last executing test programs: 10m21.684699042s ago: executing program 0 (id=207): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0) pread64$auto(r0, 0x0, 0x4, 0xc9) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, r0, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) getsockopt$auto(0x100000006, 0x0, 0x50, 0x0, 0x0) 10m21.39161498s ago: executing program 0 (id=210): mmap$auto(0xb62, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) ioctl$auto_BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000080)={0x5, 0x6, 0x7}) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) fadvise64$auto(r1, 0x4000000040000000, 0x10000, 0x6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/button/parameters/lid_init_state\x00', 0x169882, 0x0) sendfile$auto(r2, r2, 0x0, 0xe2) r3 = socket(0x1e, 0x4, 0x0) capget$auto(0x0, 0xfffffffffffffffe) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x1, &(0x7f0000000140)={0x0, 0x2}, 0x7, 0x0, 0x2, 0x800}}, 0xffffffff, 0x7, 0x0) 10m20.300856641s ago: executing program 0 (id=214): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x1d, 0x801, 0x1003) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_INFO(0x100, 0x3, &(0x7f00000012c0)={{0x632, 0xee00, 0xee00, 0x1, 0x5, 0x1, 0x80}, 0x0, 0x0, 0x4, 0x7, 0x5, 0x7, 0x1, 0xdd34, 0x7, 0x8, @raw=0xffff, @raw=0x4bf0000e}) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r2, 0x40084d02, r2) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000140), r1) (async) truncate$auto(&(0x7f0000000100)='./cgroup/file0\x00', 0x600000000000000) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000600), 0xffffffffffffffff) (async) mmap$auto(0x0, 0x9, 0x800000000df, 0x9b72, 0xea8a, 0x8000) mincore$auto(0x0, 0x8000000000005a, 0x0) (async) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0xfffffffffffffffc) (async) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) (async) r6 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r6, 0x8953, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="01002dbd7000ffdbdf250400000004000180040002800500090008000000"], 0x24}, 0x1, 0x0, 0x0, 0x51}, 0x40000) (async) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r3], 0x2c}, 0x1, 0x0, 0x0, 0x44050}, 0x4008000) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x54) (async) get_robust_list$auto(0x0, 0x0, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) setsockopt$auto(r0, 0x1, 0x3f, 0x0, 0xb) 10m19.783780335s ago: executing program 0 (id=216): mmap$auto(0x0, 0x2020009, 0x1003, 0xeb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x5, 0x0, &(0x7f00000003c0)=0x1, 0x0, 0x2) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = bpf$auto_BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)=@link_update={r0, @new_prog_fd=r0, 0x3, @old_map_fd=r0}, 0x0) sendmsg$auto_HSR_C_GET_NODE_LIST(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020027bd7000fddbdf25050000000a000500bbbbbbbbbbbb0000060007005206000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500aaaa0100f18367978a0f0040080500"/40], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x40) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x1, 0x2688, 0x5, 0x0, 0x7) 10m18.860420639s ago: executing program 0 (id=219): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000040000fdef}, 0x1) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) statx$auto(r1, &(0x7f0000000000)='./file0\x00', 0xfffffffd, 0x6, &(0x7f0000000140)={0x2, 0x5, 0xe1b, 0xfffff001, 0xffffffffffffffff, 0xee01, 0xfffb, 0x3, 0x0, 0xff, 0x9, 0xfffffffffffffffe, {0x2, 0x1}, {0x0, 0x8}, {0x70239f6b, 0x1}, {0x1, 0x1}, 0x2, 0xfffffffd, 0x1f87c400, 0xfffffff6, 0x1, 0x0, 0x7, 0x6, 0x6, 0xc77c000, 0xfffffff9, 0xff, [0x7, 0x9, 0x2, 0x3, 0x40, 0x75d, 0x1, 0x6, 0x6]}) ioprio_set$auto(0x7fffffff, r2, 0xffffff80) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(0x0, r0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r3 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cpu/1/msr\x00', 0x450b82, 0x0) readv$auto(r3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) mmap$auto(0x0, 0x20009, 0x7ff, 0x100000eb5, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fsopen$auto(0x0, 0x3) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) 10m17.633410707s ago: executing program 0 (id=223): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mlock$auto(0x8001, 0xb) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x20) (async) write$auto(0x3, 0x0, 0x81) mlock$auto(0x7c88, 0x7fff) 10m2.573202753s ago: executing program 32 (id=223): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mlock$auto(0x8001, 0xb) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x20) (async) write$auto(0x3, 0x0, 0x81) mlock$auto(0x7c88, 0x7fff) 7m54.443474589s ago: executing program 4 (id=657): close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x7, @local}, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0xfffffffe, 0x140003, 0x0, 0x800) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) 7m54.11156475s ago: executing program 4 (id=659): sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x401, 0xfffffffffffffffd, 0xd4, 0x4, 0x28c, 0x0, 0x3, 0x368e, 0x9, {0xfffffffe, 0x10000}, 0x5, 0x6, 0xfffffffffff7fffd, 0x1007ffd, 0x0, 0xfe, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) 7m53.977379592s ago: executing program 4 (id=660): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/sunrpc/parameters/pool_mode\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x43) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket(0xf, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000f9dbdf2501000000bc001e8093c2803537d7c01750de6b38e1e910b1842c36a3d98e701321fc9bfff6547a0250b674b564d78d4a30090044af8c0859b25b96ed7e169671f903421cb8256636cac59f705e35ea8fb89a17945a8f9b32c0a7aaed87ee4425ec7347986fb8d6882a0f98ba1d71bf10daab54e0cc0498b48b90bfb39ba4c7dabf77cbf2a16745065bf770e09fe169d250b511af93a7dddc981e1d330a6182cae8829bcfb22fc33e216bf4ddb3c2cc85186b3399755a27100580004e21000005000600810000000800190000000000c74601e48bb1b8b182f1ac417adb82b48f8eabadc1b3e2cb971845572de191a485af1b6da794bd9288"], 0xe8}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) lstat$auto(0x0, &(0x7f0000000180)={0xe, 0x0, 0x8100000001, 0xfbc, 0x0, 0x0, 0x0, 0x9, 0x6, 0x9, 0x5, 0x7fffffff, 0x5, 0xffffffff80000000, 0xdf1, 0x61, 0x105}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) mmap$auto(0x1000, 0x1, 0xdf, 0xffffffffffffffff, 0x2, 0x8001) 7m52.852968265s ago: executing program 4 (id=672): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/sunrpc/parameters/pool_mode\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x43) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket(0xf, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000f9dbdf2501000000bc001e8093c2803537d7c01750de6b38e1e910b1842c36a3d98e701321fc9bfff6547a0250b674b564d78d4a30090044af8c0859b25b96ed7e169671f903421cb8256636cac59f705e35ea8fb89a17945a8f9b32c0a7aaed87ee4425ec7347986fb8d6882a0f98ba1d71bf10daab54e0cc0498b48b90bfb39ba4c7dabf77cbf2a16745065bf770e09fe169d250b511af93a7dddc981e1d330a6182cae8829bcfb22fc33e216bf4ddb3c2cc85186b3399755a27100580004e21000005000600810000000800190000000000c74601e48bb1b8b182f1ac417adb82b48f8eabadc1b3e2cb971845572de191a485af1b6da794bd9288"], 0xe8}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) lstat$auto(0x0, &(0x7f0000000180)={0xe, 0x0, 0x8100000001, 0xfbc, 0x0, 0x0, 0x0, 0x9, 0x6, 0x9, 0x5, 0x7fffffff, 0x5, 0xffffffff80000000, 0xdf1, 0x61, 0x105}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) mmap$auto(0x1000, 0x1, 0xdf, 0xffffffffffffffff, 0x2, 0x8001) 7m51.654512899s ago: executing program 4 (id=669): sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x401, 0xfffffffffffffffd, 0xd4, 0x4, 0x28c, 0x0, 0x3, 0x368e, 0x9, {0xfffffffe, 0x10000}, 0x5, 0x6, 0xfffffffffff7fffd, 0x1007ffd, 0x0, 0xfe, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) 7m51.372669872s ago: executing program 4 (id=670): r0 = ioctl$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffffff, 0x7, &(0x7f0000000000)="ae9a74bba126b14ab20bf712cc835044b156b996c83d337e95896736f0c170ac17ca7ef2a02e0cf318b4c454fdad1ed62f9eeaa9e3ea61dddb0b654a9a98c6daa73b545bd3cf15a0717b1719df9799852cbb7e0a548bc2386d3d34be7ef1f9154c9bb24f72a8fdd77ed42d3b88d03f9c8da9493e708b5370ce1d28aa3a0a62bb7f18c9e9c03bb392a6cb11e4081d2dde0ee478b2cefcf361c443e9d0dcda8e564351110c8683595f39259c938ae1c3086f77d6969e4337007316e76b9e") openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram6\x00', 0x14f682, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) semctl$auto_IPC_INFO(0x8, 0x800, 0x3, 0x0) madvise$auto(0x0, 0x454, 0x9) setreuid$auto(0x4, 0x0) setresuid$auto(0x60, 0x1000, 0x8000) mmap$auto(0x2, 0x10000000004, 0x4000000000df, 0x40eb1, r0, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/ad_actor_system\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/4105, 0x1009) kexec_load$auto(0x3, 0x2, 0x0, 0x4) 7m36.207971164s ago: executing program 33 (id=670): r0 = ioctl$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffffff, 0x7, &(0x7f0000000000)="ae9a74bba126b14ab20bf712cc835044b156b996c83d337e95896736f0c170ac17ca7ef2a02e0cf318b4c454fdad1ed62f9eeaa9e3ea61dddb0b654a9a98c6daa73b545bd3cf15a0717b1719df9799852cbb7e0a548bc2386d3d34be7ef1f9154c9bb24f72a8fdd77ed42d3b88d03f9c8da9493e708b5370ce1d28aa3a0a62bb7f18c9e9c03bb392a6cb11e4081d2dde0ee478b2cefcf361c443e9d0dcda8e564351110c8683595f39259c938ae1c3086f77d6969e4337007316e76b9e") openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram6\x00', 0x14f682, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) semctl$auto_IPC_INFO(0x8, 0x800, 0x3, 0x0) madvise$auto(0x0, 0x454, 0x9) setreuid$auto(0x4, 0x0) setresuid$auto(0x60, 0x1000, 0x8000) mmap$auto(0x2, 0x10000000004, 0x4000000000df, 0x40eb1, r0, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/ad_actor_system\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/4105, 0x1009) kexec_load$auto(0x3, 0x2, 0x0, 0x4) 2m32.337506387s ago: executing program 2 (id=1644): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, r0, 0x0) mmap$auto(0x2, 0x6, 0xc7, 0x14, r0, 0x4) madvise$auto(0x7, 0x796e, 0x3) 2m31.934331366s ago: executing program 2 (id=1647): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="50000067ccad1afb067cfc02ee05fe09c010ee0053751528765c33ebfc46d694f34b846c2ec8e880fc2af9f02feb97b73a317500000000000000b66ca5afa0cf5d24721cef612c83584afba683d7531081e0f990e4baf70e3b8b3f8fef67f5ccd7144aff66e52a46340480543c01", @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf25050000000c00010007000000000000000c00010004000000000000000c00010040000000000000000c00010004000000000000000c0001000000000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@nl=@kern={0x10, 0x0, 0x0, 0x800}, 0xd5) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x55) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x77a}, 0x3, 0x0) recvmmsg$auto(r2, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0000fbdbdf35020000000800fbffffffffff0737010005"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYRES16=r2, @ANYRES16=r3, @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x2404c000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m30.810913746s ago: executing program 2 (id=1651): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) (async) r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/block/nbd0/hctx0/sched_tags\x00', 0x60100, 0x0) read$auto(r1, &(0x7f0000000040)='\x00', 0x3) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ubifs/chk_index\x00', 0x595c00, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.10/usb30/ep_00/bmAttributes\x00', 0x12b5c0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x742, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/machinecheck/machinecheck1/cmci_disabled\x00', 0x20102, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) (async, rerun: 32) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) (async, rerun: 32) memfd_secret$auto(0x0) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) (async) r2 = pipe2$auto(0x0, 0x80) (async, rerun: 32) sendfile$auto(0x6, 0x3, 0x0, 0xc01) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r3, 0x0, 0x1) (async) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) unshare$auto(0x40000080) (async) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/vht_capa\x00', 0x40080, 0x0) mmap$auto(0x0, 0xfffffffffffffffe, 0xdf, 0x16, r2, 0xc3) (async) r4 = socket(0x25, 0x1, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="743e748bd2917d327f70992c0a3359d12dc411587ef4d2ce0ec105883ae7e3a7b96b03ccb9479401f5626248b960a1ede912c69e9c1cad300a6270cf239847a93e33fd6f61b3faa2311b940e8d4d9eae2fcbaaceecba85f59ab9a42e3b600f237d3b53513b48545492a40f82815e344c205d025173943ec7343552ad286aa063766711a01a09cf2119e11dbc75a0ea1b76b99e358e9eb1e4953d324e720e88e44c3b4e2a01925cbeac94fee579477684fd3676797bf9f00a2939e37b0e59a76da8ca4dbdd2ebc44abcc25147952a7e7647e3de66b7cbadcc0015838861556b0a175926bd4a354155ccd61e60de1a1cbf84f34b27310533dc55dcba0282158ce5418ab01da831bf7200a6de8462d5ada545303cecac1f22f4518f7d739acce35fe771b0d925f038b0751b08df7883a4f849", @ANYRESHEX], 0x1ac}, 0x1, 0x0, 0x0, 0x8841}, 0x40000) (async) read$auto(0x3, 0x0, 0xf34) read$auto(r4, &(0x7f0000000040)='\x00', 0x10001) (async, rerun: 64) read$auto(0x3, 0x0, 0x80) (async, rerun: 64) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/cable#0\x00', 0x101440, 0x0) 2m30.578551298s ago: executing program 2 (id=1653): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x800) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/video59\x00', 0x0, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0xfdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r1, &(0x7f000000ca40)={0x0, 0x0, &(0x7f000000ca00)={&(0x7f000000c1c0)={0x14, r2, 0x35712d2af9a9dbe3, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x4) read$auto(0x3, 0x0, 0x7) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) madvise$auto_MADV_GUARD_INSTALL(0x7, 0x5, 0x66) 2m30.166930069s ago: executing program 2 (id=1654): r0 = socket(0x15, 0x5, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x3e38a2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @private=0xa010102}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sysfs$auto(0x2, 0x2, 0x0) unshare$auto(0x40000080) mbind$auto(0x200, 0x10000100000003, 0x2000000000005, &(0x7f0000000000)=0xc4f5, 0x7fffffffffffffff, 0xe) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x6, 0x0, 0xdf, 0xeb1, 0x3fd, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) pivot_root$auto(0x0, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) ioctl$auto(0xffffffffffffffff, 0x4b4e, 0xffffffffffffffff) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, 0x0, 0x80000, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, 0x0) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000980), r1) sendmsg$auto_TIPC_NL_MEDIA_SET(r1, &(0x7f000000a4c0)={0x0, 0x0, &(0x7f000000a480)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000ffdbdf250c0000000c000580080001000a01e1011ab57d61d9ba74b7a22477b66087be8bcc86fe1b13faf101268fff82229eaad338ca4b3b7e542767dd23b65c9307270e2303fe3c383e5bf85e89adc27ad10587"], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000048) write$auto(0xca, &(0x7f0000000140)='\x04>\x01\x01\b\x03\x00\x00\x00I}\xe8N\x94\xf2\xa2\x00\x00\f\x15\xd8a\xed\x84\xb7\f\x00\x00\x80\x00\x00\x00\x001.\xb0`W\xd3M\x00\xbf\xe9\x83\xea8\xd1\xda\xcf9\x02u@\xeb\xcd\xb2\tBAh\xf8', 0x3ff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/iscsi_transport/iser/handle\x00', 0x123640, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0xa, 0x6, 0x0) setsockopt$auto(0x4, 0x1, 0xf, &(0x7f00000002c0)='\x05\x00\x06J\xd4~&\xe3a\xe9\x14\x01\xdc\x85\r\x00\x00\x00\x00\x00\xee\xcc8\xe2\x7fi\x01\xaf\x06E\xff\xff\xff\xff\xff\xff\xff\xff\tL\xb9\x8dv\xf2\x93\x7f\xe18\b\x00\x00\x00\x00\x00\x00\x00\xbd\x94\x06\xc3\xac\xc0\xd9\xa1J2_\xe3\xae\x00\x00\x00\x00a\x93d$\x05\x8a\a\x00R\b\x0e\xfd\x06\xca`\xf6\xfc\x91 g\xa5m\x1a9H\x14\x14\x97\xc1\xc5\x94\x91 \x968C\xc1v!w\x0f\xcc\xf5\xb5!F$\xa4\x9e\xf7\x98~\x98\x88\x06\x14@N\xddM*\xfd\x85R\xb6koe\xe8\xfaF\xf0\\\x9c\x85\xc7+\x81\xa4+\x9f-\x00\xedS\xeb\x1c2\xffy\xaa\x14n#\x1f\xde\x02\xd4\x87I\xb5V(\x00\xa9E\x14\xe3\xf8*\xfd\xcc\x0e\xe4\xbc\xa0\nv\xd9n\xf3\xf9\xed\xc5\x95\fT\xe4\xd6\xfa\x99I\x81\xb4\xb2\xff\xa2\xb3BL\xc1\x9c\x80U\x88\xdb\xcap\xcf\v\x00\x00\x00\x00\x00\x9f\xcf\xa4?