last executing test programs: 8.758505912s ago: executing program 3 (id=2520): madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/smaps_rollup\x00', 0x102, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_ipv6\x00', 0x1401, 0x0) pread64$auto(r0, 0x0, 0x100000001, 0x3) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x20000000000000, 0x9b72, 0x2, 0x40000008000) read$auto(0x3, 0x0, 0x7) 8.14494094s ago: executing program 3 (id=2521): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0xfffffffffffffffb, 0xb, 0xd55, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) waitid$auto_P_ALL(0x0, 0x2, &(0x7f0000000200)={@siginfo_0_0={0x5, 0x0, 0x5, @_timer={0xffffffffffffffff, 0x6, @sival_ptr=0x0, 0x229}}}, 0x6, &(0x7f0000000400)={{0x1e, 0x2}, {0x1, 0x6}, 0x2, 0x7f, 0x1, 0x80000001, 0x8000, 0x6, 0x8b9, 0x4, 0x79, 0x9, 0x401, 0x9, 0xfffffffffffff000, 0x401}) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8301, 0x0) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) waitid$auto_P_PID(0x1, r2, 0x0, 0x1247, &(0x7f0000000540)={{0x80000001, 0x7}, {0x5, 0x3}, 0x80000000, 0x0, 0x9, 0x77, 0x2, 0x1000, 0x41, 0x2, 0x5, 0x7fff, 0x5, 0xfffffffffffffff8, 0x68, 0x9}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x48000, 0x0) ioctl$auto_SOUND_MIXER_READ_RECSRC2(r3, 0x80044dff, &(0x7f00000001c0)) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x41, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, 0x0, 0x4000000) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio14\x00', 0x80000, 0x0) ioctl$auto(r4, 0x80885659, r4) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 7.80551312s ago: executing program 0 (id=2524): pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) prctl$auto(0x3e, 0x1, 0x0, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_G_MODE(0xffffffffffffffff, 0x80046108, 0x0) setreuid$auto(0x2, 0x87) (async) setreuid$auto(0x2, 0x87) timerfd_create$auto(0x6, 0x0) (async) r1 = timerfd_create$auto(0x6, 0x0) futimesat$auto(r1, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x40, 0xffffffffffffffff}) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x3, 0x2c) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x101000, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000001c0), 0x189002, 0x0) (async) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000001c0), 0x189002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/blkio.bfq.weight_device\x00', 0x101000, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/blkio.bfq.weight_device\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22c02, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)=0x6) read$auto(r3, 0x0, 0x5) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) (async) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) write$auto(0xffffffffffffffff, 0x0, 0x2) (async) write$auto(0xffffffffffffffff, 0x0, 0x2) r4 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x5) ioctl$auto_VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000000)={0x8, 0x0, [{0x3956dfa, 0x3, 0x301e}, {0x9, 0x4, 0x7}]}) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000180), 0xffffffffffffffff) gettid() 7.369399279s ago: executing program 0 (id=2526): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop5\x00', 0x0, 0x0) ioctl$auto(r0, 0x127d, r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) (async) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x800) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x10, &(0x7f0000000180)=@info={r2, 0x5, 0x3}, 0x6) (async) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm_amd/parameters/pause_filter_thresh\x00', 0x200, 0x0) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001b80)='/dev/input/event2\x00', 0x40800, 0x0) ioctl$auto_EVIOCSKEYCODE(r3, 0x40084504, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async) write$auto(r4, 0x0, 0x98c7) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) (async) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r6, 0xc0045516, &(0x7f0000000040)=0x5) (async) r7 = socket(0xa, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) (async) read$auto(0x3, 0x0, 0x80) (async) r8 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f00000002c0)={{@inferred, 0x5, 0x9, 0x1, "4941aa833e2fc65b6b3cf7cec76d6778ad8eac3cda35ba9c2b2d43eeb0dc59c8dd3500f11581916caa0d3053"}, 0x4, 0xfffffff9, 0x1, @inferred, @enumerated={0xffff, 0xffe, "4bd04167d52dbe3758dcb7641f58661870525adcaedaa5deaa336a58b7382f979a0ff0b3d9583c08610104000049d9f994ef5578e78507d4f25cd03a4c4b5700", 0x9, 0x3fd}, "6cc1888a6393f1b4285854c5368de438f8cc142ef6df1259b05ba1183bedbd31b642b4051bc7955610c61c329794e5311121c760cb8211c78e6947a99807bcc1"}) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) (async) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 7.079631695s ago: executing program 3 (id=2527): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) socket(0xa, 0x1, 0x100) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x568) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000003c0)) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r0, 0xc0105702, &(0x7f0000000000)={0x0, 0x0, r0}) ioperm$auto(0x7, 0x1, 0x7) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0xa, 0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = syz_genetlink_get_family_id$auto_psample(&(0x7f00000001c0), r1) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r3, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x200, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8014}, 0x801) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x7, 0x20009, 0x5, 0xffffffff, 0x405, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_GET_RADIO(r3, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={&(0x7f0000004240)={0x2d8, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x9a, 0x0, 0x1, [@generic]}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x44, 0x2, 0x0, 0x1, [@nested={0xc, 0x1b, 0x0, 0x1, [@typed={0x8, 0x8f, 0x0, 0x0, @uid}]}, @typed={0x8, 0x121, 0x0, 0x0, @u32=0x2}, @nested={0x2c, 0x86, 0x0, 0x1, [@nested={0x4, 0x4d}, @generic, @typed={0x1a, 0x105, 0x0, 0x0, @binary="bb8ce7456dc011007d9b335e8e515f7690ecfd531fc7"}, @nested={0x4, 0x79}, @generic, @nested={0x4, 0xd0}]}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0x8b, 0x3, 0x0, 0x1, [@generic="54d82ab3f8a8", @typed={0xc, 0x8, 0x0, 0x0, @u64=0x8}, @generic="96cbf3617f024639a040bfdb8b4f3d108277efa72cb0c5bfadfccadfd6f5abfafb1ea41626f784ecd56d5ddb5381bb0693e65c08a2a36d85fc92399185546f56f6a1bdf6071ed21fb08ade38f4a808a80e0ca2f977d6ff49ecbec4a4636db1b3cc4ae2faebe6891aaf04fce0669e7864a18f489881"]}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0xfe, 0x3, 0x0, 0x1, [@generic="fea6bedf35731091d62c4f7c767b292f30622a19ba15b97b190e4a13839f071d046439833fff4d4f161654489a8bb463feef3fddb4fe1e88fef884eba34bf10ce5f1fea3ecc1c19b260b0f209e5d7f4b1d2b734588aa9ec12632a62d5f86eea6fe34543dc16e2ff2678ce9d49d422ac4b99262698d80b668ffe54df2a365951914442eb7e723c486be659df8acc48d441cbbab15ad3429a3d2eb8735eb9dcdd4cb77909403efa2c20a295336f3e85af1a732e382dc74ee8adfe3085a2b9162016196ec8da9742f68c28b88359acbe8a5439b2426f7db", @typed={0x1e, 0x133, 0x0, 0x0, @str='/sys/Gvs\x9a\x1d\xc7kernel/eebug/lr'}, @nested={0x4, 0x2}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x4}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0xdd, 0x3, 0x0, 0x1, [@typed={0x8, 0xe, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x14e, 0x0, 0x1, [@typed={0x8, 0x98, 0x0, 0x0, @ipv4=@remote}]}, @generic, @typed={0x8, 0x24, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0xd0, 0x0, 0x0, @u32=0x7f}, @generic="4b369c98a41907eb34e0abb1b1060e768dc226baffee75ba45f22d62bafa1bd763370090961d27ff4cd8687333ae6203b5849b0b81cbc204b04cd31b315a2daeda8482034959995d6832cb7ef031aa165a2c9f8cf8c21f29ddd3b358e354005301687d58db796127c2dd010e9fdbb148138fba1fe6410fc911f71839e2c620d3286df8f8002bd7a0e28b852fda87cf183651604f47e2361bfbcb1cfc67ac3ca942cb8f7bd0a9c7260c2c3873e14a32126c2f4bd5f0"]}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x80}, 0x800) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1fffeffc, 0x180000000000000, 0x400000004) listen$auto(0x3, 0x8d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/pci0000:00/0000:00:01.0/power/control\x00', 0x1a1842, 0x0) 6.502857665s ago: executing program 0 (id=2530): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) socket(0xa, 0x5, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x804) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001740)='/sys/devices/virtual/vtconsole/vtcon1/name\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x4, 0x2000063, 0x0, 0x0, 0x0, 0x1000, 0xb, 0x2005, 0x40000402, 0x4009, 0x9, 0xffffffff80000000, 0x9, 0x3, 0x200000100103}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=&(0x7f0000000300)="bf9c7bdd538a477449e6c28a33c98bf827dbf23d5e90719d2d92b41b7a7e333b357ab5ab74fd5eefde9bbde6c920efc77d2db20fd371208e8fb0e0b5fe7eaf00731073c05eefdf878f68657c724af405af2a2c5b073849d4a3d5646eb7dcec5d0431302676518c", 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r4, 0x11) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x10000000017, 0x28, 0x4, 0x8000000156, 0x0) 6.249244566s ago: executing program 2 (id=2531): madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/softnet_stat\x00', 0x40102, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/smaps_rollup\x00', 0x102, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/disable_ipv6\x00', 0x1401, 0x0) pread64$auto(r0, 0x0, 0x100000001, 0x3) mmap$auto(0x0, 0x400008, 0x20000000000000, 0x9b72, 0x2, 0x40000008000) read$auto(0x3, 0x0, 0x7) 5.233256157s ago: executing program 2 (id=2532): r0 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x88041, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd1\x00', 0x840, 0x0) ioctl$auto_BLKROTATIONAL(r1, 0x127e, 0x300000000000000) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x71, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) r3 = socket(0xa, 0x1, 0x84) setsockopt$auto(r3, 0x0, 0x40, 0x0, 0x10000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000280), 0x81, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) shmctl$auto_IPC_SET(0x2247591c, 0x1, &(0x7f00000002c0)={{0x1, 0xffffffffffffffff, 0x0, 0x6, 0x1, 0x6, 0x4}, 0xfa, 0x134b, 0x0, 0x7, @raw=0xccf0, @raw=0xf, 0x3, 0x0, &(0x7f0000000140)="70101970ced2d5a190e9166be11b29e01f69fe3c727f11bc025c4caa8738315b3a5af154328d08fcedd7a506d7403d23216e57a0ee10679795745cc1fe71436bd89e29cf8ea50ecd81880e4faf7482c3519157da7bdb", &(0x7f00000001c0)="beb1448f32bfe285be5635e318f5daabc37ac067000047bd2344ff802200ff2d5bebff118f47adedfa3611859122c5d68411312b6fe3f8698fa72f8891181c2209cf73f044d4392e79e04aeadbfc36a9c1cd9a23997916fa"}) newfstatat$auto(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000340)={0x8111, 0x5, 0x40, 0x5, 0x0, 0xee00, 0x0, 0x5, 0x3, 0x8, 0x1, 0xfffffffffffffff7, 0x5, 0x8, 0x3, 0x3, 0x6}, 0x3) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000001640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001600)={&(0x7f0000003a80)=ANY=[@ANYBLOB="e0110000", @ANYBLOB="1411da4fad975beb6d59d41b42709fb11fe254aabd7eded9", @ANYRES64=r2, @ANYRES8=r0, @ANYBLOB="4f00cb809bea1888d01f449370aa29be2cece6d026d9049d2582395b672c30dcdd918b704c9d71686530379d55355afa7128ecede73464b3770a84ea301a387e42577cd27af5f1c6a91a79bd244ecf0008005000", @ANYRES32=r4, @ANYBLOB='\b\x008\x00', @ANYRESOCT=r1, @ANYBLOB="040048800c0006000200000000000000050024000600000008002a0003000000"], 0x11e0}, 0x1, 0x0, 0x0, 0x8000}, 0x40840) socketpair$auto(0x1e, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x181000, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r6) ioctl$auto_KVM_CREATE_VM(r5, 0x4048aecb, 0x0) 4.894400519s ago: executing program 2 (id=2533): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) close_range$auto(0x2, 0xa, 0x0) fcntl$auto(0x0, 0x407, 0x1) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) msgrcv$auto(0x71, &(0x7f0000000040)={0x6, 0x5}, 0x0, 0x7fffffffffffffff, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) gettid() 4.732696739s ago: executing program 3 (id=2534): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x4) mmap$auto(0x1, 0x2020005, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd70080005000c00000009000000060000000a000200"/34, @ANYRES32=0x0, @ANYBLOB="070001002e5e0000"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) socket(0xa, 0x5, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x804) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001740)='/sys/devices/virtual/vtconsole/vtcon1/name\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x4, 0x2000063, 0x0, 0x0, 0x0, 0x1000, 0xb, 0x2005, 0x40000402, 0x4009, 0x9, 0xffffffff80000000, 0x9, 0x3, 0x200000100103}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=&(0x7f0000000300)="bf9c7bdd538a477449e6c28a33c98bf827dbf23d5e90719d2d92b41b7a7e333b357ab5ab74fd5eefde9bbde6c920efc77d2db20fd371208e8fb0e0b5fe7eaf00731073c05eefdf878f68657c724af405af2a2c5b073849d4a3d5646eb7dcec5d0431302676518c", 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r6, 0x11) r7 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r7, 0xaf01, 0x5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x10000000017, 0x28, 0x4, 0x8000000156, 0x0) 4.719984855s ago: executing program 1 (id=2535): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0xfffffffffffffffb, 0xb, 0xd55, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) waitid$auto_P_ALL(0x0, 0x2, &(0x7f0000000200)={@siginfo_0_0={0x5, 0x0, 0x5, @_timer={0xffffffffffffffff, 0x6, @sival_ptr=0x0, 0x229}}}, 0x6, &(0x7f0000000400)={{0x1e, 0x2}, {0x1, 0x6}, 0x2, 0x7f, 0x1, 0x80000001, 0x8000, 0x6, 0x8b9, 0x4, 0x79, 0x9, 0x401, 0x9, 0xfffffffffffff000, 0x401}) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8301, 0x0) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) waitid$auto_P_PID(0x1, r2, 0x0, 0x1247, &(0x7f0000000540)={{0x80000001, 0x7}, {0x5, 0x3}, 0x80000000, 0x0, 0x9, 0x77, 0x2, 0x1000, 0x41, 0x2, 0x5, 0x7fff, 0x5, 0xfffffffffffffff8, 0x68, 0x9}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x48000, 0x0) ioctl$auto_SOUND_MIXER_READ_RECSRC2(r3, 0x80044dff, &(0x7f00000001c0)) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x41, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, 0x0, 0x4000000) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio14\x00', 0x80000, 0x0) ioctl$auto(r4, 0x80885659, r4) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 4.149428111s ago: executing program 0 (id=2536): unshare$auto(0x40000080) semctl$auto_SETVAL(0x0, 0x7, 0x10, 0xfff) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(0xffffffffffffffff, 0x88, 0x0, 0x0, 0x80000000) socket(0x10, 0x2, 0x7fffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) socket(0x2, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd6/trace/enable\x00', 0xe3102, 0x0) read$auto(0xc8, 0x0, 0x200) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) access$auto(0x0, 0x8) semctl$auto_IPC_STAT(0x0, 0x101, 0x2, 0x200) semctl$auto_IPC_STAT(0x1, 0x1d9, 0x2, 0x400) prctl$auto(0x39, 0xffffffffffffffff, 0x0, 0x0, 0x42) fanotify_mark$auto(0xffffffffffffffff, 0x31, 0x421, 0xffffffffffffffff, 0x0) 3.772122s ago: executing program 2 (id=2537): r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) read$auto_force_wakeup_fops_hci_vhci(r0, &(0x7f0000000080)=""/218, 0xda) r1 = socket(0x10, 0x2, 0x0) r2 = socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) setsockopt$auto(r2, 0x6a, 0x5, 0x0, 0x3) set_mempolicy$auto(0x5, &(0x7f0000000000)=0x9, 0x21) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/pcm0p/oss\x00', 0x480, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x169000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) close_range$auto(r1, 0xffffffffffffffff, 0xfffffff8) mlockall$auto(0x7) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) writev$auto(r5, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 3.599506543s ago: executing program 1 (id=2538): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="e79011d9141048bcee031f98bd4242bb3ddb3c1050ccbc38f0b357b3254433e100f8cca609055709e0f24a5bb11ec51d8a37f44738c89259f07c27d1364a1848a45e8783dfdad43e72819a3b0ab0d0361411fe1d04ee5f32eb729a865d3cba70c7f6195a934a324cbc1fd1df6edf772102710c314c218eb9d767c4ebb166cc7026c1876b6922871b2945b24112241d97ab89", @ANYRES16=r1, @ANYBLOB="010027bd7000640101020800010300000000000000b1f8912c3212c9e442000000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x0) 3.38163163s ago: executing program 1 (id=2539): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pnp0/00:01/options\x00', 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x3f, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r3, 0x0, 0x1f40) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000240)={0x0, 0x7}, 0x3) shmctl$auto_SHM_UNLOCK(0x2, 0xc, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/system/node/node1/hugepages/hugepages-1048576kB/demote\x00', 0x183841, 0x0) write$auto(r5, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0x4) write$auto(r2, 0x0, 0x100085) sendmsg$auto_NLBL_CALIPSO_C_LISTALL(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x40}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x9415}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0xfff}, @NLBL_CALIPSO_A_MTYPE={0x8, 0x2, 0x40}]}, 0x34}}, 0x0) write$auto(r0, &(0x7f0000000140)='/sys/devices/pnp0/00:01/options\x00', 0x7ff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x20000}, 0x4}, 0x1f8, 0xb07e) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(0x3, 0x0, 0x1f40) ioperm$auto(0x800, 0x5, 0xd) modify_ldt$auto(0x2, 0x0, 0x80) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 2.478473482s ago: executing program 2 (id=2540): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioperm$auto(0x402, 0x8, 0x2b325536) mmap$auto(0x0, 0x2020009, 0x7ff, 0xeb1, 0xfffffffffffffffa, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) read$auto_force_wakeup_fops_hci_vhci(r0, &(0x7f0000000080)=""/218, 0xda) r1 = socket(0x10, 0x1, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/rpc/auth.unix.gid/content\x00', 0x80, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)=""/87, 0x57) set_mempolicy$auto(0x5, &(0x7f0000000000)=0x9, 0x21) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mlockall$auto(0x7) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) writev$auto(r1, &(0x7f00000001c0)={0x0, 0x1000}, 0x3) mmap$auto(0x0, 0xfffffffffffffffd, 0xdf, 0xeb1, r3, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff) socketpair$auto(0x2, 0x10, 0x1, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) socket(0xa, 0x3, 0x3a) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r6 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYBLOB="01002d"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r6, @ANYRES8=r4], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x810) write$auto(r5, &(0x7f0000000000)='-\x00', 0xfdef) 1.780139985s ago: executing program 1 (id=2541): ioperm$auto(0x3, 0x5, 0x149) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r0) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/discover\x00', 0x541, 