0x68/0x90 [ 785.954190][T16147] security_prepare_creds+0x30/0x270 [ 785.954224][T16147] prepare_creds+0x540/0x750 [ 785.954256][T16147] __sys_setresuid+0x46d/0x1160 [ 785.954295][T16147] do_syscall_64+0xcd/0x250 [ 785.954328][T16147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.954359][T16147] RIP: 0033:0x7f5c0cf8d169 [ 785.954378][T16147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 785.954400][T16147] RSP: 002b:00007f5c0adf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 785.954441][T16147] RAX: ffffffffffffffda RBX: 00007f5c0d1a6080 RCX: 00007f5c0cf8d169 [ 785.954457][T16147] RDX: 0000000000000000 RSI: 000000000000ee01 RDI: 0000000000000000 [ 785.954472][T16147] RBP: 00007f5c0adf6090 R08: 0000000000000000 R09: 0000000000000000 [ 785.954487][T16147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 785.954501][T16147] R13: 0000000000000000 R14: 00007f5c0d1a6080 R15: 00007ffcfc22c1f8 [ 785.954532][T16147] [ 786.386173][ C1] net_ratelimit: 19936 callbacks suppressed [ 786.386199][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 786.404618][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 786.416971][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 786.429401][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 786.441826][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 786.454172][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 786.466780][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 786.479312][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 786.492236][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 786.505260][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 787.675234][T16150] Process accounting resumed [ 789.022747][T16177] can: request_module (can-proto-0) failed. [ 791.370198][ C1] net_ratelimit: 12614 callbacks suppressed [ 791.370226][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 791.388970][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 791.401403][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 791.414495][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 791.426967][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 791.439795][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 791.452244][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 791.465483][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 791.477940][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 791.490269][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 796.354674][ C1] net_ratelimit: 12253 callbacks suppressed [ 796.354701][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 796.373086][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 796.385886][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 796.398460][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 796.411358][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 796.423847][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 796.436764][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 796.449415][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 796.462414][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 796.474957][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 799.650128][T16193] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 799.656240][T16193] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 799.677633][T16161] Process accounting paused [ 799.682705][T16193] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 799.703406][T16193] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 801.339148][ C1] net_ratelimit: 9254 callbacks suppressed [ 801.339176][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 801.357531][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 801.369970][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 801.382659][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 801.396263][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 801.408806][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 801.421284][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:a2:f4:a9:0d:69:e2, vlan:0) [ 801.433710][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 801.447778][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 801.460206][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 801.706847][T11848] Bluetooth: hci4: command 0x0c1a tx timeout [ 801.713247][T10110] Bluetooth: hci3: command 0x0c1a tx timeout [ 801.719995][T10110] Bluetooth: hci1: command 0x0c1a tx timeout [ 801.726214][T10110] Bluetooth: hci0: command 0x0c1a tx timeout [ 803.062911][T16215] ecryptfs_miscdev_write: Invalid packet size [111] [ 803.671722][T11846] Process accounting paused [ 804.699643][ T46] sched: DL replenish lagged too much [ 805.202136][T16231] cougar: G6 mapped to space [ 805.489864][T16166] ------------[ cut here ]------------ [ 805.495387][T16166] ODEBUG: free active (active state 0) object: ffff888033cbd248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2f0 [ 805.579985][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 