\x86\x8d\x10\\\xc7\xb6\x93\t\x98\x8f\xb9B\xdb\x11\xae\xef/\xd5f7ok\x84\xcbddf\xe3\x9c\x1b\x13\xf3\xbdv\x83\xa3\x95o@\xe6\xb8B\x06k\x83\xd4\xad\'\x8b\xa9\xb2\xd38\xe3\xb6\xfb\xa0x\x06\xc7B4\x9e12\\\xd6\xecD\x8bV7D\x8a\x97\xa5\x17\xf6HC\xe0\x03\x00\x00\x00\"S\xc9\x01&\xb0S+\xa0\xf4\xb07o\x12{Q\xe5\xeb\x9b\x9d\xc2\xee0\xa7Y\x12\x1d\xcd\xfb', 0xd) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) listen$auto(r5, 0x26da) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000001240)='4', 0x1) 2m28.020503934s ago: executing program 2 (id=1657): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(r0, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r1 = socket(0x2b, 0x6, 0xfffff29a) r2 = getsockopt$auto(r1, 0x11e, 0x1, 0xfffffffffffffffe, 0x0) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PUBL_GET(r3, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="b51a110dad16e4b19acb151800d554", @ANYRES16=r4, @ANYBLOB="05072abd7000ffdbdf250700000004000280"], 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x20000, 0x0) ioctl$auto_SOUND_PCM_READ_RATE(r2, 0x80045002, &(0x7f0000000580)="701c59f21a5dd16da4c58c12e1bc2af0cd36adb1a90861522836470aadbddb74104174f9ccf08cf6999f3e904165647e61cbde5e09c53a61766daeffb1f4370feaeae75f93788c30a0f2f018d55b849246533757e13cd6e721e7f2f502a65a4c79e4996bc04d32d9677401972341280342f8df1c4cb3536a874004a0d7ebfa76a9bedc7edf8087e4fb10d0") r5 = socket(0xa, 0x2, 0x0) setsockopt$auto(r5, 0x29, 0x30, 0x0, 0x56b) rt_sigaction$auto(0x3, &(0x7f0000000400)={&(0x7f0000000340)=&(0x7f00000002c0)=0x2, 0x7, &(0x7f00000003c0)=&(0x7f0000000380)=0x6, {0x40}}, &(0x7f0000000540)={&(0x7f0000000480)=&(0x7f0000000440)=0x6, 0x2, &(0x7f0000000500)=&(0x7f00000004c0)=0x8, {0x7cb9eb18}}, 0x8) r6 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r5) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000a27bd7000ffdbdf250500000008001e00f8ffffff08000d0006000000130002004d414338303231315f485753494d000008001d00010000000800150009000000050010007f000000e62c3656e5210e390caed1a025aa50eb51c11fc924dd0342e9cae1135f256bdfe0e243213b233d217efca80f0a7ab8f9c90e5d838bbd5c846e312835db7ad159a395bc6423f1b31a62a002b276295eb1896eddd736cb6baf2461be7f8ea5c1cd9e9563d9cbfa46f7e306eff46214aaa5e83bad931777e1c2520069b0c156464041b81db2e9b0c64c9424cd2fa6a9a008cf1f161050a52e2cd61fe7"], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x1) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88d\x11\x00\x00\x00\x00\x00W\x00\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\\\\\xd9\x1a\xa5\x93\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x83\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0xfdef, 0x2) mmap$auto(0x0, 0x800000040009, 0x36, 0x9b72, 0x7, 0x28000) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYRES8=r3, @ANYRES16, @ANYBLOB="01082bbd975334258c9fad1a00f33a7ff7b521700003dcdf250400000048e8364e9af9660f29"], 0x28}, 0x1, 0x0, 0x0, 0x48894}, 0x4) mmap$auto(0x9, 0x400008, 0xdf, 0x9b72, r7, 0x8000) getrandom$auto(&(0x7f00000001c0)='\x00', 0x80, 0x3) madvise$auto(0x0, 0x2003f0, 0x18) 2m12.842304129s ago: executing program 34 (id=1657): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(r0, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r1 = socket(0x2b, 0x6, 0xfffff29a) r2 = getsockopt$auto(r1, 0x11e, 0x1, 0xfffffffffffffffe, 0x0) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PUBL_GET(r3, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="b51a110dad16e4b19acb151800d554", @ANYRES16=r4, @ANYBLOB="05072abd7000ffdbdf250700000004000280"], 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x20000, 0x0) ioctl$auto_SOUND_PCM_READ_RATE(r2, 0x80045002, &(0x7f0000000580)="701c59f21a5dd16da4c58c12e1bc2af0cd36adb1a90861522836470aadbddb74104174f9ccf08cf6999f3e904165647e61cbde5e09c53a61766daeffb1f4370feaeae75f93788c30a0f2f018d55b849246533757e13cd6e721e7f2f502a65a4c79e4996bc04d32d9677401972341280342f8df1c4cb3536a874004a0d7ebfa76a9bedc7edf8087e4fb10d0") r5 = socket(0xa, 0x2, 0x0) setsockopt$auto(r5, 0x29, 0x30, 0x0, 0x56b) rt_sigaction$auto(0x3, &(0x7f0000000400)={&(0x7f0000000340)=&(0x7f00000002c0)=0x2, 0x7, &(0x7f00000003c0)=&(0x7f0000000380)=0x6, {0x40}}, &(0x7f0000000540)={&(0x7f0000000480)=&(0x7f0000000440)=0x6, 0x2, &(0x7f0000000500)=&(0x7f00000004c0)=0x8, {0x7cb9eb18}}, 0x8) r6 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r5) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000a27bd7000ffdbdf250500000008001e00f8ffffff08000d0006000000130002004d414338303231315f485753494d000008001d00010000000800150009000000050010007f000000e62c3656e5210e390caed1a025aa50eb51c11fc924dd0342e9cae1135f256bdfe0e243213b233d217efca80f0a7ab8f9c90e5d838bbd5c846e312835db7ad159a395bc6423f1b31a62a002b276295eb1896eddd736cb6baf2461be7f8ea5c1cd9e9563d9cbfa46f7e306eff46214aaa5e83bad931777e1c2520069b0c156464041b81db2e9b0c64c9424cd2fa6a9a008cf1f161050a52e2cd61fe7"], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x1) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88d\x11\x00\x00\x00\x00\x00W\x00\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\\\\\xd9\x1a\xa5\x93\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x83\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0xfdef, 0x2) mmap$auto(0x0, 0x800000040009, 0x36, 0x9b72, 0x7, 0x28000) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYRES8=r3, @ANYRES16, @ANYBLOB="01082bbd975334258c9fad1a00f33a7ff7b521700003dcdf250400000048e8364e9af9660f29"], 0x28}, 0x1, 0x0, 0x0, 0x48894}, 0x4) mmap$auto(0x9, 0x400008, 0xdf, 0x9b72, r7, 0x8000) getrandom$auto(&(0x7f00000001c0)='\x00', 0x80, 0x3) madvise$auto(0x0, 0x2003f0, 0x18) 13.306398302s ago: executing program 3 (id=2058): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x800) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="970bf6f723", @ANYRES16=r1, @ANYBLOB="00082dbd7000ffdbdf256d0000006e00cd006528d6cfd30598ae917b5625de790140cc5a7fd247572c5daca3620e60b37bedbd2f62eed508c05f6d65957f602ced32c85a42da00ee4262e877596be12f463e8580ef20df6c8e924b3b3a4ed7967b850711e1d9781c481c6cb9422d172d84d5b8625370336aba0e021a00001900c800bbcfc271c58323a25f81416f08e4bc272b5fbf13400000002a00f5002fee4f7b02ea8ad097fee9d489f1408fee898610d7652e3610440d2e9238c57d34bf15f6185d0000"], 0xcc}}, 0x0) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x1c0, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x5}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x70}, @NL80211_ATTR_NAN_FUNC={0x198, 0xf0, 0x0, 0x1, [@generic="b95d16fb346b91604abd451e3e93b680b1d2a23f8d6e083d200d67e6ebc51f03c4c029131ad1ebf965af89c6730d1e3d3bc7a2528b7de6a1562236b9830ce4521c0bfb52ced4d1839a3364383afb21c6cb88386e76189367fbeab91214e017e976bf9661264e5ea09b7bbcf79613549627ff105b326a1736c56ac5e9b1ccb0a6b18841d6399a79a5b313afb039abb6c801edd31d211478bdebbf18447344", @typed={0x4, 0xed}, @typed={0x9, 0xfc, 0x0, 0x0, @str='\\&{@\x00'}, @generic="07ccb8130367163c3be3fdac50a7d5b8394e28dd14f15d4804bda9e803db989350cd0f87e185031efbf320005e883b08ad11047ac6531d63c100474cef272293d2d8f74e8b8554d4bfaeb46c0e8cb81c23befb01115f88fbe9fa78c1941fac1d66672a79cb8a231cef69d03b839f18d13bd4b593e2f4355b2bdb1fc2fcd7ff4cb5ec70afcb0fa9dd5c416239c6", @generic="56237f7011fdfa4195de825e1561670653bd2adc390230cc6cc9d152d28f45f970bdb3cd032c2dd858c5b2ee624ea207d4fe2d20d5661b2578a74ee08a7830c5a1e18db7d9ce6594c196d88545b3f1b1dfb6b5b73850f88610"]}]}, 0x1c0}}, 0x20000040) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/video59\x00', 0x0, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xfdef) r3 = syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f000000ca40)={0x0, 0x0, &(0x7f000000ca00)={&(0x7f000000c1c0)={0x14, r3, 0x35712d2af9a9dbe3, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x4) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 12.140977596s ago: executing program 3 (id=2062): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x2, 0x9, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) 9.546049152s ago: executing program 3 (id=2070): prctl$auto(0x10, 0x3, 0xffffffffffffffff, 0x7, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x6, 0x4, 0xfffffffd, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000003040), 0xffffffffffffffff) mmap$auto(0x3, 0x3, 0x10000009, 0x13, r0, 0x25) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1ff, 0x7ff, 0x4ff, 0x0) recvmmsg$auto(0x3, 0x0, 0x10003, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = socket(0x21, 0x5, 0x0) r2 = epoll_create$auto(0x4) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x208100, 0x0) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r1) syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_GTP_CMD_GETPDP(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x24044800}, 0x4) (async) sendmsg$auto_GTP_CMD_GETPDP(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x24044800}, 0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) read$auto(r3, &(0x7f0000000000)='veth1\x00', 0x10) fcntl$auto(0x3, 0x4, 0xa553) (async) fcntl$auto(0x3, 0x4, 0xa553) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r4, 0xb, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) 9.364082593s ago: executing program 6 (id=2071): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) unshare$auto(0xe40) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x1c0000, 0x800097, 0x1, 0x0, 0x3, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r1, 0x0, 0x11, 0x6, 0x0) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mbind$auto(0x0, 0x800605, 0x1, &(0x7f0000000500)=0xffff, 0xa, 0x3) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 8.380725574s ago: executing program 3 (id=2072): r0 = socket(0x10, 0x2, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1b0026bd7000fedbdf250300000004000800100003800c00148008000600", @ANYRES32=r1, @ANYBLOB="12000100898771f1c19f1779048590822ad90000040002"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'veth0_vlan\x00', 0x0}) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r4, &(0x7f00000006c0)={0x0, 0x30000, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c000000d961e7e40b3818e2cd8d1fd9ed1911dc2b43651aade72a4ca160c527c2888ebb91bea0f01be03bd5", @ANYRES16=r5, @ANYBLOB="010027bd7000fddbdf252c000000180001801400020076657468305f746f5f7465616d000000"], 0x2c}}, 0x400c080) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'pimreg1\x00'}) (async) readv$auto(0x6, 0x0, 0x8) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D2\x00', 0x0, 0x0) r6 = epoll_create$auto(0x3e) epoll_ctl$auto(r6, 0x1, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x102, 0x0) (async) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000004, 0x8}) adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0x8, 0x100000001, 0x7f, 0x0, 0x2, 0x0, 0x40e, 0x0, 0x10001, {0xf, 0x6}, 0x7fffffffffffffff, 0x3a9d, 0x5, 0xf, 0x0, 0x6, 0x1, 0x7, 0x8, 0x4, 0x1015c8}) (async) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xb48, 0xb, 0x6, 0x2, 0x5, 0x0, 0xd, 0x9533, 0x7, {0x1fe, 0xfffffffffffff7fb}, 0x80, 0x80, 0x6, 0x6, 0x0, 0x100000001, 0x1, 0x190, 0x8, 0xa, 0x2014}) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'pim6reg0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00'}) (async) r7 = openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/tracing/uprobe_profile\x00', 0x58000, 0x0) getpeername$auto(r7, &(0x7f0000000440)=@xdp={0x2c, 0x3, r3, 0x14}, &(0x7f0000000480)=0xda) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) pidfd_getfd$auto(r4, r4, 0x3) (async) setrlimit$auto(0x9, 0x0) (async) shmget$auto(0x400, 0x10563, 0x568c12f2) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) 8.281027114s ago: executing program 6 (id=2073): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x2, 0x1) connect$auto(0x3, &(0x7f0000000140), 0x55) io_uring_setup$auto(0x6, 0x0) write$auto(0x3, 0x0, 0xfdef) recvmmsg$auto(0x3, 0x0, 0x8, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r0, 0x89a0, 0x8) write$auto(r0, &(0x7f0000000140)=')-+\xa2\x00', 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) mmap$auto(0x0, 0xffffffff, 0xe0, 0x15, r0, 0x7) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r1, 0x0, 0xe) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mincore$auto(0x1000, 0x8001, 0x0) r2 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ubifs/chk_lprops\x00', 0x8182, 0x0) ioctl$auto(0xffffffffffffffff, 0x400c4d06, r2) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x5, 0x0) 8.225162859s ago: executing program 5 (id=2074): openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f00000029c0)='/sys/kernel/debug/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x181041, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/protocols\x00', 0x80080, 0x0) read$auto(r1, &(0x7f0000000000)='/,\x00', 0x5644) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sockstat6\x00', 0x101000, 0x0) socket(0x1d, 0x2, 0x6) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) open(&(0x7f0000000100)='.\x00', 0x591083, 0x408) socket(0xa, 0x3, 0x3c) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x15, 0x5, 0x0) r3 = socket(0x10, 0x2, 0xc) rt_sigqueueinfo$auto(0x9, 0x8, &(0x7f0000000000)={@siginfo_0_0={0xacb4, 0x5, 0xfffffffa, @_kill={0x4, 0x1}}}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000001580)='LnAY\xef\x1c\xcb\x1c\xae)\x13\xf7J1\xa8\x90<\xb9x\xae\x0e\xbe\x158\x81\xd4\xd0\x81KO./p\xc1\x81\x1d^\b\xb7do\xb0\xc1/\xdct\xd6@\x84\xcfJ\xd6\x90\xb4\xf6\x03\x94@\x1f\xbc\xe9\xf6\x10Pm\xabt\xdcP\xbb}F\x9e\x8f\x9b\r\xe2A\xa73\xccp\xbf\f\xd9\x0e\x10>\xfe\x86\xb9\xa3\xb6\ad\xab\x18\xffc\rD+J^\xea\x01^\xc2\x96{\x81\x7f@\xb8\x0e\x80\x85\x93\x93\x85Y\x06\xf7t\xe1\x02<\xce@\xda=.\xf8S\xd5\xd8[GF\x93\xc7\xaa/#\xe0%*C\x1a_\x85\xe1*\xdf\xc2\xc6\"\xda \xa7\x1e\xae\x96YH\x87j\xa8\xf1\xed\x0f\xb5)N\xa9\xe8\x8f\xb0vN\x8f\xffv\xa5bTmx\xb1\xf7\xae\xb9\xcc\xcd\n\xf6\x90\x93\x19$F\xa5\xa3\xcf\'\xf3\x9c\xcd\xe3\xc5\xff\x8a\xe6\xd9\x95\x05>\xfc\x87\xf6\x8a\xb5\a\r\xde\x11\x8ay\xfe\x83\xec\xf2I\x13>\xf2\xf5^\x88C\xe5\x12\xea\xdfYi*Q0lN\f\xd9i\xb6\x0f\x13\xb14r\x1e\x98+\x04\xce\x85q\xaa\xec\xb9\xefTv\x1fr2\xff\xaa\xaf\x84\xdb', 0x200081) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r2, @ANYRES32], 0x18}}, 0x80) write$auto(r2, &(0x7f0000000140)='-\x00', 0x2) 7.685176843s ago: executing program 6 (id=2076): mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01fcfe2d6cb373330800010000000000000000a3bbef92000000f20000c6d23fab3315c74eb66fb3b1dacb16ae9327ac3f41236b1d57ee096c0164a5e2f2b6f98bbdad8477ac41e9b6defee67efd27b61e19f6a3d31a69dbc70b67a96ea595ec3e3f7fe044172feed2fab645decb2354a3e34a0567ccaf99a3ab66f37548177aded51845e9210c372eebc5a6048677f3ab3d5538d508e5446734f8514755fc1ecd374182819591ce909314b6f6d4332dc225a19150a7dd311c4fcf74b7d8c75ac62137a6009709d581f04202f074245570c804dd0679", @ANYRES64], 0x2c}}, 0x20008810) mmap$auto(0x0, 0x4020009, 0xe3, 0xfffffffffffffffb, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x2, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x4d00, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xb03840, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0xfffffcc4) sendfile$auto(r1, 0xffffffffffffffff, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSA(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="25da24261f28e9b9a2da89f742cd01002abd3000fcdbdf250800734aa1408a54b76b3c032ac34de68d9f2840c27a82d4e8eaba5f9700cf5f160259ba67b134063192ccd74ad85ed65b6ee197108bfa8eb48bd16b757cd9d3d94c0db3895e15eeb471a5221d60b386d55a582a5bb15de5542693fb2ef1b02034a42e04661bf9c011cff0b477b982a7529734d45ff1a46536974932", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x20004010) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) kexec_load$auto(0x5, 0x2, 0x0, 0x20000000000005) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages\x00', 0x40200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)=""/65, 0x41) setsockopt$auto(0x3, 0x1, 0x1, 0x0, 0xfb3) mbind$auto(0x8000000000000001, 0x20800605, 0xb955, &(0x7f0000000100)=0xfffe, 0x3, 0x3) 7.685010499s ago: executing program 3 (id=2077): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg$auto(r0, &(0x7f00000000c0)={{&(0x7f0000000000)="bff2370a73bf5195b4e6f507bab421bc74d63e2755e89d16792262ee8e8cc004b6096fdee1c7392a17a28d8fd3269ccfb205482ecf7de4fd5e24e62857872883ee1012efdf", 0x10001, &(0x7f0000000080)={&(0x7f0000000180)="bc415c04bbabc2b7edd5818c790d0301eac19f44dd0d1be0b059cd0ed4f2bf10f001e6600dbee59234ace129c4f31732a4010e8e4f124aed03dadf087dd80a1ec7d180b49d08565289f9ca6e5dda50b5a4a77b6aa4e8a65cef652b3c2ba5e5af556cd9d8063ed862a92269ef2da50d0359aefd38db3e0c35e3a2c311377deabf2e308d5879e29fe7dae2114f4f835d7e7e040062219dd7f7faa8ebe61a8e8d234e8dd521d4fbe669c6934a0740dd33dc0badf7699760ba3a2391542977a0a19fc7d142311394ec5b12e3b35afb525e14d2b122f032eeb72ffbd490330553cda81ae946775b877efb", 0x8}, 0x8, &(0x7f0000000680)="e9e048c36aa3a4edd0751ef865ccbb673f458a9ebe8c915ab136cd7f675129c0cfe11bebd81d6060a814fd54c6aad15bacc74c9f23722e9469b6cc56f480e2ed399b01bb1e7b3535c88f6eb5638cde63efeb2c3dbacefc2820822bb034d867690e390588493e26bc1e08877fcc7b407c13c875fb5c25fadd4efc2895f21240c3816abd0b029e895a93d481bb8c93c8947191ffd2c0d30f52ec2ff2a4875788d88f93d1d4717f20b1f9209d9e2a4ef7b916f54318bb4f39a318f6979801638ce5d0ae8f7cd26de3d91aac2c238782afde70d35cb7ab0c708a3a81f7f0a3c3bca45570e4de96ce3aa77dbd944ed66ab1cad5c4a0c3bacaf410ab043a7e37bfae2bf935476f38d84dcab02617fcab51468c599a71073530005648b37b0f3e24bff271b304dc34737386626cebef3bdb2868e824cab902513fc34e37a1be597cb441398d8f86c93b14bb243ddc6826a6862a1c0819e6b87c9f1b5e1f179638519cf152ce81ebc9acb491f893d4136c76346c24b9fbbd761ebfb2352c0b88698d1b845a21e356abb6f208b241bc3985f3f9a0d13f4f5040af80b21e87ecb35f8da157e484dbedd59ab218cfc43a116c59d83d7598ea245e6b4a8f0fd4705243d2c9615eff9c9f07217a76cfbddb46ed6d3d64ec0f86f126f5d7d307c0ba2f7c357fe7b9afdf929b4ed082c1b76bb61fd450141e370fcbb879df89f6011b12ccdb6a14eb739b97be62b6db2a3a925dccc594cf00f51cb035cc23540a8d59f3085948b024ba55ac2ac6852acee8541bd61066f105059f60ee1827cd81b5cb00c1ecfe189ad7dcf9b4d7e273c8a2054ad843c32c9cc10c8ac65a2e9079f7d7617121e86f0a64cc848a5d6a6f917c187c63f4b8dc37dc6d3f775a0766c7c6133b659537044e40a5d4dad67f68c73381d2333be9c74ca7c006c9d94a5cbe7e97b0b967e1323cd2fb6dcb75e448428c3c4f403ef1914210c195bbd1c3d29afb746ee9d3c2e6767a2034628528689796543cce844fdd29d4faf8c501ffc972f852ce592d31beceaa1b8890b04f6aa8887b46c345caf078b982a065aba1bcb1b45cf30ea7ace0a7ef0c814ad92bd9a993a04560c39581092e8b57e7f706ced1c2d293c058aa657d8f71ee1e19a53e0137b1e176b737b983807201b99b50bfabc5d8f8de92b4bb61eae4362e28c0a48b1503a16a73b6d3dc3a9a96c4a8e78d7802203d09866fbc61e33045631424dfb691f383b2b7ae420a7c6b01b58bb3b2220c8c56a023e72a8f3bb8a2b3eae069d3b2b54e168dfe1f2818f9a7261a99ce9f69f1da4fe77d2355db2e8a42dd956f9a9be6bd574092fd3b56b9b4ea6a914268592375a1dc2f435fc3fb8a427062bb666f0fe1e51e40e79f7237975322385e95a31fbecae908a9fe0d2ba6afb70ab10a2e31d8c152ce02fe1efa5b3710626ef1943cdbd4659caf7553a6573b17c37081ebc5c94ce6e4217892146aed94683aae1ae6e3172a25f481a5ce9379626dd58bad08c001fdbd9774048198e3f5edacfebc672e17f69ef16863130d50891d1177177cf7cc2fa7d2f370b59cb00eb2b7a6a627cf7dd587a24678d258f87a8412c80a60ec029e566fb27d94651187692f6c0f85fcddfa67d2fc602895c73ab5829a772863660714ec302f9ca7bbdab8611e9eb2773b14a698f60512ad7e088e6270a4b3ca1e12131ae46266f5e4706e0f6671fc58df3fb09c6107da431154da23bf80d6866959b86620cd0373e449d72a8179aa74771c228e274446126ed28aff91167552fab3b15551bf14f480fa14c92fa1dfea3fa2850ad5fa8cc6d11b59a5fb2de47d19c5f6dfbf36e96129feea5e6bf65aae9d0ecc5b9b99c676f015fd00d10257b46766084fc87c9e9395782be0cede7b61ed32bc8c418f8c1148325f95357a022a73e2e717aaeb0378b8f146cec6d40a8a9f78104fc2fff20076dce75c4b46eb8893135691d1d2cfb950ff4855d49b9e2045ad03d4fe246bb27fb7c56b671ef1fbb315b3eb536e61e13017fa6047736f07f51bc375d71466cbcf7b7f437721401ceaf2e882d3919bd6566596066490e2bd518dcf75fd14a7c909094f24a159f5ae0f8d81bb19cd088fcec506fd2f4bd777a9508348a2d86fb75dc4b3aadc37c8c102753c4aa720ec6c2d08a02a6983f1c43a77d607317f4956d21669ae64165f362bd2a0c0608eaf7731635ec2ff1ea28559490856a