last executing test programs: 13.705742296s ago: executing program 2 (id=98): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/rxrpc/bundles\x00', 0x88400, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/capabilities/rel\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4105, 0x1009) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$auto_BPF_MAP_LOOKUP_ELEM(0x1, 0x0, 0x3) socket(0x2, 0x1, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0xbf) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x64842, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x801, 0x8000000000000000, 0x0) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x56) write$auto(0x3, 0x0, 0x7fffffff) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) epoll_wait$auto(r0, &(0x7f0000000140)={0x4, 0x1ff}, 0x0, 0x7ff) 11.733615923s ago: executing program 2 (id=100): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(0x3, 0x400c4d05, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_NL80211_CMD_ASSOC_MLO_RECONF(r0, 0x0, 0x80) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x216fc2, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) 10.823088679s ago: executing program 3 (id=101): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r0 = open(&(0x7f0000000040)='./file0\x00', 0x1ebe02, 0x61) mmap$auto(0x0, 0x11, 0xdf, 0x9b72, r0, 0x8000) r1 = socket(0x2, 0x1, 0x0) getsockopt$auto(r1, 0x0, 0x61, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x2000000000000, 0xeb6, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r2 = socket(0x10, 0x800, 0x0) sendmmsg$auto(r2, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2ba802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x4, 0x0, 0x0, &(0x7f00000002c0)={[0x3dcbd9be, 0x7, 0xb7, 0x1, 0x948b, 0x3, 0x15f4de0a, 0x5, 0x8000, 0x62, 0x80000001, 0xfffffffffffffffe, 0x6d3f, 0x9, 0x2, 0x8]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f00000000c0)="21b8c2f61c6102174b86ee307a74febb61cc328f1d5139a965aecd172982632a01e47ee5856fd1f3399e627860eb5baaa6d8ea314f97e7b1f8b48d7736a249e880c7d23ec5b91352591822dc411cb94543f0144d389973ba3d0d00000000000000ebad7e86ff20989ab66ba7e8c41f31482fe2abc1dddc1c8b10faf3d9eee5bf1e179b53819185a9ad5d35e6e39d97fa67b9fce9fc6a", 0x40000000001243}, 0xa, 0xfffffffffffffffc) io_uring_setup$auto(0x58, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/usbmon8\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r4, 0x0, 0x2f) close_range$auto(0x2, 0xa, 0x0) 10.292158832s ago: executing program 2 (id=103): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x1dcb, 0x18) madvise$auto(0x0, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) r0 = fsopen$auto(0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x10, 0xde, 0x9b7f, 0x2, 0x7fff) mlockall$auto(0x7) write$auto_sg_fops_sg(r0, &(0x7f0000000000)="92b950ae6e5742a21461bf8c2cd2899e154adb6eac4c585aab943301a10a409d5af515b1f2b5802ddcab27975026ccfdab32ada2b8fc7660d6a53b3ec6df8095a8e2ee51c3136f76a65732ad87243441", 0x50) migrate_pages$auto(0x0, 0x3, &(0x7f0000000100)=0x5, 0x0) socketpair$auto(0x7, 0x1fffffe, 0x315, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) getpeername$auto(0xffffffffffffffff, 0x0, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) pselect6$auto(0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 9.734870993s ago: executing program 0 (id=105): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0xd, 0x89, 0x2, 0x4, 0xffffffffffffffff, 0x81, 0x9}, 0x6f4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0xffffffffffffffff, 0x0, 0x401) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000004040)) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1, 0x8, 0xd, 0xe13, 0x81, 0xe, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0xb0, 0x9, 0x20000800001, 0x3, 0x5, 0x3, 0x6, 0x7, 0x0, 0xffffffee, 0x2a17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xf6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, 0x9, 0x81) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) r0 = socket(0x1e, 0x2, 0x0) getsockopt$auto(r0, 0x10f, 0x81, 0x0, 0x0) socket(0x21, 0x80a, 0x727eb3eb) 9.325679583s ago: executing program 3 (id=106): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = getsid$auto(0xffffffffffffffff) prctl$auto(0xbbb, 0xffffeffffffffff7, r0, 0xf, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r2, 0x0, 0xa3db) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x12000, 0x0) mmap$auto(0x0, 0x4, 0x6, 0x40eb1, 0x401, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/conf/ip6_vti0/igmpv2_unsolicited_report_interval\x00', 0x101000, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000800000003) clone$auto(0xd6, 0x9, 0x0, 0x0, 0x2) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r3, 0x0, 0x39b8) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) r4 = eventfd$auto(0x80) readv$auto(r4, &(0x7f0000000380)={0x0, 0x8}, 0x4) write$auto(r1, 0x0, 0x8) r5 = socket(0x18, 0x3, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x4008b100, 0x0) 8.219898606s ago: executing program 3 (id=108): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x4, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/038/001\x00', 0x2101, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0xa0100, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x10b201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty40\x00', 0xc02, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) 6.441181669s ago: executing program 0 (id=111): capget$auto(0x0, 0x0) mmap$auto(0x7ff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0xa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @local}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) connect$auto(0x4, 0x0, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) keyctl$auto(0x1e, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0xfffffffd, 0x25ba, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0xfffffffffffffffd, 0x2020009, 0xede, 0xeb1, 0xfffffffffffffffa, 0x3) ioctl$auto_XFS_IOC_FREESP64(r0, 0x40305825, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) ioprio_set$auto(0x3, 0x0, 0x4b34) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 6.114923516s ago: executing program 2 (id=112): unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x100) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0) write$auto(r1, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) sendfile$auto(r0, r0, 0x0, 0x7fff) unshare$auto(0xa4) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) r3 = socket(0x0, 0x3, 0x3c) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[], 0xf8}}, 0x10000810) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x40009, 0x5, 0x9b72, 0x0, 0x28000) futex_wake$auto(0x0, 0x8, 0x7, 0x2) rt_sigqueueinfo$auto(0x9, 0x8, &(0x7f0000000000)={@siginfo_0_0={0xacb4, 0x5, 0xfffffffa, @_kill={0x4, 0x1}}}) 6.068629786s ago: executing program 1 (id=113): openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2002, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000500), r0) sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40008000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@id={0x1e, 0x3, 0x2, {0x4e20, 0xf5}}, 0x10) geteuid() openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x24000802) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r1) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcd, 0x0, 0x566) unshare$auto(0x40000080) open(&(0x7f00000001c0)='./file0\x00', 0x10000, 0x15c) fcntl$auto(0xffffffffffffffff, 0x88, 0x0) 6.020156539s ago: executing program 3 (id=114): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x80000001, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x3) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40, 0x0) setsockopt$auto(r0, 0x1, 0x10, &(0x7f0000000280)='\x00\x15\x8d\xca`\xbcgY\xd2w\xf6\xaedN\x00\x00\x00\x00\x04\x00\x00\x00*\xaaL\'\xab>q\x9e\xdd`\x84_\r\xc2\x17\xb1\xaf\xd2\f\xfd[Iy\xbb*$\xec\xca\x8b\xde\xdcV@\x04+\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xc3\xa2\x1a\xf1\xdf\x12\b?Q\xec*\b`\'\xfe\xcb\xe9\xc0\xf4\x119\xf6f\v\xf7\x13\xe6\xd8\xa2\xd3\xfd\xa7', 0xba) shmctl$auto_SHM_LOCK(0x1, 0xb, &(0x7f00000003c0)={{0x4, 0x0, 0xee01, 0x18, 0x9, 0x21, 0x6}, 0xe, 0xc4, 0x1, 0x4, @inferred, @raw=0x4c000, 0x3, 0x0, 0x0, 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x4000080) mmap$auto(0x0, 0x5, 0x4000000000df, 0x40eb1, 0x401, 0x9) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r1, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) 5.377963126s ago: executing program 1 (id=115): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/arch_status\x00', 0x40000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_cpumask\x00', 0x8042, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1ff, 0x0, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 5.128573065s ago: executing program 0 (id=116): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5aa, 