805.601909][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 805.620107][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 805.637504][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 805.652692][ T5833] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 805.660605][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 805.757825][T16166] WARNING: CPU: 0 PID: 16166 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 805.767667][T16166] Modules linked in: [ 805.771625][T16166] CPU: 0 UID: 0 PID: 16166 Comm: syz.5.2481 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 805.784424][T16166] Tainted: [U]=USER [ 805.788604][T16166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 805.798788][T16166] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 805.804653][T16166] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd 40 5b d3 8b 41 56 4c 89 e6 48 c7 c7 c0 4f d3 8b e8 0f 66 b2 fc 90 <0f> 0b 90 90 58 83 05 96 06 9b 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 805.825058][T16166] RSP: 0018:ffffc9000212f768 EFLAGS: 00010286 [ 805.831746][T16166] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817a1229 [ 805.839856][T16166] RDX: ffff88802f8fda00 RSI: ffffffff817a1236 RDI: 0000000000000001 [ 805.847997][T16166] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 805.856057][T16166] R10: 0000000000000001 R11: 0000000000002fe0 R12: ffffffff8bd35660 [ 805.864101][T16166] R13: ffffffff8b6fac00 R14: ffffffff8a5f6d50 R15: ffffc9000212f878 [ 805.872160][T16166] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 805.881698][T16166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 805.888671][T16166] CR2: 00007f5c0dcd56c0 CR3: 000000006165e000 CR4: 00000000003526f0 [ 805.897039][T16166] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 805.905190][T16166] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 805.913710][T16166] Call Trace: [ 805.917456][T16166] [ 805.920428][T16166] ? __warn+0xea/0x3c0 [ 805.924794][T16166] ? preempt_schedule_notrace+0x62/0xe0 [ 805.930418][T16166] ? debug_print_object+0x1a2/0x2b0 [ 805.935727][T16166] ? report_bug+0x3c0/0x580 [ 805.940363][T16166] ? handle_bug+0x54/0xa0 [ 805.944769][T16166] ? exc_invalid_op+0x17/0x50 [ 805.949519][T16166] ? asm_exc_invalid_op+0x1a/0x20 [ 805.954649][T16166] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 805.960170][T16166] ? __warn_printk+0x199/0x350 [ 805.965055][T16166] ? __warn_printk+0x1a6/0x350 [ 805.969856][T16166] ? debug_print_object+0x1a2/0x2b0 [ 805.975167][T16166] ? debug_print_object+0x1a1/0x2b0 [ 805.980439][T16166] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 805.986248][T16166] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 805.992100][T16166] debug_check_no_obj_freed+0x4b7/0x600 [ 805.997989][T16166] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 806.004187][T16166] ? kmem_cache_free+0x2e2/0x4d0 [ 806.009173][T16166] ? kfree_skbmem+0x1a4/0x1f0 [ 806.014371][T16166] kfree+0x29f/0x4d0 [ 806.018306][T16166] ? hci_release_dev+0x4d9/0x600 [ 806.023301][T16166] hci_release_dev+0x4d9/0x600 [ 806.028620][T16166] ? __pfx_hci_release_dev+0x10/0x10 [ 806.034037][T16166] ? rcu_is_watching+0x12/0xc0 [ 806.038846][T16166] ? kfree+0x260/0x4d0 [ 806.042951][T16166] bt_host_release+0x6a/0xb0 [ 806.047631][T16166] ? __pfx_bt_host_release+0x10/0x10 [ 806.053035][T16166] device_release+0xa1/0x240 [ 806.057725][T16166] kobject_put+0x1e4/0x5a0 [ 806.062193][T16166] ? __pfx_vhci_release+0x10/0x10 [ 806.067515][T16166] put_device+0x1f/0x30 [ 806.071709][T16166] vhci_release+0x81/0xf0 [ 806.076143][T16166] __fput+0x3ff/0xb70 [ 806.080202][T16166] task_work_run+0x14e/0x250 [ 806.085203][T16166] ? __pfx_task_work_run+0x10/0x10 [ 806.090377][T16166] do_exit+0xad8/0x2d70 [ 806.094847][T16166] ? get_signal+0x8f7/0x26c0 [ 806.099530][T16166] ? __pfx_do_exit+0x10/0x10 [ 806.104217][T16166] ? do_raw_spin_lock+0x12d/0x2c0 [ 806.109281][T16166] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 806.114805][T16166] do_group_exit+0xd3/0x2a0 [ 806.119715][T16166] get_signal+0x24ed/0x26c0 [ 806.124663][T16166] ? __pfx_do_mbind+0x10/0x10 [ 806.129421][T16166] ? find_held_lock+0x2d/0x110 [ 806.134286][T16166] ? __pfx_get_signal+0x10/0x10 [ 806.139199][T16166] arch_do_signal_or_restart+0x90/0x7e0 [ 806.144858][T16166] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 806.151095][T16166] ? __pfx_kernel_mbind+0x10/0x10 [ 806.156239][T16166] syscall_exit_to_user_mode+0x150/0x2a0 [ 806.161919][T16166] do_syscall_64+0xda/0x250 [ 806.166632][T16166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.172656][T16166] RIP: 0033:0x7f61e878d169 [ 806.177167][T16166] Code: Unable to access opcode bytes at 0x7f61e878d13f. [ 806.184302][T16166] RSP: 002b:00007f61e96ba038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 806.193074][T16166] RAX: 0000000000000000 RBX: 00007f61e89a5fa0 RCX: 00007f61e878d169 [ 806.201374][T16166] RDX: 0000000100000000 RSI: 0000000100000004 RDI: 0000000000002000 [ 806.209516][T16166] RBP: 00007f61e880e2a0 R08: 0000000000000005 R09: 