3bbc02cd28cba51cd7bd840ccddf66ccdd3311998287392a3f1c1219e7010075df3224d4b9f2a360fffb63db4bb35bbaa3cebc422aba1512a7255d79010915c6b50423e907c61c7ba8b9d5670849988e1d66adf95de179576312903b3b907d7369f65491cbed5d403dd5b9f1e024577d87fbc4fa76c63c427ce4c08f152071c4e667cb26b4e297278c36b3b369deeb6e68db116da823225e99ef1bef171952ffba5ea9451da775e10c47de45ba8fc81f3927ab9507338bc342655d3a8775f7d1b4162d0ca8447a17458ae3e7ebe3db4783f7f2a911626d2498fae04d5a80e334fb9cd6a75bb6a10ce1d4d10d74e92ba6997752ec64025cf20616e3e75db6e01c83bd2c0cc0c861d42d5a50cdf12b02823a62ea576a9b63ccb78ef4f5cee6c1db114e69fec232805a91944bbd54fc662c671e8a3485f695ad8eeeaf6e03ac60ab53703bce07c519c7e0fef6f9c86ef519255b26c3d7bdacdbe14393a653ddf3522a74d5af492dfe898cde59169bb09d053d533fac1489fa3b27e3f49d2db8e8607659005810701993e2af9bfead969b10752df35a3b11cef46824e0ab346ecb1b6d88d27f2c2de7d6bd52785d148026601cb5f3a939a2f4cf9aee5c2925f7cfaa55f44f97016de9fda252209e85c62b2ec7d2393e8c4e48f14e45fa459413314c8de0a4fa611599df489ab98f7be2be1c4eb9023cf0bc2cfa1b0da9f9da6c490ce11617e371665c729150f7ecbf79688cfd0caa086d30ab669194c4f5c635a5201935d8c6a295493739439f2c59939133e9d8113a78d4d91889bde7e33ab56f7e210c7bab9b10dce70372415c880fa279864ae34203e3e50ba219449b8a5dc930c538185f8f7cda848965406185ba9ac0954c1e683682582da59ef83027ac266c376237e9aec7eaea269bcf305079639c3f229b3b022582c0b940189d07c35d5024a916fb10579d77be4d9bf8e4dcfcd8721b823060a5854af95d8da3fd820390666147cf9696e3329544e04c5d7d6547961aeeb65d4da066e272e145cef78b119682f8fe112375d53801f964147f81aa17af4e5d1d837433ce6479d0a8ced2787ae80e1fe4769d2941e9536479927b72249cab2f270d399ed7fe9b8f52b75b2ca32a19424ce747f0e1757cb0d9a17d39281bdefa290fb9d2222980f9bd3cc89cd0c07f6cf129e1caed6abb5cdc566c08e573e8efbdf812d2fdf769af13782c2626b257b41a65c8125602d745b69ce00393af8f72eaf34992038e6b1f584795bc1eff3ad09ab6ecf9c1e15c4d3c8dc88d7ac196bde0346579c8c5f9c2dcb124c70c6af092f01bfd73bfb039e10bfcdc72ab5b6ceeb8bd237ecb41f3efc6e82f275d57cadb6e5f3f0229427429549a8730e3961d6c4980c21b2689e21df535edeb90a672ff2676d183167e618edc5a17f03f89dd240fe017ee0a18ad3dd2df9aff32fa1e7a7b056a318636c18e50df2eef2e7e9147b2e93638179e12895c494cc1666423ac8d10fadbf0f89d11558de6130eec58959095d89636ebcb10d41aedfb19dd06401fb2ef026cdba8fcdc7b590755d30d70191e13fcd8976485b915535d1f0d675a560a6aa433f5d429187bf51932c0bac4e4b5dc59a72af8ad7b6bbd09397c762218342a72d592aac4b2e98b8f842039b3a573cf76a7a9d49702abfbe999f67d21cebd1b78fc1a1281c28f3aab01ffbcf486e5279f8d044bc44ec53d91bab3aafc6b8331bce40bb379aa61b8c4636bbff16dc68cd4a111829bc58b06cea31b8fbc24246ae8a6e5ba329768c21d0e3be18524b9378ad33f1b795229ba4ca95684ed7bad57d62b9601920adfb80d0ab53a7f1ff050539f13dabf10547f9550663e27dea61bcb8d07ea6ff6c180e2ec452a70ea2d87ed4ed23e5c18d09f7c95f7da79b9067b1098204fef9055b5059a582a23c383e6bd66e6bc51cbaee3d3ff53f2e1f6b64755e63bfbde28248777e9ba2c8e578f9932a2cf7526d063a8a8334c1307bc2ca6cdcf23dbc24ee894d51518769f31d2164cac669c67f17b866c40039d3add873ebcd162f6a0fd6ea4e15d72e62b19d190196055b925f9feb5515d69a3c76a4ef78da2644a02513ed8d1413a3695efa515454b5f2b0bc1401dc7c3ae4c5aa84ab04ec60d5ecf199e08818039d96ff089ae33ae90a896f3bc2fde77feded191122cf74b0d1017762eac559806353daaaf1c13181f85d88a39f70564c59098de4f0279a6033d3f59a795633b6dc277b890b132456f15ef95d4ad21895f4450f7cbb09e6bb0610aa630d0df06732bea69d0e47529456e22cf2b44f80fb8d295393dc57ce428651d30fa9e0242809ba5cb2cee6ef3f8b5581764f5edec1d66a99f525b8a3b3fe0daa4c686a7849be1b3ad94c2ddb99a44afed3ce3aea22b58965210d48328456368d35a82dc3f5d83a648f184074445e8afb640cbb3eeb4cd3c258485c40f347ed1a1ff07f822182e887d4698aea89b01b57e1e38025db75c4eca1a17fae7f613dde54ccfa1e7fd51e1ce77b167e89a94516b05779277fd6b982d1bf29a4dc1227b262e6731de24f355c6c8b1a9fb86d16eeca3c05709330290c0ec6c002edb99203a32fe6a6114b6fe5f5b23a38b389f02ba5066388ebb29e6ac137958180f91ad4867e1bb6d6ad4690a2f5683cd7729b334607d8a258b60a787b1a7100b3ae768f277385fbd3a37f28589815480cee78561a08fee6880b87a5bd6f87b66de58ac19a857e233068e50d7173faa6c798c09bb44432caf5f05aaca28a56b0e0979d50592328e06dc5f2c2a48ce3b69d4a72f17b72e7230323f7a6c90476a33302410d44dc8a57e0b4324bbcec72893845b5f355a974b34352feab5140467d2746d40ae02f35d2ac4568e10d056b461745e05597bb91fb585383f78fd2492cadf4b81c01ff6d5155e288579bd2552eff6f71c69db7fc4ab71fc6da4be46540e459932adb57501813fc8f235e621a75f59d75a7057fab208ad7f6f390f99e9b0e9f7b890c2d1f672582b2a704a5727f8c0a69569784669ba3c4c758b27169190ed9eafd1d0b605806ac91b5693d4cf3f910361a2f97c9d154dd3063187f33757be0e312d0703bb5c3b08710b0d093dda8cbdfe80c6d9d1417757861c97b5ab6acd84323a9c23499fcb396f7bae9dceb06c2c38f05a9a4236e9619869efb5b263dee1d819a5c97102dbe80a975aff4b52e8984b85ca3ba4b2e4a4e2870758f258745f0025cbf21bd725f8dd7f87f1bdf217244a8d81b1a588736aa8aee5538f09c4ed215fdc47e86d393b8120fd0468d8b38ef1d28bd3d599e28a5e09ff8134876ec8a91b71c391ecda0a69a44d6ceeff100b0740e5c7c2c8ed8e930c5dd119ad6337cca74ff9e2bf6a9f3dd6ea778274554b62ce086559f3ede0483672e494f91b3bccb3c0aa149ead92133e4cd11228724c7b439237cf48930b99f7b294039ac8c13d94a163edb1dc3c2251553b8e6ff6b0b891934f82767621a4948465214d7c2a06567282374c25e051a5632b73229470b892b81658d50062b12122cea90997d52ea028aa478c7edbf711fb3446814b545388a9842", 0xfffffffffffffbff, 0xffff7dd3}, 0x3}, 0x14071d82, 0x0, &(0x7f0000000100)={0x4, 0x54}) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x5c, r1, 0x1, 0x70bd2b, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 7.271989568s ago: executing program 3 (id=2079): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) (async) mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) (async) getcwd$auto(0x0, 0xffffffffffffffff) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x9, 0xde, 0x9b72, r0, 0x8000) io_uring_setup$auto(0x406, 0x0) poll$auto(&(0x7f0000000d40)={0x3, 0x3, 0x2}, 0x5, 0x3fc) (async) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) (async) io_uring_enter$auto(0x3, 0x109, 0x80000002, 0x4, 0x0, 0x6) (async) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r0, 0x0, 0x4) (async) inotify_add_watch$auto(r0, 0x0, 0x9) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r1, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB='\x00'/14], 0x14}, 0x1, 0x0, 0x0, 0x4008008}, 0x0) (async) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x20040045) (async) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlbl_mgmt(&(0x7f00000000c0), r2) sendmsg$auto_NLBL_MGMT_C_ADD(r2, 0x0, 0x20000000) (async) socket(0x2, 0x3, 0x0) 6.291737429s ago: executing program 5 (id=2082): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose9/carrier_up_count\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) write$auto(r0, &(0x7f00000007c0)='0\x00\xb9:\xaa\xc1\r\x02T\xf5\b\x00\x00\x00\x00\x00\x00\x00\xa1\xd0\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xcc!\"\xa6\"jH\xcd\x10&b/\x9a\xf1w\xddS\x87\xd1vi\xa9\xeaM\x1dY\xa6\x8d\xf2\\\xac\xe1\xcf\xf7\xff\xff\x148\t\xba\xa0Z\x00M\xbcHM{\xa9\xf1R3X\xdfMbe\t\t\x86\x11v\xa2W\x93m\xd9\x93\x98.7Z\xe7|\x9f\x88\x05\x9ej\xc5\xfaT\xa0\x9a\\i\xd1\xb3\x02\xfa\xfeaq\x8d\xf1\xba\xaf\xcc\xce\xb2\xd3~TR\xf1\xad\xd0\x90n\xb6\xd0\xfc(p\xa3\xabk\x19\xcb\xfda\xff&\xad1\x95\xc5\xa9Gb\xe3\xa4\xf1\xe2\x91\x0e\x91iy\xba%+=\xb7\xd3D,\x19\b\x00\x00\x00\x00\x00\x00\x00\xadG\x94\v\xff\xa4\xfc\x95\x00By\xe9\x80\xd3U\xcd9\xe0\xbc\x8cK\xf3\xfd\x89\xda\xaeH.\xe3\x95Xbw\x02\x99\x03\x00\x00\x00\x00\x00\x00\x00\xaf\xc3\x89\x91\x19\xfc+\xe9l\xd3\xf5\x00\x00\x00\x00\x00\x00\x00\x85%c\xa6\x0f\xcfI\xb4a\x1d\xc4\x8f\x12X\xdf\xc2\xd7\x8e\xf4\xb9_\xf6\x10\xfc\x9b\xce\xab\xcf\xa9_\x88\xf4\x1b\x12\x12N\f\x84\r\vsI\x86\xe9\xe6J\xb8\xe4\x8f\x02\x9e\xf45\xd9\xf1\xbd\xfd\x97\xd8OU\t\x9e2K\xe2*~\x9dIe\x00\x00\x00\x00\x00\x00\xce;E\x8c\x05~\x1f\xa5\xa4\x9d\xf6\'\xc4\xf7\xa3\xf2\xfb\x85z>\xd71\xb8\x83\x8e\xa9c6I\x8f\x00\xb2\x03\xfd3\xb8\xe9Xo\xaa\xaeg\xb3\x9e\x8fM:\xa5\x1c \xbe\xfe\"\xa1\x11\xf4~\xa1\x90D/e\xe1\xb1C:}\xd2\x9dT\xc1\xd6[Ld\x06\xee\xc6\xe4\x99uT\xfdl\x94\xe1:\'2aO\xf1\xfa8l\n\xe0l\x1c\x89\xd7U\x99\xe9d?\x04\xd8\xf3\x9c\xd8t\x88@\x89\x15p\x84\xad\xa3V=,U\xa4_\xb9\xa7\xd7O\x91\xb2\x03\xbe\xd5\xa8\x03o\x0e\xa7\x93\xabubg\x10\x19\x82D\xa7\xae9\xf1\xc0\n\xfe;n)OAV\xfe\x8fE-\xea\x7fzO0\xde\xc0WK\xe1\x9b\xfe\xbfR\x8c$p\xf0\xe4\xa5\xbe_\x8d:\xd6\xc5\xf5\x80+\xe6O', 0x81) 5.854972746s ago: executing program 1 (id=2084): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x10, 0x2, 0xc) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) memfd_create$auto(&(0x7f0000000000)='\x00', 0xe) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) recvfrom$auto(0x3, 0x0, 0x80000000002, 0x6, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) 5.332176907s ago: executing program 5 (id=2085): mmap$auto(0x101, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) sysfs$auto(0x2, 0x100000000000007, 0x0) (async) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, 0x0) (async) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) (async) socket(0x2b, 0x1, 0x1) (async) unshare$auto(0x6) (async) mmap$auto(0x20000000, 0x2020009, 0x3, 0xffff, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) (async) setsockopt$auto(0x3, 0x8000000000000006, 0x25, 0x0, 0x7ffffc) 5.276308023s ago: executing program 1 (id=2086): fsconfig$auto(0x6, 0x2, 0xfffffffffffffffe, 0x0, 0x10) (async) fsconfig$auto(0x6, 0x2, 0xfffffffffffffffe, 0x0, 0x10) openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000003500), 0x40002, 0x0) (async) r0 = openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000003500), 0x40002, 0x0) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(r0, &(0x7f0000003540)='\a', 0x1) socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x401, 0x1ff, 0x7, 0x48, 0x6ab, 0x1ffdf, 0x80000007, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x2, 0x10001, 0x80, 0x100000000, 0x800000, 0x3400, 0x8, 0x200, 0x800, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0xd) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x401, 0x1ff, 0x7, 0x48, 0x6ab, 0x1ffdf, 0x80000007, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x2, 0x10001, 0x80, 0x100000000, 0x800000, 0x3400, 0x8, 0x200, 0x800, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x20008004) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x20008004) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x2, 0x0) read$auto(r2, 0x0, 0x5) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 4.963925147s ago: executing program 5 (id=2087): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0xa, 0x0) open(0x0, 0xa240, 0x15e) open(0x0, 0x161342, 0x100) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0x2000, 0x1000}, 0x6, 0x47) 4.723051943s ago: executing program 6 (id=2088): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/snmp\x00', 0xc8841, 0x0) write$auto(r2, 0x0, 0x1) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) sendmsg$auto_NL80211_CMD_FLUSH_PMKSA(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r4, 0x2, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x2004805}, 0x1) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) pipe$auto(&(0x7f0000000200)=r5) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0xfdf3, 0x39) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)=""/112, 0x70) r6 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000003b80)='/proc/cmdline\x00', 0x400, 0x0) preadv$auto(r6, &(0x7f0000009180)={&(0x7f0000008180), 0x7}, 0x26, 0x80, 0x5) r7 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0) socket(0x1d, 0x2, 0x2) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$auto_BTRFS_IOC_GET_SUPPORTED_FEATURES(r7, 0x80489439, &(0x7f0000000f80)=[{0x3ff, 0x3, 0x8000000000000000}, {0x5, 0x5, 0x2}, {0xa6, 0x1, 0x2}]) 4.613739168s ago: executing program 5 (id=2089): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r1, 0x0, 0x1, 0x0, 0x1e) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) getsockopt$auto(0x3, 0x200000000001, 0x1d, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r2, 0x5522, 0xf15) ioctl$auto(r2, 0x5523, r2) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) socket(0xa, 0x5, 0x94) mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x6, &(0x7f00000000c0)="4da7cb3eea24f2f0249732a686a3fb7bcedb68bcbd4effc395251e9208da4511f08a562c55e57d550cd79cfefd8358c37e788769e2e3eb4af0a162e8bc6d660b1597c57cf01eea17b1f049c0e25deaa614a49429ecd111c4d1682686b6e9"}) close_range$auto(0x2, 0x8, 0x0) getpgrp(0x0) 4.255825739s ago: executing program 1 (id=2090): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r1, 0x0, 0x1, 0x0, 0x1e) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) socket(0xa, 0x5, 0x94) r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$auto(r2, 0x3b84, 0xffffffffffffffff) mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x6, &(0x7f00000000c0)="4da7cb3eea24f2f0249732a686a3fb7bcedb68bcbd4effc395251e9208da4511f08a562c55e57d550cd79cfefd8358c37e788769e2e3eb4af0a162e8bc6d660b1597c57cf01eea17b1f049c0e25deaa614a49429ecd111c4d1682686b6e9"}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa102, 0x0) close_range$auto(0x2, 0x8, 0x0) getpgrp(0x0) timerfd_create$auto(0xe, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) utimes$auto(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)={0x100000001, 0x4}) 2.387059461s ago: executing program 6 (id=2091): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) fanotify_init$auto(0x5, 0x2000000000002) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) seccomp$auto(0x2, 0x0, 0x0) (async) r0 = memfd_secret$auto(0x3) ioctl$auto(r0, 0x354, 0x0) 2.340261909s ago: executing program 1 (id=2092): r0 = socket(0x2, 0x4, 0x491) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff6a, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4000009}, 0x24004880) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=':'], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/perf_event_max_sample_rate\x00', 0x1181, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1ff, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) ioctl$auto_TUNSETOFFLOAD2(0xffffffffffffffff, 0x400454d0, &(0x7f0000000300)=0x1000) poll$auto(0x0, 0x5, 0x108) mmap$auto(0x1, 0x20009, 0x4000000000e2, 0xeb1, 0x401, 0x4) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) r3 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24044011}, 0x800) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000226bd7000fedbdf25030000000800030009000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a000100aaaaaaaaaabb00000a000500aaaaaaaaaa370000080004001000000008000200", @ANYRES8=r0, @ANYBLOB="88000e"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) 1.762334146s ago: executing program 6 (id=2093): move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) r1 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) ppoll$auto(&(0x7f0000000000)={r1, 0x81, 0x9}, 0x9, 0x0, 0x0, 0x8) socketpair$auto(0xf, 0x7fff, 0x4, &(0x7f0000000180)=0x8) mmap$auto(0x0, 0x9, 0x400000072, 0x7f, 0x1000000002, 0xd) readv$auto(0x0, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x7ff) mmap$auto(0x0, 0x20006, 0x4000000000de, 0x10010, 0xffffffffffffffff, 0x8001) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/power/autosuspend\x00', 0xa0302, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x3a) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(r2, 0x0, 0x400, 0xfffffffffffffffe, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), 0xffffffffffffffff) write$auto(0x3, 0x0, 0xfdef) fcntl$auto(0xffffffffffffffff, 0x8, 0x1) fcntl$getown(0xffffffffffffffff, 0x9) read$auto(0x4, 0x0, 0xfdef) mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x1000002, 0x8000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) 1.61178603s ago: executing program 5 (id=2094): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, r0, 0x1400000, 0x5}, 0x6f4) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x8c002, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) getegid() close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0xfffffffffffffff8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x11, 0x3, 0x2) getsockopt$auto(r1, 0x107, 0xb, 0x0, 0x0) read$auto(0x3, 0x0, 0x7) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) unshare$auto(0x40000080) mmap$auto(0x2, 0x4020009, 0x3, 0xeb1, 0x401, 0x4000008000) madvise$auto(0x80000001, 0x2, 0xffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x89a, 0x4, 0x7) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 773.747767ms ago: executing program 1 (id=2095): ioctl$auto_SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0x4, 0xffffffffffffffff, 0x0, "a9366c4f2ea1fc0b7547e4be13dd5d76"}) r1 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r1, 0x1, 0x6, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000001140)="8cbdca", 0x3) writev$auto(r2, &(0x7f0000001d40)={0x0, 0x2}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x0, 0x2000000000009, 0x3, 0x7, 0xfffffffffffff718, 0x5, 0x7fff, 0x2000000000010006, 0x0, 0x7, 0x8, 0x0, 0x7, 0xaf, 0x9, 0x2, 0x3, 0x8001, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2}, 0x200, 0xfffffffb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB="0100", @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x20040001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xb, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='*'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xffffa474, &(0x7f00000002c0)={0x0, 0xc4}, 0x9, 0x0, 0x0, 0xa}, 0x9}, 0x2, 0x800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/netdevsim/link_device\x00', 0xc0481, 0x0) write$auto(r3, 0x0, 0x81) close_range$auto(r0, r1, 0x5) r4 = socket(0x2, 0x2, 0x0) bind$auto(r4, &(0x7f0000000040)=@llc={0x1a, 0x338, 0x0, 0x80, 0x0, 0xe6, @local}, 0x6a) 0s ago: executing program 1 (id=2096): close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x4, 0x4, 0x40eb1, 0x401, 0x300000000000) mknodat$auto(0x5, 0x0, 0xfffffffffffff084, 0x400) r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r0, &(0x7f0000001100)=""/4096, 0x1000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0xc0603d06, 0x0) close_range$auto(0x2, r2, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x1f, 0x2, 0x3) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) bind$auto(0x3, 0x0, 0x6b) connect$auto(r2, 0x0, 0x55) close_range$auto(0x2, 