0x0) sendmsg$auto_NFSD_CMD_VERSION_SET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES16=r1, @ANYBLOB="0100a41db4a856208f5b04000000da57afad0fbaedba5a75499b820369d20a84fd86cb58f7dd9ed759ea604f2946cbc2a90ed50ea55f4841ca4bd175d38bee399ed794ef63305ce9722caa7db0502c8297e7808c878f5e30872ede28a5dfe80803c388cf749412ca9412d0b8312ea328160d6dc05c6b5859a42c32684055748a357aa3a3c0cdd72c62c6c8aed761c824bb4a4afbf8c330e10a4a1ca758a2d5d699c380a7a0a5e2f4c04a0c9d5fb970dd3ae6811ba64a2360f1eec727f7b746c0"], 0x14}, 0x1, 0x0, 0x0, 0x24000001}, 0x0) recvmsg$auto(0x4, 0x0, 0x33c) 1.289890753s ago: executing program 3 (id=2542): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/nfsfs/volumes\x00', 0x608a01, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000100)=""/135, 0x87) 1.087320439s ago: executing program 2 (id=2543): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x9e9be9fa8fa407b9, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/net\x00') bpf$auto(0x0, &(0x7f0000000000)=@link_detach={r0}, 0xa3) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/pci/drivers/8250_lpss/remove_id\x00', 0xb0b8a58dea10998, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) r4 = socket(0x25, 0x80003, 0x2fe) setsockopt$auto(r4, 0x107, 0x5, 0x0, 0x8004) openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim7/ports/3/bpf_xdpoffload_accept\x00', 0x20080, 0x0) mmap$auto(0x100, 0x4, 0xffffffffffffffc3, 0x40eb1, 0xffffffffffffffff, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa080, 0x0) sendfile$auto(r1, r3, 0x0, 0x5) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x408440, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 983.213313ms ago: executing program 3 (id=2544): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) socket(0xa, 0x1, 0x100) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000003c0)) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r0, 0xc0105702, &(0x7f0000000000)={0x0, 0x0, r0}) ioperm$auto(0x7, 0x1, 0x7) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0xa, 0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = syz_genetlink_get_family_id$auto_psample(&(0x7f00000001c0), r1) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r3, &(0x7f0000000340)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x200, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8014}, 0x801) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x7, 0x20009, 0x5, 0xffffffff, 0x405, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_GET_RADIO(r3, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={&(0x7f0000004240)={0x2d8, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x9a, 0x0, 0x1, [@generic]}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x44, 0x2, 0x0, 0x1, [@nested={0xc, 0x1b, 0x0, 0x1, [@typed={0x8, 0x8f, 0x0, 0x0, @uid}]}, @typed={0x8, 0x121, 0x0, 0x0, @u32=0x2}, @nested={0x2c, 0x86, 0x0, 0x1, [@nested={0x4, 0x4d}, @generic, @typed={0x1a, 0x105, 0x0, 0x0, @binary="bb8ce7456dc011007d9b335e8e515f7690ecfd531fc7"}, @nested={0x4, 0x79}, @generic, @nested={0x4, 0xd0}]}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0x8b, 0x3, 0x0, 0x1, [@generic="54d82ab3f8a8", @typed={0xc, 0x8, 0x0, 0x0, @u64=0x8}, @generic="96cbf3617f024639a040bfdb8b4f3d108277efa72cb0c5bfadfccadfd6f5abfafb1ea41626f784ecd56d5ddb5381bb0693e65c08a2a36d85fc92399185546f56f6a1bdf6071ed21fb08ade38f4a808a80e0ca2f977d6ff49ecbec4a4636db1b3cc4ae2faebe6891aaf04fce0669e7864a18f489881"]}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0xfe, 0x3, 0x0, 0x1, [@generic="fea6bedf35731091d62c4f7c767b292f30622a19ba15b97b190e4a13839f071d046439833fff4d4f161654489a8bb463feef3fddb4fe1e88fef884eba34bf10ce5f1fea3ecc1c19b260b0f209e5d7f4b1d2b734588aa9ec12632a62d5f86eea6fe34543dc16e2ff2678ce9d49d422ac4b99262698d80b668ffe54df2a365951914442eb7e723c486be659df8acc48d441cbbab15ad3429a3d2eb8735eb9dcdd4cb77909403efa2c20a295336f3e85af1a732e382dc74ee8adfe3085a2b9162016196ec8da9742f68c28b88359acbe8a5439b2426f7db", @typed={0x1e, 0x133, 0x0, 0x0, @str='/sys/Gvs\x9a\x1d\xc7kernel/eebug/lr'}, @nested={0x4, 0x2}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x4}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0xdd, 0x3, 0x0, 0x1, [@typed={0x8, 0xe, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x14e, 0x0, 0x1, [@typed={0x8, 0x98, 0x0, 0x0, @ipv4=@remote}]}, @generic, @typed={0x8, 0x24, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0xd0, 0x0, 0x0, @u32=0x7f}, @generic="4b369c98a41907eb34e0abb1b1060e768dc226baffee75ba45f22d62bafa1bd763370090961d27ff4cd8687333ae6203b5849b0b81cbc204b04cd31b315a2daeda8482034959995d6832cb7ef031aa165a2c9f8cf8c21f29ddd3b358e354005301687d58db796127c2dd010e9fdbb148138fba1fe6410fc911f71839e2c620d3286df8f8002bd7a0e28b852fda87cf183651604f47e2361bfbcb1cfc67ac3ca942cb8f7bd0a9c7260c2c3873e14a32126c2f4bd5f0"]}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x80}, 0x800) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) listen$auto(0x3, 0x8d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/pci0000:00/0000:00:01.0/power/control\x00', 0x1a1842, 0x0) 731.964867ms ago: executing program 1 (id=2545): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioperm$auto(0x7, 0x6, 0x2) ioperm$auto(0x8000000000000001, 0x5, 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/system/node/node0/vmstat\x00', 0x40000, 0x0) mincore$auto(0x8, 0x7, &(0x7f00000000c0)='/sys/devices/virtual/block/loop14/queue/stable_writes\x00') mmap$auto(0xffffffffffffffff, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x14, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20007, 0xffff, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/rose5/duplex\x00', 0x800, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x7, 0x7352, 0x40, 0x65f, 0x1ffde, 0x7, 0x9, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3000, 0xfffffffffffff001, 0x6, 0x10002, 0x80, 0x4, 0x0, 0x7, 0x1ffc, 0x3, 0x400, 0x84, 0x0, 0x0, 0x0, 0x400000, 0x0, [0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xcfb]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfe, 0x0, 0x2, 0x0, 0x7, 0x8505}, 0x1800}, 0x8, 0x400c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2400000) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2f252cbd7000215602000000bea4c1f10daa", @ANYRES32=r3, @ANYBLOB="0600eb0004000000"], 0x24}}, 0x4000000) futex$auto(&(0x7f0000000080)=0x10000005, 0x3, 0x0, 0x0, 0x0, 0x0) r4 = gettid() kill$auto(r4, 0x3) msgctl$auto_IPC_SET(0x6, 0x1, &(0x7f0000000100)={{0x9, 0xee00, 0x0, 0x0, 0x3f3, 0x84e3, 0x8}, &(0x7f0000000080)=0x2, &(0x7f00000000c0)=0x8, 0x80, 0x8, 0x7fffffff, 0x8001, 0x5, 0x6, 0xbed, 0x1, @inferred=r4, @raw=0xc00}) stat$auto(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x7fffffff, 0x100000001, 0xfcd, 0xf, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0xa15d, 0x369, 0xf45, 0x8, 0x6, 0x4e, 0xbfd5}) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xa0e896f, 0x2, 0x0, 0x0, 0x0) 275.685983ms ago: executing program 0 (id=2546): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) fsconfig$auto_FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='\x00', &(0x7f00000000c0)="a97de3c2c72d217ceb76c4df33644a02994a5493b2802acaad18e6fb0e03185eeda878f65abcb851524caaa299f8be8eddbc4eb0a58a64470ae674d0d09ca70bf622fdc9dab5b03af26f30b68ea83f172f4c6dbfb69590b923372b77764bfc778ad6ce9d0c34f0cb9983f3f3089288413f32133d07d21cb965076685f69a27dac525d966d6ce435f40d80516f74d003ed4f37fdb92d7f2aa66a8e54bceb7a269279bb43feec7f967ab610d238460d7b91749696dee8322fc8ce53d074f0e", 0x5) r1 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/current_tracer\x00', 0x800, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd3, 0x0, 0x567) read$auto_set_tracer_fops_trace(r1, 0x0, 0x0) 4.921077ms ago: executing program 0 (id=2547): socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000200)=""/74, 0x92) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x4, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r1, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0xfffffffffffffff8, 0xef3f, 0x0, 0x17, r2, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r3, 0x4b47, 0x1) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon6\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = socket(0x2, 0x5, 0x0) connect$auto(0x3, &(0x7f0000000000)=@isdn={0x22, 0xfa, 0x2, 0x4}, 0x55) sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$auto_WG_CMD_SET_DEVICE(r5, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)=ANY=[@ANYBLOB='8\t\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000ffdbdf2501000000240003007729ecac5e9239d0c4058eac0405576c2cd59ffc84b3098afa677190f34d1790"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00'}) 0s ago: executing program 1 (id=2548): r0 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, &(0x7f0000000000)=0x80) mmap$auto(0x2, 0x4800000000000000, 0x0, 0xffffffffffff3f11, r0, 0xa) (async) shmctl$auto_SHM_STAT_ANY(0x6, 0xf, &(0x7f0000000140)={{0x7, 0xee00, 0xee01, 0x6, 0x200, 0x6099, 0x8000}, 0x8001, 0x100000001, 0x40, 0x40, @inferred=0xffffffffffffffff, @raw=0xc, 0x2, 0x0, &(0x7f0000000040)="4aa11bea468327e782b6252d0c1f4ec5b92204b2fd8d9e6b6a4f2942d11ee755d9cc263a0495cda92527db788c846a3949ff11eb82bda2749e7fc1dcb02e0149c4762bc0639e0ee755926fe9c2ec2f06d51319188ab5eb4d660b2509c6275094eec7f54bc5a889fcadde7b5c69856bc8e80773e1e01658dc558ab6928cfe2d118edfd6f8f97c7843fa9265e989a5f4bab8030e129fa83bea3f326e7ed2f02c7d455384c5a925eca2d1ea", &(0x7f0000000100)="96020bda7cb450a4e2123625b1be69f89df05d6c843703070a8b55ab7e0a0067df7ed870893839ea5538ba"}) (async) msgctl$auto_IPC_SET(0x7f, 0x1, &(0x7f0000000240)={{0xfffffff7, 0xee01, 0xee01, 0x80000001, 0x10001, 0x5, 0x5}, &(0x7f00000001c0)=0xa, &(0x7f0000000200)=0x4, 0x3, 0x9, 0xffffffffffff7fff, 0x2, 0x5, 0xa9, 0x9, 0x4, @inferred=0x0, @inferred=0xffffffffffffffff}) (async) r7 = gettid() shmctl$auto_SHM_LOCK(0x350, 0xb, &(0x7f0000000380)={{0xffff0000, r1, r4, 0x0, 0x10, 0x5, 0x8}, 0xfffffffd, 0x6, 0x3, 0xfffffffffffffff4, @inferred=r7, @raw=0xd195, 0x3, 0x0, &(0x7f00000002c0)="75af94dd565456a5f5b5eaf8dd296f4acc2a946b6cff6b5f7317fbc59403a5e658b991200cf6fc3a635b0a3cc851fe09150dec6f81560a38ffb3af1650ce5ec476b4bc320c539ef0d9ca3ed6d88a598db65d4eb9a638821982ee64ee4e63b7f41f3f7976c42e109c39231163141301c3", &(0x7f0000000340)="31fae487c9cb11d030735a9daae8cbfc96ee6fb8849e536fb1176f6bab923d"}) (async) msgctl$auto(0x400000, 0xfffffeff, &(0x7f0000000480)={{0x400, r1, r2, 0x5, 0xbaf8, 0x8, 0xc190}, &(0x7f0000000400)=0x15, &(0x7f0000000440)=0x6, 0x9, 0x6, 0x4, 0x5, 0x1, 0x7fdb, 0xb, 0x10, @raw, @inferred=r6}) (async) r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram9/uevent\x00', 0x0, 0x0) (async) r11 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0xcf, 0x3, r5, 0x8, 0x5) (async) r12 = socket(0x3e, 0x5, 0x16b0) msgctl$auto_MSG_STAT(0x6, 0xb, &(0x7f00000005c0)={{0xb, r1, r8, 0x7, 0x5, 0x6f32, 0x1}, &(0x7f0000000540)=0xe, &(0x7f0000000580)=0x18, 0x7, 0x7, 0x2, 0x1, 0x7, 0x8, 0x87, 0x1, @raw=0x1, @inferred=r3}) (async) sendmsg$auto_KSMBD_EVENT_RPC_RESPONSE(r12, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000800) select$auto(0x3, &(0x7f0000000740)={[0x3, 0x8, 0x3, 0x8, 0x0, 0x7, 0x0, 0x3, 0x8000000000000000, 0x9e, 0x7f, 0x2, 0x3, 0x1, 0x5, 0xb]}, &(0x7f00000007c0)={[0x8000000000000000, 0xc, 0x2, 0x60000000, 0x1, 0x6, 0xff, 0x7fff, 0x1ff, 0xecf, 0x200, 0x7, 0x0, 0x1, 0x65, 0xffff]}, &(0x7f0000000840)={[0x80000001, 0x5, 0x6, 0x4, 0xd34, 0x34, 0x7, 0x9, 0xd690, 0xffffffffffffff7f, 0x3, 0xa89, 0x7f, 0x2, 0x80000000, 0x4]}, &(0x7f00000008c0)={0x9, 0x24e27bdd}) (async) listen$auto(r10, 0x7) (async) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000940)={'caif0\x00', 0x0}) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(r12, &(0x7f0000001a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0xa003040}, 0xc, &(0x7f0000001a00)={&(0x7f0000000980)={0x104c, 0x0, 0x400, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x9}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x1}, @NL80211_ATTR_ADMITTED_TIME={0x6}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r14}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x6}, @NL80211_ATTR_HE_6GHZ_CAPABILITY={0x1004, 0x125, "70054ce75a5581e34ba19337e42a44966cab12b01a69c5350a07f964653049b5c3593fc7ce808f8727fc9c46e8add65fb3a959b6c9bcf2f73744558d12bd4ea71ddb796904e3c6fb7177e1a69eea6e93d18cf36e09721a6dcfd05c33912080f9058ebea1f16a844f8fbcd477bc7b12d64d3ce30b4ba8e0bcd217f1de15cbe495d01677dfdc1c4be8f2fdf7393daad3263a4c048ace1ebc9c5a65e7465b60c6bb3fb29e579b109452579dc7ef940c92c5ddbf6ed77a41cbe2da8a9762838338a448cff708bd956e39fb737ee7dbd7ffdf64bc2f6ab5ba7a2c79949eca995837185c575baa4f5afd5106b97cb03a7c101c1294f22d65434229341e5041c72fefc7a67857c279e75afd1e2c14c13a7d685feeb7b52329b6d5734c1343c46841893e688e30a8601b0a0c538d2cd6753f189bd29d096c0610da119acfcaf22c9108b895c1ffe5abc1472edc8f1432d7df571acc58b7a64dd30bbb1363f88a1bd280613a661028ed8b5970a01f21392fcff082c7203af1a4632316f0fa39f0bde5297bb1fb7d961867c054e7c4736531f6725996137e3f055f8c1cec633e253f82739341788c35888ab7bd0af5a786293f3fc78857a913785ad20d2f9994a9ac9170c479fb1ff92893eb537037ef2f2cb4bacf1efebf92f35b9bc9579e1e766c507f9fef0875609f2893e2f61442c9430b81b6fd0b6e3f4d67814dbd8b4d7301b72202d3af21be4efb22819e84c995ea6579bd37eebc2849a176863676154b42c6cb77cdebb8dabbea72695b8120596d5f47f462f3c0f89466ebb661c5c6573969a182209b33256beffef775f71806c8263d533c5dc83273d8edfd4bc8cdc23e2e2bc81f194012fcceb6565ca69adcb45f68ec0c4d162a91b3c16477998487697985b4db06e8087133eb4b138c41219e9445dc250ab146530a5ef7993c5186227f9e90350f7d8222cb5afe93cd0add0fae15441f35e795a7a2f7868e662939a6aa38455547f89b7dfdaa62ca04105024bf68be015c076aa2094fbd6a621504fa104a8ae696dd9caf3f448dc64ed75b204076b9ebf393437e5bc4ed48dd5a9e2a09c7c1689b620a50e2b9d8ea857be180947c00c141879cff1addfd0c36e74d192209c18d2ef77abdb8db72fab45ef02341a53034fd566d953517ebfdf94bb9b2a478a34cbe9d0f5292b7f170de7601d44985b41712c99869ad183315c538df35b8eee3cb93204119ced60c2a608a0840a78e1a7fd43c69c8d1410369a06b031e3d9ed17b3cf577469cc015f1a36ff9c782155751e473ef194c45851add7f6eb2a64cda9e24ef5c079b383a87ae6f29657a996be8edb6ca562d876e618b5725af8f0f50aa305dd520011297a5af9f5909972cff6690389dfea1149b5c03f5cd364d3b19b97ef21fd1625e3682dec746fb6d6ae09e64d5e3fb3b5b30f1057417de94d3b83277291bcd3519cfe3ef6484dd69d04f1812afdb6422efe9717f2e2773f058f5fce13bb02fea6d4e34fb651301d3f228bf4cc1ebd559813210182bca40a2e09538a95df59529180d0040c28fc5345a75afbafeeb77d4df757dbd5178b8f74b596439d017938c2fb7b7de5b2245af7625d288bb69e390540c823fabccce0b1f5b0537aff7533a3a9c858af9d862653201c43b3589dd325222dab8fba963680535f3850adfde1743bb7c32e34795eff9893866576334f59984025470ad589142b98429ffb2990d83e415fc680c85187c1c9dc15bef89e1658931293708d28e4b08064f98a9d0eaec28279e2493627b2a60236ac5462a305af873d465eac699fd9ff01ce6f7ae563aeffdfbe284c5f3d8f3ed190cd0bdc4bca7350c280b2e15af269611ad2cd90f84baee82cf52e7dbae5951034cdeba7ea8d7b04a005f244b5ed8be9de8702a19e74781e7744b0ab75bcc89cbeddb515a1660ea5adeec988cf5c31111c44ecd31accafaf89ed10c34f70d9bebd5d03171893bee9f2b74454e700354ca027921be024fc0e12fcf0e743b53585ba5442c6a263896d144ac7cda097ebf624b881c9524c20050b9cff3e81d1c47bc1d748df74b5981b512190083d3c51c59a770310a01c3e58d5db154e6abc18dc092c884db11ed8480ff874a23e9f8599238a28b49f6572da122fe8be7e69ded793eb1f5166f0705a70dd739af56c88513c7cce2636ae1a6e2feca646004e68ca6e63c2436c49b7b55209114d54383234bef2dd2d05c6157d46531a25a1515b6ceaeaccdeeaae1bde45005a022f467d744231e4118b52bb67790fbcd8e2cfd3c9380e4ac8649d84cf5fe52dfde708d44b2e7ba116a29fa4f4edfbb5669db0ed6c0ed2971bd1b1e49292012c26429f3efd79b05bb9ebfbd3753b22d483777304f15b5d7d2a2f01367ecab7071ee0974fdb6513b6d44772678596009e1d750b839bd4ec35cfb0aa17f52c871c63e42815518d4b100bcaf0237ddd757c976a8a64dd7c28b008617840290592bbc7442b0f93db8e602bf7896777e5861ec7c24ae348e1c16d4de6bd10f284a8567901cda22f8581dc939d1ec3ae9eea2c733388f2edc76fbc27be76d361790565ca719880f8b598049a81bda97e362a6aa91f1e0447f3b780f375a8e8b8edd38c0ee631b644f787f96ba16d280e177b281cb8218d29c8a4d4e9b1029001c615795ca2d1c19228b2f3ae67547d32f79c445b8d15ea75183a57fcd125e0678590dd10590721f84edc639f57709a0197b07ee70bd7bf63cb5558464766f0737b3d679a71036ce3885e0f1b9ea71fadb37b627ccba9240ea91a29584a462815646f995d79a61cafe0b1cf409c605991e24d4a6bd4cdd6c2be9062289f79da163511da63979fc704f51e44a03d5d866325f67a0f8c79b0c9f81e55028f70e67bc2bd53cf6fbe3107f1738abf8a06b22c8f73d6e84ad6496406ce514149253a14c03ef259af854e8d64da806c43eccfa94c8e43d0769a749a253de5b5a959f5a976aacc993894a737d21c6c1068e872fad8c6820a68b5095a3006d9506c11c798db9b161d894082b99696db0b97db70bfee6c6b899b1b9c3005fb066ff81f09df3c18e99893bf5a9967e5575dc2f69336caafc67e71b4740cd30bab4e4d735edf01f1c29e2d895bf1a5af66e398f2de798338064a6a44cca4e1c31663b913767f92d1794975aff4527a5a30dbf7ef4b160129d6271e57022b7287dd90f27102eba31e639d0b13cb50830a4a5e2472ef154919a541e6ac811262724873b163dc411a2d156a96cc5515edaef29c84f7068c8c50cac8dae35a15e427334b69a20beeb3abe7cb105037d6bf26ca1c317ca3079a4cc65cd40452cab624e2e1d48415d54c084587fb862e40288569dd3f10d1eb3f95729ee41bdd88f93f5a42cd89daf7a33f4f93d80ae48edc0caa767f3fb05682f80e49968c2e4a2952be89826b4ce9b54436dd222c1451d80a95881d919d4009a6b1f8a6a8074e50e8e8cd06abaf810a56aeaca028096b84cc775cbb6571665a3a1e8acfbab324a67a9927f63904949f0c84b92c2bd6f557e5617db836567e1be73d066f50150c8cc25711f1e856c0b6de4a3f2e305f40f7e62725119c82aaac11f57f74ba7786a5eb4091c514f66a42b0b4164543801960618dd71ad1118fcc8ca9d113cadb0e3016f74ce2bd0c6afc15be347ee7834ad7a377cfbbc343fe2c0e17cc98e722e677214f69961b92e82964b06decab0957d8fac5104f5ae73bdbb607d201ac50266e7d87f95e258c94988354d25d1523defc83fee4598fa66a7b8a178a6a217eeb4d3d4df39ba94480957551addee5099314b9bef276421489680914ad67a6c6399fbdc04ee2133b03fac63ffa8d4ddfd95accf951a579a678578c611761b98239726e2ce37e730e4d01604797cb427449bb7186210366f8e3010a862fd4c86bdcf05e55599cc2059286f57fc0b5b9f97cf1d4201a08851f21607d5cbbe3924d225ca33464a8606b949c7eb02308c0bc2d261ccee994939e8992590b1e6b11e871dc86c536fa9140b46135d61f81081d456860e2ff3c3dd31d94c24ccc9b811305c2a5446a40ceaee70c9f9b12d05437b5f0b17f63dc8520ebf1cea6970a7dcd6bca116e76841b9c0168e1209e9e66c24dc5611a1ce054a218f5535c2fc5b72b18063fcf6886657e5a16634527eaa1f83e0217598f604eb0decd6bc225b231afcfb7f7ab93868c275081ad91103395f6eebf099aff5fb3fe6a997d6514066ad6d918b51fc6db807149a79720392246386e361cd49c133ed991450fb9ee13e99cad9c79fb089c5040be2737d7b85be91a33e785e662fb2a121f3948ee1678bcf85a55ea9126c5a81619781f2a0ce3ed0dd1fed3ffefca19d6c5ceaaf98fddbbf55297cf44c52299382d862712274a420730674df48d6d410f5c9bae3c357f96049a17bf72e4d7830e89ebdef16b0cead20aebe9ca65f6d3694b09020f0fdd57daed9141534488d2ef739ca5e4fbda9a873ddd47f88947a5ab589e02c234697964f254ccbdfcd9fccf9e2ea397cb1758f202bb7e0f8b2bca539a682e2fee1f0d886f5f5180ffab0326da438dd9bed0cb8988ba7d17eafe7dc7f316998fa2cc93bc555c46f2f914ec5886fdfe5fc2393a39d35d17a9695681faecc3cf118a5a9131859b8410704567bf6f0696bd88d32d8cb1575b7c715ab0e9a8b74be54f5f2222b9f1a7c4c876263e0cd569336b64489653175f3c46a06c206da5d9268bb6661670302bc76e52d866d8261642b4d25205b0d41de0582c1b7c49381c46e6efa62ef79ebca7915f72d396421b7ef1ef7902f67e37c98b79e6b47f07488ad50d4a1d3eae105e72d66267f5c9b92507d08975010a603ae7e8275c81dc97b4400db30c63b4a27ef31a885a1c9e6422433c76becd6347bbea3aad0a54606b60335c3a5ec4a80fd85049dab16029f340f03256b38920dec56d74cbef18a8fa14e43c9e3743aa18f39bf69a8f20e447282e098ed171c67663e34dc6f54dea5a2e1579644230032c802fdec4ec014018f70c2c52df439cf51380cef6468cdad8cc6fba72ed34a8f2fef2fd72117b56586c28e54600e1b39c97148c6490d78a4a8d49c63b11bf18272617d711b5c7f4c61248d1fec45c9d14c7ea9d2c69abe7d004669e6effa22adf268ca87cc9a3810fd4a2d009ea068d751f92cb61821cdf3031e7bed7c368d10f6e8f2380003c8e21456ec20b1c1c02adf0188cbd2826a0b34902c3c5ec0cc04f255d711054e2a8eecefe8214f363a1b92fec4419e4f5bada9991d94110d67ce62c836d3926f62351d66d1e2e353aae7275df23a325ba6239031e481d4454ca74135e30644f8bce8de5ef7ec3cc049b92923b41a1f31d23a67b91976e71263e74733dd01d5523e18215456e6b670dbe12a7abfa226f443f7ff70609b4c23ea52de4be83e5d08a0aa4979d2b440ba7b1c0dded70c5753804d5fb28bc91ab6d28b685bc00d4fb9ec5da1cb674000e7ec6b1908c99c20e899716507cea03746fe0ad950d425c9b70429568d7941b1046fda740713d822580ff765f23c4f2b3ebbe424d95c8f96e677602ab9630553adac81d560efb43eda605b4bd0bd4e88b5c37da1c52f0f3955e4ce3681b54c976b02ab0975178fd598d0eefc5aea4a11c8220494a7f5f27b0370139dc791aec478f1e4661966a21b82e3ebe36e3b73b5ce35b0ce54c419ba8ef738740d397bd2e4eb5056bfb759cf61c1372ddf3a28b2770a71a95bcc3abbe817155f9b818563bd46dfa5eaddaea61b59f51b5717fcd200f1d9662e186ab9299377060396ccd4"}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x8}]}, 