0x0, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x100) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x801, 0x106) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) getsockopt$auto(r0, 0x0, 0x1, 0x0, 0x0) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xcb) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) 4.515820564s ago: executing program 1 (id=117): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) mmap$auto(0x1, 0x202000b, 0x3, 0xeb1, r0, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) setreuid$auto(0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000480)=""/4096, 0x1000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) writev$auto(0x1, 0x0, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) readahead$auto(r2, 0x6, 0x2) r3 = socket(0x23, 0x5, 0x0) listen$auto(r3, 0x5ed) unshare$auto(0x40000080) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000f80)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/hid\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x3fc, 0x4000000000000006) read$auto(0xffffffffffffffff, 0x0, 0x1) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) write$auto(r5, 0x0, 0x6) 4.243559381s ago: executing program 0 (id=118): unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0xa0942, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x7}, 0xff, 0x3, 0xfffffffffffffffd, 0x1008000, 0x0, 0x6, 0x81, 0xbfffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x15, 0x5, 0x0) ustat$auto(0x801, 0x0) socket(0x11, 0xa, 0x300) bpf$auto(0x0, &(0x7f0000000100)=@query={@target_ifindex, 0x0, 0x8, 0x9, 0x0, @prog_cnt, 0x0, 0x3, 0x5a3522aa, 0xffffffff, 0x9}, 0x6f4) mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f0000000b00)='X))\x00', 0x63c1, 0x7ff) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200) listmount$auto(&(0x7f0000000040)={0x200, @inferred=r0, 0x7f, 0x81, 0x400}, &(0x7f0000000140)=0x10000, 0xf, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01032cb57000fbdbdf250a0000400600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) 3.662694098s ago: executing program 2 (id=119): socket(0x5, 0x3, 0x8) r0 = socket(0x22, 0x1, 0x80000000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) unshare$auto(0x40000080) r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/block/loop9/hctx0/sched_tags_bitmap\x00', 0x101a00, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r1, &(0x7f0000000340)=""/179, 0xb3) sendmmsg$auto(r0, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0xa, 0x2, 0x88) socket(0x11, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xd6, 0x11, 0xffffffffffffffff, 0x1000000008000) bind$auto(0xffffffffffffffff, &(0x7f0000000100)=@nl=@unspec, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mbind$auto(0x2000, 0x100000004, 0x6, 0x0, 0x6, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa0202, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.823668894s ago: executing program 1 (id=120): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_G_MODE(0xffffffffffffffff, 0x80046108, 0x0) setreuid$auto(0x2, 0x87) r1 = timerfd_create$auto(0x6, 0x0) futimesat$auto(r1, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x40, 0xffffffffffffffff}) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x3, 0x2c) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000001c0), 0x189002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/blkio.bfq.weight_device\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22c02, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)=0x6) read$auto(r3, 0x0, 0x5) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109206, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x2) 2.285108755s ago: executing program 3 (id=121): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x200200, 0x0) ioctl$auto_XFS_IOC_EXCHANGE_RANGE(0xffffffffffffffff, 0x40285881, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x40, 0x0, 0xa000000000000000, 0x7}) getdents64$auto(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x1, 0x95, 0x2}, 0xffff) bpf$auto(0x1, &(0x7f0000000100)=@task_fd_query={0xffffffffffffffff, r0, 0x92, 0xfffffff7, 0x6, 0x5, r1, 0x638b, 0x8}, 0x5) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000280)=""/59, 0x3b) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/kernel/tracepoint_printk\x00', 0x101202, 0x0) sendfile$auto(r3, r3, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x20499d, 0x9) r4 = getegid() setregid$auto(r4, r4) ioctl$auto_FIGETBSZ(0xffffffffffffffff, 0x2, 0x8) msgctl$auto_IPC_INFO(0x7, 0x3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x5, 0x1, 0x44b, 0x7, 0x5, 0x7, 0xd1, 0x7, 0x7, 0x803, 0x9, 0x80000001, 0x4, 0x200000000000, 0x384, 0xfffffffffffffffb, 0x8, 0x0, 0x2, 0x0, 0x864, 0xe, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x7]}, 0xa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) pkey_free$auto(0xfffffffd) 1.924629365s ago: executing program 0 (id=122): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0xc01) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) setfsgid$auto(0xee01) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) fanotify_init$auto(0x5, 0x2000000000002) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) write$auto(0x1, 0x0, 0x80000000) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(0xffffffffffffffff, 0x0, 0x20000001) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r0, 0x28000) r2 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000007380)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x109041, 0x0) write$auto(r2, 0x0, 0x40) 1.520947403s ago: executing program 1 (id=123): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x400, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x10, 0x2, 0xc) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x24, r3, 0x10, 0x70bd2c, 0x25dfdbfa, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_FAMILY_NAME={0x0, 0x2, '%/\x00\xe2\xa8\\A\xe7Z\x02q[\xcb\xc0\xb0N\\\xdc\xdf(\xff\xfee\xc3\x17py\x9f\xda\xb88\xaa\xf6q*\x82\xe6(\xc9\xe6B\x9aJ82\v-i(c\x92{\xd7D\xb4\xf7\xb4\t\xb2\x98b\xd3%vu\xd4\xfd\t\xd7J\x83\x19)\xb1\x00[\xdd(\xef?\xc5\xae(\x84\xefjx\xfe\xdb\xeb\xbceaAw\x1eW\x12Bh\xc3y2\xc9\x0e\xc9\x99#\x92j\x97\xbbDOi\x03\xa4\x11\x02F 1 [ 103.984093][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.993415][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.001989][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.010195][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.054006][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.067033][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.075740][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.090862][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.103155][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.142721][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.151510][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.159629][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.168486][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.178105][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.190480][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 104.261497][ T5141] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.273698][ T5141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 104.282437][ T5141] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 104.293156][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 104.627406][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 104.966157][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 104.982793][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.991761][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.000846][ T5836] bridge_slave_0: entered allmulticast mode [ 105.009828][ T5836] bridge_slave_0: entered promiscuous mode [ 105.061983][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.069300][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.076860][ T5836] bridge_slave_1: entered allmulticast mode [ 105.084759][ T5836] bridge_slave_1: entered promiscuous mode [ 105.092066][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 105.137706][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 105.212320][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.227420][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.336058][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.343498][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.350793][ T5839] bridge_slave_0: entered allmulticast mode [ 105.358513][ T5839] bridge_slave_0: entered promiscuous mode [ 105.403914][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.411115][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.421637][ T5839] bridge_slave_1: entered allmulticast mode [ 105.429674][ T5839] bridge_slave_1: entered promiscuous mode [ 105.440458][ T5836] team0: Port device team_slave_0 added [ 105.450712][ T5836] team0: Port device team_slave_1 