0xa, 0x0) read$auto_proc_page_owner_operations_page_owner(0xffffffffffffffff, &(0x7f0000000000)=""/87, 0x57) kernel console output (not intermixed with test programs): snd_pcm_oss_release+0x28b/0x310 [ 471.055328][T11635] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 471.055368][T11635] __fput+0x3ff/0xb70 [ 471.055417][T11635] task_work_run+0x14d/0x240 [ 471.055466][T11635] ? __pfx_task_work_run+0x10/0x10 [ 471.055523][T11635] ? __pfx___do_sys_close_range+0x10/0x10 [ 471.055551][T11635] ? rcu_is_watching+0x12/0xc0 [ 471.055586][T11635] syscall_exit_to_user_mode+0x27b/0x2a0 [ 471.055626][T11635] do_syscall_64+0xda/0x230 [ 471.055668][T11635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.055699][T11635] RIP: 0033:0x7f0ae8f8e969 [ 471.055724][T11635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.055753][T11635] RSP: 002b:00007f0ae6df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 471.055783][T11635] RAX: 0000000000000000 RBX: 00007f0ae91b5fa0 RCX: 00007f0ae8f8e969 [ 471.055802][T11635] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 471.055819][T11635] RBP: 00007f0ae9010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 471.055837][T11635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.055855][T11635] R13: 0000000000000000 R14: 00007f0ae91b5fa0 R15: 00007ffe2f2f4b88 [ 471.055895][T11635] [ 471.056410][T11635] Mem-Info: [ 471.297176][T11638] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1106'. [ 471.419260][T11635] active_anon:41536 inactive_anon:4 isolated_anon:0 [ 471.419260][T11635] active_file:11850 inactive_file:49200 isolated_file:0 [ 471.419260][T11635] unevictable:768 dirty:2458 writeback:0 [ 471.419260][T11635] slab_reclaimable:11026 slab_unreclaimable:100900 [ 471.419260][T11635] mapped:55825 shmem:30346 pagetables:1182 [ 471.419260][T11635] sec_pagetables:0 bounce:0 [ 471.419260][T11635] kernel_misc_reclaimable:0 [ 471.419260][T11635] free:1262190 free_pcp:17561 free_cma:0 [ 471.473253][T11638] ipvlan0: entered allmulticast mode [ 471.478624][T11638] veth0_vlan: entered allmulticast mode [ 471.570833][T11635] Node 0 active_anon:164496kB inactive_anon:16kB active_file:45856kB inactive_file:196372kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:221064kB dirty:9192kB writeback:256kB shmem:118040kB shmem_thp:6144kB shmem_pmdmapped:6144kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11796kB pagetables:4720kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 471.710940][T11635] Node 1 active_anon:3448kB inactive_anon:0kB active_file:1544kB inactive_file:428kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:3836kB dirty:4kB writeback:0kB shmem:5344kB shmem_thp:2048kB shmem_pmdmapped:2048kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:8kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 471.885847][T11635] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 472.131312][T11635] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 472.166503][T11635] Node 0 DMA32 free:1167500kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:171664kB inactive_anon:16kB active_file:53016kB inactive_file:192792kB unevictable:4468kB writepending:6288kB present:3129332kB managed:2544212kB mlocked:2932kB bounce:0kB free_pcp:11176kB local_pcp:9788kB free_cma:0kB [ 472.295301][T11635] lowmem_reserve[]: 0 0 1 1 1 [ 472.309212][T11635] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1808kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB [ 472.449207][T11635] lowmem_reserve[]: 0 0 0 0 0 [ 472.454035][T11635] Node 1 Normal free:3848668kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:3448kB inactive_anon:0kB active_file:1544kB inactive_file:72kB unevictable:1892kB writepending:8kB present:4194300kB managed:4111164kB mlocked:356kB bounce:0kB free_pcp:59832kB local_pcp:28116kB free_cma:0kB [ 472.526046][T11635] lowmem_reserve[]: 0 0 0 0 0 [ 472.559393][T11635] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 472.600806][T11635] Node 0 DMA32: 49*4kB (UE) 10*8kB (UE) 21*16kB (UME) 85*32kB (UE) 117*64kB (UE) 282*128kB (UME) 170*256kB (UME) 128*512kB (M) 70*1024kB (UME) 22*2048kB (ME) 215*4096kB (UM) = 1153348kB [ 472.669618][T11635] Node 0 Normal: 3*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28kB [ 472.770870][T11635] Node 1 Normal: 2297*4kB (UME) 79*8kB (UM) 38*16kB (UME) 155*32kB (UM) 77*64kB (UME) 27*128kB (UME) 13*256kB (UME) 4*512kB (U) 4*1024kB (ME) 1*2048kB (E) 931*4096kB (M) = 3848668kB [ 472.879169][T11635] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 472.888797][T11635] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 473.002096][T11635] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 473.088284][T11635] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 473.169619][T11635] 97772 total pagecache pages [ 473.174402][T11635] 29 pages in swap cache [ 473.178677][T11635] Free swap = 124880kB [ 473.267904][T11635] Total swap = 124996kB [ 473.278039][T11635] 2097051 pages RAM [ 473.319578][T11635] 0 pages HighMem/MovableOnly [ 473.324502][T11635] 428892 pages reserved [ 473.328684][T11635] 0 pages cma reserved [ 473.757037][T11653] ip_vti0: entered allmulticast mode [ 477.611120][T11699] ima: policy update failed [ 477.662747][ T30] audit: type=1802 audit(6040742352.278:18): pid=11699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1118" res=0 errno=0 [ 478.905045][T11707] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 483.883882][T11800] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1138'. [ 485.903512][ T30] audit: type=1800 audit(6040742361.496:19): pid=11827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1143" name="dummy_udc" dev="gadgetfs" ino=5855 res=0 errno=0 [ 487.950061][T11862] FAULT_INJECTION: forcing a failure. [ 487.950061][T11862] name failslab, interval 1, probability 0, space 0, times 0 [ 488.031150][T11862] CPU: 1 UID: 0 PID: 11862 Comm: syz.3.1151 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 488.031203][T11862] Tainted: [U]=USER [ 488.031214][T11862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 488.031231][T11862] Call Trace: [ 488.031241][T11862] [ 488.031253][T11862] dump_stack_lvl+0x16c/0x1f0 [ 488.031295][T11862] should_fail_ex+0x512/0x640 [ 488.031338][T11862] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 488.031393][T11862] should_failslab+0xc2/0x120 [ 488.031438][T11862] __kmalloc_cache_noprof+0x6a/0x3e0 [ 488.031490][T11862] ? alloc_pipe_info+0x10e/0x590 [ 488.031527][T11862] alloc_pipe_info+0x10e/0x590 [ 488.031564][T11862] splice_direct_to_actor+0x77d/0xa30 [ 488.031614][T11862] ? __pfx_direct_splice_actor+0x10/0x10 [ 488.031665][T11862] ? __pfx_aa_file_perm+0x10/0x10 [ 488.031708][T11862] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 488.031751][T11862] ? get_pid_task+0xfc/0x250 [ 488.031802][T11862] do_splice_direct+0x174/0x240 [ 488.031849][T11862] ? __pfx_do_splice_direct+0x10/0x10 [ 488.031894][T11862] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 488.031943][T11862] ? rw_verify_area+0xcf/0x680 [ 488.031991][T11862] do_sendfile+0xafd/0xe50 [ 488.032047][T11862] ? __pfx_do_sendfile+0x10/0x10 [ 488.032096][T11862] ? __fget_files+0x20e/0x3c0 [ 488.032155][T11862] __x64_sys_sendfile64+0x1d8/0x220 [ 488.032194][T11862] ? ksys_write+0x1b9/0x240 [ 488.032223][T11862] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 488.032258][T11862] ? rcu_is_watching+0x12/0xc0 [ 488.032298][T11862] do_syscall_64+0xcd/0x230 [ 488.032340][T11862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.032372][T11862] RIP: 0033:0x7f3d2a18e969 [ 488.032397][T11862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.032433][T11862] RSP: 002b:00007f3d2b080038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 488.032464][T11862] RAX: ffffffffffffffda RBX: 00007f3d2a3b5fa0 RCX: 00007f3d2a18e969 [ 488.032485][T11862] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 488.032504][T11862] RBP: 00007f3d2b080090 R08: 0000000000000000 R09: 0000000000000000 [ 488.032524][T11862] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 488.032543][T11862] R13: 0000000000000000 R14: 00007f3d2a3b5fa0 R15: 00007ffec0153688 [ 488.032585][T11862] [ 488.575955][T11868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'. [ 488.691193][ T30] audit: type=1400 audit(6040742364.306:20): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=11864 comm="syz.1.1152" [ 488.814927][T11877] FAULT_INJECTION: forcing a failure. [ 488.814927][T11877] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 488.870751][T11877] CPU: 1 UID: 0 PID: 11877 Comm: syz.3.1156 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 488.870799][T11877] Tainted: [U]=USER [ 488.870808][T11877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 488.870824][T11877] Call Trace: [ 488.870834][T11877] [ 488.870844][T11877] dump_stack_lvl+0x16c/0x1f0 [ 488.870881][T11877] should_fail_ex+0x512/0x640 [ 488.870923][T11877] should_fail_alloc_page+0xe7/0x130 [ 488.870958][T11877] prepare_alloc_pages+0x3c2/0x610 [ 488.870996][T11877] ? rcu_is_watching+0x12/0xc0 [ 488.871024][T11877] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 488.871054][T11877] ? kasan_save_stack+0x33/0x60 [ 488.871086][T11877] ? __lock_acquire+0xaa4/0x1ba0 [ 488.871122][T11877] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 488.871156][T11877] ? look_up_lock_class+0x6b/0x150 [ 488.871191][T11877] ? __lock_acquire+0x5ca/0x1ba0 [ 488.871226][T11877] ? __lock_acquire+0x5ca/0x1ba0 [ 488.871258][T11877] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 488.871294][T11877] ? policy_nodemask+0xea/0x4e0 [ 488.871326][T11877] alloc_pages_mpol+0x1fb/0x550 [ 488.871358][T11877] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 488.871397][T11877] ? __lock_acquire+0x5ca/0x1ba0 [ 488.871434][T11877] folio_alloc_mpol_noprof+0x36/0x2f0 [ 488.871473][T11877] vma_alloc_folio_noprof+0xed/0x1e0 [ 488.871510][T11877] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 488.871556][T11877] do_pte_missing+0x223d/0x3fb0 [ 488.871592][T11877] __handle_mm_fault+0x103d/0x2a40 [ 488.871626][T11877] ? __pfx___handle_mm_fault+0x10/0x10 [ 488.871650][T11877] ? __pte_offset_map_lock+0x155/0x2f0 [ 488.871691][T11877] ? find_held_lock+0x2b/0x80 [ 488.871712][T11877] ? find_held_lock+0x2b/0x80 [ 488.871755][T11877] handle_mm_fault+0x3fe/0xad0 [ 488.871785][T11877] __get_user_pages+0x771/0x36f0 [ 488.871832][T11877] ? __pfx_mt_find+0x10/0x10 [ 488.871866][T11877] ? __pfx___get_user_pages+0x10/0x10 [ 488.871917][T11877] populate_vma_page_range+0x278/0x3a0 [ 488.871961][T11877] ? __pfx_populate_vma_page_range+0x10/0x10 [ 488.872002][T11877] ? __pfx_find_vma_intersection+0x10/0x10 [ 488.872060][T11877] ? do_mmap+0x69c/0x11b0 [ 488.872102][T11877] __mm_populate+0x1d8/0x380 [ 488.872128][T11877] ? __pfx___mm_populate+0x10/0x10 [ 488.872175][T11877] ? up_write+0x1b2/0x520 [ 488.872215][T11877] vm_mmap_pgoff+0x362/0x450 [ 488.872256][T11877] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 488.872302][T11877] ? __x64_sys_futex+0x1e0/0x4c0 [ 488.872328][T11877] ? __x64_sys_futex+0x1e9/0x4c0 [ 488.872360][T11877] ksys_mmap_pgoff+0x7d/0x5c0 [ 488.872404][T11877] ? rcu_is_watching+0x12/0xc0 [ 488.872430][T11877] __x64_sys_mmap+0x125/0x190 [ 488.872460][T11877] do_syscall_64+0xcd/0x230 [ 488.872496][T11877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.872522][T11877] RIP: 0033:0x7f3d2a18e969 [ 488.872544][T11877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.872571][T11877] RSP: 002b:00007f3d2b080038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 488.872596][T11877] RAX: ffffffffffffffda RBX: 00007f3d2a3b5fa0 RCX: 00007f3d2a18e969 [ 488.872614][T11877] RDX: 00000000000000df RSI: 0000000000400005 RDI: 0000000000000000 [ 488.872630][T11877] RBP: 00007f3d2a210ab1 R08: 0000000000000002 R09: 0000000000008000 [ 488.872647][T11877] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 488.872663][T11877] R13: 0000000000000000 R14: 00007f3d2a3b5fa0 R15: 00007ffec0153688 [ 488.872696][T11877] [ 491.301292][T11908] FAULT_INJECTION: forcing a failure. [ 491.301292][T11908] name failslab, interval 1, probability 0, space 0, times 0 [ 491.324231][T11908] CPU: 1 UID: 0 PID: 11908 Comm: syz.2.1162 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 491.324282][T11908] Tainted: [U]=USER [ 491.324293][T11908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 491.324312][T11908] Call Trace: [ 491.324321][T11908] [ 491.324332][T11908] dump_stack_lvl+0x16c/0x1f0 [ 491.324376][T11908] should_fail_ex+0x512/0x640 [ 491.324417][T11908] ? __kmalloc_noprof+0xbf/0x510 [ 491.324454][T11908] ? alloc_pipe_info+0x1ec/0x590 [ 491.324483][T11908] should_failslab+0xc2/0x120 [ 491.324519][T11908] __kmalloc_noprof+0xd2/0x510 [ 491.324563][T11908] alloc_pipe_info+0x1ec/0x590 [ 491.324598][T11908] splice_direct_to_actor+0x77d/0xa30 [ 491.324643][T11908] ? __pfx_direct_splice_actor+0x10/0x10 [ 491.324691][T11908] ? __pfx_aa_file_perm+0x10/0x10 [ 491.324733][T11908] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 491.324774][T11908] ? get_pid_task+0xfc/0x250 [ 491.324823][T11908] do_splice_direct+0x174/0x240 [ 491.324867][T11908] ? __pfx_do_splice_direct+0x10/0x10 [ 491.324911][T11908] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 491.324960][T11908] ? rw_verify_area+0xcf/0x680 [ 491.325013][T11908] do_sendfile+0xafd/0xe50 [ 491.325066][T11908] ? __pfx_do_sendfile+0x10/0x10 [ 491.325113][T11908] ? __fget_files+0x20e/0x3c0 [ 491.325168][T11908] __x64_sys_sendfile64+0x1d8/0x220 [ 491.325200][T11908] ? ksys_write+0x1b9/0x240 [ 491.325227][T11908] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 491.325259][T11908] ? rcu_is_watching+0x12/0xc0 [ 491.325297][T11908] do_syscall_64+0xcd/0x230 [ 491.325338][T11908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.325367][T11908] RIP: 0033:0x7f0ae8f8e969 [ 491.325402][T11908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.325429][T11908] RSP: 002b:00007f0ae6df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 491.325456][T11908] RAX: ffffffffffffffda RBX: 00007f0ae91b5fa0 RCX: 00007f0ae8f8e969 [ 491.325474][T11908] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 491.325491][T11908] RBP: 00007f0ae6df6090 R08: 0000000000000000 R09: 0000000000000000 [ 491.325508][T11908] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 491.325526][T11908] R13: 0000000000000000 R14: 00007f0ae91b5fa0 R15: 00007ffe2f2f4b88 [ 491.325561][T11908] [ 491.881268][T11916] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1164'. [ 492.091364][T11921] vmstat_refresh: nr_hugetlb -18432 [ 492.724707][T11906] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1161'. [ 493.872813][T11949] input input20: cannot allocate more than FF_MAX_EFFECTS effects [ 495.701143][T11980] zram: Removed device: zram0 [ 496.949484][T12022] netlink: 'syz.3.1189': attribute type 2 has an invalid length. [ 500.570252][T12076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1200'. [ 500.646307][T12076] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 500.683837][T12076] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 500.780637][T12078] vivid-009: ================= START STATUS ================= [ 500.843764][T12078] vivid-009: Enable Output Cropping: true [ 500.975253][T12078] vivid-009: Enable Output Composing: true [ 500.981363][T12078] vivid-009: Enable Output Scaler: true [ 500.987032][T12078] vivid-009: Tx RGB Quantization Range: Automatic [ 500.993762][T12078] vivid-009: Transmit Mode: HDMI [ 500.998819][T12078] vivid-009: Hotplug Present: 0x00000000 [ 501.004643][T12078] vivid-009: RxSense Present: 0x00000000 [ 501.010493][T12078] vivid-009: EDID Present: 0x00000000 [ 501.016007][T12078] vivid-009: ================== END STATUS ================== [ 501.024206][T12078] vivid-009: ================= START STATUS ================= [ 501.032816][T12078] vivid-009: Enable Output Cropping: true [ 501.038725][T12078] vivid-009: Enable Output Composing: true [ 501.044990][T12078] vivid-009: Enable Output Scaler: true [ 501.182791][T12078] vivid-009: Tx RGB Quantization Range: Automatic [ 501.231853][T12078] vivid-009: Transmit Mode: HDMI [ 501.259529][T12078] vivid-009: Hotplug Present: 0x00000000 [ 501.265517][T12078] vivid-009: RxSense Present: 0x00000000 [ 501.271400][T12078] vivid-009: EDID Present: 0x00000000 [ 501.281126][T12078] vivid-009: ================== END STATUS ================== [ 501.290667][T12078] vivid-009: ================= START STATUS ================= [ 501.298431][T12078] vivid-009: Enable Output Cropping: true [ 501.304481][T12078] vivid-009: Enable Output Composing: true [ 501.310539][T12078] vivid-009: Enable Output Scaler: true [ 501.316155][T12078] vivid-009: Tx RGB Quantization Range: Automatic [ 501.322779][T12078] vivid-009: Transmit Mode: HDMI [ 501.327884][T12078] vivid-009: Hotplug Present: 0x00000000 [ 501.344331][T12078] vivid-009: RxSense Present: 0x00000000 [ 501.401013][T12078] vivid-009: EDID Present: 0x00000000 [ 501.406514][T12078] vivid-009: ================== END STATUS ================== [ 502.963371][T12113] HfR: entered promiscuous mode [ 502.990348][T12109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1206'. [ 503.020641][T12109] HfR: left promiscuous mode [ 503.698730][T12134] nvme_fcloop: unknown parameter or missing value '7' [ 503.728001][T12134] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1209'. [ 503.963280][T12140] input input21: cannot allocate more than FF_MAX_EFFECTS effects [ 505.107068][T12171] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1218'. [ 505.149946][T12171] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1218'. [ 505.288532][T12172] Invalid ELF header magic: != ELF [ 505.891436][T12177] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1220'. [ 505.922800][T12180] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1221'. [ 506.577942][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.585046][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.833558][T12222] FAULT_INJECTION: forcing a failure. [ 507.833558][T12222] name failslab, interval 1, probability 