0x104c}}, 0x8000) (async) r15 = socket$nl_generic(0x10, 0x3, 0x10) r16 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001ac0), r11) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r15, &(0x7f0000001c80)={&(0x7f0000001a80)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001c40)={&(0x7f0000001b00)={0x110, r16, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@MACSEC_ATTR_IFINDEX={0x8, 0x1, r14}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r14}, @MACSEC_ATTR_OFFLOAD={0xec, 0x9, 0x0, 0x1, [@nested={0xe7, 0xc1, 0x0, 0x1, [@generic="290ea8cd382a5b88eb79a074fec05d0d1348f6733218b50de55289e7cd585167a5e465f842cf8fec3576f815b2561f969c24992bc9a049973c9fe8dea52ed1bca7f9efad2715018a5fed939d6f6d9d6b891796c0ae7c309292cb8ca9a7dcbe701d0951765ced39fa507de7183659694ac55f4c24a8ea846a122087710c8bbddc9fecd076a1f0787f767333852e0ae866b0d2a0feace9b6328b451f646ca79e0d82a04680e295df181c3fe2442f2db91b0ca02ce99942c4191f7fc3f49a2a239d402e41ae0ac20675629018a27ca1b1378870261c4745bd615330d2dfe01779f05f896b"]}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000) (async) r17 = socket$nl_generic(0x10, 0x3, 0x10) (async) r18 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r11, &(0x7f0000001dc0)={&(0x7f0000001cc0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001d80)={&(0x7f0000001d40)={0x30, r18, 0x120, 0x1c, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x5}, @NL80211_ATTR_SUPPORT_MESH_AUTH={0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x5}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004) (async) process_vm_readv$auto(r3, &(0x7f0000001e80)={&(0x7f0000001e00)="23d8bc98c031e166574efe71dd31c3e48c3d6124fd55db182bf781e4dce0fa44a34fc7e7009a2d6e19f0d224c44f49554429db9561d7fa91b2190d18497347977244a01732ec2f0f98f84f566baa32d25385d770393a4d7730efbe9b6e70c420b09d1f63f65c92be9e9971699c7c1847db1e", 0x3}, 0x4, &(0x7f0000001f40)={&(0x7f0000001ec0)="1dc54c27dcd312b6964a0f9805e09d45a107fff8113e0f7ba736f7163e545e32dc5d9cf6f8cebe010711d7ce3e2bb430ee00ec037fabdde74aaa3e4cebb1b6b119c71e4f69c8c089b8a9b1682908eee572d60f50bf65086f1523339b1d335f", 0x4}, 0x3, 0xba2) r19 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000001fc0), r17) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r11, &(0x7f0000002080)={&(0x7f0000001f80)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002040)={&(0x7f0000002000)={0x28, r19, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@L2TP_ATTR_FD={0x8, 0x17, r11}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x101}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) r20 = accept$auto(r12, &(0x7f00000020c0)=@vsock={0x28, 0x0, 0x2710, @local}, &(0x7f0000002100)=0x10000) close_range$auto(r20, r12, 0x7fff) (async) r21 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000002180), r12) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r20, &(0x7f00000036c0)={&(0x7f0000002140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000003680)={&(0x7f00000021c0)={0x1488, r21, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x1}, @NL80211_ATTR_FILS_ERP_REALM={0x53, 0xfa, "c48969be56d483bd70e8d697512fccea30ab3087726fdb20ba0b049591ea61f2eab7434b379867fd09859bf36a4509a21bf3b33958a4b72afd09c137228b268f585c75c172e57d8e3c4195e04e5c7d"}, @NL80211_ATTR_MLO_TTLM_ULINK={0xcd, 0x149, "a9d4036e19175d736ab8f90ab164b9a995d4c9e61910d6a8bfcb84946e3dda21e7ac7443af3689afffbe675eb7924a14016a1a6a52f6a283c8e8202a5cf226dbf44bd36453a3ed43dec36e880024c3bdfc7a98693eb83d4d2cb41c087d2520995f4fa511c615f5d1b68172c44ace39e18a7e720486b29b6413a7b9e6c7a5ae9abdc4209e73fa9549b30b57229d50962093b0046f1271a8c25d02d6723e9a241385fc1e8e1acfe6c25a86be0c1993f728ed32969c91ad285913789f2461cf0ac655cc95fb80647dcd48"}, @NL80211_ATTR_STA_FLAGS2={0x1004, 0x43, "e50f66d4ef780d0ba768b99f1d9fe7314b249be6a9e66de59ea892f454d2a5cc0076f321f3bd9379e0d3f44f984642e89882353df345b0aa0382f89a15a1ef8174b05ed1488f307bf8bff6abeffa99072d1cf6393744664d24b9065fef10b9514f45a5056d7bb3aa0d466480023ec41fdc2349dc02ccb4711b26bf1ffc4168f5a6677a78e2b066fa53bbf64e8ddc4aa1298bb76021ffbb83fd4d103097d41f32d90daec9f7031526eab3e6829814edabcb3f5c0f37c4a3233586cd267b48be0dbd0cfd1a6eb09dad6237562f9aeb16a9c1f216ef227ff2836c0c41baac4882b44adc01615c895ad34d26068819fe63ac30fada865c08e628d7c4a2d4999f2a38490e8305554452e69a66cf74eb108ec11fca1b83e9057ccc740c715abd296b910fab9a0a9240605c4d45f38f292e3546d8ba3f731885cc97597a16b8d9010598bc1b3fa525cadc01d9d06c2845452962f04fd018dd4d25c1665ab1e1633245d19f951affbfd337d1932d5b2153a24911f6066fa20f2fb2d63634d5bcdd77ff36045ab2861d97ad03ce990701492d15319e7a6ae892fa0eda640cb40000f196f437fe549e7a31d56343c9d2a49ed5ae401a8681f2792d8cc526a81b44392b5f02ac3559c7622d6627eb1ea6f7836e6f9a0209df626d119ee08c26a6de2fbfafd3a53b8b7f2ddbbd3faf20284937d1681b1499811227727e2c8ace99cbd3e8374536ae6dde0c0ea44b3c7e7d889c3e4ec4f60d2e22794fda9c99a5bdf2123ca7af55d0ce8b965aad3f2976e2e398574d7e170cc92824612722b7d40300a8bd255e330b50dc04c6ad26aad1193b1aa80ccbee88b13b268948aa4a1edbabb723510e725724c091eb59cc2a1ffacf804b6391f53a7bc3e62cb8d67a2522b0f3f86f4988e9276260a2a893aa2a836e031f6097b93a97a6cbce41b085c6331ca239ae89e1fd4cb377c37507995bb8a4fb99f9c3102d378ce3e07efa1c4929c1b55826fd85bf8cee6d2dd8990b8b291d82fd4b3b25f6125c93169e824dab3da339ec6315017c81c213d30cf29b827434bb7961d95f5d9bac7fe95fbb8dc050bf1d56034229c36378153c9969df705132dfc093038593bda4a2af31dad109a5f8d15a4b0bd1f3279cd216fd3cd3f0d458de29e568a16cbff10b88de1a4b6a318e2c1a0c975b186d26b27f357449bd5c1dff0c6955590e92ade4ebee84ea4ca5b2da44e155d9718e06807970e3101a93c6bc46e571d88dda0dc50eb7cdd99c7ab7f8ebdd733d90450d044789061b6eb44cde293f4804c85c40e82d39020ec1e25d7009b71cb3f9dfbd71a8d01a81f2ef7962cb9c9fd9b2152a009c84dc614b3c1bd6416a98582a2df75f1ab21128786b7c63fe6a1d03f5629b1d20030fcde148069581344f95d77d2ff440196c1b54ac87d14e1d02906c6514bc21ad71fe50837425526d98d7b4fb15dd554da2845f65ef94cb961ec9aab5dca6a202bf12fbb58b5e3ec34038df5a20d109d61df87800296640f54d14b15695ae71f789627acf04178dfd8aa32cebedcdc8c88d3b73b4685f95362031dd2b959831abc043e389300537529f03c6ec9ebb89362b0368d541f12809d763089308555a150988ce0ca60263f63b42a7197068734de144bc80130e456af47f07b86a6f2b6940da1f6e5d090388735354a461069553e4d327fcfd067cd4a6a564340646b9521a395c9ea79db3da0ef6fd72a7155969affc5b1abd663ad360d3d4ee142418f02c374a285e75d348f2062b58c23dc6b4ae39514f4c26f519ed892d7d49fe35f19f334e714ec07fd7ffffdc20ddd7322847ccb7f57e0e1e157ec60f41def65b4f69ecad201a48bbc91cdd5599220a7f3b0d4b3b183789a97ae8374a3bee36708b24c8361c3915ca56f7ca96736968ba63930cd7ae8a7d78675ce73fd86bd72d83554e8c33d1be63d75fe3945640d2319a8b30951668f1993ad733c16b8f4eed630834a960a69c3c34dacb8ba4661e5396e9fa5d26ebcfe7cc97a7029924f9468d984c754bac2e1bddc50dec2d6be9a5a0b3fe373d6e697258e181e502894cf5193e3079dad741e7d1ae17346ab57fb79c6334cd235aed8325b39cd10a38b5cd27434b761312a943ad10f019e2f25bad1e0c9aeb970788b51b4cba636b40ef77c8c26f1cafbf55de11cce669eaeef1ce50739122c8d31a5c1fb0b11507207a5c0e8a9209d3cbc078b76ea8f306a0f9a86d77e2572a8419b2d8cd113ff0b7430e8e09ef9342adb9bef810bfb47a2f2f4fdca67875beed8833cce66330aa2f8b152c62e48f4cd4dceb113e11e354b6c024cf08b5b37bc89d5581a00a9971fde2d4f1ac86e62074a7b4d973b78de13c98250b5c8135d2c7e7918a488b212053d716dcf963c9613e79cc726fc493f067edc1d4c90c00deab41653b0ea23882c69c9566e397876742a5bc125ca86d84be1283201da605bacbff4bbf34b6ab3cc00f94c02531417326bee3be675ab54273ab02af6cffcc8a215813382c18a983521dc5edf82c0949a00a10286ea15fc571d5435b9cea6b19b53c2984b7311b6f31a844e98acf2fca6587f56b16ae24bc1c7ae40c0ae5adc6390593d98a4396082ab8ead5a4c20bb6a05762a4dff86a022e7ef7bcc85b3fdf68a3d3ab823d3dfd786520ef10f5eac37e6d5f32ccc3830e8262b35df919d90e5af3f269d74e52c24b11108ebcb5d6cec38366715ff6a3bb7b7c1ee23ce89f1eaa1d219d11bdf27b18ac2349d4939d6fe8913d8855deff8b880e3baae9d11154dfb7e0295aae9dffc794711622553fd29c0f19c51fa2f97954f836209679adf059dbdf94451e13fdd2ab768c54c607ac570834268ac05b115b13a67dbb83582c420e8a7b666af4da3bb9399bfbe14a78b83c35d9451946146df8bd79ec306978b21363f2aa54a3e81267ef818c15c5425b9c0dd79beb9bd0efe845a71e57f38ab7e8aca807e7b95c71eaa2275881f8c06f7db2a3c9a3268963d7d7f7709059123e5572af5f4364abf2a546ba2be50afe3546b5a092ec282cef47b6938033bdbddedb8d10e4e2caa488df703df002eca5cfd3aa6112cb54f3bcf37f887013df5ae7765c33839fe65bff890b28d1d02a4dd86816315dc53822aa6889cac249518bf71b5e23ec86892e169e3a9d8e791de631cbc81f3a3d0353bfeb6479ccd6d00770f290bacfb914f65c28eae2a77d9921970eb5524bd3005095f8b7d30d8a99cf93e9937cb1ace0aee971f0a0e185e596a60f81fa3ffa5a5cc7fc8e02a7fcbff5ba1e78437c7d9b0cb0025ea1107398ac1d6f25c09a17d961fb96870d2892d09042a65b428d47285be084a96bd85fcb1a489ba71403bd292c0874990e26240b1a1883b6dfbc722778a629c5d0247ad9fa1d4f7de150be09d6803601e3a497ffc03b5eca6cd1ae5c59d433304063b0fd2244d347a3bf089fe71f6deb7b239dc926aa62ac35a4a8d47faca6c9234a7cca7fb2491a3b2ceea214d9f646d48410b093f0ab14996f9ac3b188cb5799bfac0dd0f8574e2be670940c90cafb33b7688877d92434a06d8d004e65d079202fa2a4948bd663f0b073748f727b0a27ca469b443fb8abc6103d4e18fdb9418c66abf98260d072e85bb03868bc241cd971f2d9c54e8638dba9dcf921f13813b057e7ce5c04d3e398e675f6ef05e623f51abd63f188fd036bdead14ac0d7122dcd32f3e289976cce602e958836f870164ee308c0e29d2160d7ef79764e6410f95f0719dc4574e5cfbf80286957064a2b1008ef28c0d80412736f4a61b3d70b78df869da5a5c483666586d7f4b421ada4e98573ab50bf17b4e8b786511d1c19444fd1c5e39a45d0676d9ca313756839e39b4a48e09d525f87a7f909994ba1fb071b98e0fe5d9a54ba68597c6b2f83e5fd8cd7d69ebab8668320db1151deb0108eb36a40d574b8486466cc280bc42e458ea340efd8c0be70ae79096ce74197ea3dcf7f59373ac55e9088c4960f981868304d5b737f09ebff45f6fe4df4e07f6c1aa528fd80b9017a67319ac2fb90c55b2df8728ef3f4e958eb351fa6b5318efc9ca72b4defbff3d4f4e3edffeaaa4c54530666dfed1112cf37e93e29742f55f27e2e9d4c7331daacc5608d8545f617444b791af6758e2d092d979940e3798cf06b225983a0ffb3341dc3f1056a1b1c57de01fc9fa1c01b88bc4ad80c960cfeb85b3ae63728250b2067e0bb4a46d856bcfbb68083677bc5a3dc2e80143d8601c53c2b38d9fab5853074938886619cabb035509b84f4a44a4121d55e1f09be5297ec388caa0aebff229273bac98358ad77d2b89ffcab7b9f7b92bef41412d630b08a366fe8eb0d5252337d532aba76a5f5227eca788841fc0ee58a24ffae8c5d82043b0e3873047eceadbd003f17018032a7912da06b230c4b8130019fb948a8676e1822bbd7a16b2863e26c68adece221694110ef81eb3aa04608c8df8fb63e651abdc5ff05fa184154e2fcb4b5466113899d5c39915b95585763202f9459775249c9f600c6c2bc568794e6f83131dbbc4216f898ac20cff9f208954bc6413d4a1510f5df19493ce9f8dad060438e7d14f74e43b729b5567bf8476a2198aaf9501bf2d05cd8ec5195536c46f96b43d03ce5450a519ad2c9a7a3d3edfa3a48a8248fcbfe313ab937a0b6a8ad42c32b5bf78171bc27fab9f3a41b4a0a1bd6af61f1b7a47e7396f15c06d93f6217898b00145bc48f50764d5cea0a2c76ec665c71bd10cb6fc8d622a6b6773f06901f32625b0edc11acf33b6b01ff78ce521dc7221ef601d1f315236b60b25d581d53d79e270abf080b7c862209a16d4f53aa45c71ff0e8aa481a5739db390a9ed877982e7ea276313508e1f95e384330f19524b28bc8a28aece292c5fc99e2262bc069a4a54abc58f9f5b01ba78ba74bac29b03e78637d54e8489005c4ddeff88ff6129580408bf0e2f03c0864d32704549f9970eb33948ab6e8f4522bdc85dca017afef44d926f945daf5e58f3cecad3a62e8343b5f3ec8bb515e16e76ba4e94815569076268c5b90015641e3eb9ea5435fc1e3b73277b8d45d05da5b94c69440e43d6c6da83837e5ff5c95282569439f9d9b404c4f949e7a160b7dc18d82a2e889120ca70dac40546d1073c88bc55e005e61ca5e839b861c88e26dfd75aa4241aabb4ef4c7860e8d7eb4aefe1fb6617ae38498186d6aa7f308dee85586f487f9da504af99ebb61329a06562f656dfa3d54c52a32a9b0beb43987a0970b488247f325575a1cf652e60feeee473c9b71df7468c112bd7d78209b60e87f89f81fe9891be197b9745ce6c383404bcda6cf88362487b04e167af6ed087d6d57dfdbc99af0bcfa789fce1c128e5cb98f0ca570f99f02390ecf37c008975c7d2423e4de7c4ea4864257d774ec214808e000f0af994290a5972c6b64d93e303acecc0ef8c1ccd6eaf5762ed299a371d2a2fef82cfbed8d7860889500c250f1f8847c52aed36dc8358159f6395cdfa321a57b8cdd3121469c630bed7b1d94b12a613918113bba694bd04fb370c67c9679477fb618f11cbcf6994609958edabb783d71cdeaf5f398f3dcecbb1e3055c8e2720de0fe564c0d5bb50e74375530bccd6e6bfe096fc720390ebb5da1ffa489901fd99aa01f25344d6bfee968197b4fa09494b8d5b7029fcbc1b578f4b6cd6a89ecc95bba3f502bd28053cc674e0d5e79466c7f371054933a368f4b83d8e666b5b098c170fe4d8c75acf37cb0bee88ae6aba53865daae444cf557b93d70243ee8146fc01e9eaab707f3a7402014e1f625e8e88"}, @NL80211_ATTR_NAN_FUNC={0x336, 0xf0, 0x0, 0x1, [@generic="f5ba0e1a31351d3109e8232a81a7f703d17d6ebcf5e588faf1fdceb22569f59ce7ff6a7d03ee531b6c59717a927745a05478763c70ec68eb39233c1a76d28ce9beed16f88acc9167c67e32f619bb38924008690d82b4fdbc0aa465d7a553ed12bf8f21402e0e171016b86464fd8887b66c129ae27567514e66a0052f31b080562e", @generic="94892bc7c5c7b3a25b3c494d7d6845d91ff4a521b455b5e1a0bd36a8c682cb8696f57060fac5a5f1afd3669a871c3af12f18e64c3261a7a59ca9de186567d942cb3d740a9d40c4a874ceae533850b898d71fe42e0c4a65597a96bffe98caf9d3fc7822d84acdeabc0f1ca7d88549e68a3c8d03459592a8042707c408e13a3553dc3dca860c71b49ff20f7ac8f0c641", @nested={0x5b, 0xb9, 0x0, 0x1, [@typed={0x8, 0x8, 0x0, 0x0, @uid=r13}, @typed={0x14, 0xce, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @nested={0x4, 0x7c}, @generic="51d019a4778c80f3e24ba0a5711e25bbdb3f8738b2a4808cc87d3c5daddc3d1ee49f41c975d442fe4d95e7bd1227ea4b3a0dccfccc1f1f"]}, @generic="6f5807085f9036a71baddb806d485f5f388059e531ad6e97ef07b1c520844b341ecf00b32d830a6d124e0f59ff342f7e9f187e8d79c9194ff6f53197227d61ed91218eb973a619b1fd54a199b2c8396083887232985299d4b98e2ffe9eaa303985", @typed={0x8, 0xa3, 0x0, 0x0, @pid=r9}, @nested={0xa0, 0x8c, 0x0, 0x1, [@typed={0x4, 0x143}, @generic="ad40f93a4ae8af90bb4ea24270e3b28312a41039373db46f32c2988df04a9fb563b396412f8aeddbb438182d", @generic="36f05559f90bdf08bb7b5a8c6a8dfd456c014ec1a99569170dcc479c74f0a32a97356cc0ad957e5b7ba2a6534ac43d8862a2301c90409c70c7285e03b3", @nested={0x4, 0x137}, @generic="41834b2d451d00ea5cc80fe22b0d77870397f17989c3f3b4616c54faac169dc6d83846de5e22f45b91217e"]}, @generic="b6340c2b186fee306a9d5d9637c7542ee143bf350c4808304479c31b543b0d0482ad01f1b80cb8463ff66ee3e5df3e6766e14cd84bb615e94da5be74daaca6bae0c6fb535ee34fa70f5555209030320f0a45a9f25605db5b5c4ca1febcba30b6f0ae3d83be1604cd242747944d090a520da1da3add857f8ac6e9830427717e4f697113393029f1f0b6dbd7c233f203bcfd210e30f490122d20df057d94a7ad8bd5555a533e2a5caf819b744e5d0ae0d7ec7538ea0664ed1b1ca0b7216b"]}, @NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x8}]}, 0x1488}, 0x1, 0x0, 0x0, 0x9000}, 0x1d0) sendmsg$auto_IPVS_CMD_ZERO(r0, &(0x7f0000003840)={&(0x7f0000003700)={0x10, 0x0, 0x0, 0xe041000d}, 0xc, &(0x7f0000003800)={&(0x7f0000003780)={0x44, 0x0, 0x2, 0x5, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@generic="59f94489cc27fc9e9e0486ec420d911fa02cd46266fd1e8d59b0ed3bb185f4903a79216f"]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000005}, 0x40031) kernel console output (not intermixed with test programs): 812'. [ 881.998346][T15159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 882.104881][T15159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 882.176895][T15159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 882.238765][T15159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 882.352311][T15159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1812'. [ 883.451181][T15185] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1816'. [ 887.612060][T15277] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1841'. [ 887.706157][T15279] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1841'. [ 887.843044][T15279] net veth1_virt_wifi ›: renamed from virt_wifi0 [ 894.075675][T15359] FAULT_INJECTION: forcing a failure. [ 894.075675][T15359] name failslab, interval 1, probability 0, space 0, times 0 [ 894.252964][T15359] CPU: 1 UID: 0 PID: 15359 Comm: syz.3.1859 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 894.253006][T15359] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 894.253015][T15359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 894.253030][T15359] Call Trace: [ 894.253037][T15359] [ 894.253045][T15359] dump_stack_lvl+0x16c/0x1f0 [ 894.253083][T15359] should_fail_ex+0x512/0x640 [ 894.253115][T15359] ? __kmalloc_noprof+0xbf/0x510 [ 894.253142][T15359] ? sk_prot_alloc+0x1a8/0x2a0 [ 894.253171][T15359] should_failslab+0xc2/0x120 [ 894.253199][T15359] __kmalloc_noprof+0xd2/0x510 [ 894.253229][T15359] sk_prot_alloc+0x1a8/0x2a0 [ 894.253271][T15359] sk_alloc+0x36/0xc20 [ 894.253295][T15359] __netlink_create+0x5e/0x2c0 [ 894.253315][T15359] ? __wake_up+0x3f/0x60 [ 894.253342][T15359] netlink_create+0x39e/0x620 [ 894.253365][T15359] ? __pfx_rtnetlink_bind+0x10/0x10 [ 894.253390][T15359] __sock_create+0x335/0x8d0 [ 894.253429][T15359] __sys_socket+0x14d/0x260 [ 894.253463][T15359] ? __pfx___sys_socket+0x10/0x10 [ 894.253499][T15359] ? rcu_is_watching+0x12/0xc0 [ 894.253528][T15359] __x64_sys_socket+0x72/0xb0 [ 894.253561][T15359] ? lockdep_hardirqs_on+0x7c/0x110 [ 894.253592][T15359] do_syscall_64+0xcd/0x230 [ 894.253627][T15359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 894.253650][T15359] RIP: 0033:0x7f95c7d8e969 [ 894.253667][T15359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 894.253690][T15359] RSP: 002b:00007f95c8b1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 894.253711][T15359] RAX: ffffffffffffffda RBX: 00007f95c7fb6080 RCX: 00007f95c7d8e969 [ 894.253726][T15359] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000010 [ 894.253739][T15359] RBP: 00007f95c7e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 894.253753][T15359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 894.253767][T15359] R13: 0000000000000000 R14: 00007f95c7fb6080 R15: 00007ffc33b5bf68 [ 894.253794][T15359] [ 894.861450][T15352] could not allocate digest TFM handle [ 895.142552][T15369] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 896.181112][T15352] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1858'. [ 900.403700][T15452] FAULT_INJECTION: forcing a failure. [ 900.403700][T15452] name failslab, interval 1, probability 0, space 0, times 0 [ 900.479611][T15452] CPU: 1 UID: 0 PID: 15452 Comm: syz.1.1873 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 900.479655][T15452] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 900.479665][T15452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 900.479678][T15452] Call Trace: [ 900.479686][T15452] [ 900.479694][T15452] dump_stack_lvl+0x16c/0x1f0 [ 900.479732][T15452] should_fail_ex+0x512/0x640 [ 900.479766][T15452] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 900.479809][T15452] should_failslab+0xc2/0x120 [ 900.479839][T15452] __kmalloc_cache_noprof+0x6a/0x3e0 [ 900.479878][T15452] ? kernfs_fop_open+0xa3a/0xda0 [ 900.479913][T15452] kernfs_fop_open+0xa3a/0xda0 [ 900.479945][T15452] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 900.479987][T15452] do_dentry_open+0x741/0x1c10 [ 900.480013][T15452] ? __pfx_kernfs_fop_open+0x10/0x10 [ 900.480050][T15452] vfs_open+0x82/0x3f0 [ 900.480084][T15452] path_openat+0x1e5e/0x2d40 [ 900.480118][T15452] ? __pfx_path_openat+0x10/0x10 [ 900.480148][T15452] do_filp_open+0x20b/0x470 [ 900.480171][T15452] ? __pfx_do_filp_open+0x10/0x10 [ 900.480215][T15452] ? alloc_fd+0x471/0x7d0 [ 900.480260][T15452] do_sys_openat2+0x11b/0x1d0 [ 900.480291][T15452] ? __pfx_do_sys_openat2+0x10/0x10 [ 900.480335][T15452] __x64_sys_openat+0x174/0x210 [ 900.480368][T15452] ? __pfx___x64_sys_openat+0x10/0x10 [ 900.480402][T15452] ? rcu_is_watching+0x12/0xc0 [ 900.480432][T15452] do_syscall_64+0xcd/0x230 [ 900.480469][T15452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.480492][T15452] RIP: 0033:0x7f896718e969 [ 900.480510][T15452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.480533][T15452] RSP: 002b:00007f8964ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 900.480585][T15452] RAX: ffffffffffffffda RBX: 00007f89673b5fa0 RCX: 00007f896718e969 [ 900.480612][T15452] RDX: 0000000000181040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 900.480626][T15452] RBP: 00007f8967210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 900.480658][T15452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 900.480672][T15452] R13: 0000000000000000 R14: 00007f89673b5fa0 R15: 00007fff86968a48 [ 900.480703][T15452] [ 901.693159][ T5139] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 902.695601][T15484] ubi0: attaching mtd0 [ 902.700191][T15484] ubi0 error: ubi_attach_mtd_dev: bad VID header (3969) or data offsets (4033) [ 904.156135][T15514] openvswitch: netlink: IP tunnel TTL not specified. [ 904.285549][T15514] Process accounting paused [ 907.950223][T15603] ima: policy update failed [ 907.976744][ T30] audit: type=1802 audit(4294967353.500:22): pid=15603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1904" res=0 errno=0 [ 909.397548][T15621] kernel read not supported for file /set_event_notrace_pid (pid: 15621 comm: syz.3.1908) [ 909.470636][ T30] audit: type=1800 audit(4294967354.990:23): pid=15621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1908" name="set_event_notrace_pid" dev="tracefs" ino=13 res=0 errno=0 [ 911.010666][T15630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1910'. [ 913.515931][T15688] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1922'. [ 914.626152][ T5139] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 914.626184][ T5139] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 914.641609][ T5139] Bluetooth: hci1: Dropping invalid advertising data [ 914.648475][ T5139] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 914.648504][ T5139] Bluetooth: hci1: Dropping invalid advertising data [ 914.665056][ T5139] Bluetooth: hci1: Malformed LE Event: 0x02 syzkaller syzkaller login: [ 918.672099][T15769] could not allocate digest TFM handle  [ 921.161006][T15821] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1950'. [ 921.281767][T15821] netlink: 'syz.2.1950': attribute type 4 has an invalid length. [ 921.458656][T15827] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1951'. [ 921.745041][T15827] team0: Port device team_slave_0 removed [ 922.393157][T15839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1955'. [ 922.423281][T15839] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1955'. [ 924.960610][T15872] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1961'. [ 925.055842][T15877] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1961'. [ 925.121389][T15872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1961'. [ 925.173513][T15877] netlink: 218 bytes leftover after parsing attributes in process `syz.1.1961'. [ 925.275310][T15872] FAULT_INJECTION: forcing a failure. [ 925.275310][T15872] name failslab, interval 1, probability 0, space 0, times 0 [ 925.363978][T15883] Invalid ELF header magic: != ELF [ 925.395180][T15872] CPU: 1 UID: 0 PID: 15872 Comm: syz.1.1961 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 925.395225][T15872] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 925.395235][T15872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 925.395249][T15872] Call Trace: [ 925.395257][T15872] [ 925.395265][T15872] dump_stack_lvl+0x16c/0x1f0 [ 925.395303][T15872] should_fail_ex+0x512/0x640 [ 925.395337][T15872] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 925.395368][T15872] should_failslab+0xc2/0x120 [ 925.395397][T15872] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 925.395423][T15872] ? tipc_node_find+0x2dc/0x500 [ 925.395449][T15872] ? __d_alloc+0x31/0xaa0 [ 925.395476][T15872] __d_alloc+0x31/0xaa0 [ 925.395498][T15872] ? __pfx_tipc_node_find+0x10/0x10 [ 925.395527][T15872] d_alloc_pseudo+0x1c/0xc0 [ 925.395558][T15872] alloc_file_pseudo+0xcf/0x230 [ 925.395591][T15872] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 925.395622][T15872] ? tipc_sk_finish_conn+0x580/0x790 [ 925.395663][T15872] sock_alloc_file+0x50/0x210 [ 925.395694][T15872] __sys_socketpair+0x31c/0x5a0 [ 925.395732][T15872] ? __pfx___sys_socketpair+0x10/0x10 [ 925.395770][T15872] ? xfd_validate_state+0x5d/0x180 [ 925.395810][T15872] ? rcu_is_watching+0x12/0xc0 [ 925.395837][T15872] __x64_sys_socketpair+0x96/0x100 [ 925.395874][T15872] ? lockdep_hardirqs_on+0x7c/0x110 [ 925.395905][T15872] do_syscall_64+0xcd/0x230 [ 925.395942][T15872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.395966][T15872] RIP: 0033:0x7f896718e969 [ 925.395984][T15872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 925.396022][T15872] RSP: 002b:00007f8964ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 925.396044][T15872] RAX: ffffffffffffffda RBX: 00007f89673b5fa0 RCX: 00007f896718e969 [ 925.396060][T15872] RDX: 8000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 925.396075][T15872] RBP: 00007f8967210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 925.396089][T15872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 925.396103][T15872] R13: 0000000000000000 R14: 00007f89673b5fa0 R15: 00007fff86968a48 [ 925.396132][T15872] [ 925.621787][ C1] vkms_vblank_simulate: vblank timer overrun [ 926.754391][T15904] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 929.222387][T15933] kAFS: No cell specified [ 930.893202][T15961] Invalid ELF header magic: != ELF [ 931.936682][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1978'. [ 932.305365][T15977] FAULT_INJECTION: forcing a failure. [ 932.305365][T15977] name failslab, interval 1, probability 0, space 0, times 0 [ 932.362729][T15977] CPU: 1 UID: 0 PID: 15977 Comm: syz.3.1980 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 932.362773][T15977] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 932.362783][T15977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 932.362797][T15977] Call Trace: [ 932.362804][T15977] [ 932.362813][T15977] dump_stack_lvl+0x16c/0x1f0 [ 932.362850][T15977] should_fail_ex+0x512/0x640 [ 932.362881][T15977] ? fs_reclaim_acquire+0xae/0x150 [ 932.362916][T15977] ? tomoyo_encode2+0x100/0x3e0 [ 932.362945][T15977] should_failslab+0xc2/0x120 [ 932.362972][T15977] __kmalloc_noprof+0xd2/0x510 [ 932.363003][T15977] tomoyo_encode2+0x100/0x3e0 [ 932.363037][T15977] tomoyo_encode+0x29/0x50 [ 932.363065][T15977] tomoyo_realpath_from_path+0x18f/0x6e0 [ 932.363099][T15977] ? tomoyo_profile+0x47/0x60 [ 932.363134][T15977] tomoyo_path_number_perm+0x245/0x580 [ 932.363159][T15977] ? tomoyo_path_number_perm+0x237/0x580 [ 932.363188][T15977] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 932.363215][T15977] ? find_held_lock+0x2b/0x80 [ 932.363266][T15977] ? find_held_lock+0x2b/0x80 [ 932.363286][T15977] ? hook_file_ioctl_common+0x145/0x410 [ 932.363318][T15977] ? __fget_files+0x20e/0x3c0 [ 932.363360][T15977] security_file_ioctl+0x9b/0x240 [ 932.363390][T15977] __x64_sys_ioctl+0xb7/0x200 [ 932.363424][T15977] do_syscall_64+0xcd/0x230 [ 932.363460][T15977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 932.363484][T15977] RIP: 0033:0x7f95c7d8e969 [ 932.363501][T15977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 932.363524][T15977] RSP: 002b:00007f95c8b3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 932.363545][T15977] RAX: ffffffffffffffda RBX: 00007f95c7fb5fa0 RCX: 00007f95c7d8e969 [ 932.363561][T15977] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000004 [ 932.363575][T15977] RBP: 00007f95c8b3f090 R08: 0000000000000000 R09: 0000000000000000 [ 932.363589][T15977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 932.363603][T15977] R13: 0000000000000000 R14: 00007f95c7fb5fa0 R15: 00007ffc33b5bf68 [ 932.363632][T15977] [ 932.363650][T15977] ERROR: Out of memory at tomoyo_realpath_from_path. [ 935.429733][T16025] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 935.444150][T16003] Process accounting resumed [ 936.637553][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.654399][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.062249][T16047] FAULT_INJECTION: forcing a failure. [ 937.062249][T16047] name fail_futex, interval 1, probability 0, space 0, times 0 [ 937.172345][T16047] CPU: 1 UID: 0 PID: 16047 Comm: syz.3.1993 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 937.172390][T16047] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 937.172399][T16047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 937.172414][T16047] Call Trace: [ 937.172422][T16047] [ 937.172431][T16047] dump_stack_lvl+0x16c/0x1f0 [ 937.172470][T16047] should_fail_ex+0x512/0x640 [ 937.172508][T16047] get_futex_key+0x49e/0x1000 [ 937.172532][T16047] ? blk_mq_flush_plug_list+0x75a/0x1c70 [ 937.172566][T16047] ? __pfx_get_futex_key+0x10/0x10 [ 937.172587][T16047] ? find_vma_prev+0xda/0x160 [ 937.172625][T16047] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 937.172662][T16047] futex_wake+0xe7/0x4e0 [ 937.172692][T16047] ? __blk_flush_plug+0x2f3/0x4b0 [ 937.172720][T16047] ? __pfx_futex_wake+0x10/0x10 [ 937.172763][T16047] ? madvise_walk_vmas+0x238/0x2c0 [ 937.172796][T16047] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 937.172833][T16047] do_futex+0x1e3/0x350 [ 937.172859][T16047] ? __pfx_do_futex+0x10/0x10 [ 937.172886][T16047] ? __up_read+0x1f8/0x750 [ 937.172924][T16047] __x64_sys_futex+0x1e0/0x4c0 [ 937.172953][T16047] ? __pfx___x64_sys_futex+0x10/0x10 [ 937.172981][T16047] ? rcu_is_watching+0x12/0xc0 [ 937.173010][T16047] do_syscall_64+0xcd/0x230 [ 937.173047][T16047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.173071][T16047] RIP: 0033:0x7f95c7d8e969 [ 937.173089][T16047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.173113][T16047] RSP: 002b:00007f95c8b3f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 937.173135][T16047] RAX: ffffffffffffffda RBX: 00007f95c7fb5fa8 RCX: 00007f95c7d8e969 [ 937.173151][T16047] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f95c7fb5fac [ 937.173165][T16047] RBP: 00007f95c7fb5fa0 R08: 00007f95c8b40000 R09: 0000000000000000 [ 937.173180][T16047] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95c7fb5fac [ 937.173195][T16047] R13: 0000000000000000 R14: 00007ffc33b5be80 R15: 00007ffc33b5bf68 [ 937.173223][T16047] [ 939.817040][T16089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2000'. [ 944.367565][T16159] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2014'. [ 944.706915][T16164] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 945.398674][T16149] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 945.405746][T16149] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 948.081906][T16195] delete_channel: no stack [ 949.062630][T16199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2022'. [ 953.273539][T16222] kexec: Could not allocate control_code_buffer [ 954.421592][T16229] ima: policy update failed [ 954.437684][ T30] audit: type=1802 audit(4294967302.090:24): pid=16229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2027" res=0 errno=0 [ 958.713983][T16264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2033'. [ 960.844645][T16334] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2041'. [ 960.893460][T16335] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2041'. [ 961.364888][T16350] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2042'. [ 962.563443][T16393] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2046'. [ 962.611030][T16393] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2046'. [ 963.617620][T16458] lo: entered allmulticast mode [ 963.858144][T16464] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 963.864606][T16464] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 963.991790][T16463] lo: left allmulticast mode [ 967.406327][T16502] Process accounting paused [ 968.054618][T16585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2056'. [ 970.497175][T16626] netlink: 'syz.2.2061': attribute type 5 has an invalid length. [ 972.387432][T16689] FAULT_INJECTION: forcing a failure. [ 972.387432][T16689] name fail_futex, interval 1, probability 0, space 0, times 0 [ 972.550693][T16689] CPU: 1 UID: 0 PID: 16689 Comm: syz.3.2065 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 972.550737][T16689] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 972.550747][T16689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 972.550762][T16689] Call Trace: [ 972.550769][T16689] [ 972.550778][T16689] dump_stack_lvl+0x16c/0x1f0 [ 972.550818][T16689] should_fail_ex+0x512/0x640 [ 972.550857][T16689] get_futex_key+0x49e/0x1000 [ 972.550884][T16689] ? __pfx_get_futex_key+0x10/0x10 [ 972.550919][T16689] futex_wake+0xe7/0x4e0 [ 972.550950][T16689] ? __pfx_futex_wake+0x10/0x10 [ 972.550984][T16689] ? __call_rcu_common.constprop.0+0x3e5/0x9f0 [ 972.551020][T16689] ? lockdep_hardirqs_on+0x7c/0x110 [ 972.551058][T16689] do_futex+0x1e3/0x350 [ 972.551091][T16689] ? __pfx_do_futex+0x10/0x10 [ 972.551125][T16689] __x64_sys_futex+0x1e0/0x4c0 [ 972.551153][T16689] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 972.551179][T16689] ? __pfx___x64_sys_futex+0x10/0x10 [ 972.551208][T16689] ? dnotify_flush+0x79/0x4c0 [ 972.551240][T16689] do_syscall_64+0xcd/0x230 [ 972.551276][T16689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.551300][T16689] RIP: 0033:0x7f95c7d8e969 [ 972.551318][T16689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 972.551343][T16689] RSP: 002b:00007f95c8b3f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 972.551365][T16689] RAX: ffffffffffffffda RBX: 00007f95c7fb5fa8 RCX: 00007f95c7d8e969 [ 972.551381][T16689] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f95c7fb5fac [ 972.551396][T16689] RBP: 00007f95c7fb5fa0 R08: 00007f95c8b40000 R09: 0000000000000000 [ 972.551412][T16689] R10: 0000000000000024 R11: 0000000000000246 R12: 00007f95c7fb5fac [ 972.551426][T16689] R13: 0000000000000000 R14: 00007ffc33b5be80 R15: 00007ffc33b5bf68 [ 972.551455][T16689] [ 978.562005][T16885] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 984.254807][T17122] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2092'. [ 984.396281][T17122] ipvlan1: entered allmulticast mode [ 984.421389][T17122] veth0_vlan: entered allmulticast mode [ 985.416670][T17150] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[17150] [ 985.541685][T17179] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2098'. [ 986.233575][T17179] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 986.403772][T17205] ptrace attach of "./syz-executor exec"[5833] was attempted by "Ý5@oªâ°ëc(„N¢Î^¤o2–­Ó8¹sß¿\x5c\x07Q8ò÷çäú·`¤—c\x07¾WîÌGª¸ˆƒ‡5²\x07Ö¦´ô£ø©•CZ¾8ò&š³†à5|d_§£E¤ëñ“”e1c¹‡BÛò^2ë‘fÇÙ¬‰^ž…2écå!¬üžìŠ éM€HkHVÕÊQ–{åZãD~@\x5c*)Ç?‹HtÓu½!ä1Àò¡ChÅ$„ ,ÒX߉¾3¿:íõ \x07J«˜r‰Gñt.r?•þ.D7oˆy¦\x5cú(ÆïeÖ—é:¿y©Kô\x22¯M?pð5©ÄyœV*\x07 •!L‘K(gà0µ”Ù7ÖUÄ0á&»Üm*\x0b”é¶w\x07€ãmgª¢²fçìai»)bnG³YÕÇç.ÝF‡]ÕûvVT¿ïÚ~ïKӼŇÚþ¸ÿ»@…›Åu…ÉMŸžÎ^ Ðz’`â·-’ï¹@8zã‹¢D—¹Rü¡þo{™ K£KÕŸ;öQ¤Oí|é-ÈM»ªy#ÀJyè½5ÑÉ·ú^oؘ;{PA‡§ayÃx%y÷ËÚæŽé1‰†-\x0ax8¯ªjˆÉꘞ¢šíA'µ:9\x07sÛê¢wÔ`E„†\x22ËËDgþ6µ¸å'5ŸZKfW)ö&\x09p°\x0cÐÞçUE‹p¨Ú‚YªÐ'z§ý\x09ŽgúAfGÍgg“~q.ê7ÓRë@Qß°pWýôð ‚øœ&³0c‹Ò–»Tñ¯ä,£C°¤¬‹$l™rý¸¥¿²7j7_²ßü#ÿeÞqá—à'†/â¡ ÂX7'5nøÎGœ\x5c^cD*þ•í\x5c>¯Hoœ²æñ`•'t²kk #;Ÿ$öÐÃW<4FµÚ§˜êµªü¸½ß…¾h›)8?ÁäŠÇœovž´XÊ—£%u*Ó m{àÇ_Ó\x0bSÓTi¼Sgй\x1b oˆá5å°DiåL,à’Qç—žãCò©\x1bø\x5cëZ´eH.órø£'ÆRد&šõDSÝ°æ‘füùÿwá”!Ê\x0a ìjCŒed\x5cáþ”¿%`ÿ5@”HyKˬ¦þÚáWý©,ooyU\x1b®ì\x0b5Ã&´nŽãëÍÃÒ s‚{Jâ×ö\x0c·”˜uTJžDèøõ§I‚ñ¡ÆöΉ{P¯ [ 986.766015][ C1] vcan0: j1939_tp_rxtimer: 0xffff88803437e000: rx timeout, send abort [ 986.865630][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805cceb800: rx timeout, send abort [ 986.874267][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803437e000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 986.889888][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cceb800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 988.053574][T17250] random: crng reseeded on system resumption [ 989.346895][T17354] lo: entered allmulticast mode [ 989.436346][T17354] lo: left allmulticast mode [ 989.556444][T17354] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 989.562903][T17354] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 990.864848][T17512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2110'. [ 990.887229][T17517] FAULT_INJECTION: forcing a failure. [ 990.887229][T17517] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 990.952507][T17517] CPU: 1 UID: 0 PID: 17517 Comm: syz.3.2111 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 990.952553][T17517] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 990.952563][T17517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 990.952578][T17517] Call Trace: [ 990.952585][T17517] [ 990.952595][T17517] dump_stack_lvl+0x16c/0x1f0 [ 990.952632][T17517] should_fail_ex+0x512/0x640 [ 990.952671][T17517] _copy_to_iter+0x2a4/0x15a0 [ 990.952712][T17517] ? chacha_block_generic+0x189/0x260 [ 990.952745][T17517] ? __pfx__copy_to_iter+0x10/0x10 [ 990.952787][T17517] ? __pfx___might_resched+0x10/0x10 [ 990.952812][T17517] ? crng_make_state+0x48e/0x6d0 [ 990.952850][T17517] get_random_bytes_user+0x17f/0x3c0 [ 990.952887][T17517] ? __pfx_get_random_bytes_user+0x10/0x10 [ 990.952920][T17517] ? do_writev+0x218/0x330 [ 990.952962][T17517] ? do_futex+0x122/0x350 [ 990.952994][T17517] ? import_ubuf+0x1b6/0x220 [ 990.953030][T17517] __x64_sys_getrandom+0x183/0x290 [ 990.953067][T17517] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 990.953104][T17517] ? xfd_validate_state+0x5d/0x180 [ 990.953145][T17517] ? rcu_is_watching+0x12/0xc0 [ 990.953182][T17517] do_syscall_64+0xcd/0x230 [ 990.953219][T17517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.953243][T17517] RIP: 0033:0x7f95c7d8e969 [ 990.953261][T17517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 990.953285][T17517] RSP: 002b:00007f95c8b1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 990.953307][T17517] RAX: ffffffffffffffda RBX: 00007f95c7fb6080 RCX: 00007f95c7d8e969 [ 990.953323][T17517] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 990.953337][T17517] RBP: 00007f95c7e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 990.953352][T17517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 990.953365][T17517] R13: 