added [ 105.586321][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.593867][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.601165][ T5843] bridge_slave_0: entered allmulticast mode [ 105.608771][ T5843] bridge_slave_0: entered promiscuous mode [ 105.617757][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.625140][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.632351][ T5843] bridge_slave_1: entered allmulticast mode [ 105.641389][ T5843] bridge_slave_1: entered promiscuous mode [ 105.651254][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.662538][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.669844][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.695948][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.708220][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.715814][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.723655][ T5845] bridge_slave_0: entered allmulticast mode [ 105.731033][ T5845] bridge_slave_0: entered promiscuous mode [ 105.756957][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.781898][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.788953][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.815446][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.835405][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.842586][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.850642][ T5845] bridge_slave_1: entered allmulticast mode [ 105.858186][ T5845] bridge_slave_1: entered promiscuous mode [ 105.902064][ T5839] team0: Port device team_slave_0 added [ 105.925781][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.939285][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.967758][ T5839] team0: Port device team_slave_1 added [ 106.019639][ T5843] team0: Port device team_slave_0 added [ 106.045477][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.054368][ T55] Bluetooth: hci0: command tx timeout [ 106.059441][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.091943][ T5836] hsr_slave_0: entered promiscuous mode [ 106.099066][ T5836] hsr_slave_1: entered promiscuous mode [ 106.110891][ T5843] team0: Port device team_slave_1 added [ 106.133084][ T55] Bluetooth: hci1: command tx timeout [ 106.184215][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.191214][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.218218][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.246931][ T5845] team0: Port device team_slave_0 added [ 106.256897][ T5845] team0: Port device team_slave_1 added [ 106.277258][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.284447][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.311003][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.322101][ T55] Bluetooth: hci2: command tx timeout [ 106.350737][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.357935][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.384355][ T55] Bluetooth: hci3: command tx timeout [ 106.386951][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.441779][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.449082][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.475468][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.488024][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.496442][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.522892][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.552571][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.559842][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.586662][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.738337][ T5845] hsr_slave_0: entered promiscuous mode [ 106.744952][ T5845] hsr_slave_1: entered promiscuous mode [ 106.751143][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.759012][ T5845] Cannot create hsr debugfs directory [ 106.784854][ T5839] hsr_slave_0: entered promiscuous mode [ 106.791375][ T5839] hsr_slave_1: entered promiscuous mode [ 106.797829][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.805570][ T5839] Cannot create hsr debugfs directory [ 106.818357][ T5843] hsr_slave_0: entered promiscuous mode [ 106.825844][ T5843] hsr_slave_1: entered promiscuous mode [ 106.832094][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.839749][ T5843] Cannot create hsr debugfs directory [ 107.242956][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.287941][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.321646][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.334977][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.445950][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.465710][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.485299][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.499886][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.587005][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.618729][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.630767][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.657250][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.768642][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.792350][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.806772][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.821450][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.908949][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.979084][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.992404][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.009737][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.039820][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.047258][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.085571][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.100887][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.108089][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.133204][ T55] Bluetooth: hci0: command tx timeout [ 108.155789][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.171403][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.178600][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.191197][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.198453][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.213443][ T55] Bluetooth: hci1: command tx timeout [ 108.245444][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.252640][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.279501][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.286891][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.309505][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.373694][ T55] Bluetooth: hci2: command tx timeout [ 108.390425][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.418746][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.426050][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.454152][ T55] Bluetooth: hci3: command tx timeout [ 108.455582][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.466768][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.001036][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.200840][ T5836] veth0_vlan: entered promiscuous mode [ 109.246877][ T5836] veth1_vlan: entered promiscuous mode [ 109.278646][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.309387][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.320331][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.418754][ T5843] veth0_vlan: entered promiscuous mode [ 109.445722][ T5836] veth0_macvtap: entered promiscuous mode [ 109.462007][ T5843] veth1_vlan: entered promiscuous mode [ 109.502527][ T5836] veth1_macvtap: entered promiscuous mode [ 109.525992][ T5839] veth0_vlan: entered promiscuous mode [ 109.544585][ T5845] veth0_vlan: entered promiscuous mode [ 109.556074][ T5839] veth1_vlan: entered promiscuous mode [ 109.575608][ T5845] veth1_vlan: entered promiscuous mode [ 109.624157][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.637646][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.677000][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.687656][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.697036][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.706150][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.727275][ T5843] veth0_macvtap: entered promiscuous mode [ 109.751908][ T5843] veth1_macvtap: entered promiscuous mode [ 109.780415][ T5845] veth0_macvtap: entered promiscuous mode [ 109.791801][ T5839] veth0_macvtap: entered promiscuous mode [ 109.825283][ T5839] veth1_macvtap: entered promiscuous mode [ 109.844790][ T5845] veth1_macvtap: entered promiscuous mode [ 