0, space 0, times 0 [ 507.870600][T12222] CPU: 0 UID: 0 PID: 12222 Comm: syz.3.1231 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 507.870652][T12222] Tainted: [U]=USER [ 507.870663][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 507.870680][T12222] Call Trace: [ 507.870690][T12222] [ 507.870702][T12222] dump_stack_lvl+0x16c/0x1f0 [ 507.870753][T12222] should_fail_ex+0x512/0x640 [ 507.870795][T12222] ? fs_reclaim_acquire+0xae/0x150 [ 507.870847][T12222] should_failslab+0xc2/0x120 [ 507.870885][T12222] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 507.870921][T12222] ? security_inode_alloc+0x3b/0x2b0 [ 507.870961][T12222] security_inode_alloc+0x3b/0x2b0 [ 507.870995][T12222] inode_init_always_gfp+0xce4/0x1030 [ 507.871051][T12222] alloc_inode+0x86/0x240 [ 507.871088][T12222] iget_locked+0x2e4/0x830 [ 507.871131][T12222] ? __pfx_iget_locked+0x10/0x10 [ 507.871172][T12222] ? find_held_lock+0x2b/0x80 [ 507.871203][T12222] ? kernfs_root+0xee/0x2a0 [ 507.871258][T12222] kernfs_get_inode+0x48/0x460 [ 507.871308][T12222] kernfs_iop_lookup+0x1a7/0x2d0 [ 507.871341][T12222] ? __pfx_kernfs_iop_lookup+0x10/0x10 [ 507.871370][T12222] lookup_open.isra.0+0x4d7/0x1580 [ 507.871426][T12222] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 507.871499][T12222] ? lookup_fast+0x156/0x610 [ 507.871551][T12222] path_openat+0x905/0x2d40 [ 507.871598][T12222] ? __pfx_path_openat+0x10/0x10 [ 507.871639][T12222] do_filp_open+0x20b/0x470 [ 507.871671][T12222] ? __pfx_do_filp_open+0x10/0x10 [ 507.871741][T12222] ? alloc_fd+0x471/0x7d0 [ 507.871803][T12222] do_sys_openat2+0x11b/0x1d0 [ 507.871846][T12222] ? __pfx_do_sys_openat2+0x10/0x10 [ 507.871891][T12222] ? __sys_sendmsg+0x199/0x220 [ 507.871932][T12222] __x64_sys_openat+0x174/0x210 [ 507.871973][T12222] ? __pfx___x64_sys_openat+0x10/0x10 [ 507.872019][T12222] ? rcu_is_watching+0x12/0xc0 [ 507.872059][T12222] do_syscall_64+0xcd/0x230 [ 507.872101][T12222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.872133][T12222] RIP: 0033:0x7f3d2a18e969 [ 507.872159][T12222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 507.872190][T12222] RSP: 002b:00007f3d2b080038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 507.872219][T12222] RAX: ffffffffffffffda RBX: 00007f3d2a3b5fa0 RCX: 00007f3d2a18e969 [ 507.872239][T12222] RDX: 0000000000080404 RSI: 0000200000000440 RDI: ffffffffffffff9c [ 507.872260][T12222] RBP: 00007f3d2a210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 507.872279][T12222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.872297][T12222] R13: 0000000000000000 R14: 00007f3d2a3b5fa0 R15: 00007ffec0153688 [ 507.872339][T12222] [ 508.019483][T12213] cgroup: fork rejected by pids controller in /syz2 [ 511.072109][T12303] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1241'. syzkaller syzkaller login: [ 511.113385][T12303] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.161861][T12303] bridge_slave_1 (unregistering): left allmulticast mode [ 512.174149][T12303] bridge_slave_1 (unregistering): left promiscuous mode [ 512.183521][T12303] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.692359][T12329] dyndbg: expected <4096 bytes into control [ 514.247079][T12351] nvme_fcloop: unknown parameter or missing value '7' [ 514.320029][T12351] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1249'. [ 515.420405][T12370] ovs9: entered promiscuous mode [ 523.593145][T12473] [U]  [ 523.596379][T12473] [U] [ 523.599136][T12473] [U] [ 523.601894][T12473] [U] [ 523.640488][T12475] FAULT_INJECTION: forcing a failure. [ 523.640488][T12475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 523.676708][T12473] [U] [ 523.679508][T12473] [U] [ 523.682263][T12473] [U] [ 523.685011][T12473] [U] [ 523.744414][T12475] CPU: 1 UID: 0 PID: 12475 Comm: syz.1.1277 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 523.744467][T12475] Tainted: [U]=USER [ 523.744476][T12475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 523.744493][T12475] Call Trace: [ 523.744502][T12475] [ 523.744514][T12475] dump_stack_lvl+0x16c/0x1f0 [ 523.744556][T12475] should_fail_ex+0x512/0x640 [ 523.744603][T12475] _copy_from_user+0x2e/0xd0 [ 523.744651][T12475] kstrtoint_from_user+0xd6/0x1d0 [ 523.744688][T12475] ? __pfx_kstrtoint_from_user+0x10/0x10 [ 523.744725][T12475] ? get_pid_task+0xfc/0x250 [ 523.744781][T12475] ? __pfx_smbd_max_send_size_write+0x10/0x10 [ 523.744836][T12475] smbd_max_send_size_write+0x28/0x70 [ 523.744880][T12475] proc_reg_write+0x23d/0x330 [ 523.744917][T12475] vfs_write+0x25c/0x1180 [ 523.744943][T12475] ? __pfx_proc_reg_write+0x10/0x10 [ 523.744981][T12475] ? __pfx___mutex_lock+0x10/0x10 [ 523.745021][T12475] ? __pfx_vfs_write+0x10/0x10 [ 523.745061][T12475] ? __fget_files+0x20e/0x3c0 [ 523.745122][T12475] ksys_write+0x12a/0x240 [ 523.745151][T12475] ? __pfx_ksys_write+0x10/0x10 [ 523.745178][T12475] ? rcu_is_watching+0x12/0xc0 [ 523.745218][T12475] do_syscall_64+0xcd/0x230 [ 523.745258][T12475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.745290][T12475] RIP: 0033:0x7f7c4cf8e969 [ 523.745314][T12475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.745344][T12475] RSP: 002b:00007f7c4dd60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 523.745373][T12475] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8e969 [ 523.745393][T12475] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 523.745411][T12475] RBP: 00007f7c4dd60090 R08: 0000000000000000 R09: 0000000000000000 [ 523.745430][T12475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 523.745449][T12475] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 523.745491][T12475] [ 523.763109][T12473] [U] [ 523.954871][T12473] [U] [ 523.957608][T12473] [U] [ 523.960335][T12473] [U] [ 523.963153][ C0] vkms_vblank_simulate: vblank timer overrun [ 524.131549][T12473] [U] [ 524.221726][T12478] nvme_fcloop: unknown parameter or missing value '7' [ 524.283420][T12478] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1278'. [ 524.648190][T12482] busy [ 524.760374][T12491] FAULT_INJECTION: forcing a failure. [ 524.760374][T12491] name fail_futex, interval 1, probability 0, space 0, times 0 [ 524.829668][T12491] CPU: 1 UID: 0 PID: 12491 Comm: syz.5.1281 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 524.829727][T12491] Tainted: [U]=USER [ 524.829737][T12491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 524.829755][T12491] Call Trace: [ 524.829765][T12491] [ 524.829777][T12491] dump_stack_lvl+0x16c/0x1f0 [ 524.829819][T12491] should_fail_ex+0x512/0x640 [ 524.829868][T12491] get_futex_key+0x49e/0x1000 [ 524.829902][T12491] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 524.829937][T12491] ? __pfx_get_futex_key+0x10/0x10 [ 524.829972][T12491] ? __lock_acquire+0xaa4/0x1ba0 [ 524.830021][T12491] futex_wake+0xe7/0x4e0 [ 524.830063][T12491] ? __pfx_futex_wake+0x10/0x10 [ 524.830106][T12491] ? __pfx_perf_event_namespaces+0x10/0x10 [ 524.830165][T12491] do_futex+0x1e3/0x350 [ 524.830198][T12491] ? __pfx_do_futex+0x10/0x10 [ 524.830233][T12491] ? ksys_unshare+0x687/0xa40 [ 524.830281][T12491] __x64_sys_futex+0x1e0/0x4c0 [ 524.830319][T12491] ? __pfx___x64_sys_futex+0x10/0x10 [ 524.830354][T12491] ? rcu_is_watching+0x12/0xc0 [ 524.830396][T12491] do_syscall_64+0xcd/0x230 [ 524.830437][T12491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.830470][T12491] RIP: 0033:0x7f1413b8e969 [ 524.830495][T12491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.830526][T12491] RSP: 002b:00007f141499a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 524.830556][T12491] RAX: ffffffffffffffda RBX: 00007f1413db5fa8 RCX: 00007f1413b8e969 [ 524.830577][T12491] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1413db5fac [ 524.830596][T12491] RBP: 00007f1413db5fa0 R08: 00007f141499b000 R09: 0000000000000000 [ 524.830616][T12491] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1413db5fac [ 524.830636][T12491] R13: 0000000000000000 R14: 00007ffeafad4e00 R15: 00007ffeafad4ee8 [ 524.830676][T12491] [ 525.781674][T12502] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1280'. [ 526.371575][T12508] Invalid ELF header magic: != ELF [ 527.119895][T12516] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1285'. [ 527.129600][T12516] : renamed from hsr0 (while UP) [ 527.183976][T12518] FAULT_INJECTION: forcing a failure. [ 527.183976][T12518] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 527.256224][T12518] CPU: 1 UID: 0 PID: 12518 Comm: syz.1.1286 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 527.256274][T12518] Tainted: [U]=USER [ 527.256283][T12518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 527.256300][T12518] Call Trace: [ 527.256310][T12518] [ 527.256321][T12518] dump_stack_lvl+0x16c/0x1f0 [ 527.256361][T12518] should_fail_ex+0x512/0x640 [ 527.256407][T12518] _copy_to_user+0x32/0xd0 [ 527.256455][T12518] simple_read_from_buffer+0xcb/0x170 [ 527.256502][T12518] proc_fail_nth_read+0x197/0x270 [ 527.256544][T12518] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 527.256597][T12518] ? rw_verify_area+0xcf/0x680 [ 527.256639][T12518] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 527.256682][T12518] vfs_read+0x1de/0xc70 [ 527.256714][T12518] ? __pfx___mutex_lock+0x10/0x10 [ 527.256750][T12518] ? __pfx_vfs_read+0x10/0x10 [ 527.256788][T12518] ? __fget_files+0x20e/0x3c0 [ 527.256844][T12518] ksys_read+0x12a/0x240 [ 527.256871][T12518] ? __pfx_ksys_read+0x10/0x10 [ 527.256896][T12518] ? rcu_is_watching+0x12/0xc0 [ 527.256933][T12518] do_syscall_64+0xcd/0x230 [ 527.256974][T12518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.257010][T12518] RIP: 0033:0x7f7c4cf8d37c [ 527.257033][T12518] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 527.257062][T12518] RSP: 002b:00007f7c4dd60030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 527.257089][T12518] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8d37c [ 527.257109][T12518] RDX: 000000000000000f RSI: 00007f7c4dd600a0 RDI: 0000000000000004 [ 527.257126][T12518] RBP: 00007f7c4dd60090 R08: 0000000000000000 R09: 0000000000000000 [ 527.257144][T12518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.257162][T12518] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 527.257200][T12518] [ 527.973766][T12528] nvme_fcloop: unknown parameter or missing value '7' [ 528.005377][T12528] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1288'. [ 528.418287][T12535] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1290'. [ 528.474162][T12535] mac80211_hwsim hwsim22 wlan1: entered allmulticast mode [ 529.429329][T12543] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1292'. syzkaller syzkaller login: [ 537.305098][T12593] syz.2.1300 invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), order=0, oom_score_adj=1000 [ 537.649194][T12593] CPU: 0 UID: 0 PID: 12593 Comm: syz.2.1300 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 537.649249][T12593] Tainted: [U]=USER [ 537.649259][T12593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 537.649283][T12593] Call Trace: [ 537.649293][T12593] [ 537.649304][T12593] dump_stack_lvl+0x16c/0x1f0 [ 537.649359][T12593] dump_header+0x101/0x930 [ 537.649402][T12593] oom_kill_process+0x270/0xa60 [ 537.649450][T12593] ? mem_cgroup_out_of_memory+0x8c/0x270 [ 537.649513][T12593] out_of_memory+0x350/0x1700 [ 537.649550][T12593] ? __lock_acquire+0xaa4/0x1ba0 [ 537.649603][T12593] ? __pfx_out_of_memory+0x10/0x10 [ 537.649656][T12593] mem_cgroup_out_of_memory+0x205/0x270 [ 537.649702][T12593] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 537.649783][T12593] ? do_raw_spin_unlock+0x172/0x230 [ 537.649834][T12593] try_charge_memcg+0xa07/0x10c0 [ 537.649890][T12593] ? __pfx_try_charge_memcg+0x10/0x10 [ 537.649931][T12593] ? peak_open+0x11/0x50 [ 537.649973][T12593] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 537.650035][T12593] __memcg_kmem_charge_page+0xda/0x420 [ 537.650090][T12593] __alloc_frozen_pages_noprof+0x32c/0x23a0 [ 537.650150][T12593] ? stack_trace_save+0x8e/0xc0 [ 537.650179][T12593] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 537.650228][T12593] ? __alloc_frozen_pages_noprof+0x298/0x23a0 [ 537.650267][T12593] ? kasan_save_track+0x14/0x30 [ 537.650301][T12593] ? __kasan_slab_alloc+0x89/0x90 [ 537.650330][T12593] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 537.650365][T12593] ? __pmd_alloc+0xc3/0x870 [ 537.650408][T12593] ? __handle_mm_fault+0x948/0x2a40 [ 537.650438][T12593] ? handle_mm_fault+0x3fe/0xad0 [ 537.650473][T12593] ? do_user_addr_fault+0x60c/0x1370 [ 537.650504][T12593] ? exc_page_fault+0x5c/0xc0 [ 537.650538][T12593] ? asm_exc_page_fault+0x26/0x30 [ 537.650571][T12593] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 537.650625][T12593] ? policy_nodemask+0xea/0x4e0 [ 537.650668][T12593] alloc_pages_mpol+0x1fb/0x550 [ 537.650706][T12593] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 537.650764][T12593] alloc_pages_noprof+0x131/0x390 [ 537.650802][T12593] pte_alloc_one+0x19/0x380 [ 537.650841][T12593] __pte_alloc+0x6d/0x3c0 [ 537.650878][T12593] ? __pfx___pte_alloc+0x10/0x10 [ 537.650925][T12593] ? do_raw_spin_lock+0x12c/0x2b0 [ 537.650975][T12593] ? find_held_lock+0x2b/0x80 [ 537.651004][T12593] do_pte_missing+0x2925/0x3fb0 [ 537.651041][T12593] ? _raw_spin_unlock+0x28/0x50 [ 537.651068][T12593] ? __pmd_alloc+0x3c2/0x870 [ 537.651123][T12593] __handle_mm_fault+0x103d/0x2a40 [ 537.651164][T12593] ? __pfx___handle_mm_fault+0x10/0x10 [ 537.651197][T12593] ? lock_vma_under_rcu+0x47d/0x970 [ 537.651245][T12593] ? lock_vma_under_rcu+0x47d/0x970 [ 537.651321][T12593] handle_mm_fault+0x3fe/0xad0 [ 537.651370][T12593] do_user_addr_fault+0x60c/0x1370 [ 537.651410][T12593] exc_page_fault+0x5c/0xc0 [ 537.651444][T12593] asm_exc_page_fault+0x26/0x30 [ 537.651482][T12593] RIP: 0033:0x7f0ae8f566ed [ 537.651513][T12593] Code: 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 48 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 fe 7f 07 c5 fe 7f 4f 20 c5 fe 7f 54 17 e0 c5 fe 7f 5c 17 c0 e9 [ 537.651542][T12593] RSP: 002b:00007ffe2f2f4ce8 EFLAGS: 00010246 [ 537.651570][T12593] RAX: 0000200000000000 RBX: 0000000000000004 RCX: 8000000000000080 [ 537.651589][T12593] RDX: 0000000000000080 RSI: 00007f0ae8a0001e RDI: 0000200000000000 [ 537.651608][T12593] RBP: 00007f0ae91b7ba0 R08: 00007f0ae8e00000 R09: 0000000000000001 [ 537.651631][T12593] R10: 0000000000000001 R11: 0000000000000009 R12: 00007f0ae91b5fac [ 537.651657][T12593] R13: 00007f0ae91b5fa0 R14: fffffffffffffffe R15: 00007ffe2f2f4e00 [ 537.651698][T12593] [ 538.284099][T12593] memory: usage 307200kB, limit 307200kB, failcnt 19685 [ 538.633989][T12593] memory+swap: usage 430352kB, limit 9007199254740988kB, failcnt 0 [ 538.906303][T12593] kmem: usage 2684kB, limit 9007199254740988kB, failcnt 0 [ 538.952018][T12593] Memory cgroup stats for /syz2: [ 538.952357][T12593] cache 306331648 [ 538.992278][T12593] rss 4247552 [ 538.995634][T12593] rss_huge 0 [ 538.998865][T12593] shmem 306331648 [ 539.039956][T12593] mapped_file 0 [ 539.115205][T12593] dirty 0 [ 539.159294][T12593] writeback 0 [ 539.164509][T12593] workingset_refault_anon 2035 [ 539.179147][T12593] workingset_refault_file 48 [ 539.183821][T12593] swap 126234624 [ 539.187391][T12593] swapcached 1118208 [ 539.213212][T12593] pgpgin 528230 [ 539.226923][T12593] pgpgout 452643 [ 539.232647][T12593] pgfault 298083 [ 539.236233][T12593] pgmajfault 528 [ 539.285414][T12593] inactive_anon 303243264 [ 539.299184][T12593] active_anon 8454144 [ 539.303255][T12593] inactive_file 0 [ 539.316087][T12593] active_file 0 [ 539.328861][T12593] unevictable 0 [ 539.389166][T12593] hierarchical_memory_limit 314572800 [ 539.394608][T12593] hierarchical_memsw_limit 9223372036854771712 [ 539.448616][T12619] FAULT_INJECTION: forcing a failure. [ 539.448616][T12619] name failslab, interval 1, probability 0, space 0, times 0 [ 539.482956][T12593] total_cache 306331648 [ 539.487178][T12593] total_rss 4247552 [ 539.509302][T12593] total_rss_huge 0 [ 539.513159][T12593] total_shmem 306331648 [ 539.517350][T12593] total_mapped_file 0 [ 539.546176][T12593] total_dirty 0 [ 539.568757][T12593] total_writeback 0 [ 539.575575][T12593] total_workingset_refault_anon 2035 [ 539.582872][T12619] CPU: 1 UID: 0 PID: 12619 Comm: syz.3.1307 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 539.582925][T12619] Tainted: [U]=USER [ 539.582936][T12619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 539.582956][T12619] Call Trace: [ 539.582965][T12619] [ 539.582977][T12619] dump_stack_lvl+0x16c/0x1f0 [ 539.583023][T12619] should_fail_ex+0x512/0x640 [ 539.583069][T12619] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 539.583109][T12619] should_failslab+0xc2/0x120 [ 539.583148][T12619] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 539.583182][T12619] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 539.583225][T12619] ? __d_alloc+0x31/0xaa0 [ 539.583261][T12619] __d_alloc+0x31/0xaa0 [ 539.583287][T12619] ? look_up_lock_class+0x59/0x150 [ 539.583327][T12619] d_alloc_pseudo+0x1c/0xc0 [ 539.583366][T12619] alloc_file_pseudo+0xcf/0x230 [ 539.583406][T12619] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 539.583441][T12619] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 539.583499][T12619] create_pipe_files+0x364/0x930 [ 539.583536][T12619] do_pipe2+0xaf/0x1c0 [ 539.583575][T12619] ? __pfx_do_pipe2+0x10/0x10 [ 539.583622][T12619] __x64_sys_pipe+0x33/0x50 [ 539.583655][T12619] do_syscall_64+0xcd/0x230 [ 539.583698][T12619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.583730][T12619] RIP: 0033:0x7f3d2a18e969 [ 539.583754][T12619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.583785][T12619] RSP: 002b:00007f3d2b03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 539.583814][T12619] RAX: ffffffffffffffda RBX: 00007f3d2a3b6160 RCX: 00007f3d2a18e969 [ 539.583835][T12619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 539.583854][T12619] RBP: 00007f3d2a210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 539.583873][T12619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 