0000000000000000 R14: 00007f95c7fb6080 R15: 00007ffc33b5bf68 [ 990.953394][T17517] [ 991.260737][T17521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2113'. [ 993.599363][T17662] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 993.644522][T17662] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 994.847019][T17729] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 996.129087][T17780] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2129'. [ 996.244429][T17780] veth0_macvtap: left promiscuous mode [ 996.254821][T17780] macvtap0: entered promiscuous mode [ 996.266288][T17780] macvtap0: entered allmulticast mode [ 998.058559][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.064956][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.486088][T17895] Process accounting resumed [ 1001.139396][T18038] syz.1.2145: vmalloc error: size 1863680, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1001.264565][T18038] CPU: 1 UID: 0 PID: 18038 Comm: syz.1.2145 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1001.264608][T18038] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1001.264619][T18038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1001.264632][T18038] Call Trace: [ 1001.264640][T18038] [ 1001.264649][T18038] dump_stack_lvl+0x16c/0x1f0 [ 1001.264686][T18038] warn_alloc+0x248/0x3a0 [ 1001.264713][T18038] ? __pfx_warn_alloc+0x10/0x10 [ 1001.264739][T18038] ? alloc_pages_mpol+0x25a/0x550 [ 1001.264768][T18038] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1001.264798][T18038] ? trace_kmalloc+0x2b/0xd0 [ 1001.264835][T18038] __vmalloc_node_range_noprof+0x12d2/0x1540 [ 1001.264882][T18038] ? __snd_dma_alloc_pages+0x50/0x90 [ 1001.264908][T18038] ? do_alloc_pages+0xd7/0x280 [ 1001.264942][T18038] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1001.264981][T18038] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1001.265027][T18038] ? __snd_dma_alloc_pages+0x50/0x90 [ 1001.265050][T18038] vmalloc_noprof+0x6b/0x90 [ 1001.265087][T18038] ? __snd_dma_alloc_pages+0x50/0x90 [ 1001.265107][T18038] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 1001.265131][T18038] __snd_dma_alloc_pages+0x50/0x90 [ 1001.265154][T18038] snd_dma_alloc_dir_pages+0x151/0x240 [ 1001.265180][T18038] do_alloc_pages+0x115/0x280 [ 1001.265219][T18038] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 1001.265263][T18038] snd_pcm_hw_params+0x15e1/0x1b40 [ 1001.265289][T18038] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1001.265311][T18038] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1001.265350][T18038] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1001.265386][T18038] ? __asan_memset+0x23/0x50 [ 1001.265426][T18038] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1001.265448][T18038] snd_pcm_oss_change_params_locked+0x1432/0x3b40 [ 1001.265497][T18038] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1001.265534][T18038] ? snd_pcm_oss_sync+0x30c/0x840 [ 1001.265587][T18038] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1001.265624][T18038] snd_pcm_oss_sync+0x32e/0x840 [ 1001.265661][T18038] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1001.265695][T18038] snd_pcm_oss_release+0x28b/0x310 [ 1001.265731][T18038] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1001.265764][T18038] __fput+0x3ff/0xb70 [ 1001.265798][T18038] task_work_run+0x14d/0x240 [ 1001.265835][T18038] ? __pfx_task_work_run+0x10/0x10 [ 1001.265872][T18038] ? __pfx___do_sys_close_range+0x10/0x10 [ 1001.265894][T18038] ? rcu_is_watching+0x12/0xc0 [ 1001.265920][T18038] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1001.265955][T18038] do_syscall_64+0xda/0x230 [ 1001.265996][T18038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.266020][T18038] RIP: 0033:0x7f896718e969 [ 1001.266038][T18038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1001.266061][T18038] RSP: 002b:00007f8964ff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1001.266082][T18038] RAX: 0000000000000000 RBX: 00007f89673b5fa0 RCX: 00007f896718e969 [ 1001.266097][T18038] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1001.266110][T18038] RBP: 00007f8967210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1001.266124][T18038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1001.266138][T18038] R13: 0000000000000000 R14: 00007f89673b5fa0 R15: 00007fff86968a48 [ 1001.266167][T18038] [ 1001.266176][T18038] Mem-Info: [ 1002.507584][T18110] FAULT_INJECTION: forcing a failure. [ 1002.507584][T18110] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1002.599941][T18110] CPU: 1 UID: 0 PID: 18110 Comm: syz.3.2147 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1002.599988][T18110] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1002.599998][T18110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1002.600012][T18110] Call Trace: [ 1002.600019][T18110] [ 1002.600027][T18110] dump_stack_lvl+0x16c/0x1f0 [ 1002.600065][T18110] should_fail_ex+0x512/0x640 [ 1002.600102][T18110] get_futex_key+0x49e/0x1000 [ 1002.600128][T18110] ? __pfx_get_futex_key+0x10/0x10 [ 1002.600151][T18110] ? pick_eevdf+0x3be/0x5b0 [ 1002.600177][T18110] ? update_curr_se+0x8b/0x270 [ 1002.600206][T18110] ? update_curr+0x74/0x800 [ 1002.600245][T18110] futex_wait_setup+0x78/0x290 [ 1002.600282][T18110] __futex_wait+0x266/0x3c0 [ 1002.600313][T18110] ? __pfx___futex_wait+0x10/0x10 [ 1002.600343][T18110] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1002.600378][T18110] ? __pfx_futex_wake_mark+0x10/0x10 [ 1002.600419][T18110] futex_wait+0xe8/0x380 [ 1002.600448][T18110] ? __pfx_futex_wait+0x10/0x10 [ 1002.600493][T18110] do_futex+0x229/0x350 [ 1002.600518][T18110] ? __pfx_do_futex+0x10/0x10 [ 1002.600545][T18110] ? __pfx___might_resched+0x10/0x10 [ 1002.600574][T18110] __x64_sys_futex+0x1e0/0x4c0 [ 1002.600600][T18110] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 1002.600630][T18110] ? __pfx___x64_sys_futex+0x10/0x10 [ 1002.600656][T18110] ? __pfx___do_sys_close_range+0x10/0x10 [ 1002.600678][T18110] ? rcu_is_watching+0x12/0xc0 [ 1002.600707][T18110] do_syscall_64+0xcd/0x230 [ 1002.600743][T18110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.600766][T18110] RIP: 0033:0x7f95c7d8e969 [ 1002.600783][T18110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.600807][T18110] RSP: 002b:00007f95c57d30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1002.600828][T18110] RAX: ffffffffffffffda RBX: 00007f95c7fb6248 RCX: 00007f95c7d8e969 [ 1002.600850][T18110] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f95c7fb6248 [ 1002.600864][T18110] RBP: 00007f95c7fb6240 R08: 0000000000000000 R09: 0000000000000000 [ 1002.600878][T18110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95c7fb624c [ 1002.600893][T18110] R13: 0000000000000000 R14: 00007ffc33b5be80 R15: 00007ffc33b5bf68 [ 1002.600921][T18110] [ 1002.967287][T18038] active_anon:23841 inactive_anon:31 isolated_anon:4 [ 1002.967287][T18038] active_file:9162 inactive_file:50516 isolated_file:0 [ 1002.967287][T18038] unevictable:768 dirty:653 writeback:0 [ 1002.967287][T18038] slab_reclaimable:11369 slab_unreclaimable:97410 [ 1002.967287][T18038] mapped:25818 shmem:4350 pagetables:1002 [ 1002.967287][T18038] sec_pagetables:0 bounce:0 [ 1002.967287][T18038] kernel_misc_reclaimable:0 [ 1002.967287][T18038] free:1313295 free_pcp:4059 free_cma:0 [ 1003.012828][T18038] Node 0 active_anon:95364kB inactive_anon:124kB active_file:36648kB inactive_file:201932kB unevictable:1536kB isolated(anon):16kB isolated(file):0kB mapped:103272kB dirty:2612kB writeback:0kB shmem:11108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12240kB pagetables:4008kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1003.081252][T18038] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:6292kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1003.295649][T18038] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1003.350970][T18038] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1003.357286][T18038] Node 0 DMA32 free:1333988kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:95492kB inactive_anon:120kB active_file:36648kB inactive_file:200124kB unevictable:1536kB writepending:2620kB present:3129332kB managed:2544176kB mlocked:0kB bounce:0kB free_pcp:4132kB local_pcp:4132kB free_cma:0kB [ 1003.418236][T18038] lowmem_reserve[]: 0 0 1 1 1 [ 1003.441529][T18038] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1808kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB [ 1003.596220][T18038] lowmem_reserve[]: 0 0 0 0 0 [ 1003.627125][T18038] Node 1 Normal free:3902960kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:11256kB local_pcp:11256kB free_cma:0kB [ 1003.727668][ T30] audit: type=1800 audit(4294967367.369:25): pid=18156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2150" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 1003.802775][T18038] lowmem_reserve[]: 0 0 0 0 0 [ 1003.827880][T18038] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1003.901903][T18038] Node 0 DMA32: 2022*4kB (UME) 3263*8kB (UME) 2707*16kB (UME) 1754*32kB (UME) 1116*64kB (UME) 454*128kB (UME) 301*256kB (UME) 111*512kB (UM) 47*1024kB (UME) 4*2048kB (M) 215*4096kB (UM) = 1334016kB [ 1004.016193][T18038] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 1004.113840][T18038] Node 1 Normal: 250*4kB (UME) 43*8kB (UME) 55*16kB (UME) 186*32kB (UME) 118*64kB (UME) 29*128kB (UME) 14*256kB (UM) 10*512kB (UME) 4*1024kB (UE) 2*2048kB (UE) 944*4096kB (UM) = 3902960kB [ 1004.181508][T18038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1004.241883][T18038] Node 0 hugepages_total=3 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1004.279499][T18038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1004.313508][T18038] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1004.347581][T18038] 64055 total pagecache pages [ 1004.368681][T18038] 31 pages in swap cache [ 1004.380850][T18038] Free swap = 124872kB [ 1004.399722][T18038] Total swap = 124996kB [ 1004.427381][T18038] 2097051 pages RAM [ 1004.449453][T18038] 0 pages HighMem/MovableOnly [ 1004.461615][T18174] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2154'. [ 1004.474824][T18038] 428901 pages reserved [ 1004.501840][T18038] 0 pages cma reserved [ 1004.522235][T18186] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2154'. [ 1006.488889][T18316] random: crng reseeded on system resumption [ 1006.684384][T18318] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2162'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             aller syzkaller login: [ 1097.063384][T21807] nfs: Unknown parameter 'w¾Ã`_…à‚ûÏI+;ýá ÑöHYø º†»·«ÏLuõ>>ËÕuh*àéC<+ °ðÀÛ' [ 1097.075008][T21430] team0: Port device team_slave_0 added [ 1097.240048][T21430] team0: Port device team_slave_1 added [ 1097.252244][ T5139] Bluetooth: hci0: command tx timeout [ 1097.353494][T21800] zswap: compressor not available [ 1097.807737][T21430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1097.856926][T21430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1097.916414][T21845] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2402'. [ 1097.997803][T21430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active syzkaller syzkaller login: [ 1098.375141][T21430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1098.463521][T21430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1098.609404][T21430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1098.865437][T21888] FAULT_INJECTION: forcing a failure. [ 1098.865437][T21888] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1098.928410][T21888] CPU: 1 UID: 0 PID: 21888 Comm: syz.2.2404 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1098.928456][T21888] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1098.928466][T21888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1098.928481][T21888] Call Trace: [ 1098.928489][T21888] [ 1098.928497][T21888] dump_stack_lvl+0x16c/0x1f0 [ 1098.928537][T21888] should_fail_ex+0x512/0x640 [ 1098.928575][T21888] should_fail_alloc_page+0xe7/0x130 [ 1098.928606][T21888] prepare_alloc_pages+0x3c2/0x610 [ 1098.928642][T21888] ? __pfx___might_resched+0x10/0x10 [ 1098.928670][T21888] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1098.928701][T21888] ? rcu_is_watching+0x12/0xc0 [ 1098.928722][T21888] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1098.928756][T21888] ? __alloc_frozen_pages_noprof+0x298/0x23a0 [ 1098.928787][T21888] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1098.928816][T21888] ? __lock_acquire+0xaa4/0x1ba0 [ 1098.928865][T21888] ? find_held_lock+0x2b/0x80 [ 1098.928899][T21888] ? vhost_dev_set_owner+0x305/0xb70 [ 1098.928929][T21888] __alloc_pages_noprof+0xb/0x1b0 [ 1098.928955][T21888] ___kmalloc_large_node+0x82/0x1e0 [ 1098.928995][T21888] __kmalloc_large_node_noprof+0x1c/0x70 [ 1098.929033][T21888] __kmalloc_noprof.cold+0xc/0x61 [ 1098.929067][T21888] ? rcu_is_watching+0x12/0xc0 [ 1098.929092][T21888] vhost_dev_set_owner+0x305/0xb70 [ 1098.929132][T21888] vhost_net_ioctl+0x694/0x1710 [ 1098.929163][T21888] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1098.929189][T21888] ? find_held_lock+0x2b/0x80 [ 1098.929210][T21888] ? hook_file_ioctl_common+0x145/0x410 [ 1098.929243][T21888] ? __fget_files+0x20e/0x3c0 [ 1098.929284][T21888] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1098.929313][T21888] __x64_sys_ioctl+0x190/0x200 [ 1098.929348][T21888] do_syscall_64+0xcd/0x230 [ 1098.929384][T21888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.929408][T21888] RIP: 0033:0x7f6f70b8e969 [ 1098.929426][T21888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1098.929450][T21888] RSP: 002b:00007f6f6e9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1098.929472][T21888] RAX: ffffffffffffffda RBX: 00007f6f70db5fa0 RCX: 00007f6f70b8e969 [ 1098.929488][T21888] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 1098.929503][T21888] RBP: 00007f6f70c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1098.929518][T21888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.929532][T21888] R13: 0000000000000000 R14: 00007f6f70db5fa0 R15: 00007ffc304e8e08 [ 1098.929561][T21888] [ 1099.561499][ T5139] Bluetooth: hci0: command tx timeout [ 1100.287343][T21430] hsr_slave_0: entered promiscuous mode [ 1100.306687][T21430] hsr_slave_1: entered promiscuous mode [ 1100.323591][T21430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1100.332177][T21430] Cannot create hsr debugfs directory [ 1100.760599][T13928] hsr_slave_0: left promiscuous mode [ 1100.792821][T13928] hsr_slave_1: left promiscuous mode [ 1100.806461][T13928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1100.837208][T13928] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1100.871772][T13928] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1100.896852][T13928] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1100.952313][T13928] veth1_vlan: left promiscuous mode [ 1100.980976][T13928] veth0_vlan: left promiscuous mode [ 1101.297438][T21995] FAULT_INJECTION: forcing a failure. [ 1101.297438][T21995] name failslab, interval 1, probability 0, space 0, times 0 [ 1101.348544][T21995] CPU: 1 UID: 0 PID: 21995 Comm: syz.3.2406 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1101.348584][T21995] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1101.348592][T21995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1101.348604][T21995] Call Trace: [ 1101.348611][T21995] [ 1101.348618][T21995] dump_stack_lvl+0x16c/0x1f0 [ 1101.348652][T21995] should_fail_ex+0x512/0x640 [ 1101.348681][T21995] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1101.348708][T21995] should_failslab+0xc2/0x120 [ 1101.348733][T21995] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1101.348757][T21995] ? __d_alloc+0x31/0xaa0 [ 1101.348781][T21995] __d_alloc+0x31/0xaa0 [ 1101.348800][T21995] ? bpf_lsm_inode_permission+0x9/0x10 [ 1101.348833][T21995] d_alloc+0x4a/0x1e0 [ 1101.348855][T21995] vfs_tmpfile+0x148/0x890 [ 1101.348879][T21995] path_openat+0x16ec/0x2d40 [ 1101.348896][T21995] ? __x64_sys_open+0x153/0x1e0 [ 1101.348922][T21995] ? do_syscall_64+0xcd/0x230 [ 1101.348950][T21995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1101.348979][T21995] ? __pfx_path_openat+0x10/0x10 [ 1101.348999][T21995] ? __lock_acquire+0xaa4/0x1ba0 [ 1101.349028][T21995] do_filp_open+0x20b/0x470 [ 1101.349047][T21995] ? __pfx_do_filp_open+0x10/0x10 [ 1101.349084][T21995] ? _raw_spin_unlock+0x28/0x50 [ 1101.349107][T21995] ? alloc_fd+0x471/0x7d0 [ 1101.349145][T21995] do_sys_openat2+0x11b/0x1d0 [ 1101.349172][T21995] ? __pfx_do_sys_openat2+0x10/0x10 [ 1101.349208][T21995] __x64_sys_open+0x153/0x1e0 [ 1101.349235][T21995] ? __pfx___x64_sys_open+0x10/0x10 [ 1101.349268][T21995] ? rcu_is_watching+0x12/0xc0 [ 1101.349289][T21995] do_syscall_64+0xcd/0x230 [ 1101.349320][T21995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1101.349340][T21995] RIP: 0033:0x7f95c7d8e969 [ 1101.349356][T21995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1101.349376][T21995] RSP: 002b:00007f95c8b3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1101.349395][T21995] RAX: ffffffffffffffda RBX: 00007f95c7fb5fa0 RCX: 00007f95c7d8e969 [ 1101.349409][T21995] RDX: 0000000000000408 RSI: 0000000000591083 RDI: 0000200000000100 [ 1101.349422][T21995] RBP: 00007f95c7e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1101.349434][T21995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1101.349446][T21995] R13: 0000000000000000 R14: 00007f95c7fb5fa0 R15: 00007ffc33b5bf68 [ 1101.349471][T21995] [ 1101.721406][T22002] FAULT_INJECTION: forcing a failure. [ 1101.721406][T22002] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1101.735176][T22002] CPU: 1 UID: 0 PID: 22002 Comm: syz.3.2408 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1101.735213][T22002] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1101.735222][T22002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1101.735235][T22002] Call Trace: [ 1101.735240][T22002] [ 1101.735247][T22002] dump_stack_lvl+0x16c/0x1f0 [ 1101.735280][T22002] should_fail_ex+0x512/0x640 [ 1101.735312][T22002] should_fail_alloc_page+0xe7/0x130 [ 1101.735337][T22002] prepare_alloc_pages+0x3c2/0x610 [ 1101.735369][T22002] ? __pfx___might_resched+0x10/0x10 [ 1101.735392][T22002] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1101.735418][T22002] ? rcu_is_watching+0x12/0xc0 [ 1101.735436][T22002] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1101.735474][T22002] ? __alloc_frozen_pages_noprof+0x298/0x23a0 [ 1101.735501][T22002] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1101.735527][T22002] ? __lock_acquire+0xaa4/0x1ba0 [ 1101.735561][T22002] ? find_held_lock+0x2b/0x80 [ 1101.735590][T22002] ? vhost_dev_set_owner+0x305/0xb70 [ 1101.735615][T22002] __alloc_pages_noprof+0xb/0x1b0 [ 1101.735637][T22002] ___kmalloc_large_node+0x82/0x1e0 [ 1101.735670][T22002] __kmalloc_large_node_noprof+0x1c/0x70 [ 1101.735703][T22002] __kmalloc_noprof.cold+0xc/0x61 [ 1101.735731][T22002] ? rcu_is_watching+0x12/0xc0 [ 1101.735752][T22002] vhost_dev_set_owner+0x305/0xb70 [ 1101.735786][T22002] vhost_net_ioctl+0x694/0x1710 [ 1101.735812][T22002] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1101.735834][T22002] ? find_held_lock+0x2b/0x80 [ 1101.735851][T22002] ? hook_file_ioctl_common+0x145/0x410 [ 1101.735879][T22002] ? __fget_files+0x20e/0x3c0 [ 1101.735914][T22002] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1101.735938][T22002] __x64_sys_ioctl+0x190/0x200 [ 1101.735968][T22002] do_syscall_64+0xcd/0x230 [ 1101.735999][T22002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1101.736019][T22002] RIP: 0033:0x7f95c7d8e969 [ 1101.736034][T22002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1101.736054][T22002] RSP: 002b:00007f95c8b3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1101.736073][T22002] RAX: ffffffffffffffda RBX: 00007f95c7fb5fa0 RCX: 00007f95c7d8e969 [ 1101.736086][T22002] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 1101.736098][T22002] RBP: 00007f95c7e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1101.736110][T22002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1101.736122][T22002] R13: 0000000000000000 R14: 00007f95c7fb5fa0 R15: 00007ffc33b5bf68 [ 1101.736147][T22002] [ 1102.538935][T13928] team0 (unregistering): Port device team_slave_1 removed [ 1103.400576][T22093] random: crng reseeded on system resumption [ 1104.306500][T22086] FAULT_INJECTION: forcing a failure. [ 1104.306500][T22086] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1104.466753][T22086] CPU: 1 UID: 0 PID: 22086 Comm: syz.3.2409 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1104.466797][T22086] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1104.466807][T22086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1104.466821][T22086] Call Trace: [ 1104.466829][T22086] [ 1104.466838][T22086] dump_stack_lvl+0x16c/0x1f0 [ 1104.466876][T22086] should_fail_ex+0x512/0x640 [ 1104.466915][T22086] should_fail_alloc_page+0xe7/0x130 [ 1104.466948][T22086] prepare_alloc_pages+0x3c2/0x610 [ 1104.466985][T22086] ? rcu_is_watching+0x12/0xc0 [ 1104.467013][T22086] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1104.467042][T22086] ? kasan_save_stack+0x33/0x60 [ 1104.467069][T22086] ? cgroup_rstat_updated+0x2a/0xb20 [ 1104.467115][T22086] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1104.467154][T22086] ? __lock_acquire+0x5ca/0x1ba0 [ 1104.467195][T22086] ? __lock_acquire+0x5ca/0x1ba0 [ 1104.467226][T22086] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1104.467261][T22086] ? policy_nodemask+0xea/0x4e0 [ 1104.467294][T22086] alloc_pages_mpol+0x1fb/0x550 [ 1104.467325][T22086] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1104.467355][T22086] ? __lock_acquire+0x5ca/0x1ba0 [ 1104.467395][T22086] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1104.467430][T22086] vma_alloc_folio_noprof+0xed/0x1e0 [ 1104.467464][T22086] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1104.467507][T22086] do_pte_missing+0x223d/0x3fb0 [ 1104.467541][T22086] __handle_mm_fault+0x103d/0x2a40 [ 1104.467572][T22086] ? __pfx___handle_mm_fault+0x10/0x10 [ 1104.467606][T22086] ? __pte_offset_map_lock+0x155/0x2f0 [ 1104.467650][T22086] ? find_held_lock+0x2b/0x80 [ 1104.467667][T22086] ? find_held_lock+0x2b/0x80 [ 1104.467702][T22086] handle_mm_fault+0x3fe/0xad0 [ 1104.467726][T22086] __get_user_pages+0x771/0x36f0 [ 1104.467764][T22086] ? __pfx_mt_find+0x10/0x10 [ 1104.467795][T22086] ? __pfx___get_user_pages+0x10/0x10 [ 1104.467836][T22086] populate_vma_page_range+0x278/0x3a0 [ 1104.467857][T22086] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1104.467876][T22086] ? __pfx_find_vma_intersection+0x10/0x10 [ 1104.467907][T22086] ? do_mmap+0x69c/0x11b0 [ 1104.467940][T22086] __mm_populate+0x1d8/0x380 [ 1104.467960][T22086] ? __pfx___mm_populate+0x10/0x10 [ 1104.467980][T22086] ? up_write+0x1b2/0x520 [ 1104.468012][T22086] vm_mmap_pgoff+0x362/0x450 [ 1104.468044][T22086] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1104.468079][T22086] ? __x64_sys_futex+0x1e0/0x4c0 [ 1104.468100][T22086] ? __x64_sys_futex+0x1e9/0x4c0 [ 1104.468125][T22086] ksys_mmap_pgoff+0x7d/0x5c0 [ 1104.468154][T22086] ? rcu_is_watching+0x12/0xc0 [ 1104.468179][T22086] __x64_sys_mmap+0x125/0x190 [ 1104.468202][T22086] do_syscall_64+0xcd/0x230 [ 1104.468233][T22086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.468254][T22086] RIP: 0033:0x7f95c7d8e969 [ 1104.468269][T22086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1104.468289][T22086] RSP: 002b:00007f95c8b1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1104.468308][T22086] RAX: ffffffffffffffda RBX: 00007f95c7fb6080 RCX: 00007f95c7d8e969 [ 1104.468322][T22086] RDX: fffffffffffffffe RSI: 0000000000400005 RDI: 0000000000000000 [ 1104.468335][T22086] RBP: 00007f95c7e10ab1 R08: 0000000000000002 R09: 0000000000008000 [ 1104.468347][T22086] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1104.468360][T22086] R13: 0000000000000000 R14: 00007f95c7fb6080 R15: 00007ffc33b5bf68 [ 1104.468385][T22086] [ 1104.870632][T21430] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1104.979915][T21430] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1105.078086][T21430] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1105.259385][T21430] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1105.928453][T21430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1106.018816][T21430] 8021q: adding VLAN 0 to HW filter on device team0 [ 1106.131558][T16302] bridge0: port 1(bridge_slave_0) entered blocking state [ 1106.138710][T16302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1106.230940][T16302] bridge0: port 2(bridge_slave_1) entered blocking state [ 1106.238134][T16302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1106.275922][T22223] FAULT_INJECTION: forcing a failure. [ 1106.275922][T22223] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1106.275964][T22223] CPU: 1 UID: 0 PID: 22223 Comm: syz.1.2415 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1106.276005][T22223] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1106.276014][T22223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1106.276026][T22223] Call Trace: [ 1106.276032][T22223] [ 1106.276039][T22223] dump_stack_lvl+0x16c/0x1f0 [ 1106.276072][T22223] should_fail_ex+0x512/0x640 [ 1106.276106][T22223] should_fail_alloc_page+0xe7/0x130 [ 1106.276133][T22223] prepare_alloc_pages+0x3c2/0x610 [ 1106.276169][T22223] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1106.276195][T22223] ? stack_trace_save+0x8e/0xc0 [ 1106.276223][T22223] ? __lock_acquire+0xaa4/0x1ba0 [ 1106.276249][T22223] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1106.276275][T22223] ? fb_var_to_videomode+0x4c9/0x690 [ 1106.276309][T22223] ? __pfx_fb_match_mode+0x10/0x10 [ 1106.276342][T22223] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1106.276368][T22223] ? lockdep_hardirqs_on+0x7c/0x110 [ 1106.276400][T22223] ? vc_allocate+0x489/0x880 [ 1106.276421][T22223] __alloc_pages_noprof+0xb/0x1b0 [ 1106.276465][T22223] ___kmalloc_large_node+0x82/0x1e0 [ 1106.276499][T22223] ? con_is_visible+0x65/0x150 [ 1106.276538][T22223] __kmalloc_large_node_noprof+0x1c/0x70 [ 1106.276576][T22223] __kmalloc_noprof.cold+0xc/0x61 [ 1106.276616][T22223] vc_allocate+0x489/0x880 [ 1106.276643][T22223] ? __pfx_vc_allocate+0x10/0x10 [ 1106.276679][T22223] con_install+0xa1/0x600 [ 1106.276707][T22223] ? __pfx_con_install+0x10/0x10 [ 1106.276740][T22223] ? __pfx_con_install+0x10/0x10 [ 1106.276768][T22223] tty_init_dev.part.0+0x99/0x500 [ 1106.276801][T22223] tty_open+0xa50/0xf90 [ 1106.276837][T22223] ? __pfx_tty_open+0x10/0x10 [ 1106.276867][T22223] ? chrdev_open+0x58c/0x6a0 [ 1106.276896][T22223] ? __pfx_tty_open+0x10/0x10 [ 1106.276925][T22223] chrdev_open+0x231/0x6a0 [ 1106.276951][T22223] ? __pfx_chrdev_open+0x10/0x10 [ 1106.276978][T22223] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1106.277027][T22223] do_dentry_open+0x741/0x1c10 [ 1106.277052][T22223] ? __pfx_chrdev_open+0x10/0x10 [ 1106.277083][T22223] vfs_open+0x82/0x3f0 [ 1106.277118][T22223] path_openat+0x1e5e/0x2d40 [ 1106.277152][T22223] ? __pfx_path_openat+0x10/0x10 [ 1106.277183][T22223] do_filp_open+0x20b/0x470 [ 1106.277206][T22223] ? __pfx_do_filp_open+0x10/0x10 [ 1106.277251][T22223] ? alloc_fd+0x471/0x7d0 [ 1106.277296][T22223] do_sys_openat2+0x11b/0x1d0 [ 1106.277328][T22223] ? __pfx_do_sys_openat2+0x10/0x10 [ 1106.277372][T22223] __x64_sys_openat+0x174/0x210 [ 1106.277405][T22223] ? __pfx___x64_sys_openat+0x10/0x10 [ 1106.277439][T22223] ? rcu_is_watching+0x12/0xc0 [ 1106.277470][T22223] do_syscall_64+0xcd/0x230 [ 1106.277507][T22223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.277531][T22223] RIP: 0033:0x7f896718e969 [ 1106.277549][T22223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1106.277590][T22223] RSP: 002b:00007f8964fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1106.277611][T22223] RAX: ffffffffffffffda RBX: 00007f89673b6160 RCX: 00007f896718e969 [ 1106.277626][T22223] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1106.277652][T22223] RBP: 00007f8967210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1106.277665][T22223] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1106.277678][T22223] R13: 0000000000000000 R14: 00007f89673b6160 R15: 00007fff86968a48 [ 1106.277718][T22223] [ 1106.469164][T21430] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1106.469188][T21430] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1106.877872][T22237] FAULT_INJECTION: forcing a failure. [ 1106.877872][T22237] name failslab, interval 1, probability 0, space 0, times 0 [ 1106.877928][T22237] CPU: 1 UID: 0 PID: 22237 Comm: syz.2.2417 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1106.877966][T22237] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1106.877976][T22237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1106.877990][T22237] Call Trace: [ 1106.877997][T22237] [ 1106.878005][T22237] dump_stack_lvl+0x16c/0x1f0 [ 1106.878040][T22237] should_fail_ex+0x512/0x640 [ 1106.878072][T22237] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1106.878100][T22237] should_failslab+0xc2/0x120 [ 1106.878127][T22237] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1106.878153][T22237] ? alloc_pid+0xc7/0xbc0 [ 1106.878187][T22237] alloc_pid+0xc7/0xbc0 [ 1106.878224][T22237] copy_process+0x3872/0x91a0 [ 1106.878251][T22237] ? kasan_save_track+0x14/0x30 [ 1106.878273][T22237] ? __kasan_kmalloc+0xaa/0xb0 [ 1106.878293][T22237] ? vhost_task_create+0xe5/0x2e0 [ 1106.878324][T22237] ? vhost_worker_create+0x151/0x380 [ 1106.878346][T22237] ? vhost_dev_set_owner+0x67c/0xb70 [ 1106.878372][T22237] ? vhost_net_ioctl+0x694/0x1710 [ 1106.878407][T22237] ? do_syscall_64+0xcd/0x230 [ 1106.878437][T22237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.878472][T22237] ? __pfx_copy_process+0x10/0x10 [ 1106.878513][T22237] ? lockdep_init_map_type+0x5c/0x280 [ 1106.878544][T22237] ? lockdep_init_map_type+0x5c/0x280 [ 1106.878573][T22237] ? __pfx_vhost_worker_killed+0x10/0x10 [ 1106.878594][T22237] ? __pfx_vhost_run_work_list+0x10/0x10 [ 1106.878616][T22237] vhost_task_create+0x1d2/0x2e0 [ 1106.878647][T22237] ? __pfx_vhost_task_create+0x10/0x10 [ 1106.878687][T22237] ? __pfx_vhost_task_fn+0x10/0x10 [ 1106.878740][T22237] vhost_worker_create+0x151/0x380 [ 1106.878762][T22237] ? __pfx_vhost_worker_create+0x10/0x10 [ 1106.878783][T22237] ? rcu_is_watching+0x12/0xc0 [ 1106.878801][T22237] ? __kmalloc_noprof.cold+0x5c/0x61 [ 1106.878829][T22237] ? rcu_is_watching+0x12/0xc0 [ 1106.878850][T22237] vhost_dev_set_owner+0x67c/0xb70 [ 1106.878884][T22237] vhost_net_ioctl+0x694/0x1710 [ 1106.878924][T22237] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1106.878946][T22237] ? find_held_lock+0x2b/0x80 [ 1106.878964][T22237] ? hook_file_ioctl_common+0x145/0x410 [ 1106.878993][T22237] ? __fget_files+0x20e/0x3c0 [ 1106.879028][T22237] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1106.879053][T22237] __x64_sys_ioctl+0x190/0x200 [ 1106.879083][T22237] do_syscall_64+0xcd/0x230 [ 1106.879113][T22237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.879134][T22237] RIP: 0033:0x7f6f70b8e969 [ 1106.879149][T22237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1106.879170][T22237] RSP: 002b:00007f6f6e9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1106.879189][T22237] RAX: ffffffffffffffda RBX: 00007f6f70db5fa0 RCX: 00007f6f70b8e969 [ 1106.879203][T22237] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 1106.879215][T22237] RBP: 00007f6f70c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1106.879227][T22237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1106.879239][T22237] R13: 0000000000000000 R14: 00007f6f70db5fa0 R15: 00007ffc304e8e08 [ 1106.879264][T22237] [ 1107.319561][T21430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1107.534438][T21430] veth0_vlan: entered promiscuous mode [ 1107.539746][T21430] veth1_vlan: entered promiscuous mode [ 1107.681061][T21430] veth0_macvtap: entered promiscuous mode [ 1107.691919][T21430] veth1_macvtap: entered promiscuous mode [ 1107.700477][T21430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1107.700499][T21430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.778609][T21430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1107.780769][T21430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1107.780789][T21430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.791869][T21430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1107.836773][T21430] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.836868][T21430] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.836901][T21430] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1107.836934][T21430] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1108.455535][T10418] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1108.455559][T10418] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1108.717728][T10418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1108.717750][T10418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1110.553840][T22373] FAULT_INJECTION: forcing a failure. [ 1110.553840][T22373] name failslab, interval 1, probability 0, space 0, times 0 [ 1110.553879][T22373] CPU: 1 UID: 0 PID: 22373 Comm: syz.3.2423 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1110.553919][T22373] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1110.553929][T22373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1110.553943][T22373] Call Trace: [ 1110.553950][T22373] [ 1110.553960][T22373] dump_stack_lvl+0x16c/0x1f0 [ 1110.553996][T22373] should_fail_ex+0x512/0x640 [ 1110.554031][T22373] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1110.554060][T22373] should_failslab+0xc2/0x120 [ 1110.554089][T22373] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1110.554116][T22373] ? new_userfaultfd+0x79/0x3d0 [ 1110.554147][T22373] new_userfaultfd+0x79/0x3d0 [ 1110.554175][T22373] __x64_sys_userfaultfd+0x4b/0xb0 [ 1110.554207][T22373] do_syscall_64+0xcd/0x230 [ 1110.554243][T22373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.554267][T22373] RIP: 0033:0x7f95c7d8e969 [ 1110.554284][T22373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1110.554308][T22373] RSP: 002b:00007f95c8b3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 1110.554330][T22373] RAX: ffffffffffffffda RBX: 00007f95c7fb5fa0 RCX: 00007f95c7d8e969 [ 1110.554346][T22373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1110.554359][T22373] RBP: 00007f95c7e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1110.554373][T22373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1110.554388][T22373] R13: 0000000000000000 R14: 00007f95c7fb5fa0 R15: 00007ffc33b5bf68 [ 1110.554417][T22373] [ 1113.184812][T20383] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1113.186378][T20383] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1113.187100][T20383] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1113.197422][T20383] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1113.197966][T20383] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1113.211168][ T9973] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.463899][ T9973] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.737374][ T9973] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.989497][ T9973] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.604516][ T9973] gretap0: left allmulticast mode [ 1114.604571][ T9973] gretap0: left promiscuous mode [ 1114.604752][ T9973] bridge0: port 2(gretap0) entered disabled state [ 1114.675311][ T9973] bridge_slave_0: left allmulticast mode [ 1114.675336][ T9973] bridge_slave_0: left promiscuous mode [ 1114.677233][ T9973] bridge0: port 1(bridge_slave_0) entered disabled state [ 1114.687096][T22548] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2429'. [ 1115.258197][T20383] Bluetooth: hci2: command tx timeout [ 1115.668808][T22410] tty tty12: ldisc open failed (-12), clearing slot 11 [ 1117.344931][T20383] Bluetooth: hci2: command tx timeout [ 1117.891141][ T9973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1117.918770][ T9973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1117.936474][ T9973] bond0 (unregistering): Released all slaves [ 1118.033129][T22420] chnl_net:caif_netlink_parms(): no params data found [ 1118.183236][ T9973] ovs_ÿþ: left promiscuous mode [ 1118.936238][T22420] bridge0: port 1(bridge_slave_0) entered blocking state [ 1118.943387][T22420] bridge0: port 1(bridge_slave_0) entered disabled state [ 1119.027267][T22420] bridge_slave_0: entered allmulticast mode [ 1119.059218][T22420] bridge_slave_0: entered promiscuous mode [ 1119.359577][T22420] bridge0: port 2(bridge_slave_1) entered blocking state [ 1119.368711][T22420] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.409630][T22420] bridge_slave_1: entered allmulticast mode [ 1119.417773][T20383] Bluetooth: hci2: command tx timeout [ 1119.446977][T22420] bridge_slave_1: entered promiscuous mode [ 1119.603732][T22683] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2439'. [ 1119.753429][T22420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1119.799540][T22683] veth1_macvtap: left promiscuous mode [ 1119.917320][T22420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1120.641340][T22420] team0: Port device team_slave_0 added [ 1120.946726][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1120.953059][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.136634][T22420] team0: Port device team_slave_1 added [ 1121.502950][T20383] Bluetooth: hci2: command tx timeout [ 1121.879854][T22420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1121.907406][T22814] netlink: 'syz.2.2442': attribute type 2 has an invalid length. [ 1121.925469][T22420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1122.041368][T22420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1122.230852][T22420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1122.268467][T22420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1122.401728][T22420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1122.932550][T22420] hsr_slave_0: entered promiscuous mode [ 1122.958071][T22420] hsr_slave_1: entered promiscuous mode [ 1123.326115][T22920] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2445'. [ 1123.508168][T22920] Invalid