109.885058][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.942449][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.967851][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.978774][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.996420][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.008768][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.018570][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.029247][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.051421][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.056246][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.065013][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.107371][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.150232][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.159556][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.169686][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.178828][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.190392][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.200174][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.210185][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.219210][ T55] Bluetooth: hci0: command tx timeout [ 110.221233][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.257629][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.266225][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.293880][ T55] Bluetooth: hci1: command tx timeout [ 110.446686][ T152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.463544][ T55] Bluetooth: hci2: command tx timeout [ 110.476765][ T152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.495707][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 110.515210][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.531067][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.543484][ T55] Bluetooth: hci3: command tx timeout [ 110.626022][ T152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.639738][ T152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.724078][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.740489][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.865863][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.929075][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.140476][ T152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.167943][ T152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.606360][ T5905] process 'syz.2.3' launched ':,' with NULL argv: empty string added [ 112.293084][ T55] Bluetooth: hci0: command tx timeout [ 112.374174][ T55] Bluetooth: hci1: command tx timeout [ 112.536311][ T55] Bluetooth: hci2: command tx timeout [ 112.616273][ T55] Bluetooth: hci3: command tx timeout [ 112.643369][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.350522][ T55] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 113.361799][ T55] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 113.411714][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 113.513056][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 113.521413][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 113.683267][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.607529][ T5930] FAULT_INJECTION: forcing a failure. [ 114.607529][ T5930] name failslab, interval 1, probability 0, space 0, times 1 [ 114.643049][ T5930] CPU: 0 UID: 0 PID: 5930 Comm: syz.0.7 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 114.643095][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.643119][ T5930] Call Trace: [ 114.643130][ T5930] [ 114.643146][ T5930] dump_stack_lvl+0x16c/0x1f0 [ 114.643208][ T5930] should_fail_ex+0x512/0x640 [ 114.643258][ T5930] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 114.643295][ T5930] should_failslab+0xc2/0x120 [ 114.643339][ T5930] __kmalloc_cache_noprof+0x6a/0x3e0 [ 114.643375][ T5930] ? police_init_net+0x56/0x270 [ 114.643411][ T5930] ? __pfx_police_init_net+0x10/0x10 [ 114.643446][ T5930] police_init_net+0x56/0x270 [ 114.643480][ T5930] ops_init+0x1df/0x5f0 [ 114.643537][ T5930] setup_net+0x21e/0x850 [ 114.643587][ T5930] ? __pfx_setup_net+0x10/0x10 [ 114.643629][ T5930] ? lockdep_init_map_type+0x5c/0x280 [ 114.643676][ T5930] ? __pfx_down_read_killable+0x10/0x10 [ 114.643716][ T5930] ? debug_mutex_init+0x37/0x70 [ 114.643754][ T5930] copy_net_ns+0x2a6/0x5f0 [ 114.643807][ T5930] create_new_namespaces+0x3ea/0xad0 [ 114.643857][ T5930] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 114.643901][ T5930] ksys_unshare+0x45b/0xa40 [ 114.643948][ T5930] ? __pfx_ksys_unshare+0x10/0x10 [ 114.643991][ T5930] ? xfd_validate_state+0x5d/0x180 [ 114.644026][ T5930] ? rcu_is_watching+0x12/0xc0 [ 114.644072][ T5930] __x64_sys_unshare+0x31/0x40 [ 114.644117][ T5930] do_syscall_64+0xcd/0x230 [ 114.644168][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.644202][ T5930] RIP: 0033:0x7f4a15f8e969 [ 114.644227][ T5930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.644260][ T5930] RSP: 002b:00007f4a16daa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 114.644292][ T5930] RAX: ffffffffffffffda RBX: 00007f4a161b5fa0 RCX: 00007f4a15f8e969 [ 114.644313][ T5930] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 114.644332][ T5930] RBP: 00007f4a16010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 114.644352][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.644372][ T5930] R13: 0000000000000000 R14: 00007f4a161b5fa0 R15: 00007fff5ebcf028 [ 114.644416][ T5930] [ 115.126489][ T5942] i2c i2c-0: delete_device: Can't find device in list [ 115.213380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.258893][ T5942] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.316970][ T5943] netlink: 338 bytes leftover after parsing attributes in process `syz.1.9'. [ 115.329053][ T5942] netlink: 338 bytes leftover after parsing attributes in process `syz.1.9'. [ 115.369251][ T5942] netlink: 290 bytes leftover after parsing attributes in process `syz.1.9'. [ 115.437778][ T5942] veth0_macvtap: left promiscuous mode [ 115.971493][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 116.177353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 116.187625][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 116.353963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.418061][ T5957] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11'. [ 116.815190][ T5957] Zero length message leads to an empty skb [ 117.076823][ T5963] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.337713][ T5952] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 117.348028][ T5952] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 117.360877][ T5952] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 117.404243][ T5952] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 117.426228][ T5952] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 117.464902][ T5952] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 117.479788][ T5952] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 117.521884][ T5952] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 117.598341][ T5952] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 117.693679][ T5952] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 117.714838][ T5952] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 117.760817][ T5952] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 118.134061][ T5970] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 118.214124][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 118.857218][ T5989] netlink: 8 bytes leftover after parsing attributes in process `syz.0.18'. [ 119.423017][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 119.495860][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 119.734585][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 119.806700][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.20'. [ 120.303276][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.874499][ T6015] page: refcount:8 mapcount:0 mapping:0000000000000000 index:0x7fbda9d7a pfn:0x78400 [ 121.004467][ T6015] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 121.039249][ T6015] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 121.121618][ T6015] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 121.151856][ T6021] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26'. [ 121.187831][ T6015] raw: 00000007fbda9d7a 0000000000000000 00000008ffffffff 0000000000000000 [ 121.228847][ T6015] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 121.303253][ T6015] head: 00000007fbda9d7a 0000000000000000 00000008ffffffff 0000000000000000 [ 121.450418][ T6015] head: 00fff00000000003 ffffea0001e10001 00000000ffffffff 00000000ffffffff [ 121.502625][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 121.543746][ T6015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 121.573058][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 121.613052][ T6015] page dumped because: unmovable page [ 121.645110][ T6015] page_owner tracks the page as allocated [ 121.723030][ T6015] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5829, tgid 5829 (dhcpcd), ts 103294007556, free_ts 99996006871 [ 121.723137][ T6015] post_alloc_hook+0x181/0x1b0 [ 