539.583891][T12619] R13: 0000000000000000 R14: 00007f3d2a3b6160 R15: 00007ffec0153688 [ 539.583928][T12619] [ 539.585034][T12593] total_workingset_refault_file 48 [ 539.826670][T12593] total_swap 126234624 [ 539.836483][T12593] total_swapcached 1118208 [ 539.851746][T12593] total_pgpgin 528230 [ 539.859197][T12593] total_pgpgout 452643 [ 539.863333][T12593] total_pgfault 298083 [ 539.867431][T12593] total_pgmajfault 528 [ 539.904340][T12593] total_inactive_anon 303243264 [ 539.919150][T12593] total_active_anon 8454144 [ 539.923771][T12593] total_inactive_file 0 [ 539.927956][T12593] total_active_file 0 [ 539.950764][T12593] total_unevictable 0 [ 539.954858][T12593] anon_cost 0 [ 539.982387][T12593] file_cost 0 [ 539.985742][T12593] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1230,pid=12254,uid=0 [ 540.037823][T12593] Memory cgroup out of memory: Killed process 12254 (syz.2.1230) total-vm:102864kB, anon-rss:5004kB, file-rss:47544kB, shmem-rss:0kB, UID:0 pgtables:200kB oom_score_adj:1000 [ 540.959066][T12628] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1310'. [ 541.256915][T12624] delete_channel: no stack [ 541.979244][T12647] can: request_module (can-proto-3) failed. [ 542.221916][ T32] oom_reaper: reaped process 12254 (syz.2.1230), now anon-rss:92kB, file-rss:42356kB, shmem-rss:0kB [ 542.739245][T12653] can: request_module (can-proto-0) failed. [ 543.639710][T12671] nvme_fcloop: unknown parameter or missing value '7' [ 543.744256][T12672] erspan0: entered allmulticast mode [ 544.278782][T12680] syz.3.1320 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 546.232750][T12694] mkiss: ax0: crc mode is auto. [ 548.224338][T12709] nvme_fcloop: unknown parameter or missing value '7' [ 552.122413][T12764] Invalid ELF header magic: != ELF [ 552.381013][T12761] Invalid ELF header magic: != ELF [ 554.006726][T12785] Invalid ELF header magic: != ELF [ 555.766704][T12810] netlink: 'syz.1.1345': attribute type 1 has an invalid length. [ 556.696730][T12816] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 556.734970][T12816] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 559.968742][T12880] netlink: 11784 bytes leftover after parsing attributes in process `syz.2.1362'. [ 561.317952][T12899] Invalid ELF header magic: != ELF [ 561.713771][T12904] nvme_fabrics: missing parameter 'transport=%s' [ 561.749556][T12904] nvme_fabrics: missing parameter 'nqn=%s' [ 564.098082][T12942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1375'. [ 564.109128][T12942] veth1_macvtap: entered allmulticast mode [ 565.755715][T12982] nvme_fcloop: unknown parameter or missing value '7' [ 566.554691][T13001] netlink: 'syz.5.1384': attribute type 2 has an invalid length. [ 567.272767][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1382'. [ 568.023517][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.029963][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.827218][T13053] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1393'. [ 568.844964][T13042] [U] [ 568.847740][T13042] [U] [ 568.850471][T13042] [U] [ 568.853227][T13042] [U] [ 568.856415][T13042] [U] [ 568.859178][T13042] [U] [ 568.861913][T13042] [U] [ 568.864632][T13042] [U] [ 568.883101][T13042] [U] [ 568.885879][T13042] [U] [ 568.888625][T13042] [U] [ 568.891378][T13042] [U] [ 568.922032][T13042] [U] [ 568.924815][T13042] [U] [ 568.927550][T13042] [U] [ 568.930283][T13042] [U] [ 568.959631][T13042] [U] [ 568.962401][T13042] [U] [ 568.965154][T13042] [U] [ 568.967907][T13042] [U] [ 568.992450][T13042] [U] [ 568.995231][T13042] [U] [ 568.997976][T13042] [U] [ 569.000705][T13042] [U] [ 569.054340][T13042] [U] [ 569.057138][T13042] [U] [ 569.059889][T13042] [U] [ 569.062625][T13042] [U] [ 569.107577][T13042] [U] [ 569.110378][T13042] [U] [ 569.113133][T13042] [U] [ 569.115898][T13042] [U] [ 569.205675][T13042] [U] [ 569.208470][T13042] [U] [ 569.211219][T13042] [U] [ 569.213972][T13042] [U] [ 569.279426][T13042] [U] [ 569.282219][T13042] [U] [ 569.284965][T13042] [U] [ 569.287716][T13042] [U] [ 569.310410][T13042] [U] [ 569.313214][T13042] [U] [ 569.315970][T13042] [U] [ 569.318696][T13042] [U] [ 569.358322][T13042] [U] [ 570.496341][T13080] netlink: 11784 bytes leftover after parsing attributes in process `syz.5.1398'. [ 571.692483][T13101] FAULT_INJECTION: forcing a failure. [ 571.692483][T13101] name failslab, interval 1, probability 0, space 0, times 0 [ 571.766667][T13101] CPU: 1 UID: 0 PID: 13101 Comm: syz.1.1402 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 571.766722][T13101] Tainted: [U]=USER [ 571.766733][T13101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 571.766752][T13101] Call Trace: [ 571.766762][T13101] [ 571.766774][T13101] dump_stack_lvl+0x16c/0x1f0 [ 571.766820][T13101] should_fail_ex+0x512/0x640 [ 571.766863][T13101] ? __kmalloc_noprof+0xbf/0x510 [ 571.766900][T13101] ? __register_sysctl_table+0xb3/0x1900 [ 571.766934][T13101] should_failslab+0xc2/0x120 [ 571.766988][T13101] __kmalloc_noprof+0xd2/0x510 [ 571.767030][T13101] __register_sysctl_table+0xb3/0x1900 [ 571.767067][T13101] ? is_module_address+0x5f/0xf0 [ 571.767114][T13101] ? __pfx___register_sysctl_table+0x10/0x10 [ 571.767154][T13101] ? is_module_address+0x69/0xf0 [ 571.767194][T13101] ? register_net_sysctl_sz+0x228/0x3e0 [ 571.767238][T13101] ? __asan_memcpy+0x3c/0x60 [ 571.767292][T13101] devinet_init_net+0x378/0x910 [ 571.767329][T13101] ? __pfx_devinet_init_net+0x10/0x10 [ 571.767362][T13101] ops_init+0x1df/0x5f0 [ 571.767398][T13101] setup_net+0x21e/0x850 [ 571.767434][T13101] ? __pfx_setup_net+0x10/0x10 [ 571.767464][T13101] ? lockdep_init_map_type+0x5c/0x280 [ 571.767504][T13101] ? __pfx_down_read_killable+0x10/0x10 [ 571.767553][T13101] ? debug_mutex_init+0x37/0x70 [ 571.767607][T13101] copy_net_ns+0x2a6/0x5f0 [ 571.767648][T13101] create_new_namespaces+0x3ea/0xad0 [ 571.767697][T13101] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 571.767735][T13101] ksys_unshare+0x45b/0xa40 [ 571.767779][T13101] ? __pfx_ksys_unshare+0x10/0x10 [ 571.767818][T13101] ? xfd_validate_state+0x5d/0x180 [ 571.767870][T13101] ? rcu_is_watching+0x12/0xc0 [ 571.767908][T13101] __x64_sys_unshare+0x31/0x40 [ 571.767949][T13101] do_syscall_64+0xcd/0x230 [ 571.767991][T13101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.768023][T13101] RIP: 0033:0x7f7c4cf8e969 [ 571.768049][T13101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.768080][T13101] RSP: 002b:00007f7c4dd60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 571.768110][T13101] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8e969 [ 571.768131][T13101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 571.768157][T13101] RBP: 00007f7c4d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 571.768175][T13101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 571.768194][T13101] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 571.768236][T13101] [ 572.028213][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.788216][T10726] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 577.381323][T13183] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 578.902567][T10726] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 579.399828][T13208] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1424'. [ 579.816765][T13217] FAULT_INJECTION: forcing a failure. [ 579.816765][T13217] name failslab, interval 1, probability 0, space 0, times 0 [ 579.854079][T13217] CPU: 1 UID: 0 PID: 13217 Comm: syz.1.1426 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 579.854133][T13217] Tainted: [U]=USER [ 579.854144][T13217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 579.854163][T13217] Call Trace: [ 579.854173][T13217] [ 579.854184][T13217] dump_stack_lvl+0x16c/0x1f0 [ 579.854228][T13217] should_fail_ex+0x512/0x640 [ 579.854278][T13217] should_failslab+0xc2/0x120 [ 579.854330][T13217] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 579.854364][T13217] ? skb_clone+0x190/0x3f0 [ 579.854400][T13217] skb_clone+0x190/0x3f0 [ 579.854432][T13217] netlink_deliver_tap+0xabd/0xd30 [ 579.854474][T13217] netlink_unicast+0x6b2/0x7f0 [ 579.854513][T13217] ? __pfx_netlink_unicast+0x10/0x10 [ 579.854567][T13217] ctrl_getfamily+0x40a/0x540 [ 579.854605][T13217] ? __pfx_ctrl_getfamily+0x10/0x10 [ 579.854643][T13217] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 579.854683][T13217] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 579.854734][T13217] genl_family_rcv_msg_doit+0x206/0x2f0 [ 579.854777][T13217] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 579.854817][T13217] ? __pfx___mutex_lock+0x10/0x10 [ 579.854853][T13217] ? genl_get_cmd+0x194/0x580 [ 579.854901][T13217] ? __local_bh_enable_ip+0xa4/0x120 [ 579.854936][T13217] ? __dev_queue_xmit+0x896/0x43e0 [ 579.854977][T13217] ? __radix_tree_lookup+0x21f/0x2c0 [ 579.855014][T13217] genl_rcv_msg+0x55c/0x800 [ 579.855053][T13217] ? __pfx_genl_rcv_msg+0x10/0x10 [ 579.855086][T13217] ? __pfx___dev_queue_xmit+0x10/0x10 [ 579.855154][T13217] ? __pfx_ctrl_getfamily+0x10/0x10 [ 579.855200][T13217] ? __lock_acquire+0xaa4/0x1ba0 [ 579.855249][T13217] netlink_rcv_skb+0x16a/0x440 [ 579.855282][T13217] ? __pfx_genl_rcv_msg+0x10/0x10 [ 579.855323][T13217] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 579.855379][T13217] ? __pfx_down_read+0x10/0x10 [ 579.855421][T13217] ? netlink_deliver_tap+0x1ae/0xd30 [ 579.855458][T13217] genl_rcv+0x28/0x40 [ 579.855489][T13217] netlink_unicast+0x53a/0x7f0 [ 579.855525][T13217] ? __pfx_netlink_unicast+0x10/0x10 [ 579.855580][T13217] netlink_sendmsg+0x8d1/0xdd0 [ 579.855620][T13217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 579.855672][T13217] __sys_sendto+0x495/0x510 [ 579.855720][T13217] ? __pfx___sys_sendto+0x10/0x10 [ 579.855782][T13217] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 579.855846][T13217] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 579.855888][T13217] __x64_sys_sendto+0xe0/0x1c0 [ 579.855934][T13217] ? do_syscall_64+0x91/0x230 [ 579.855971][T13217] ? lockdep_hardirqs_on+0x7c/0x110 [ 579.856008][T13217] do_syscall_64+0xcd/0x230 [ 579.856050][T13217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.856082][T13217] RIP: 0033:0x7f7c4cf907fc [ 579.856107][T13217] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 579.856137][T13217] RSP: 002b:00007f7c4dd5eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 579.856166][T13217] RAX: ffffffffffffffda RBX: 00007f7c4dd5efc0 RCX: 00007f7c4cf907fc [ 579.856187][T13217] RDX: 0000000000000020 RSI: 00007f7c4dd5f010 RDI: 0000000000000005 [ 579.856206][T13217] RBP: 0000000000000000 R08: 00007f7c4dd5ef14 R09: 000000000000000c [ 579.856226][T13217] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 579.856245][T13217] R13: 00007f7c4dd5ef68 R14: 00007f7c4dd5f010 R15: 0000000000000000 [ 579.856287][T13217] [ 581.639875][T13254] FAULT_INJECTION: forcing a failure. [ 581.639875][T13254] name failslab, interval 1, probability 0, space 0, times 0 [ 581.679185][T13254] CPU: 0 UID: 0 PID: 13254 Comm: syz.1.1433 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 581.679237][T13254] Tainted: [U]=USER [ 581.679247][T13254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 581.679265][T13254] Call Trace: [ 581.679275][T13254] [ 581.679288][T13254] dump_stack_lvl+0x16c/0x1f0 [ 581.679333][T13254] should_fail_ex+0x512/0x640 [ 581.679376][T13254] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 581.679417][T13254] should_failslab+0xc2/0x120 [ 581.679465][T13254] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 581.679499][T13254] ? vma_merge_new_range+0x3f8/0xc10 [ 581.679531][T13254] ? vm_area_alloc+0x1f/0x160 [ 581.679573][T13254] vm_area_alloc+0x1f/0x160 [ 581.679609][T13254] __mmap_region+0xfd0/0x27c0 [ 581.679643][T13254] ? rcu_is_watching+0x12/0xc0 [ 581.679673][T13254] ? __pfx___mmap_region+0x10/0x10 [ 581.679708][T13254] ? finish_task_switch.isra.0+0x221/0xc10 [ 581.679748][T13254] ? __schedule+0x1186/0x5de0 [ 581.679780][T13254] ? __lock_acquire+0xaa4/0x1ba0 [ 581.679882][T13254] ? trace_cap_capable+0x18d/0x200 [ 581.679916][T13254] ? cap_capable+0xb3/0x250 [ 581.679952][T13254] mmap_region+0x1ab/0x3f0 [ 581.679995][T13254] do_mmap+0xd8e/0x11b0 [ 581.680047][T13254] ? __pfx_do_mmap+0x10/0x10 [ 581.680091][T13254] ? __pfx_down_write_killable+0x10/0x10 [ 581.680142][T13254] vm_mmap_pgoff+0x281/0x450 [ 581.680195][T13254] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 581.680250][T13254] ? __x64_sys_futex+0x1e0/0x4c0 [ 581.680280][T13254] ? __x64_sys_futex+0x1e9/0x4c0 [ 581.680318][T13254] ksys_mmap_pgoff+0x7d/0x5c0 [ 581.680362][T13254] ? rcu_is_watching+0x12/0xc0 [ 581.680394][T13254] __x64_sys_mmap+0x125/0x190 [ 581.680434][T13254] do_syscall_64+0xcd/0x230 [ 581.680477][T13254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.680508][T13254] RIP: 0033:0x7f7c4cf8e969 [ 581.680532][T13254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 581.680564][T13254] RSP: 002b:00007f7c4dd60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 581.680593][T13254] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8e969 [ 581.680613][T13254] RDX: 00000000000000e2 RSI: 0000000000020009 RDI: 0000000000000000 [ 581.680633][T13254] RBP: 00007f7c4d010ab1 R08: 0000000000000405 R09: 0000000000008000 [ 581.680653][T13254] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 581.680672][T13254] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 581.680713][T13254] [ 584.487107][T13299] FAULT_INJECTION: forcing a failure. [ 584.487107][T13299] name failslab, interval 1, probability 0, space 0, times 0 [ 584.561940][T13299] CPU: 0 UID: 0 PID: 13299 Comm: syz.1.1444 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 584.561997][T13299] Tainted: [U]=USER [ 584.562008][T13299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 584.562027][T13299] Call Trace: [ 584.562037][T13299] [ 584.562049][T13299] dump_stack_lvl+0x16c/0x1f0 [ 584.562095][T13299] should_fail_ex+0x512/0x640 [ 584.562138][T13299] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 584.562191][T13299] should_failslab+0xc2/0x120 [ 584.562231][T13299] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 584.562267][T13299] ? __proc_create+0xc3/0x8c0 [ 584.562301][T13299] ? __proc_create+0x2ce/0x8c0 [ 584.562340][T13299] __proc_create+0x2ce/0x8c0 [ 584.562378][T13299] ? __pfx___proc_create+0x10/0x10 [ 584.562420][T13299] ? _raw_write_unlock+0x28/0x50 [ 584.562461][T13299] proc_create_reg+0x7d/0x180 [ 584.562502][T13299] proc_create_data+0x86/0x110 [ 584.562539][T13299] ? __pfx_proc_create_data+0x10/0x10 [ 584.562580][T13299] ? cache_register_net+0x137/0x5e0 [ 584.562636][T13299] cache_register_net+0x1e0/0x5e0 [ 584.562689][T13299] nfsd_idmap_init+0x16e/0x250 [ 584.562727][T13299] ? __pfx_nfsd_net_init+0x10/0x10 [ 584.562773][T13299] nfsd_net_init+0x69/0x3d0 [ 584.562824][T13299] ? __pfx_nfsd_net_init+0x10/0x10 [ 584.562875][T13299] ops_init+0x1df/0x5f0 [ 584.562913][T13299] setup_net+0x21e/0x850 [ 584.562952][T13299] ? __pfx_setup_net+0x10/0x10 [ 584.562982][T13299] ? lockdep_init_map_type+0x5c/0x280 [ 584.563027][T13299] ? __pfx_down_read_killable+0x10/0x10 [ 584.563077][T13299] ? debug_mutex_init+0x37/0x70 [ 584.563133][T13299] copy_net_ns+0x2a6/0x5f0 [ 584.563179][T13299] create_new_namespaces+0x3ea/0xad0 [ 584.563226][T13299] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 584.563266][T13299] ksys_unshare+0x45b/0xa40 [ 584.563311][T13299] ? __pfx_ksys_unshare+0x10/0x10 [ 584.563352][T13299] ? xfd_validate_state+0x5d/0x180 [ 584.563407][T13299] ? rcu_is_watching+0x12/0xc0 [ 584.563445][T13299] __x64_sys_unshare+0x31/0x40 [ 584.563488][T13299] do_syscall_64+0xcd/0x230 [ 584.563531][T13299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.563563][T13299] RIP: 0033:0x7f7c4cf8e969 [ 584.563588][T13299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.563620][T13299] RSP: 002b:00007f7c4dd3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 584.563650][T13299] RAX: ffffffffffffffda RBX: 00007f7c4d1b6080 RCX: 00007f7c4cf8e969 [ 584.563672][T13299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 584.563692][T13299] RBP: 00007f7c4d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 584.563712][T13299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.563733][T13299] R13: 0000000000000000 R14: 00007f7c4d1b6080 R15: 00007ffd27713798 [ 584.563777][T13299] [ 585.083456][T13307] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1446'. [ 585.174705][T13307] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.191768][T13313] nvme_fcloop: unknown parameter or missing value '7' [ 585.388547][T13307] bridge_slave_1 (unregistering): left allmulticast mode [ 585.420117][T13307] bridge_slave_1 (unregistering): left promiscuous mode [ 585.436084][T13307] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.616527][T13335] sysfs_service_op_store: Client not running :-5: [ 586.755709][T13324] kexec: Could not allocate control_code_buffer [ 587.229766][T13344] Invalid ELF header magic: != ELF [ 587.971135][T13354] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1457'. [ 592.759392][T13409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1470'. [ 593.824385][T13438] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1479'. [ 593.959772][T13438] veth0_macvtap: left promiscuous mode [ 594.265234][T13445] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1480'. [ 595.070053][T13450] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 595.077798][T13450] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 596.157853][T13470] nvme_fcloop: unknown parameter or missing value '7' [ 597.454492][T13483] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.778064][T13483] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.836530][T13492] netlink: 'syz.2.1491': attribute type 29 has an invalid length. [ 598.073879][T13483] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.388168][T13483] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.839813][T13534] nvme_fcloop: unknown parameter or missing value '7' [ 600.334240][T13543] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1503'. [ 