ELF header magic: != ELF [ 1123.529893][ T9973] hsr_slave_0: left promiscuous mode [ 1123.550634][ T9973] hsr_slave_1: left promiscuous mode [ 1124.502994][T22920] could not allocate digest TFM handle [ 1124.539331][T22633] Process accounting resumed [ 1124.552745][T22943] could not allocate digest TFM handle [ 1124.900756][T22961] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1125.028615][ T9973] team0 (unregistering): Port device team_slave_1 removed [ 1125.453180][T22964] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2448'. [ 1125.745089][T22964] veth1_macvtap: left promiscuous mode [ 1126.827312][T23037] netlink: zone id is out of range [ 1126.883826][T23037] netlink: zone id is out of range [ 1126.883843][T23037] netlink: zone id is out of range [ 1126.883852][T23037] netlink: zone id is out of range [ 1126.883860][T23037] netlink: zone id is out of range [ 1126.883870][T23037] netlink: zone id is out of range [ 1126.883888][T23037] netlink: zone id is out of range [ 1126.883897][T23037] netlink: zone id is out of range [ 1126.883907][T23037] netlink: zone id is out of range [ 1126.883916][T23037] netlink: zone id is out of range [ 1128.243785][T22420] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1128.273673][T23138] ovs_: entered promiscuous mode [ 1128.319666][T22420] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1128.362715][T22420] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1128.446580][T22420] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1129.981892][T23198] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1131.346743][T22420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1131.645089][T22420] 8021q: adding VLAN 0 to HW filter on device team0 [ 1131.864978][ T9961] bridge0: port 1(bridge_slave_0) entered blocking state [ 1131.872180][ T9961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1131.965104][ T9961] bridge0: port 2(bridge_slave_1) entered blocking state [ 1131.972322][ T9961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1132.625609][T23249] FAULT_INJECTION: forcing a failure. [ 1132.625609][T23249] name failslab, interval 1, probability 0, space 0, times 0 [ 1132.771535][T23249] CPU: 1 UID: 0 PID: 23249 Comm: syz.2.2463 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1132.771580][T23249] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1132.771591][T23249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1132.771605][T23249] Call Trace: [ 1132.771612][T23249] [ 1132.771621][T23249] dump_stack_lvl+0x16c/0x1f0 [ 1132.771659][T23249] should_fail_ex+0x512/0x640 [ 1132.771693][T23249] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1132.771735][T23249] should_failslab+0xc2/0x120 [ 1132.771765][T23249] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1132.771803][T23249] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1132.771833][T23249] ? lockdep_hardirqs_on+0x7c/0x110 [ 1132.771864][T23249] ? __request_module+0x2ad/0x690 [ 1132.771902][T23249] __request_module+0x2ad/0x690 [ 1132.771935][T23249] ? __pfx___request_module+0x10/0x10 [ 1132.771968][T23249] ? aa_get_newest_label+0x375/0x680 [ 1132.771994][T23249] ? __pfx_aa_get_newest_label+0x10/0x10 [ 1132.772026][T23249] ? apparmor_capable+0x114/0x1d0 [ 1132.772058][T23249] dev_load+0x1ff/0x240 [ 1132.772082][T23249] dev_ioctl+0x19c/0x1060 [ 1132.772107][T23249] sock_ioctl+0x5b3/0x6b0 [ 1132.772144][T23249] ? __pfx_sock_ioctl+0x10/0x10 [ 1132.772177][T23249] ? hook_file_ioctl_common+0x145/0x410 [ 1132.772218][T23249] ? __fget_files+0x20e/0x3c0 [ 1132.772260][T23249] ? __pfx_sock_ioctl+0x10/0x10 [ 1132.772297][T23249] __x64_sys_ioctl+0x190/0x200 [ 1132.772333][T23249] do_syscall_64+0xcd/0x230 [ 1132.772370][T23249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1132.772394][T23249] RIP: 0033:0x7f6f70b8e969 [ 1132.772412][T23249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1132.772436][T23249] RSP: 002b:00007f6f6e9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1132.772459][T23249] RAX: ffffffffffffffda RBX: 00007f6f70db5fa0 RCX: 00007f6f70b8e969 [ 1132.772474][T23249] RDX: 0000000000000000 RSI: 00000000000089fc RDI: 0000000000000007 [ 1132.772489][T23249] RBP: 00007f6f70c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1132.772503][T23249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1132.772517][T23249] R13: 0000000000000000 R14: 00007f6f70db5fa0 R15: 00007ffc304e8e08 [ 1132.772545][T23249] [ 1132.998637][ C1] vkms_vblank_simulate: vblank timer overrun [ 1134.475982][T23263] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1134.507174][T23263] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1134.544199][T23263] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1134.676359][T23263] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1134.770599][T23263] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1134.821166][T23263] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1134.890118][T23263] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1134.929671][T23263] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1134.964104][T23263] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1134.996825][T23263] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1135.053909][T23263] CPU0 is offline. [ 1135.110767][T22420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1135.416608][T22420] veth0_vlan: entered promiscuous mode [ 1135.529300][T22420] veth1_vlan: entered promiscuous mode [ 1135.855992][T22420] veth0_macvtap: entered promiscuous mode [ 1135.899866][T22420] veth1_macvtap: entered promiscuous mode [ 1135.984557][T20383] Bluetooth: hci1: command 0x0c1a tx timeout [ 1135.998641][T22420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1136.049948][T22420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1136.083092][T22420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1136.124853][T22420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1136.160190][T22420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1136.218053][T22420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1136.282360][T22420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1136.404320][T22420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1136.416439][T23379] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2469'. [ 1136.494736][T22420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1136.543374][T20383] Bluetooth: hci4: command 0x0c1a tx timeout [ 1136.812848][T22420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1136.868131][T20383] Bluetooth: hci0: command 0x0c1a tx timeout [ 1136.945497][T20383] Bluetooth: hci2: command 0x0c1a tx timeout [ 1137.137447][T22420] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1137.272600][T22420] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1137.302401][T22420] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1137.352453][T22420] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1137.704068][T23391] FAULT_INJECTION: forcing a failure. [ 1137.704068][T23391] name failslab, interval 1, probability 0, space 0, times 0 [ 1137.795081][T23391] CPU: 1 UID: 0 PID: 23391 Comm: syz.0.2470 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1137.795128][T23391] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1137.795138][T23391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1137.795153][T23391] Call Trace: [ 1137.795161][T23391] [ 1137.795170][T23391] dump_stack_lvl+0x16c/0x1f0 [ 1137.795209][T23391] should_fail_ex+0x512/0x640 [ 1137.795243][T23391] ? __kmalloc_noprof+0xbf/0x510 [ 1137.795272][T23391] ? cache_create_net+0x9d/0x220 [ 1137.795309][T23391] should_failslab+0xc2/0x120 [ 1137.795338][T23391] __kmalloc_noprof+0xd2/0x510 [ 1137.795371][T23391] cache_create_net+0x9d/0x220 [ 1137.795411][T23391] gss_svc_init_net+0x122/0x660 [ 1137.795446][T23391] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 1137.795475][T23391] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 1137.795513][T23391] ops_init+0x1df/0x5f0 [ 1137.795545][T23391] setup_net+0x21e/0x850 [ 1137.795577][T23391] ? __pfx_setup_net+0x10/0x10 [ 1137.795604][T23391] ? lockdep_init_map_type+0x5c/0x280 [ 1137.795636][T23391] ? __pfx_down_read_killable+0x10/0x10 [ 1137.795693][T23391] ? debug_mutex_init+0x37/0x70 [ 1137.795723][T23391] copy_net_ns+0x2a6/0x5f0 [ 1137.795758][T23391] create_new_namespaces+0x3ea/0xad0 [ 1137.795791][T23391] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1137.795822][T23391] ksys_unshare+0x45b/0xa40 [ 1137.795857][T23391] ? __pfx_ksys_unshare+0x10/0x10 [ 1137.795888][T23391] ? xfd_validate_state+0x5d/0x180 [ 1137.795929][T23391] ? rcu_is_watching+0x12/0xc0 [ 1137.795958][T23391] __x64_sys_unshare+0x31/0x40 [ 1137.795990][T23391] do_syscall_64+0xcd/0x230 [ 1137.796027][T23391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.796052][T23391] RIP: 0033:0x7f66e0b8e969 [ 1137.796071][T23391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1137.796095][T23391] RSP: 002b:00007f66e199c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1137.796122][T23391] RAX: ffffffffffffffda RBX: 00007f66e0db5fa0 RCX: 00007f66e0b8e969 [ 1137.796138][T23391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1137.796153][T23391] RBP: 00007f66e0c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1137.796167][T23391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1137.796181][T23391] R13: 0000000000000000 R14: 00007f66e0db5fa0 R15: 00007ffe4cba3258 [ 1137.796210][T23391] [ 1138.631021][T20383] Bluetooth: hci4: command 0x0c1a tx timeout [ 1138.881059][ T9961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1138.917163][ T9961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1138.948122][T20383] Bluetooth: hci0: command 0x0c1a tx timeout [ 1139.026537][T20383] Bluetooth: hci2: command 0x0c1a tx timeout [ 1139.412117][ T9962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1139.575265][ T9962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1140.705524][T20383] Bluetooth: hci4: command 0x0c1a tx timeout [ 1141.037246][T20383] Bluetooth: hci0: command 0x0c1a tx timeout [ 1141.126608][T20383] Bluetooth: hci2: command 0x0c1a tx timeout [ 1141.599149][ T5139] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1141.607899][ T5139] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1141.616881][ T5139] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1141.624637][ T5139] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1141.632427][ T5139] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1142.598672][T23575] ubi: mtd0 is already attached to ubi0 [ 1142.848556][T23495] chnl_net:caif_netlink_parms(): no params data found [ 1143.001938][ T5139] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 1143.337994][ T30] audit: type=1800 audit(4294970503.579:28): pid=23474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2427" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 1143.366388][T23495] bridge0: port 1(bridge_slave_0) entered blocking state [ 1143.399749][T23495] bridge0: port 1(bridge_slave_0) entered disabled state [ 1143.421195][T23495] bridge_slave_0: entered allmulticast mode [ 1143.454289][T23495] bridge_slave_0: entered promiscuous mode [ 1143.500494][T23495] bridge0: port 2(bridge_slave_1) entered blocking state [ 1143.526188][T23495] bridge0: port 2(bridge_slave_1) entered disabled state [ 1143.576242][T23495] bridge_slave_1: entered allmulticast mode [ 1143.613887][T23495] bridge_slave_1: entered promiscuous mode [ 1143.747793][ T5139] Bluetooth: hci3: command tx timeout [ 1144.052521][T23495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1144.322211][T23495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1144.773085][T23495] team0: Port device team_slave_0 added [ 1144.820099][T23495] team0: Port device team_slave_1 added [ 1145.070655][T23495] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1145.096370][T23495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1145.161681][T23495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1145.235931][T23495] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1145.292018][T23495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1145.408537][T23495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1145.828967][ T5139] Bluetooth: hci3: command tx timeout [ 1145.875956][T23495] hsr_slave_0: entered promiscuous mode [ 1145.968795][T23495] hsr_slave_1: entered promiscuous mode [ 1146.012762][T23495] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1146.054497][T23495] Cannot create hsr debugfs directory [ 1146.814943][T23931] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2491'. [ 1147.533084][T23495] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.862977][T23495] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1147.909475][ T5139] Bluetooth: hci3: command tx timeout [ 1148.080844][T23495] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1148.424603][T23495] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1148.814357][T23495] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1148.849210][T23495] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1148.896917][T23495] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1148.935253][T23495] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1149.298819][T23495] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1149.424406][T23495] 8021q: adding VLAN 0 to HW filter on device team0 [ 1149.481428][ T9962] bridge0: port 1(bridge_slave_0) entered blocking state [ 1149.488610][ T9962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1149.563149][ T9962] bridge0: port 2(bridge_slave_1) entered blocking state [ 1149.570424][ T9962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1149.806060][T23495] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1149.882401][T23495] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1149.992178][ T5139] Bluetooth: hci3: command tx timeout [ 1150.017774][ T30] audit: type=1800 audit(4294970510.226:29): pid=23990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2493" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 1151.050352][T23495] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1151.481600][T23495] veth0_vlan: entered promiscuous mode [ 1151.637770][T23495] veth1_vlan: entered promiscuous mode [ 1151.836537][T23495] veth0_macvtap: entered promiscuous mode [ 1151.897129][T23495] veth1_macvtap: entered promiscuous mode [ 1152.008539][T23495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1152.077681][T23495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.114684][T23495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1152.172036][T23495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.223283][T23495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1152.280214][T23495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.329460][T23495] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1152.417870][T23495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1152.481292][T23495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.521121][T23495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1152.586259][T23495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.618393][T23495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1152.681334][T23495] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.713840][T24121] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2500'. [ 1152.764164][T23495] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1152.832434][T23495] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.841275][T23495] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.903701][T23495] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.933399][T23495] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1153.311327][T24137] usb usb2: usbfs: process 24137 (syz.2.2504) did not claim interface 1 before use [ 1153.354874][T24137] kernel read not supported for file /set_event_notrace_pid (pid: 24137 comm: syz.2.2504) [ 1153.450882][ T30] audit: type=1800 audit(4294970513.684:30): pid=24137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2504" name="set_event_notrace_pid" dev="tracefs" ino=13 res=0 errno=0 [ 1153.970625][T13922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1154.014415][T13922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1154.248909][ T9962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1154.290272][ T9962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1155.418738][T24237] netlink: 'syz.3.2506': attribute type 5 has an invalid length. [ 1159.985206][T24460] FAULT_INJECTION: forcing a failure. [ 1159.985206][T24460] name failslab, interval 1, probability 0, space 0, times 0 [ 1160.265590][T24460] CPU: 1 UID: 0 PID: 24460 Comm: syz.2.2516 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1160.265633][T24460] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1160.265643][T24460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1160.265656][T24460] Call Trace: [ 1160.265663][T24460] [ 1160.265671][T24460] dump_stack_lvl+0x16c/0x1f0 [ 1160.265708][T24460] should_fail_ex+0x512/0x640 [ 1160.265741][T24460] ? fs_reclaim_acquire+0xae/0x150 [ 1160.265778][T24460] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1160.265812][T24460] should_failslab+0xc2/0x120 [ 1160.265840][T24460] __kmalloc_noprof+0xd2/0x510 [ 1160.265872][T24460] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1160.265907][T24460] ? tomoyo_profile+0x47/0x60 [ 1160.265946][T24460] tomoyo_path_number_perm+0x245/0x580 [ 1160.265972][T24460] ? tomoyo_path_number_perm+0x237/0x580 [ 1160.266002][T24460] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1160.266031][T24460] ? find_held_lock+0x2b/0x80 [ 1160.266079][T24460] ? find_held_lock+0x2b/0x80 [ 1160.266099][T24460] ? hook_file_ioctl_common+0x145/0x410 [ 1160.266131][T24460] ? __fget_files+0x20e/0x3c0 [ 1160.266172][T24460] security_file_ioctl+0x9b/0x240 [ 1160.266202][T24460] __x64_sys_ioctl+0xb7/0x200 [ 1160.266236][T24460] do_syscall_64+0xcd/0x230 [ 1160.266271][T24460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1160.266294][T24460] RIP: 0033:0x7f6f70b8e969 [ 1160.266312][T24460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1160.266335][T24460] RSP: 002b:00007f6f6e9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1160.266357][T24460] RAX: ffffffffffffffda RBX: 00007f6f70db5fa0 RCX: 00007f6f70b8e969 [ 1160.266373][T24460] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 1160.266393][T24460] RBP: 00007f6f6e9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1160.266409][T24460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1160.266423][T24460] R13: 0000000000000000 R14: 00007f6f70db5fa0 R15: 00007ffc304e8e08 [ 1160.266452][T24460] [ 1160.266460][T24460] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1161.644256][T24513] FAULT_INJECTION: forcing a failure. [ 1161.644256][T24513] name failslab, interval 1, probability 0, space 0, times 0 [ 1161.729499][T24513] CPU: 1 UID: 0 PID: 24513 Comm: syz.0.2517 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1161.729544][T24513] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1161.729554][T24513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1161.729569][T24513] Call