121.723195][ T6015] get_page_from_freelist+0x135c/0x3920 [ 121.723234][ T6015] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 121.723322][ T6015] alloc_pages_mpol+0x1fb/0x550 [ 121.723366][ T6015] alloc_pages_noprof+0x131/0x390 [ 121.723409][ T6015] skb_page_frag_refill+0x186/0x5a0 [ 121.723460][ T6015] try_fill_recv+0x79c/0x2690 [ 121.723504][ T6015] virtnet_poll+0x1e23/0x3c00 [ 121.723546][ T6015] __napi_poll.constprop.0+0xb7/0x550 [ 121.723581][ T6015] net_rx_action+0xa97/0x1010 [ 121.723615][ T6015] handle_softirqs+0x219/0x8e0 [ 121.723651][ T6015] __irq_exit_rcu+0x109/0x170 [ 121.723684][ T6015] irq_exit_rcu+0x9/0x30 [ 121.723719][ T6015] common_interrupt+0xbf/0xe0 [ 121.723764][ T6015] asm_common_interrupt+0x26/0x40 [ 121.723798][ T6015] page last free pid 5820 tgid 5820 stack trace: [ 121.723819][ T6015] __free_frozen_pages+0x69d/0xff0 [ 121.723848][ T6015] vfree+0x176/0x960 [ 121.723898][ T6015] kcov_close+0x34/0x60 [ 121.723938][ T6015] __fput+0x3ff/0xb70 [ 121.723976][ T6015] fput_close_sync+0x118/0x260 [ 121.724019][ T6015] __x64_sys_close+0x8b/0x120 [ 121.724064][ T6015] do_syscall_64+0xcd/0x230 [ 121.724112][ T6015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.824528][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 122.392919][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 122.983333][ T6015] mmap: syz.2.24 (6015) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 123.573168][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 123.661860][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 123.925269][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 126.564115][ T6077] ======================================================= [ 126.564115][ T6077] WARNING: The mand mount option has been deprecated and [ 126.564115][ T6077] and is ignored by this kernel. Remove the mand [ 126.564115][ T6077] option from the mount to silence this warning. [ 126.564115][ T6077] ======================================================= [ 126.599170][ C0] vkms_vblank_simulate: vblank timer overrun [ 127.321107][ T6090] FAULT_INJECTION: forcing a failure. [ 127.321107][ T6090] name failslab, interval 1, probability 0, space 0, times 0 [ 127.370750][ T6090] CPU: 1 UID: 0 PID: 6090 Comm: syz.1.40 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 127.370798][ T6090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.370817][ T6090] Call Trace: [ 127.370828][ T6090] [ 127.370841][ T6090] dump_stack_lvl+0x16c/0x1f0 [ 127.370897][ T6090] should_fail_ex+0x512/0x640 [ 127.370949][ T6090] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 127.370989][ T6090] should_failslab+0xc2/0x120 [ 127.371033][ T6090] __kmalloc_cache_noprof+0x6a/0x3e0 [ 127.371068][ T6090] ? ima_add_digest_entry+0x52/0x540 [ 127.371127][ T6090] ima_add_digest_entry+0x52/0x540 [ 127.371192][ T6090] ima_add_template_entry+0x478/0x870 [ 127.371256][ T6090] ? __pfx_ima_add_template_entry+0x10/0x10 [ 127.371313][ T6090] ? ima_alloc_init_template+0x536/0x720 [ 127.371361][ T6090] ima_add_violation+0x17f/0x3d0 [ 127.371403][ T6090] ? __pfx_ima_add_violation+0x10/0x10 [ 127.371439][ T6090] ? ima_d_path+0x12b/0x2a0 [ 127.371475][ T6090] ? __pfx_ima_d_path+0x10/0x10 [ 127.371519][ T6090] ? lockdep_init_map_type+0x5c/0x280 [ 127.371567][ T6090] ? ima_inode_get+0x39e/0x580 [ 127.371627][ T6090] process_measurement+0x1783/0x23e0 [ 127.371696][ T6090] ? __pfx_process_measurement+0x10/0x10 [ 127.371747][ T6090] ? __lock_acquire+0x5ca/0x1ba0 [ 127.371801][ T6090] ? __resched_curr+0x30a/0x3a0 [ 127.371884][ T6090] ? wake_up_q+0xb0/0x160 [ 127.371913][ T6090] ? do_raw_spin_unlock+0x172/0x230 [ 127.371977][ T6090] ima_file_mmap+0x1b1/0x1d0 [ 127.372030][ T6090] ? __pfx_ima_file_mmap+0x10/0x10 [ 127.372098][ T6090] security_mmap_file+0x88c/0x990 [ 127.372155][ T6090] vm_mmap_pgoff+0xec/0x450 [ 127.372209][ T6090] ? find_held_lock+0x2b/0x80 [ 127.372241][ T6090] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 127.372295][ T6090] ? __fget_files+0x20e/0x3c0 [ 127.372331][ T6090] ksys_mmap_pgoff+0x32c/0x5c0 [ 127.372379][ T6090] ? rcu_is_watching+0x12/0xc0 [ 127.372414][ T6090] __x64_sys_mmap+0x125/0x190 [ 127.372450][ T6090] do_syscall_64+0xcd/0x230 [ 127.372504][ T6090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.372537][ T6090] RIP: 0033:0x7f0a9c98e969 [ 127.372572][ T6090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.372610][ T6090] RSP: 002b:00007f0a9d745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 127.372641][ T6090] RAX: ffffffffffffffda RBX: 00007f0a9cbb5fa0 RCX: 00007f0a9c98e969 [ 127.372662][ T6090] RDX: 00000000000003ff RSI: 0000000000000001 RDI: 000000000000f000 [ 127.372681][ T6090] RBP: 00007f0a9ca10ab1 R08: 0000000000000003 R09: 0000000000000000 [ 127.372699][ T6090] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 127.372718][ T6090] R13: 0000000000000000 R14: 00007f0a9cbb5fa0 R15: 00007ffc0e7185d8 [ 127.372760][ T6090] [ 127.372772][ T6090] ima: OUT OF MEMORY ERROR creating queue entry [ 127.691324][ T6096] Invalid ELF header magic: != ELF [ 127.707192][ T30] audit: type=1804 audit(6042390630.765:2): pid=6090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.1.40" name="/newroot/7/file0" dev="tmpfs" ino=56 res=0 errno=0 [ 127.779466][ T30] audit: type=1804 audit(6042390630.765:3): pid=6090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.40" name="/newroot/7/file0" dev="tmpfs" ino=56 res=0 errno=0 [ 127.781380][ T996] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.836035][ T30] audit: type=1800 audit(6042390630.765:4): pid=6090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.40" name="file0" dev="tmpfs" ino=56 res=0 errno=0 [ 128.039925][ T996] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.275212][ T996] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.841035][ T5141] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 128.877966][ T996] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.912717][ T5141] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 128.945849][ T5141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 128.976658][ T5141] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 128.990684][ T5141] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 129.833321][ T996] bridge_slave_1: left allmulticast mode [ 129.839309][ T996] bridge_slave_1: left promiscuous mode [ 129.904178][ T996] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.915982][ T6116] netlink: 28 bytes leftover after parsing attributes in process `syz.3.46'. [ 129.968099][ T996] bridge_slave_0: left allmulticast mode [ 130.001640][ T996] bridge_slave_0: left promiscuous mode [ 130.227888][ T996] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.118659][ T996] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.136103][ T996] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.150856][ T996] bond0 (unregistering): Released all slaves [ 131.173075][ T5141] Bluetooth: hci2: command tx timeout [ 131.224234][ T6116] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.290761][ T6116] bridge_slave_1 (unregistering): left allmulticast mode [ 131.298288][ T6116] bridge_slave_1 (unregistering): left promiscuous mode [ 131.305931][ T6116] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.687755][ T6104] chnl_net:caif_netlink_parms(): no params data found [ 132.219687][ T996] hsr_slave_0: left promiscuous mode [ 132.230996][ T996] hsr_slave_1: left promiscuous mode [ 132.247798][ T996] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.276531][ T996] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 132.300678][ T996] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.322158][ T996] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.352070][ T996] veth1_macvtap: left promiscuous mode [ 132.364599][ T996] veth0_macvtap: left promiscuous mode [ 132.380086][ T996] veth1_vlan: left promiscuous mode [ 132.390820][ T996] veth0_vlan: left promiscuous mode [ 132.446230][ T6161] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[6161] [ 133.253162][ T5141] Bluetooth: hci2: command tx timeout [ 133.365461][ T30] audit: type=1800 audit(6042390636.415:5): pid=6169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.50" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 133.964211][ T6182] netlink: 28 bytes leftover after parsing attributes in process `syz.1.52'. [ 134.003616][ T996] team0 (unregistering): Port device team_slave_1 removed [ 134.096392][ T996] team0 (unregistering): Port device team_slave_0 removed [ 135.052526][ T6104] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.062287][ T6104] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.091364][ T6104] bridge_slave_0: entered allmulticast mode [ 135.109986][ T6104] bridge_slave_0: entered promiscuous mode [ 135.136890][ T6104] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.150877][ T6104] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.168574][ T6104] bridge_slave_1: entered allmulticast mode [ 135.188851][ T6104] bridge_slave_1: entered promiscuous mode [ 135.334016][ T5141] Bluetooth: hci2: command tx timeout [ 135.467323][ T6104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.520295][ T6104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.872686][ T6201] random: crng reseeded on system resumption [ 136.086965][ T6104] team0: Port device team_slave_0 added [ 136.116318][ T6104] team0: Port device team_slave_1 added [ 136.378333][ T6104] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.395316][ T6213] FAULT_INJECTION: forcing a failure. [ 136.395316][ T6213] name failslab, interval 1, probability 0, space 0, times 0 [ 136.420087][ T6104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.479314][ T6213] CPU: 0 UID: 0 PID: 6213 Comm: syz.0.56 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 136.479361][ T6213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.479380][ T6213] Call Trace: [ 136.479390][ T6213] [ 136.479403][ T6213] dump_stack_lvl+0x16c/0x1f0 [ 136.479459][ T6213] should_fail_ex+0x512/0x640 [ 136.479510][ T6213] ? fs_reclaim_acquire+0xae/0x150 [ 136.479565][ T6213] ? tomoyo_encode2+0x100/0x3e0 [ 136.479614][ T6213] should_failslab+0xc2/0x120 [ 136.479657][ T6213] __kmalloc_noprof+0xd2/0x510 [ 136.479696][ T6213] ? d_absolute_path+0x136/0x1a0 [ 136.479746][ T6213] tomoyo_encode2+0x100/0x3e0 [ 136.479802][ T6213] tomoyo_encode+0x29/0x50 [ 136.479856][ T6213] tomoyo_realpath_from_path+0x18f/0x6e0 [ 136.479922][ T6213] tomoyo_path_number_perm+0x245/0x580 [ 136.479964][ T6213] ? tomoyo_path_number_perm+0x237/0x580 [ 136.480012][ T6213] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 136.480103][ T6213] ? find_held_lock+0x2b/0x80 [ 136.480136][ T6213] ? hook_file_ioctl_common+0x145/0x410 [ 136.480186][ T6213] ? __fget_files+0x20e/0x3c0 [ 136.480232][ T6213] security_file_ioctl+0x9b/0x240 [ 136.480282][ T6213] __x64_sys_ioctl+0xb7/0x200 [ 136.480333][ T6213] do_syscall_64+0xcd/0x230 [ 136.480388][ T6213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.480423][ T6213] RIP: 0033:0x7f4a15f8e969 [ 136.480449][ T6213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.480481][ T6213] RSP: 002b:00007f4a16d47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 136.480512][ T6213] RAX: ffffffffffffffda RBX: 00007f4a161b6240 RCX: 00007f4a15f8e969 [ 136.480534][ T6213] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000003 [ 136.480553][ T6213] RBP: 00007f4a16010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 136.480573][ T6213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.480593][ T6213] R13: 0000000000000000 R14: 00007f4a161b6240 R15: 00007fff5ebcf028 [ 136.480636][ T6213] [ 136.497690][ T6104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.582942][ T6213] ERROR: Out of memory at tomoyo_realpath_from_path. [ 136.858955][ T6104] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.882972][ T6104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.026872][ T6104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 137.371911][ T6104] hsr_slave_0: entered promiscuous mode [ 137.389462][ T6104] hsr_slave_1: entered promiscuous mode [ 137.408034][ T6104] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 137.414500][ T5141] Bluetooth: hci2: command tx timeout [ 137.472965][ T6104] Cannot create hsr debugfs directory [ 138.061380][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.068305][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.363081][ T6234] netlink: 80 bytes leftover after parsing attributes in process `syz.1.59'. [ 139.718323][ T6104] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 139.841550][ T6104] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 139.884508][ T6104] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 139.896420][ T6104] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 140.180068][ T6104] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.295023][ T6104] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.348296][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.356260][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.408826][ T996] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.416106][ T996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.219245][ T6275] warning: `syz.0.64' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 141.244597][ T6282] random: crng reseeded on system resumption [ 141.642167][ T6104] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.879841][ T6104] veth0_vlan: entered promiscuous mode [ 141.965756][ T6104] veth1_vlan: entered promiscuous mode [ 142.080001][ T6104] veth0_macvtap: entered promiscuous mode [ 142.132433][ T6104] veth1_macvtap: entered promiscuous mode [ 142.242737][ T6104] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.517425][ T6104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.582485][ T6104] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.653039][ T6104] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.693776][ T6104] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.726318][ T6104] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.011151][ T152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.059085][ T152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.122611][ T6303] tipc: Started in network mode [ 143.129351][ T6303] tipc: Node identity 8e4e6f15, cluster identity 4711 [ 143.137710][ T6303] tipc: Node number set to 2387504917 [ 143.150067][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.179068][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.663595][ T5141] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 143.781260][ T6323] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 143.781260][ T6323] The task syz.1.69 (6323) triggered the difference, watch for misbehavior. [ 148.167945][ T6389] ubi0: attaching mtd0 [ 148.226678][ T6389] ubi0: scanning is finished [ 148.231373][ T6389] ubi0: empty MTD device detected [ 148.913935][ T6389] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 148.921628][ T6389] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 148.928958][ T6389] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 148.936563][ T6389] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 148.945608][ T6389] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 148.952454][ T6389] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 148.961506][ T6389] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 814045845 [ 148.972052][ T6389] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 149.481655][ T6404] ubi0: background thread "ubi_bgt0d" started, PID 6404 [ 156.116138][ T6497] FAULT_INJECTION: forcing a failure. [ 156.116138][ T6497] name failslab, interval 1, probability 0, space 0, times 0 [ 156.143171][ T6497] CPU: 1 UID: 0 PID: 6497 Comm: syz.3.91 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 156.143220][ T6497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.143240][ T6497] Call Trace: [ 156.143251][ T6497] [ 156.143263][ T6497] dump_stack_lvl+0x16c/0x1f0 [ 156.143318][ T6497] should_fail_ex+0x512/0x640 [ 156.143367][ T6497] ? __kvmalloc_node_noprof+0x122/0x600 [ 156.143407][ T6497] should_failslab+0xc2/0x120 [ 156.143449][ T6497] __kvmalloc_node_noprof+0x135/0x600 [ 156.143488][ T6497] ? sbitmap_init_node+0x1ca/0x770 [ 156.143534][ T6497] ? sbitmap_init_node+0x1ca/0x770 [ 156.143569][ T6497] sbitmap_init_node+0x1ca/0x770 [ 156.143615][ T6497] sbitmap_queue_init_node+0x41/0x560 [ 156.143662][ T6497] blk_mq_init_tags+0x12d/0x2b0 [ 156.143699][ T6497] blk_mq_alloc_map_and_rqs+0x237/0xf10 [ 156.143755][ T6497] ? blk_mq_map_queues+0x211/0x410 [ 156.143804][ T6497] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 156.143860][ T6497] blk_mq_alloc_tag_set+0x75e/0x1250 [ 156.143927][ T6497] loop_add+0x3b7/0xb70 [ 156.143975][ T6497] ? do_vfs_ioctl+0x512/0x1990 [ 156.144022][ T6497] ? __pfx_loop_add+0x10/0x10 [ 156.144066][ T6497] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 156.144149][ T6497] ? find_held_lock+0x2b/0x80 [ 156.144190][ T6497] loop_control_ioctl+0x13c/0x630 [ 156.144244][ T6497] ? __pfx_loop_control_ioctl+0x10/0x10 [ 156.144302][ T6497] ? __pfx_loop_control_ioctl+0x10/0x10 [ 156.144357][ T6497] __x64_sys_ioctl+0x193/0x200 [ 156.144409][ T6497] do_syscall_64+0xcd/0x230 [ 156.144465][ T6497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.144499][ T6497] RIP: 0033:0x7fcd19f8e969 [ 156.144526][ T6497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.144558][ T6497] RSP: 002b:00007fcd17df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.144590][ T6497] RAX: ffffffffffffffda RBX: 00007fcd1a1b5fa0 RCX: 00007fcd19f8e969 [ 156.144611][ T6497] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 156.144632][ T6497] RBP: 00007fcd1a010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 