600.626816][T13549] netlink: 'syz.3.1505': attribute type 1 has an invalid length. [ 601.888185][T13573] nvme_fcloop: unknown parameter or missing value '7' [ 604.479530][T13615] nvme_fcloop: unknown parameter or missing value '7' [ 604.706516][T10726] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 605.011610][ T30] audit: type=1800 audit(6040743522.618:21): pid=13621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1521" name="dbroot" dev="configfs" ino=41208 res=0 errno=0 [ 608.985514][T13654] random: crng reseeded on system resumption [ 609.684071][T13669] sysfs_service_op_store: Client not running :-5: [ 610.324850][T13676] nbd: socks must be embedded in a SOCK_ITEM attr [ 610.385967][T13676] block nbd0: shutting down sockets [ 610.627728][T13680] CIFS mount error: No usable UNC path provided in device string! [ 610.627728][T13680] [ 610.687430][T13680] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 611.537847][T13702] nvme_fcloop: unknown parameter or missing value '7' [ 614.770732][T13732] Invalid ELF header magic: != ELF [ 614.909273][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880613ddc00: rx timeout, send abort [ 615.419212][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880613ddc00: abort rx timeout. Force session deactivation [ 617.464641][T13786] zswap: compressor not available [ 617.676841][T13786] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1559'. [ 618.022305][ C1] vcan0: j1939_session_tx_dat: 0xffff88806cf36000: queue data error: -100 [ 621.694336][T13873] FAULT_INJECTION: forcing a failure. [ 621.694336][T13873] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 621.816605][T13873] CPU: 0 UID: 0 PID: 13873 Comm: syz.5.1578 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 621.816659][T13873] Tainted: [U]=USER [ 621.816668][T13873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 621.816686][T13873] Call Trace: [ 621.816696][T13873] [ 621.816708][T13873] dump_stack_lvl+0x16c/0x1f0 [ 621.816751][T13873] should_fail_ex+0x512/0x640 [ 621.816801][T13873] _copy_to_user+0x32/0xd0 [ 621.816851][T13873] simple_read_from_buffer+0xcb/0x170 [ 621.816901][T13873] oom_adj_read+0x209/0x2f0 [ 621.816947][T13873] ? __pfx_oom_adj_read+0x10/0x10 [ 621.816993][T13873] ? rw_verify_area+0xcf/0x680 [ 621.817040][T13873] ? __pfx_oom_adj_read+0x10/0x10 [ 621.817082][T13873] vfs_readv+0x6bc/0x8a0 [ 621.817133][T13873] ? __pfx___mutex_trylock_common+0x10/0x10 [ 621.817189][T13873] ? __pfx_vfs_readv+0x10/0x10 [ 621.817236][T13873] ? __mutex_lock+0x1ca/0xb90 [ 621.817284][T13873] ? __pfx___mutex_lock+0x10/0x10 [ 621.817337][T13873] ? __fget_files+0x20e/0x3c0 [ 621.817383][T13873] ? __fget_files+0x150/0x3c0 [ 621.817442][T13873] ? do_readv+0x132/0x330 [ 621.817485][T13873] do_readv+0x132/0x330 [ 621.817533][T13873] ? __pfx_do_readv+0x10/0x10 [ 621.817574][T13873] ? rcu_is_watching+0x12/0xc0 [ 621.817631][T13873] do_syscall_64+0xcd/0x230 [ 621.817673][T13873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.817703][T13873] RIP: 0033:0x7f1413b8e969 [ 621.817727][T13873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.817757][T13873] RSP: 002b:00007f141499a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 621.817785][T13873] RAX: ffffffffffffffda RBX: 00007f1413db5fa0 RCX: 00007f1413b8e969 [ 621.817805][T13873] RDX: 0000000100000007 RSI: 00002000000001c0 RDI: 0000000000000003 [ 621.817823][T13873] RBP: 00007f141499a090 R08: 0000000000000000 R09: 0000000000000000 [ 621.817843][T13873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.817861][T13873] R13: 0000000000000000 R14: 00007f1413db5fa0 R15: 00007ffeafad4ee8 [ 621.817901][T13873] [ 624.449235][ T30] audit: type=1800 audit(6040743542.028:22): pid=13908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1589" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 624.779235][T13910] nvme_fcloop: unknown parameter or missing value '7' [ 624.869690][T13912] netlink: zone id is out of range [ 624.874894][T13912] netlink: get zone limit has 4 unknown bytes [ 626.201540][T13930] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1596'. [ 628.057677][T13959] FAULT_INJECTION: forcing a failure. [ 628.057677][T13959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 628.119320][T13959] CPU: 0 UID: 0 PID: 13959 Comm: syz.5.1602 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 628.119372][T13959] Tainted: [U]=USER [ 628.119382][T13959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 628.119400][T13959] Call Trace: [ 628.119410][T13959] [ 628.119421][T13959] dump_stack_lvl+0x16c/0x1f0 [ 628.119461][T13959] should_fail_ex+0x512/0x640 [ 628.119513][T13959] _copy_to_user+0x32/0xd0 [ 628.119561][T13959] simple_read_from_buffer+0xcb/0x170 [ 628.119609][T13959] proc_fail_nth_read+0x197/0x270 [ 628.119653][T13959] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 628.119699][T13959] ? rw_verify_area+0xcf/0x680 [ 628.119739][T13959] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 628.119782][T13959] vfs_read+0x1de/0xc70 [ 628.119815][T13959] ? __pfx___mutex_lock+0x10/0x10 [ 628.119852][T13959] ? __pfx_vfs_read+0x10/0x10 [ 628.119897][T13959] ? __fget_files+0x20e/0x3c0 [ 628.119957][T13959] ksys_read+0x12a/0x240 [ 628.119984][T13959] ? __pfx_ksys_read+0x10/0x10 [ 628.120009][T13959] ? rcu_is_watching+0x12/0xc0 [ 628.120048][T13959] do_syscall_64+0xcd/0x230 [ 628.120088][T13959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.120117][T13959] RIP: 0033:0x7f1413b8d37c [ 628.120139][T13959] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 628.120168][T13959] RSP: 002b:00007f141499a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 628.120196][T13959] RAX: ffffffffffffffda RBX: 00007f1413db5fa0 RCX: 00007f1413b8d37c [ 628.120216][T13959] RDX: 000000000000000f RSI: 00007f141499a0a0 RDI: 0000000000000004 [ 628.120252][T13959] RBP: 00007f141499a090 R08: 0000000000000000 R09: 0000000000000000 [ 628.120286][T13959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.120305][T13959] R13: 0000000000000000 R14: 00007f1413db5fa0 R15: 00007ffeafad4ee8 [ 628.120347][T13959] [ 628.688790][T13971] netlink: 342 bytes leftover after parsing attributes in process `syz.5.1606'. [ 629.313198][T13979] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1609'. [ 629.359456][T13985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1610'. [ 629.388159][T13985] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1610'. [ 629.463708][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.470259][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.958272][T13991] sp0: Synchronizing with TNC [ 630.826777][T14025] FAULT_INJECTION: forcing a failure. [ 630.826777][T14025] name failslab, interval 1, probability 0, space 0, times 0 [ 630.839641][T14025] CPU: 1 UID: 0 PID: 14025 Comm: syz.3.1615 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 630.839705][T14025] Tainted: [U]=USER [ 630.839715][T14025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 630.839735][T14025] Call Trace: [ 630.839746][T14025] [ 630.839759][T14025] dump_stack_lvl+0x16c/0x1f0 [ 630.839805][T14025] should_fail_ex+0x512/0x640 [ 630.839847][T14025] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 630.839888][T14025] should_failslab+0xc2/0x120 [ 630.839929][T14025] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 630.839965][T14025] ? __proc_create+0xc3/0x8c0 [ 630.839999][T14025] ? __proc_create+0x2ce/0x8c0 [ 630.840041][T14025] __proc_create+0x2ce/0x8c0 [ 630.840078][T14025] ? __pfx___proc_create+0x10/0x10 [ 630.840119][T14025] ? _raw_write_unlock+0x28/0x50 [ 630.840154][T14025] ? proc_register+0x314/0x5f0 [ 630.840194][T14025] proc_create_reg+0x7d/0x180 [ 630.840236][T14025] proc_create_net_data+0x8e/0x1b0 [ 630.840287][T14025] ? __pfx_proc_create_net_data+0x10/0x10 [ 630.840338][T14025] sctp_proc_init+0x199/0x270 [ 630.840381][T14025] ? __pfx_sctp_defaults_init+0x10/0x10 [ 630.840418][T14025] sctp_defaults_init+0x74a/0xd80 [ 630.840461][T14025] ? __pfx_sctp_defaults_init+0x10/0x10 [ 630.840502][T14025] ops_init+0x1df/0x5f0 [ 630.840539][T14025] setup_net+0x21e/0x850 [ 630.840575][T14025] ? __pfx_setup_net+0x10/0x10 [ 630.840605][T14025] ? lockdep_init_map_type+0x5c/0x280 [ 630.840648][T14025] ? __pfx_down_read_killable+0x10/0x10 [ 630.840703][T14025] ? debug_mutex_init+0x37/0x70 [ 630.840758][T14025] copy_net_ns+0x2a6/0x5f0 [ 630.840806][T14025] create_new_namespaces+0x3ea/0xad0 [ 630.840850][T14025] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 630.840890][T14025] ksys_unshare+0x45b/0xa40 [ 630.840933][T14025] ? __pfx_ksys_unshare+0x10/0x10 [ 630.840971][T14025] ? xfd_validate_state+0x5d/0x180 [ 630.841023][T14025] ? rcu_is_watching+0x12/0xc0 [ 630.841061][T14025] __x64_sys_unshare+0x31/0x40 [ 630.841103][T14025] do_syscall_64+0xcd/0x230 [ 630.841145][T14025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.841177][T14025] RIP: 0033:0x7f3d2a18e969 [ 630.841202][T14025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.841234][T14025] RSP: 002b:00007f3d2b03e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 630.841263][T14025] RAX: ffffffffffffffda RBX: 00007f3d2a3b6160 RCX: 00007f3d2a18e969 [ 630.841285][T14025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 630.841304][T14025] RBP: 00007f3d2a210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 630.841324][T14025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.841343][T14025] R13: 0000000000000000 R14: 00007f3d2a3b6160 R15: 00007ffec0153688 [ 630.841384][T14025] [ 631.127598][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.995401][T14038] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1620'. [ 632.025140][ T30] audit: type=1800 audit(6040743549.628:23): pid=14052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1624" name="ram7" dev="tmpfs" ino=1242 res=0 errno=0 [ 634.494426][T14094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1638'. [ 634.504767][T14094] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1638'. [ 634.524480][T14094] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1638'. [ 635.981785][T14117] can: request_module (can-proto-3) failed. [ 637.894700][T14158] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 638.110776][T10726] Bluetooth: hci0: unexpected event 0x3e length: 1020 > 260 [ 638.110840][T10726] Bluetooth: hci0: unexpected subevent 0x01 length: 1019 > 18 [ 639.062739][T14168] FAULT_INJECTION: forcing a failure. [ 639.062739][T14168] name failslab, interval 1, probability 0, space 0, times 0 [ 639.096457][T14168] CPU: 1 UID: 0 PID: 14168 Comm: syz.3.1655 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 639.096509][T14168] Tainted: [U]=USER [ 639.096519][T14168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 639.096537][T14168] Call Trace: [ 639.096547][T14168] [ 639.096559][T14168] dump_stack_lvl+0x16c/0x1f0 [ 639.096602][T14168] should_fail_ex+0x512/0x640 [ 639.096646][T14168] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 639.096685][T14168] should_failslab+0xc2/0x120 [ 639.096722][T14168] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 639.096757][T14168] ? __kernfs_new_node+0xd2/0x8a0 [ 639.096813][T14168] __kernfs_new_node+0xd2/0x8a0 [ 639.096867][T14168] ? __pfx___kernfs_new_node+0x10/0x10 [ 639.096927][T14168] ? find_held_lock+0x2b/0x80 [ 639.096957][T14168] ? kernfs_root+0xee/0x2a0 [ 639.097013][T14168] kernfs_new_node+0x13c/0x1e0 [ 639.097054][T14168] __kernfs_create_file+0x53/0x350 [ 639.097100][T14168] sysfs_add_file_mode_ns+0x207/0x3c0 [ 639.097164][T14168] internal_create_group+0x578/0xf30 [ 639.097227][T14168] ? __pfx_internal_create_group+0x10/0x10 [ 639.097286][T14168] ? kernfs_create_link+0x1bd/0x240 [ 639.097333][T14168] internal_create_groups+0x9d/0x150 [ 639.097366][T14168] device_add+0xf30/0x1a70 [ 639.097412][T14168] ? __pfx_device_add+0x10/0x10 [ 639.097451][T14168] ? lockdep_init_map_type+0x5c/0x280 [ 639.097493][T14168] ? __init_waitqueue_head+0xca/0x150 [ 639.097551][T14168] netdev_register_kobject+0x182/0x3a0 [ 639.097592][T14168] register_netdevice+0x13dc/0x2270 [ 639.097634][T14168] ? __pfx_register_netdevice+0x10/0x10 [ 639.097681][T14168] register_netdev+0x34/0x50 [ 639.097713][T14168] sixpack_open+0x6e4/0xa40 [ 639.097765][T14168] ? __pfx_sixpack_open+0x10/0x10 [ 639.097812][T14168] ? tty_set_ldisc+0x2b8/0x780 [ 639.097841][T14168] ? down_write+0x14d/0x200 [ 639.097890][T14168] ? __pfx_sixpack_open+0x10/0x10 [ 639.097940][T14168] tty_ldisc_open+0x9c/0x120 [ 639.097970][T14168] tty_set_ldisc+0x32b/0x780 [ 639.098008][T14168] tty_ioctl+0xc42/0x1610 [ 639.098045][T14168] ? __pfx_tty_ioctl+0x10/0x10 [ 639.098093][T14168] ? do_raw_spin_unlock+0x172/0x230 [ 639.098144][T14168] ? hook_file_ioctl_common+0x145/0x410 [ 639.098189][T14168] ? xfd_validate_state+0x5d/0x180 [ 639.098242][T14168] ? __pfx_tty_ioctl+0x10/0x10 [ 639.098277][T14168] __x64_sys_ioctl+0x190/0x200 [ 639.098324][T14168] do_syscall_64+0xcd/0x230 [ 639.098364][T14168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.098395][T14168] RIP: 0033:0x7f3d2a18e969 [ 639.098420][T14168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.098450][T14168] RSP: 002b:00007f3d2b080038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 639.098478][T14168] RAX: ffffffffffffffda RBX: 00007f3d2a3b5fa0 RCX: 00007f3d2a18e969 [ 639.098498][T14168] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000007 [ 639.098517][T14168] RBP: 00007f3d2a210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 639.098536][T14168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 639.098554][T14168] R13: 0000000000000000 R14: 00007f3d2a3b5fa0 R15: 00007ffec0153688 [ 639.098595][T14168] [ 645.512596][T14251] can: request_module (can-proto-3) failed. [ 646.241894][T14264] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1675'. [ 647.700087][T14282] openvswitch: netlink: Key type 261 is out of range max 32 [ 652.548513][T14341] nvme_fcloop: unknown parameter or missing value '7' [ 653.054210][T14343] [U]  [ 653.057087][T14343] [U] [ 653.059841][T14343] [U] [ 653.062598][T14343] [U] [ 653.102212][T14343] [U] [ 653.104988][T14343] [U] [ 653.107731][T14343] [U] [ 653.110481][T14343] [U] [ 653.131073][T14344] [U] [ 654.541183][T14369] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1697'. [ 655.267934][T14374] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 655.349274][T14374] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 655.443385][T14374] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 656.935620][T10726] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 656.947717][T10726] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 656.956158][T10726] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 656.974753][T10726] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 656.988630][T10726] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 658.439578][T14416] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1704'. [ 658.704148][T14404] chnl_net:caif_netlink_parms(): no params data found [ 659.059192][T10727] Bluetooth: hci5: command tx timeout [ 659.085245][T14404] bridge0: port 1(bridge_slave_0) entered blocking state [ 659.316295][T14404] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.341084][T14404] bridge_slave_0: entered allmulticast mode [ 659.399182][T14404] bridge_slave_0: entered promiscuous mode [ 659.407213][T14428] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1707'. [ 659.423539][T14404] bridge0: port 2(bridge_slave_1) entered blocking state [ 659.431181][T14404] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.438407][T14404] bridge_slave_1: entered allmulticast mode [ 659.446521][T14404] bridge_slave_1: entered promiscuous mode [ 659.705025][T14404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 659.718520][T14404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.935915][T14404] team0: Port device team_slave_0 added [ 659.984885][T14404] team0: Port device team_slave_1 added [ 660.322228][T14404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 660.355684][T14404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.381667][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.463565][T14404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.521448][T14404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.528573][T14404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.629193][T14404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 661.103748][T14404] hsr_slave_0: entered promiscuous mode [ 661.139910][T10727] Bluetooth: hci5: command tx timeout [ 661.145759][T14404] hsr_slave_1: entered promiscuous mode [ 661.166313][T14404] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 661.174121][T14404] Cannot create hsr debugfs directory [ 662.188745][T14404] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 662.315687][T14404] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 662.351564][T14473] nvme_fcloop: unknown parameter or missing value '7' [ 662.394339][T14404] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 662.405816][T14473] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1717'. [ 662.469654][T14404] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 662.689681][T14481] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 662.995646][T14404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 663.090383][T14404] 8021q: adding VLAN 0 to HW filter on device team0 [ 663.165560][T10305] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.172789][T10305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 663.219350][T10727] Bluetooth: hci5: command tx timeout [ 663.254623][ T6474] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.261892][ T6474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 663.828519][T14478] kexec: Could not allocate control_code_buffer [ 664.008106][T14492] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1723'. [ 664.201347][T14492] bridge_slave_1: left allmulticast mode [ 664.224882][T14492] bridge_slave_1: left promiscuous mode [ 