Trace: [ 1161.729576][T24513] [ 1161.729585][T24513] dump_stack_lvl+0x16c/0x1f0 [ 1161.729624][T24513] should_fail_ex+0x512/0x640 [ 1161.729657][T24513] ? fs_reclaim_acquire+0xae/0x150 [ 1161.729694][T24513] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1161.729727][T24513] should_failslab+0xc2/0x120 [ 1161.729755][T24513] __kmalloc_noprof+0xd2/0x510 [ 1161.729787][T24513] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1161.729823][T24513] ? tomoyo_profile+0x47/0x60 [ 1161.729861][T24513] tomoyo_path_number_perm+0x245/0x580 [ 1161.729887][T24513] ? tomoyo_path_number_perm+0x237/0x580 [ 1161.729914][T24513] ? do_raw_spin_unlock+0x144/0x230 [ 1161.729951][T24513] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1161.730008][T24513] ? find_held_lock+0x2b/0x80 [ 1161.730029][T24513] ? hook_file_ioctl_common+0x145/0x410 [ 1161.730060][T24513] ? __fget_files+0x20e/0x3c0 [ 1161.730101][T24513] security_file_ioctl+0x9b/0x240 [ 1161.730131][T24513] __x64_sys_ioctl+0xb7/0x200 [ 1161.730165][T24513] do_syscall_64+0xcd/0x230 [ 1161.730201][T24513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.730224][T24513] RIP: 0033:0x7f66e0b8e969 [ 1161.730242][T24513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1161.730266][T24513] RSP: 002b:00007f66e199c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1161.730287][T24513] RAX: ffffffffffffffda RBX: 00007f66e0db5fa0 RCX: 00007f66e0b8e969 [ 1161.730303][T24513] RDX: 0000000000000000 RSI: 00000000000089fc RDI: 0000000000000008 [ 1161.730324][T24513] RBP: 00007f66e0c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1161.730339][T24513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1161.730353][T24513] R13: 0000000000000000 R14: 00007f66e0db5fa0 R15: 00007ffe4cba3258 [ 1161.730383][T24513] [ 1161.730392][T24513] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1164.500163][T24568] snd_virmidi snd_virmidi.0: control 5:9:1:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 1164.962240][T24613] FAULT_INJECTION: forcing a failure. [ 1164.962240][T24613] name failslab, interval 1, probability 0, space 0, times 0 [ 1165.046680][T24613] CPU: 1 UID: 0 PID: 24613 Comm: syz.0.2530 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1165.046728][T24613] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1165.046738][T24613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1165.046757][T24613] Call Trace: [ 1165.046765][T24613] [ 1165.046773][T24613] dump_stack_lvl+0x16c/0x1f0 [ 1165.046811][T24613] should_fail_ex+0x512/0x640 [ 1165.046852][T24613] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1165.046895][T24613] should_failslab+0xc2/0x120 [ 1165.046925][T24613] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1165.046965][T24613] ? ___kmalloc_large_node+0x183/0x1e0 [ 1165.046999][T24613] ? vhost_worker_create+0xb4/0x380 [ 1165.047029][T24613] vhost_worker_create+0xb4/0x380 [ 1165.047055][T24613] ? __pfx_vhost_worker_create+0x10/0x10 [ 1165.047079][T24613] ? rcu_is_watching+0x12/0xc0 [ 1165.047102][T24613] ? __kmalloc_noprof.cold+0x5c/0x61 [ 1165.047136][T24613] ? rcu_is_watching+0x12/0xc0 [ 1165.047162][T24613] vhost_dev_set_owner+0x67c/0xb70 [ 1165.047202][T24613] vhost_net_ioctl+0x694/0x1710 [ 1165.047234][T24613] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1165.047260][T24613] ? find_held_lock+0x2b/0x80 [ 1165.047282][T24613] ? hook_file_ioctl_common+0x145/0x410 [ 1165.047315][T24613] ? __fget_files+0x20e/0x3c0 [ 1165.047357][T24613] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 1165.047387][T24613] __x64_sys_ioctl+0x190/0x200 [ 1165.047422][T24613] do_syscall_64+0xcd/0x230 [ 1165.047460][T24613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1165.047484][T24613] RIP: 0033:0x7f66e0b8e969 [ 1165.047502][T24613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1165.047533][T24613] RSP: 002b:00007f66e199c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1165.047556][T24613] RAX: ffffffffffffffda RBX: 00007f66e0db5fa0 RCX: 00007f66e0b8e969 [ 1165.047572][T24613] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 1165.047586][T24613] RBP: 00007f66e0c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1165.047601][T24613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1165.047615][T24613] R13: 0000000000000000 R14: 00007f66e0db5fa0 R15: 00007ffe4cba3258 [ 1165.047644][T24613] [ 1166.790292][T24706] FAULT_INJECTION: forcing a failure. [ 1166.790292][T24706] name failslab, interval 1, probability 0, space 0, times 0 [ 1166.870853][T24706] CPU: 1 UID: 0 PID: 24706 Comm: syz.3.2534 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1166.870897][T24706] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1166.870907][T24706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1166.870921][T24706] Call Trace: [ 1166.870928][T24706] [ 1166.870937][T24706] dump_stack_lvl+0x16c/0x1f0 [ 1166.870975][T24706] should_fail_ex+0x512/0x640 [ 1166.871009][T24706] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1166.871039][T24706] should_failslab+0xc2/0x120 [ 1166.871068][T24706] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1166.871093][T24706] ? d_instantiate+0x77/0x90 [ 1166.871119][T24706] ? alloc_empty_file+0x55/0x1e0 [ 1166.871152][T24706] alloc_empty_file+0x55/0x1e0 [ 1166.871182][T24706] alloc_file_pseudo+0x13a/0x230 [ 1166.871214][T24706] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1166.871246][T24706] ? alloc_fd+0x471/0x7d0 [ 1166.871287][T24706] sock_alloc_file+0x50/0x210 [ 1166.871318][T24706] __sys_socket+0x1c0/0x260 [ 1166.871354][T24706] ? __pfx___sys_socket+0x10/0x10 [ 1166.871391][T24706] ? rcu_is_watching+0x12/0xc0 [ 1166.871418][T24706] __x64_sys_socket+0x72/0xb0 [ 1166.871452][T24706] ? lockdep_hardirqs_on+0x7c/0x110 [ 1166.871484][T24706] do_syscall_64+0xcd/0x230 [ 1166.871520][T24706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1166.871544][T24706] RIP: 0033:0x7fa29218e969 [ 1166.871562][T24706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1166.871586][T24706] RSP: 002b:00007fa292f46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1166.871608][T24706] RAX: ffffffffffffffda RBX: 00007fa2923b5fa0 RCX: 00007fa29218e969 [ 1166.871626][T24706] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1166.871643][T24706] RBP: 00007fa292210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1166.871665][T24706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1166.871680][T24706] R13: 0000000000000000 R14: 00007fa2923b5fa0 R15: 00007ffe3b7028a8 [ 1166.871709][T24706] [ 1167.995959][T24748] FAULT_INJECTION: forcing a failure. [ 1167.995959][T24748] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.069958][T24748] CPU: 1 UID: 0 PID: 24748 Comm: syz.1.2539 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1168.070001][T24748] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1168.070011][T24748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1168.070027][T24748] Call Trace: [ 1168.070034][T24748] [ 1168.070043][T24748] dump_stack_lvl+0x16c/0x1f0 [ 1168.070081][T24748] should_fail_ex+0x512/0x640 [ 1168.070115][T24748] ? fs_reclaim_acquire+0xae/0x150 [ 1168.070155][T24748] should_failslab+0xc2/0x120 [ 1168.070184][T24748] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1168.070212][T24748] ? security_inode_alloc+0x3b/0x2b0 [ 1168.070243][T24748] security_inode_alloc+0x3b/0x2b0 [ 1168.070270][T24748] inode_init_always_gfp+0xce4/0x1030 [ 1168.070314][T24748] alloc_inode+0x86/0x240 [ 1168.070343][T24748] iget_locked+0x2e4/0x830 [ 1168.070376][T24748] ? __pfx_iget_locked+0x10/0x10 [ 1168.070408][T24748] ? find_held_lock+0x2b/0x80 [ 1168.070432][T24748] ? kernfs_root+0xee/0x2a0 [ 1168.070459][T24748] kernfs_get_inode+0x48/0x460 [ 1168.070497][T24748] kernfs_iop_lookup+0x1a7/0x2d0 [ 1168.070521][T24748] ? __pfx_kernfs_iop_lookup+0x10/0x10 [ 1168.070552][T24748] lookup_open.isra.0+0x4d7/0x1580 [ 1168.070594][T24748] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1168.070646][T24748] ? __pfx_down_write+0x10/0x10 [ 1168.070682][T24748] ? mnt_get_write_access+0x20c/0x300 [ 1168.070718][T24748] path_openat+0x905/0x2d40 [ 1168.070754][T24748] ? __pfx_path_openat+0x10/0x10 [ 1168.070785][T24748] do_filp_open+0x20b/0x470 [ 1168.070807][T24748] ? __pfx_do_filp_open+0x10/0x10 [ 1168.070852][T24748] ? alloc_fd+0x471/0x7d0 [ 1168.070898][T24748] do_sys_openat2+0x11b/0x1d0 [ 1168.070930][T24748] ? __pfx_do_sys_openat2+0x10/0x10 [ 1168.070974][T24748] __x64_sys_openat+0x174/0x210 [ 1168.071007][T24748] ? __pfx___x64_sys_openat+0x10/0x10 [ 1168.071041][T24748] ? rcu_is_watching+0x12/0xc0 [ 1168.071072][T24748] do_syscall_64+0xcd/0x230 [ 1168.071108][T24748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.071132][T24748] RIP: 0033:0x7f4e3598e969 [ 1168.071150][T24748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.071174][T24748] RSP: 002b:00007f4e368e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1168.071196][T24748] RAX: ffffffffffffffda RBX: 00007f4e35bb5fa0 RCX: 00007f4e3598e969 [ 1168.071211][T24748] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1168.071226][T24748] RBP: 00007f4e35a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1168.071241][T24748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1168.071255][T24748] R13: 0000000000000000 R14: 00007f4e35bb5fa0 R15: 00007ffc3ad1d908 [ 1168.071285][T24748] [ 1169.420055][T24763] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2540'. [ 1169.590713][T24772] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2540'. [ 1171.800349][T24840] ================================================================== [ 1171.808452][T24840] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1171.817145][T24840] Read of size 1 at addr ffff88806048e807 by task syz.0.2547/24840 [ 1171.825038][T24840] [ 1171.827369][T24840] CPU: 1 UID: 0 PID: 24840 Comm: syz.0.2547 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1171.827409][T24840] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1171.827419][T24840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1171.827434][T24840] Call Trace: [ 1171.827442][T24840] [ 1171.827451][T24840] dump_stack_lvl+0x116/0x1f0 [ 1171.827487][T24840] print_report+0xc3/0x670 [ 1171.827515][T24840] ? __virt_addr_valid+0x5e/0x590 [ 1171.827545][T24840] ? __phys_addr+0xc6/0x150 [ 1171.827576][T24840] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1171.827606][T24840] kasan_report+0xe0/0x110 [ 1171.827634][T24840] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1171.827668][T24840] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1171.827703][T24840] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 1171.827736][T24840] ? find_held_lock+0x2b/0x80 [ 1171.827757][T24840] ? __might_fault+0xe3/0x190 [ 1171.827783][T24840] ? __might_fault+0xe3/0x190 [ 1171.827809][T24840] ? __might_fault+0x13b/0x190 [ 1171.827842][T24840] ? proc_simple_write+0x114/0x1b0 [ 1171.827870][T24840] proc_simple_write+0x114/0x1b0 [ 1171.827899][T24840] ? __pfx_proc_simple_write+0x10/0x10 [ 1171.827929][T24840] proc_reg_write+0x23d/0x330 [ 1171.827953][T24840] ? __pfx_proc_reg_write+0x10/0x10 [ 1171.827977][T24840] vfs_writev+0x6c4/0xdc0 [ 1171.828013][T24840] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1171.828050][T24840] ? __pfx_vfs_writev+0x10/0x10 [ 1171.828086][T24840] ? __mutex_lock+0x1ca/0xb90 [ 1171.828128][T24840] ? __pfx___mutex_lock+0x10/0x10 [ 1171.828167][T24840] ? __fget_files+0x20e/0x3c0 [ 1171.828207][T24840] ? do_writev+0x132/0x330 [ 1171.828242][T24840] do_writev+0x132/0x330 [ 1171.828279][T24840] ? __pfx_do_writev+0x10/0x10 [ 1171.828314][T24840] ? rcu_is_watching+0x12/0xc0 [ 1171.828340][T24840] do_syscall_64+0xcd/0x230 [ 1171.828374][T24840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.828399][T24840] RIP: 0033:0x7f66e0b8e969 [ 1171.828417][T24840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1171.828440][T24840] RSP: 002b:00007f66e199c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1171.828462][T24840] RAX: ffffffffffffffda RBX: 00007f66e0db5fa0 RCX: 00007f66e0b8e969 [ 1171.828479][T24840] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1171.828493][T24840] RBP: 00007f66e0c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1171.828508][T24840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1171.828523][T24840] R13: 0000000000000000 R14: 00007f66e0db5fa0 R15: 00007ffe4cba3258 [ 1171.828546][T24840] [ 1171.828553][T24840] [ 1172.090545][T24840] Allocated by task 24840: [ 1172.094959][T24840] kasan_save_stack+0x33/0x60 [ 1172.099646][T24840] kasan_save_track+0x14/0x30 [ 1172.104344][T24840] __kasan_kmalloc+0xaa/0xb0 [ 1172.108950][T24840] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 1172.115376][T24840] memdup_user_nul+0x2b/0x120 [ 1172.120070][T24840] proc_simple_write+0xc7/0x1b0 [ 1172.124935][T24840] proc_reg_write+0x23d/0x330 [ 1172.129618][T24840] vfs_writev+0x6c4/0xdc0 [ 1172.133972][T24840] do_writev+0x132/0x330 [ 1172.138234][T24840] do_syscall_64+0xcd/0x230 [ 1172.142752][T24840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.148668][T24840] [ 1172.150988][T24840] The buggy address belongs to the object at ffff88806048e800 [ 1172.150988][T24840] which belongs to the cache kmalloc-8 of size 8 [ 1172.164696][T24840] The buggy address is located 0 bytes to the right of [ 1172.164696][T24840] allocated 7-byte region [ffff88806048e800, ffff88806048e807) [ 1172.179014][T24840] [ 1172.181341][T24840] The buggy address belongs to the physical page: [ 1172.187754][T24840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6048e [ 1172.196516][T24840] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1172.203628][T24840] page_type: f5(slab) [ 1172.207614][T24840] raw: 00fff00000000000 ffff88801b441500 dead000000000100 dead000000000122 [ 1172.216203][T24840] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 1172.224799][T24840] page dumped because: kasan: bad access detected [ 1172.231207][T24840] page_owner tracks the page as allocated [ 1172.236933][T24840] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3533, tgid 3533 (kworker/u8:7), ts 109949425529, free_ts 109907993108 [ 1172.256400][T24840] post_alloc_hook+0x181/0x1b0 [ 1172.261176][T24840] get_page_from_freelist+0x135c/0x3920 [ 1172.266736][T24840] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 1172.272636][T24840] alloc_pages_mpol+0x1fb/0x550 [ 1172.277513][T24840] new_slab+0x244/0x340 [ 1172.281687][T24840] ___slab_alloc+0xd9c/0x1940 [ 1172.286379][T24840] __slab_alloc.constprop.0+0x56/0xb0 [ 1172.291771][T24840] __kmalloc_noprof+0x2f2/0x510 [ 1172.296631][T24840] nsim_fib_event_nb+0x45e/0x10d0 [ 1172.301679][T24840] notifier_call_chain+0xb9/0x410 [ 1172.306714][T24840] atomic_notifier_call_chain+0x71/0x1c0 [ 1172.312362][T24840] call_fib_notifiers+0x33/0x70 [ 1172.317220][T24840] fib6_add+0x25ef/0x4b60 [ 1172.321555][T24840] ip6_ins_rt+0xb5/0x110 [ 1172.325809][T24840] __ipv6_ifa_notify+0xa6b/0xd60 [ 1172.330753][T24840] addrconf_dad_completed+0x19a/0x10d0 [ 1172.336224][T24840] page last free pid 24 tgid 24 stack trace: [ 1172.342200][T24840] __free_frozen_pages+0x69d/0xff0 [ 1172.347346][T24840] __folio_put+0x329/0x450 [ 1172.351775][T24840] aio_free_ring+0x2dd/0x4f0 [ 1172.356380][T24840] free_ioctx+0x21/0xa0 [ 1172.360553][T24840] process_one_work+0x9cc/0x1b70 [ 1172.365512][T24840] worker_thread+0x6c8/0xf10 [ 1172.370137][T24840] kthread+0x3c2/0x780 [ 1172.374232][T24840] ret_from_fork+0x45/0x80 [ 1172.378671][T24840] ret_from_fork_asm+0x1a/0x30 [ 1172.383458][T24840] [ 1172.385781][T24840] Memory state around the buggy address: [ 1172.391431][T24840] ffff88806048e700: fa fc fc fc fa fc fc fc 05 fc fc fc 06 fc fc fc [ 1172.399506][T24840] ffff88806048e780: 05 fc fc fc 05 fc fc fc 00 fc fc fc fa fc fc fc [ 1172.407588][T24840] >ffff88806048e800: 07 fc fc fc 06 fc fc fc 05 fc fc fc 05 fc fc fc [ 1172.415675][T24840] ^ [ 1172.419748][T24840] ffff88806048e880: 05 fc fc fc 05 fc fc fc 06 fc fc fc 05 fc fc fc [ 1172.427815][T24840] ffff88806048e900: 06 fc fc fc 05 fc fc fc fa fc fc fc 00 fc fc fc [ 1172.435875][T24840] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1173.539081][T24840] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1173.546339][T24840] CPU: 1 UID: 0 PID: 24840 Comm: syz.0.2547 Tainted: G U I 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) [ 1173.559983][T24840] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1173.565957][T24840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1173.576022][T24840] Call Trace: [ 1173.579302][T24840] [ 1173.582238][T24840] dump_stack_lvl+0x3d/0x1f0 [ 1173.586847][T24840] panic+0x71c/0x800 [ 1173.590760][T24840] ? __pfx_panic+0x10/0x10 [ 1173.595193][T24840] ? mark_held_locks+0x49/0x80 [ 1173.599974][T24840] ? preempt_schedule_thunk+0x16/0x30 [ 1173.605375][T24840] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1173.611370][T24840] ? preempt_schedule_common+0x44/0xc0 [ 1173.616846][T24840] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1173.622842][T24840] check_panic_on_warn+0xab/0xb0 [ 1173.627800][T24840] end_report+0x107/0x170 [ 1173.632142][T24840] kasan_report+0xee/0x110 [ 1173.636572][T24840] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1173.642570][T24840] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 1173.648397][T24840] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 1173.654577][T24840] ? find_held_lock+0x2b/0x80 [ 1173.659260][T24840] ? __might_fault+0xe3/0x190 [ 1173.663949][T24840] ? __might_fault+0xe3/0x190 [ 1173.668664][T24840] ? __might_fault+0x13b/0x190 [ 1173.673445][T24840] ? proc_simple_write+0x114/0x1b0 [ 1173.678568][T24840] proc_simple_write+0x114/0x1b0 [ 1173.683519][T24840] ? __pfx_proc_simple_write+0x10/0x10 [ 1173.688990][T24840] proc_reg_write+0x23d/0x330 [ 1173.693680][T24840] ? __pfx_proc_reg_write+0x10/0x10 [ 1173.698883][T24840] vfs_writev+0x6c4/0xdc0 [ 1173.703256][T24840] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1173.709170][T24840] ? __pfx_vfs_writev+0x10/0x10 [ 1173.714038][T24840] ? __mutex_lock+0x1ca/0xb90 [ 1173.718736][T24840] ? __pfx___mutex_lock+0x10/0x10 [ 1173.723783][T24840] ? __fget_files+0x20e/0x3c0 [ 1173.728482][T24840] ? do_writev+0x132/0x330 [ 1173.732917][T24840] do_writev+0x132/0x330 [ 1173.737198][T24840] ? __pfx_do_writev+0x10/0x10 [ 1173.741985][T24840] ? rcu_is_watching+0x12/0xc0 [ 1173.746766][T24840] do_syscall_64+0xcd/0x230 [ 1173.751288][T24840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.757277][T24840] RIP: 0033:0x7f66e0b8e969 [ 1173.761697][T24840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1173.781333][T24840] RSP: 002b:00007f66e199c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1173.789756][T24840] RAX: ffffffffffffffda RBX: 00007f66e0db5fa0 RCX: 00007f66e0b8e969 [ 1173.797746][T24840] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1173.805720][T24840] RBP: 00007f66e0c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1173.813695][T24840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1173.821669][T24840] R13: 0000000000000000 R14: 00007f66e0db5fa0 R15: 00007ffe4cba3258 [ 1173.829656][T24840] [ 1173.832739][T24840] Kernel Offset: disabled [ 1173.837073][T24840] Rebooting in 86400 seconds..