0000000000000002 [ 806.218009][T16166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.226425][T16166] R13: 0000000000000000 R14: 00007f61e89a5fa0 R15: 00007ffca364d3f8 [ 806.234502][T16166] [ 806.237552][T16166] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 806.244850][T16166] CPU: 0 UID: 0 PID: 16166 Comm: syz.5.2481 Tainted: G U 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 806.257130][T16166] Tainted: [U]=USER [ 806.260946][T16166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 806.271021][T16166] Call Trace: [ 806.274314][T16166] [ 806.277262][T16166] dump_stack_lvl+0x3d/0x1f0 [ 806.281882][T16166] panic+0x71d/0x800 [ 806.285806][T16166] ? __pfx_panic+0x10/0x10 [ 806.290251][T16166] ? show_trace_log_lvl+0x29d/0x3d0 [ 806.295497][T16166] ? check_panic_on_warn+0x1f/0xb0 [ 806.300634][T16166] ? debug_print_object+0x1a2/0x2b0 [ 806.305857][T16166] check_panic_on_warn+0xab/0xb0 [ 806.310837][T16166] __warn+0xf6/0x3c0 [ 806.314752][T16166] ? preempt_schedule_notrace+0x62/0xe0 [ 806.320327][T16166] ? debug_print_object+0x1a2/0x2b0 [ 806.325550][T16166] report_bug+0x3c0/0x580 [ 806.329912][T16166] handle_bug+0x54/0xa0 [ 806.334098][T16166] exc_invalid_op+0x17/0x50 [ 806.338635][T16166] asm_exc_invalid_op+0x1a/0x20 [ 806.343520][T16166] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 806.349354][T16166] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd 40 5b d3 8b 41 56 4c 89 e6 48 c7 c7 c0 4f d3 8b e8 0f 66 b2 fc 90 <0f> 0b 90 90 58 83 05 96 06 9b 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 806.368992][T16166] RSP: 0018:ffffc9000212f768 EFLAGS: 00010286 [ 806.375096][T16166] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817a1229 [ 806.383091][T16166] RDX: ffff88802f8fda00 RSI: ffffffff817a1236 RDI: 0000000000000001 [ 806.391087][T16166] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 806.399079][T16166] R10: 0000000000000001 R11: 0000000000002fe0 R12: ffffffff8bd35660 [ 806.407076][T16166] R13: ffffffff8b6fac00 R14: ffffffff8a5f6d50 R15: ffffc9000212f878 [ 806.415081][T16166] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 806.420582][T16166] ? __warn_printk+0x199/0x350 [ 806.425462][T16166] ? __warn_printk+0x1a6/0x350 [ 806.430251][T16166] ? debug_print_object+0x1a1/0x2b0 [ 806.435476][T16166] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 806.440962][T16166] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 806.446811][T16166] debug_check_no_obj_freed+0x4b7/0x600 [ 806.452406][T16166] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 806.458607][T16166] ? kmem_cache_free+0x2e2/0x4d0 [ 806.463591][T16166] ? kfree_skbmem+0x1a4/0x1f0 [ 806.468301][T16166] kfree+0x29f/0x4d0 [ 806.472274][T16166] ? hci_release_dev+0x4d9/0x600 [ 806.477258][T16166] hci_release_dev+0x4d9/0x600 [ 806.482328][T16166] ? __pfx_hci_release_dev+0x10/0x10 [ 806.487649][T16166] ? rcu_is_watching+0x12/0xc0 [ 806.492440][T16166] ? kfree+0x260/0x4d0 [ 806.496551][T16166] bt_host_release+0x6a/0xb0 [ 806.501172][T16166] ? __pfx_bt_host_release+0x10/0x10 [ 806.506495][T16166] device_release+0xa1/0x240 [ 806.511123][T16166] kobject_put+0x1e4/0x5a0 [ 806.515681][T16166] ? __pfx_vhci_release+0x10/0x10 [ 806.520740][T16166] put_device+0x1f/0x30 [ 806.524934][T16166] vhci_release+0x81/0xf0 [ 806.529293][T16166] __fput+0x3ff/0xb70 [ 806.533308][T16166] task_work_run+0x14e/0x250 [ 806.537938][T16166] ? __pfx_task_work_run+0x10/0x10 [ 806.543088][T16166] do_exit+0xad8/0x2d70 [ 806.547274][T16166] ? get_signal+0x8f7/0x26c0 [ 806.551899][T16166] ? __pfx_do_exit+0x10/0x10 [ 806.556517][T16166] ? do_raw_spin_lock+0x12d/0x2c0 [ 806.561568][T16166] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 806.566974][T16166] do_group_exit+0xd3/0x2a0 [ 806.571522][T16166] get_signal+0x24ed/0x26c0 [ 806.576084][T16166] ? __pfx_do_mbind+0x10/0x10 [ 806.580802][T16166] ? find_held_lock+0x2d/0x110 [ 806.585603][T16166] ? __pfx_get_signal+0x10/0x10 [ 806.590499][T16166] arch_do_signal_or_restart+0x90/0x7e0 [ 806.596080][T16166] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 806.602279][T16166] ? __pfx_kernel_mbind+0x10/0x10 [ 806.607339][T16166] syscall_exit_to_user_mode+0x150/0x2a0 [ 806.613008][T16166] do_syscall_64+0xda/0x250 [ 806.617548][T16166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.623473][T16166] RIP: 0033:0x7f61e878d169 [ 806.627910][T16166] Code: Unable to access opcode bytes at 0x7f61e878d13f. [ 806.634949][T16166] RSP: 002b:00007f61e96ba038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 806.643408][T16166] RAX: 0000000000000000 RBX: 00007f61e89a5fa0 RCX: 00007f61e878d169 [ 806.651413][T16166] RDX: 0000000100000000 RSI: 0000000100000004 RDI: 0000000000002000 [ 806.659499][T16166] RBP: 00007f61e880e2a0 R08: 0000000000000005 R09: 0000000000000002 [ 806.667497][T16166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.675493][T16166] R13: 0000000000000000 R14: 00007f61e89a5fa0 R15: 00007ffca364d3f8 [ 806.683509][T16166] [ 806.686800][T16166] Kernel Offset: disabled [ 806.691135][T16166] Rebooting in 86400 seconds..