156.144652][ T6497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.144672][ T6497] R13: 0000000000000000 R14: 00007fcd1a1b5fa0 R15: 00007ffe4fe10ab8 [ 156.144714][ T6497] [ 156.144931][ T6497] blk-mq: reduced tag depth (128 -> 64) [ 157.279955][ T6512] FAULT_INJECTION: forcing a failure. [ 157.279955][ T6512] name failslab, interval 1, probability 0, space 0, times 0 [ 157.323537][ T6512] CPU: 1 UID: 0 PID: 6512 Comm: syz.1.96 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 157.323587][ T6512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.323606][ T6512] Call Trace: [ 157.323617][ T6512] [ 157.323631][ T6512] dump_stack_lvl+0x16c/0x1f0 [ 157.323689][ T6512] should_fail_ex+0x512/0x640 [ 157.323739][ T6512] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 157.323790][ T6512] should_failslab+0xc2/0x120 [ 157.323833][ T6512] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 157.323878][ T6512] ? kstrdup_const+0x63/0x80 [ 157.323929][ T6512] kstrdup+0x53/0x100 [ 157.323975][ T6512] kstrdup_const+0x63/0x80 [ 157.324018][ T6512] __kernfs_new_node+0x9b/0x8a0 [ 157.324064][ T6512] ? __pfx___kernfs_new_node+0x10/0x10 [ 157.324111][ T6512] ? find_held_lock+0x2b/0x80 [ 157.324147][ T6512] ? kernfs_root+0xee/0x2a0 [ 157.324189][ T6512] kernfs_new_node+0x13c/0x1e0 [ 157.324229][ T6512] ? do_raw_spin_lock+0x12c/0x2b0 [ 157.324285][ T6512] __kernfs_create_file+0x53/0x350 [ 157.324338][ T6512] cgroup_addrm_files+0x546/0xc20 [ 157.324400][ T6512] ? __lock_acquire+0x5ca/0x1ba0 [ 157.324444][ T6512] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 157.324508][ T6512] ? css_next_child+0xcf/0x2d0 [ 157.324551][ T6512] ? css_next_descendant_pre+0x58/0x1a0 [ 157.324599][ T6512] css_populate_dir+0x42b/0x530 [ 157.324638][ T6512] cgroup_mkdir+0x37e/0x1160 [ 157.324691][ T6512] ? __pfx_cgroup_mkdir+0x10/0x10 [ 157.324741][ T6512] kernfs_iop_mkdir+0x108/0x190 [ 157.324777][ T6512] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 157.324831][ T6512] vfs_mkdir+0x590/0x8c0 [ 157.324887][ T6512] do_mkdirat+0x304/0x3e0 [ 157.324926][ T6512] ? __pfx_do_mkdirat+0x10/0x10 [ 157.324964][ T6512] ? getname_flags.part.0+0x1c5/0x550 [ 157.325016][ T6512] __x64_sys_mkdir+0xef/0x140 [ 157.325052][ T6512] do_syscall_64+0xcd/0x230 [ 157.325116][ T6512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.325150][ T6512] RIP: 0033:0x7f0a9c98e969 [ 157.325177][ T6512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.325210][ T6512] RSP: 002b:00007f0a9d745038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 157.325241][ T6512] RAX: ffffffffffffffda RBX: 00007f0a9cbb5fa0 RCX: 00007f0a9c98e969 [ 157.325262][ T6512] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000200000000480 [ 157.325282][ T6512] RBP: 00007f0a9ca10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 157.325302][ T6512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.325322][ T6512] R13: 0000000000000000 R14: 00007f0a9cbb5fa0 R15: 00007ffc0e7185d8 [ 157.325367][ T6512] [ 157.325382][ T6512] cgroup: cgroup_addrm_files: failed to add irq.pressure, err=-12 [ 159.548581][ T6534] FAULT_INJECTION: forcing a failure. [ 159.548581][ T6534] name failslab, interval 1, probability 0, space 0, times 0 [ 159.668467][ T6534] CPU: 0 UID: 0 PID: 6534 Comm: syz.0.99 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 159.668524][ T6534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.668543][ T6534] Call Trace: [ 159.668554][ T6534] [ 159.668566][ T6534] dump_stack_lvl+0x16c/0x1f0 [ 159.668621][ T6534] should_fail_ex+0x512/0x640 [ 159.668670][ T6534] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 159.668708][ T6534] should_failslab+0xc2/0x120 [ 159.668749][ T6534] __kmalloc_cache_noprof+0x6a/0x3e0 [ 159.668782][ T6534] ? __queue_work+0x431/0x10f0 [ 159.668810][ T6534] ? kobject_uevent_env+0x265/0x1870 [ 159.668854][ T6534] kobject_uevent_env+0x265/0x1870 [ 159.668891][ T6534] ? __pfx_dev_uevent_name+0x10/0x10 [ 159.668930][ T6534] ? queue_work_on+0x12a/0x1f0 [ 159.668960][ T6534] ? bus_to_subsys+0x131/0x160 [ 159.669019][ T6534] driver_bound+0x164/0x230 [ 159.669061][ T6534] device_bind_driver+0x3a/0x70 [ 159.669102][ T6534] mac80211_hwsim_new_radio+0x3e5/0x54d0 [ 159.669178][ T6534] ? __asan_memset+0x23/0x50 [ 159.669211][ T6534] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 159.669280][ T6534] hwsim_new_radio_nl+0xb51/0x12c0 [ 159.669340][ T6534] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 159.669408][ T6534] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 159.669466][ T6534] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 159.669541][ T6534] genl_family_rcv_msg_doit+0x209/0x2f0 [ 159.669598][ T6534] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 159.669651][ T6534] ? trace_cap_capable+0x18d/0x200 [ 159.669693][ T6534] ? bpf_lsm_capable+0x9/0x10 [ 159.669722][ T6534] ? security_capable+0x7e/0x260 [ 159.669754][ T6534] ? ns_capable+0xd7/0x110 [ 159.669786][ T6534] genl_rcv_msg+0x55c/0x800 [ 159.669832][ T6534] ? __pfx_genl_rcv_msg+0x10/0x10 [ 159.669872][ T6534] ? __pfx___dev_queue_xmit+0x10/0x10 [ 159.669899][ T6534] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 159.669945][ T6534] ? __lock_acquire+0xaa4/0x1ba0 [ 159.669994][ T6534] netlink_rcv_skb+0x16d/0x440 [ 159.670031][ T6534] ? __pfx_genl_rcv_msg+0x10/0x10 [ 159.670075][ T6534] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 159.670130][ T6534] ? __pfx_down_read+0x10/0x10 [ 159.670158][ T6534] ? netlink_deliver_tap+0x1ae/0xd30 [ 159.670197][ T6534] genl_rcv+0x28/0x40 [ 159.670233][ T6534] netlink_unicast+0x53a/0x7f0 [ 159.670274][ T6534] ? __pfx_netlink_unicast+0x10/0x10 [ 159.670308][ T6534] ? __lock_acquire+0xaa4/0x1ba0 [ 159.670353][ T6534] netlink_sendmsg+0x8d1/0xdd0 [ 159.670395][ T6534] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.670445][ T6534] ____sys_sendmsg+0xa98/0xc70 [ 159.670493][ T6534] ? copy_msghdr_from_user+0x10a/0x160 [ 159.670526][ T6534] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.670573][ T6534] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 159.670622][ T6534] ___sys_sendmsg+0x134/0x1d0 [ 159.670658][ T6534] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.670735][ T6534] __sys_sendmsg+0x16d/0x220 [ 159.670771][ T6534] ? __pfx___sys_sendmsg+0x10/0x10 [ 159.670803][ T6534] ? __x64_sys_futex+0x1e0/0x4c0 [ 159.670842][ T6534] ? rcu_is_watching+0x12/0xc0 [ 159.670878][ T6534] do_syscall_64+0xcd/0x230 [ 159.670922][ T6534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.670949][ T6534] RIP: 0033:0x7f4a15f8e969 [ 159.670971][ T6534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.670998][ T6534] RSP: 002b:00007f4a16daa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.671024][ T6534] RAX: ffffffffffffffda RBX: 00007f4a161b5fa0 RCX: 00007f4a15f8e969 [ 159.671042][ T6534] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000007 [ 159.671059][ T6534] RBP: 00007f4a16010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 159.671075][ T6534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 159.671091][ T6534] R13: 0000000000000000 R14: 00007f4a161b5fa0 R15: 00007fff5ebcf028 [ 159.671127][ T6534] [ 161.967654][ T30] audit: type=1800 audit(4295032483.947:6): pid=6567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.102" name="dbroot" dev="configfs" ino=10286 res=0 errno=0 [ 163.683641][ T6598] ima: policy update failed [ 163.715805][ T30] audit: type=1802 audit(4295032485.677:7): pid=6598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.107" res=0 errno=0 [ 163.720582][ T6598] netlink: 25 bytes leftover after parsing attributes in process `syz.1.107'. [ 168.998852][ T6652] random: crng reseeded on system resumption [ 170.632983][ T6675] netlink: 16 bytes leftover after parsing attributes in process `syz.1.123'. [ 170.705833][ T6675] netlink: 93 bytes leftover after parsing attributes in process `syz.1.123'. [ 171.613631][ T6682] FAULT_INJECTION: forcing a failure. [ 171.613631][ T6682] name failslab, interval 1, probability 0, space 0, times 0 [ 171.633032][ T6682] CPU: 1 UID: 0 PID: 6682 Comm: syz.3.124 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 171.633078][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.633097][ T6682] Call Trace: [ 171.633107][ T6682] [ 171.633118][ T6682] dump_stack_lvl+0x16c/0x1f0 [ 171.633175][ T6682] should_fail_ex+0x512/0x640 [ 171.633222][ T6682] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 171.633264][ T6682] should_failslab+0xc2/0x120 [ 171.633307][ T6682] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 171.633357][ T6682] ? __proc_create+0xc3/0x8c0 [ 171.633394][ T6682] ? __proc_create+0x2ce/0x8c0 [ 171.633440][ T6682] __proc_create+0x2ce/0x8c0 [ 171.633480][ T6682] ? __pfx___proc_create+0x10/0x10 [ 171.633525][ T6682] ? _raw_write_unlock+0x28/0x50 [ 171.633571][ T6682] ? proc_register+0x314/0x5f0 [ 171.633615][ T6682] proc_create_reg+0x7d/0x180 [ 171.633660][ T6682] proc_create_net_data+0x8e/0x1b0 [ 171.633702][ T6682] ? __pfx_proc_create_net_data+0x10/0x10 [ 171.633757][ T6682] nfs_fs_proc_net_init+0x141/0x1e0 [ 171.633812][ T6682] nfs_net_init+0x130/0x300 [ 171.633861][ T6682] ? __pfx_nfs_net_init+0x10/0x10 [ 171.633909][ T6682] ops_init+0x1df/0x5f0 [ 171.633958][ T6682] setup_net+0x21e/0x850 [ 171.634007][ T6682] ? __pfx_setup_net+0x10/0x10 [ 171.634048][ T6682] ? lockdep_init_map_type+0x5c/0x280 [ 171.634096][ T6682] ? __pfx_down_read_killable+0x10/0x10 [ 171.634135][ T6682] ? debug_mutex_init+0x37/0x70 [ 171.634172][ T6682] copy_net_ns+0x2a6/0x5f0 [ 171.634225][ T6682] create_new_namespaces+0x3ea/0xad0 [ 171.634275][ T6682] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 171.634326][ T6682] ksys_unshare+0x45b/0xa40 [ 171.634374][ T6682] ? __pfx_ksys_unshare+0x10/0x10 [ 171.634419][ T6682] ? xfd_validate_state+0x5d/0x180 [ 171.634453][ T6682] ? rcu_is_watching+0x12/0xc0 [ 171.634495][ T6682] __x64_sys_unshare+0x31/0x40 [ 171.634541][ T6682] do_syscall_64+0xcd/0x230 [ 171.634595][ T6682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.634629][ T6682] RIP: 0033:0x7fcd19f8e969 [ 171.634656][ T6682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.634688][ T6682] RSP: 002b:00007fcd17df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 171.634719][ T6682] RAX: ffffffffffffffda RBX: 00007fcd1a1b5fa0 RCX: 00007fcd19f8e969 [ 171.634741][ T6682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 171.634761][ T6682] RBP: 00007fcd1a010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 171.634781][ T6682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 171.634800][ T6682] R13: 0000000000000000 R14: 00007fcd1a1b5fa0 R15: 00007ffe4fe10ab8 [ 171.634843][ T6682] [ 172.706772][ T6682] ------------[ cut here ]------------ [ 172.706817][ T6682] remove_proc_entry: removing non-empty directory 'net/rpc', leaking at least 'nfs' [ 172.707236][ T6682] WARNING: CPU: 1 PID: 6682 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 [ 172.707300][ T6682] Modules linked in: [ 172.707349][ T6682] CPU: 1 UID: 0 PID: 6682 Comm: syz.3.124 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 172.707400][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.707429][ T6682] RIP: 0010:remove_proc_entry+0x45e/0x530 [ 172.707477][ T6682] Code: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 80 71 a2 8b 48 c7 c7 a0 70 a2 8b e8 03 f1 1f ff 90 <0f> 0b 90 90 e9 5f fe ff ff e8 04 0e 60 ff 90 48 b8 00 00 00 00 00 [ 172.707512][ T6682] RSP: 0018:ffffc90003bbfb70 EFLAGS: 00010282 [ 172.707543][ T6682] RAX: 0000000000000000 RBX: ffff888054a36280 RCX: ffffc9000c8ac000 [ 172.707565][ T6682] RDX: 0000000000080000 RSI: ffffffff817a94b5 RDI: 0000000000000001 [ 172.707588][ T6682] RBP: ffff8880549b6980 R08: 0000000000000001 R09: 0000000000000000 [ 172.707612][ T6682] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880549b68c0 [ 172.707634][ T6682] R13: ffff8880549b69a4 R14: ffff88803145d5e4 R15: dffffc0000000000 [ 172.707659][ T6682] FS: 00007fcd17df66c0(0000) GS:ffff888124ae9000(0000) knlGS:0000000000000000 [ 172.707692][ T6682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 172.707716][ T6682] CR2: 0000000000120000 CR3: 00000000610fe000 CR4: 00000000003526f0 [ 172.707739][ T6682] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 172.707761][ T6682] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 172.707784][ T6682] Call Trace: [ 172.707796][ T6682] [ 172.707816][ T6682] ? __pfx_remove_proc_entry+0x10/0x10 [ 172.707867][ T6682] ? kfree+0x2b6/0x4d0 [ 172.707898][ T6682] ? cache_destroy_net+0x31/0x50 [ 172.707953][ T6682] ? sunrpc_exit_net+0x37/0x90 [ 172.708016][ T6682] sunrpc_exit_net+0x46/0x90 [ 172.708070][ T6682] ? __pfx_sunrpc_exit_net+0x10/0x10 [ 172.708123][ T6682] ops_exit_list+0xb0/0x180 [ 172.708173][ T6682] setup_net+0x4e8/0x850 [ 172.708226][ T6682] ? __pfx_setup_net+0x10/0x10 [ 172.708270][ T6682] ? lockdep_init_map_type+0x5c/0x280 [ 172.708320][ T6682] ? __pfx_down_read_killable+0x10/0x10 [ 172.708371][ T6682] ? debug_mutex_init+0x37/0x70 [ 172.708418][ T6682] copy_net_ns+0x2a6/0x5f0 [ 172.708474][ T6682] create_new_namespaces+0x3ea/0xad0 [ 172.708527][ T6682] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 172.708573][ T6682] ksys_unshare+0x45b/0xa40 [ 172.708624][ T6682] ? __pfx_ksys_unshare+0x10/0x10 [ 172.708714][ T6682] ? xfd_validate_state+0x5d/0x180 [ 172.708754][ T6682] ? rcu_is_watching+0x12/0xc0 [ 172.708801][ T6682] __x64_sys_unshare+0x31/0x40 [ 172.708851][ T6682] do_syscall_64+0xcd/0x230 [ 172.708910][ T6682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.708951][ T6682] RIP: 0033:0x7fcd19f8e969 [ 172.708980][ T6682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.709015][ T6682] RSP: 002b:00007fcd17df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 172.709050][ T6682] RAX: ffffffffffffffda RBX: 00007fcd1a1b5fa0 RCX: 00007fcd19f8e969 [ 172.709074][ T6682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 172.709096][ T6682] RBP: 00007fcd1a010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 172.709117][ T6682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.709137][ T6682] R13: 0000000000000000 R14: 00007fcd1a1b5fa0 R15: 00007ffe4fe10ab8 [ 172.709221][ T6682] [ 172.709239][ T6682] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 172.709259][ T6682] CPU: 1 UID: 0 PID: 6682 Comm: syz.3.124 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 172.709302][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.709322][ T6682] Call Trace: [ 172.709333][ T6682] [ 172.709346][ T6682] dump_stack_lvl+0x3d/0x1f0 [ 172.709410][ T6682] panic+0x71c/0x800 [ 172.709459][ T6682] ? __pfx_panic+0x10/0x10 [ 172.709522][ T6682] ? show_trace_log_lvl+0x29b/0x3e0 [ 172.709575][ T6682] ? remove_proc_entry+0x45e/0x530 [ 172.709624][ T6682] check_panic_on_warn+0xab/0xb0 [ 172.709678][ T6682] __warn+0xf6/0x3c0 [ 172.709727][ T6682] ? __pfx_vprintk_emit+0x10/0x10 [ 172.709779][ T6682] ? remove_proc_entry+0x45e/0x530 [ 172.709866][ T6682] report_bug+0x3c3/0x580 [ 172.709913][ T6682] ? remove_proc_entry+0x45e/0x530 [ 172.709960][ T6682] handle_bug+0x184/0x210 [ 172.709993][ T6682] exc_invalid_op+0x17/0x50 [ 172.710026][ T6682] asm_exc_invalid_op+0x1a/0x20 [ 172.710056][ T6682] RIP: 0010:remove_proc_entry+0x45e/0x530 [ 172.710100][ T6682] Code: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 80 71 a2 8b 48 c7 c7 a0 70 a2 8b e8 03 f1 1f ff 90 <0f> 0b 90 90 e9 5f fe ff ff e8 04 0e 60 ff 90 48 b8 00 00 00 00 00 [ 172.710131][ T6682] RSP: 0018:ffffc90003bbfb70 EFLAGS: 00010282 [ 172.710157][ T6682] RAX: 0000000000000000 RBX: ffff888054a36280 RCX: ffffc9000c8ac000 [ 172.710177][ T6682] RDX: 0000000000080000 RSI: ffffffff817a94b5 RDI: 0000000000000001 [ 172.710197][ T6682] RBP: ffff8880549b6980 R08: 0000000000000001 R09: 0000000000000000 [ 172.710216][ T6682] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880549b68c0 [ 172.710236][ T6682] R13: ffff8880549b69a4 R14: ffff88803145d5e4 R15: dffffc0000000000 [ 172.710273][ T6682] ? __warn_printk+0x1a5/0x350 [ 172.710334][ T6682] ? __pfx_remove_proc_entry+0x10/0x10 [ 172.710383][ T6682] ? kfree+0x2b6/0x4d0 [ 172.710419][ T6682] ? cache_destroy_net+0x31/0x50 [ 172.710473][ T6682] ? sunrpc_exit_net+0x37/0x90 [ 172.710533][ T6682] sunrpc_exit_net+0x46/0x90 [ 172.710584][ T6682] ? __pfx_sunrpc_exit_net+0x10/0x10 [ 172.710635][ T6682] ops_exit_list+0xb0/0x180 [ 172.710682][ T6682] setup_net+0x4e8/0x850 [ 172.710731][ T6682] ? __pfx_setup_net+0x10/0x10 [ 172.710774][ T6682] ? lockdep_init_map_type+0x5c/0x280 [ 172.710822][ T6682] ? __pfx_down_read_killable+0x10/0x10 [ 172.710863][ T6682] ? debug_mutex_init+0x37/0x70 [ 172.710901][ T6682] copy_net_ns+0x2a6/0x5f0 [ 172.710954][ T6682] create_new_namespaces+0x3ea/0xad0 [ 172.711004][ T6682] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 172.711049][ T6682] ksys_unshare+0x45b/0xa40 [ 172.711097][ T6682] ? __pfx_ksys_unshare+0x10/0x10 [ 172.711143][ T6682] ? xfd_validate_state+0x5d/0x180 [ 172.711178][ T6682] ? rcu_is_watching+0x12/0xc0 [ 172.711221][ T6682] __x64_sys_unshare+0x31/0x40 [ 172.711270][ T6682] do_syscall_64+0xcd/0x230 [ 172.711328][ T6682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.711362][ T6682] RIP: 0033:0x7fcd19f8e969 [ 172.711398][ T6682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.711433][ T6682] RSP: 002b:00007fcd17df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 172.711467][ T6682] RAX: ffffffffffffffda RBX: 00007fcd1a1b5fa0 RCX: 00007fcd19f8e969 [ 172.711491][ T6682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 172.711513][ T6682] RBP: 00007fcd1a010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 172.711534][ T6682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.711556][ T6682] R13: 0000000000000000 R14: 00007fcd1a1b5fa0 R15: 00007ffe4fe10ab8 [ 172.711601][ T6682] [ 172.711743][ T6682] Kernel Offset: disabled