664.232724][T14492] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.256509][T14492] bridge_slave_0: left allmulticast mode [ 664.264048][T14492] bridge_slave_0: left promiscuous mode [ 664.274591][T14492] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.423525][T14504] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1725'. [ 664.598842][T14404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 665.299622][T10727] Bluetooth: hci5: command tx timeout [ 665.659292][T14524] nvme_fcloop: unknown parameter or missing value '7' [ 665.752816][T14524] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1729'. [ 665.972786][T14404] veth0_vlan: entered promiscuous mode [ 666.006644][T14404] veth1_vlan: entered promiscuous mode [ 666.164375][T14404] veth0_macvtap: entered promiscuous mode [ 666.292291][T14404] veth1_macvtap: entered promiscuous mode [ 666.403445][T14404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.465442][T14404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.511884][T14404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.546739][T14404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.592806][T14404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 666.627231][T14404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 666.679082][T14404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.709041][T14404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 666.749364][T14404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.800583][T14404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 666.962270][T14404] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 666.999327][T14404] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.008117][T14404] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.068252][T14404] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.714833][T10305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.762745][T10305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.867584][T12261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.903871][T12261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.181688][T14589] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1740'. [ 670.389285][T14596] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1742'. [ 670.976330][T14611] FAULT_INJECTION: forcing a failure. [ 670.976330][T14611] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 671.009111][T14611] CPU: 0 UID: 0 PID: 14611 Comm: syz.1.1747 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 671.009148][T14611] Tainted: [U]=USER [ 671.009155][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 671.009167][T14611] Call Trace: [ 671.009175][T14611] [ 671.009183][T14611] dump_stack_lvl+0x16c/0x1f0 [ 671.009213][T14611] should_fail_ex+0x512/0x640 [ 671.009248][T14611] should_fail_alloc_page+0xe7/0x130 [ 671.009295][T14611] prepare_alloc_pages+0x3c2/0x610 [ 671.009334][T14611] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 671.009361][T14611] ? copy_splice_read+0x1a8/0xba0 [ 671.009392][T14611] ? stack_trace_save+0x8e/0xc0 [ 671.009415][T14611] ? __pfx_stack_trace_save+0x10/0x10 [ 671.009437][T14611] ? stack_depot_save_flags+0x28/0xa50 [ 671.009469][T14611] ? bpf_ksym_find+0x124/0x1c0 [ 671.009507][T14611] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 671.009532][T14611] ? kasan_save_stack+0x33/0x60 [ 671.009554][T14611] ? __kasan_kmalloc+0xaa/0xb0 [ 671.009575][T14611] ? copy_splice_read+0x1a8/0xba0 [ 671.009605][T14611] ? do_splice_read+0x282/0x370 [ 671.009634][T14611] ? splice_direct_to_actor+0x2a1/0xa30 [ 671.009665][T14611] ? do_splice_direct+0x174/0x240 [ 671.009703][T14611] ? do_sendfile+0xafd/0xe50 [ 671.009736][T14611] ? __x64_sys_sendfile64+0x1d8/0x220 [ 671.009760][T14611] ? do_syscall_64+0xcd/0x230 [ 671.009807][T14611] alloc_pages_bulk_noprof+0x703/0x13b0 [ 671.009841][T14611] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 671.009873][T14611] ? trace_kmalloc+0x2b/0xd0 [ 671.009901][T14611] ? __kmalloc_noprof+0x242/0x510 [ 671.009931][T14611] copy_splice_read+0x1e1/0xba0 [ 671.009970][T14611] ? __pfx_copy_splice_read+0x10/0x10 [ 671.010004][T14611] ? look_up_lock_class+0x59/0x150 [ 671.010035][T14611] ? lockdep_init_map_type+0x5c/0x280 [ 671.010066][T14611] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 671.010105][T14611] ? __pfx_copy_splice_read+0x10/0x10 [ 671.010136][T14611] do_splice_read+0x282/0x370 [ 671.010171][T14611] splice_direct_to_actor+0x2a1/0xa30 [ 671.010206][T14611] ? __pfx_direct_splice_actor+0x10/0x10 [ 671.010244][T14611] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 671.010276][T14611] ? get_pid_task+0xfc/0x250 [ 671.010314][T14611] do_splice_direct+0x174/0x240 [ 671.010347][T14611] ? __pfx_do_splice_direct+0x10/0x10 [ 671.010381][T14611] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 671.010418][T14611] ? rw_verify_area+0xcf/0x680 [ 671.010453][T14611] do_sendfile+0xafd/0xe50 [ 671.010493][T14611] ? __pfx_do_sendfile+0x10/0x10 [ 671.010528][T14611] ? __fget_files+0x20e/0x3c0 [ 671.010570][T14611] __x64_sys_sendfile64+0x1d8/0x220 [ 671.010595][T14611] ? ksys_write+0x1b9/0x240 [ 671.010615][T14611] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 671.010639][T14611] ? rcu_is_watching+0x12/0xc0 [ 671.010667][T14611] do_syscall_64+0xcd/0x230 [ 671.010703][T14611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.010725][T14611] RIP: 0033:0x7f7c4cf8e969 [ 671.010742][T14611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.010764][T14611] RSP: 002b:00007f7c4dd60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 671.010785][T14611] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8e969 [ 671.010800][T14611] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 671.010813][T14611] RBP: 00007f7c4dd60090 R08: 0000000000000000 R09: 0000000000000000 [ 671.010826][T14611] R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000001 [ 671.010840][T14611] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 671.010867][T14611] [ 671.373614][ C0] vkms_vblank_simulate: vblank timer overrun [ 671.963893][T14611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1747'. [ 672.295271][T14630] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1749'. [ 672.879786][T14623] ima: policy update failed [ 672.884515][ T30] audit: type=1802 audit(4294967303.340:24): pid=14623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1749" res=0 errno=0 [ 674.190483][T14657] nvme_fcloop: unknown parameter or missing value '7' [ 674.331326][T14659] nvme_fcloop: unknown parameter or missing value '7' [ 674.434450][T14665] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1757'. [ 674.459702][T14667] FAULT_INJECTION: forcing a failure. [ 674.459702][T14667] name failslab, interval 1, probability 0, space 0, times 0 [ 674.525019][T14667] CPU: 1 UID: 0 PID: 14667 Comm: syz.1.1759 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 674.525068][T14667] Tainted: [U]=USER [ 674.525077][T14667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 674.525094][T14667] Call Trace: [ 674.525104][T14667] [ 674.525115][T14667] dump_stack_lvl+0x16c/0x1f0 [ 674.525157][T14667] should_fail_ex+0x512/0x640 [ 674.525200][T14667] ? __kvmalloc_node_noprof+0x122/0x600 [ 674.525236][T14667] should_failslab+0xc2/0x120 [ 674.525274][T14667] __kvmalloc_node_noprof+0x135/0x600 [ 674.525307][T14667] ? seq_read_iter+0x826/0x12c0 [ 674.525357][T14667] ? seq_read_iter+0x826/0x12c0 [ 674.525397][T14667] seq_read_iter+0x826/0x12c0 [ 674.525441][T14667] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 674.525497][T14667] kernfs_fop_read_iter+0x40f/0x5a0 [ 674.525543][T14667] copy_splice_read+0x615/0xba0 [ 674.525595][T14667] ? __pfx_copy_splice_read+0x10/0x10 [ 674.525643][T14667] ? look_up_lock_class+0x59/0x150 [ 674.525684][T14667] ? lockdep_init_map_type+0x5c/0x280 [ 674.525725][T14667] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 674.525776][T14667] ? __pfx_copy_splice_read+0x10/0x10 [ 674.525819][T14667] do_splice_read+0x282/0x370 [ 674.525867][T14667] splice_direct_to_actor+0x2a1/0xa30 [ 674.525916][T14667] ? __pfx_direct_splice_actor+0x10/0x10 [ 674.525968][T14667] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 674.526011][T14667] ? get_pid_task+0xfc/0x250 [ 674.526063][T14667] do_splice_direct+0x174/0x240 [ 674.526108][T14667] ? __pfx_do_splice_direct+0x10/0x10 [ 674.526152][T14667] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 674.526203][T14667] ? rw_verify_area+0xcf/0x680 [ 674.526251][T14667] do_sendfile+0xafd/0xe50 [ 674.526304][T14667] ? __pfx_do_sendfile+0x10/0x10 [ 674.526352][T14667] ? __fget_files+0x20e/0x3c0 [ 674.526408][T14667] __x64_sys_sendfile64+0x1d8/0x220 [ 674.526441][T14667] ? ksys_write+0x1b9/0x240 [ 674.526474][T14667] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 674.526507][T14667] ? rcu_is_watching+0x12/0xc0 [ 674.526545][T14667] do_syscall_64+0xcd/0x230 [ 674.526585][T14667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.526614][T14667] RIP: 0033:0x7f7c4cf8e969 [ 674.526637][T14667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.526666][T14667] RSP: 002b:00007f7c4dd60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 674.526694][T14667] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8e969 [ 674.526712][T14667] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 674.526726][T14667] RBP: 00007f7c4dd60090 R08: 0000000000000000 R09: 0000000000000000 [ 674.526743][T14667] R10: 0000000000000043 R11: 0000000000000246 R12: 0000000000000001 [ 674.526758][T14667] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 674.526793][T14667] [ 674.863816][T14667] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1759'. [ 675.163552][T10305] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.417586][T10305] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.439281][T14679] FAULT_INJECTION: forcing a failure. [ 675.439281][T14679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.509750][T14679] CPU: 1 UID: 0 PID: 14679 Comm: syz.5.1761 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 675.509807][T14679] Tainted: [U]=USER [ 675.509817][T14679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 675.509835][T14679] Call Trace: [ 675.509845][T14679] [ 675.509857][T14679] dump_stack_lvl+0x16c/0x1f0 [ 675.509902][T14679] should_fail_ex+0x512/0x640 [ 675.509954][T14679] strncpy_from_user+0x3b/0x2e0 [ 675.510001][T14679] getname_flags.part.0+0x8f/0x550 [ 675.510048][T14679] getname_flags+0x93/0xf0 [ 675.510106][T14679] do_sys_openat2+0xb8/0x1d0 [ 675.510149][T14679] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.510209][T14679] __x64_sys_openat+0x174/0x210 [ 675.510254][T14679] ? __pfx___x64_sys_openat+0x10/0x10 [ 675.510300][T14679] ? rcu_is_watching+0x12/0xc0 [ 675.510342][T14679] do_syscall_64+0xcd/0x230 [ 675.510386][T14679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.510419][T14679] RIP: 0033:0x7f1413b8e969 [ 675.510444][T14679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 675.510475][T14679] RSP: 002b:00007f1414979038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 675.510506][T14679] RAX: ffffffffffffffda RBX: 00007f1413db6080 RCX: 00007f1413b8e969 [ 675.510528][T14679] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 675.510549][T14679] RBP: 00007f1413c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 675.510570][T14679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.510589][T14679] R13: 0000000000000000 R14: 00007f1413db6080 R15: 00007ffeafad4ee8 [ 675.510631][T14679] [ 676.001168][T10305] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.176774][T10305] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.387623][T14692] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1762'. [ 676.421864][T14692] netlink: 25 bytes leftover after parsing attributes in process `syz.6.1762'. [ 676.547525][T14695] rnbd_client L202: map_device: Unknown parameter or missing value '(' [ 677.094485][T10305] gretap0: left allmulticast mode [ 677.102878][T10305] gretap0: left promiscuous mode [ 677.117627][T10305] bridge0: port 3(gretap0) entered disabled state [ 677.133310][T10305] bridge_slave_1: left allmulticast mode [ 677.160748][T10305] bridge_slave_1: left promiscuous mode [ 677.166608][T10305] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.191315][T10305] bridge_slave_0: left allmulticast mode [ 677.209117][T10305] bridge_slave_0: left promiscuous mode [ 677.214983][T10305] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.193002][T10305] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 678.208012][T10305] bond0 (unregistering): Released all slaves [ 678.757155][T10305] hsr_slave_0: left promiscuous mode [ 678.777118][T10305] hsr_slave_1: left promiscuous mode [ 678.832859][T10305] veth1_macvtap: left promiscuous mode [ 680.953472][T14750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1776'. [ 680.973606][T14750] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1776'. [ 682.652224][T14764] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1779'. [ 683.040530][T14784] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1782'. [ 683.094542][T14787] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1782'. [ 686.181395][T14823] Invalid ELF header magic: != ELF [ 686.701318][T14858] FAULT_INJECTION: forcing a failure. [ 686.701318][T14858] name failslab, interval 1, probability 0, space 0, times 0 [ 686.783189][T14858] CPU: 0 UID: 0 PID: 14858 Comm: syz.6.1790 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 686.783243][T14858] Tainted: [U]=USER [ 686.783255][T14858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 686.783281][T14858] Call Trace: [ 686.783291][T14858] [ 686.783303][T14858] dump_stack_lvl+0x16c/0x1f0 [ 686.783348][T14858] should_fail_ex+0x512/0x640 [ 686.783391][T14858] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 686.783448][T14858] should_failslab+0xc2/0x120 [ 686.783487][T14858] __kmalloc_cache_noprof+0x6a/0x3e0 [ 686.783543][T14858] ? fqdir_init+0x4f/0x1f0 [ 686.783579][T14858] fqdir_init+0x4f/0x1f0 [ 686.783614][T14858] lowpan_frags_init_net+0x2d/0x3a0 [ 686.783660][T14858] ? __pfx_lowpan_frags_init_net+0x10/0x10 [ 686.783701][T14858] ops_init+0x1df/0x5f0 [ 686.783737][T14858] setup_net+0x21e/0x850 [ 686.783774][T14858] ? __pfx_setup_net+0x10/0x10 [ 686.783804][T14858] ? lockdep_init_map_type+0x5c/0x280 [ 686.783847][T14858] ? __pfx_down_read_killable+0x10/0x10 [ 686.783897][T14858] ? debug_mutex_init+0x37/0x70 [ 686.783953][T14858] copy_net_ns+0x2a6/0x5f0 [ 686.783994][T14858] create_new_namespaces+0x3ea/0xad0 [ 686.784040][T14858] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 686.784081][T14858] ksys_unshare+0x45b/0xa40 [ 686.784126][T14858] ? __pfx_ksys_unshare+0x10/0x10 [ 686.784166][T14858] ? xfd_validate_state+0x5d/0x180 [ 686.784227][T14858] ? rcu_is_watching+0x12/0xc0 [ 686.784275][T14858] __x64_sys_unshare+0x31/0x40 [ 686.784318][T14858] do_syscall_64+0xcd/0x230 [ 686.784363][T14858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.784396][T14858] RIP: 0033:0x7fc0f818e969 [ 686.784422][T14858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.784454][T14858] RSP: 002b:00007fc0f8f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 686.784484][T14858] RAX: ffffffffffffffda RBX: 00007fc0f83b5fa0 RCX: 00007fc0f818e969 [ 686.784506][T14858] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 686.784526][T14858] RBP: 00007fc0f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 686.784546][T14858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.784565][T14858] R13: 0000000000000000 R14: 00007fc0f83b5fa0 R15: 00007ffe02913d48 [ 686.784608][T14858] [ 687.959494][T14869] nvme_fcloop: unknown parameter or missing value '7' [ 688.016198][T14869] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1793'. [ 688.035425][T14869] FAULT_INJECTION: forcing a failure. [ 688.035425][T14869] name failslab, interval 1, probability 0, space 0, times 0 [ 688.080395][T14874] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 688.095536][T14869] CPU: 0 UID: 0 PID: 14869 Comm: syz.3.1793 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 688.095586][T14869] Tainted: [U]=USER [ 688.095597][T14869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 688.095616][T14869] Call Trace: [ 688.095626][T14869] [ 688.095638][T14869] dump_stack_lvl+0x16c/0x1f0 [ 688.095681][T14869] should_fail_ex+0x512/0x640 [ 688.095731][T14869] should_failslab+0xc2/0x120 [ 688.095770][T14869] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 688.095806][T14869] ? skb_clone+0x190/0x3f0 [ 688.095844][T14869] skb_clone+0x190/0x3f0 [ 688.095876][T14869] netlink_deliver_tap+0xabd/0xd30 [ 688.095918][T14869] netlink_unicast+0x6b2/0x7f0 [ 688.095957][T14869] ? __pfx_netlink_unicast+0x10/0x10 [ 688.096003][T14869] netlink_ack+0x696/0xb80 [ 688.096049][T14869] netlink_rcv_skb+0x347/0x440 [ 688.096082][T14869] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 688.096118][T14869] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 688.096177][T14869] ? netlink_deliver_tap+0x1ae/0xd30 [ 688.096217][T14869] netlink_unicast+0x53a/0x7f0 [ 688.096256][T14869] ? __pfx_netlink_unicast+0x10/0x10 [ 688.096286][T14869] ? __lock_acquire+0xaa4/0x1ba0 [ 688.096338][T14869] netlink_sendmsg+0x8d1/0xdd0 [ 688.096389][T14869] ? __pfx_netlink_sendmsg+0x10/0x10 [ 688.096441][T14869] ____sys_sendmsg+0xa95/0xc70 [ 688.096482][T14869] ? copy_msghdr_from_user+0x10a/0x160 [ 688.096511][T14869] ? __pfx_____sys_sendmsg+0x10/0x10 [ 688.096577][T14869] ___sys_sendmsg+0x134/0x1d0 [ 688.096610][T14869] ? __pfx____sys_sendmsg+0x10/0x10 [ 688.096710][T14869] __sys_sendmsg+0x16d/0x220 [ 688.096749][T14869] ? __pfx___sys_sendmsg+0x10/0x10 [ 688.096794][T14869] ? rcu_is_watching+0x12/0xc0 [ 688.096834][T14869] do_syscall_64+0xcd/0x230 [ 688.096877][T14869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.096908][T14869] RIP: 0033:0x7f3d2a18e969 [ 688.096932][T14869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.096963][T14869] RSP: 002b:00007f3d2b080038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 688.096993][T14869] RAX: ffffffffffffffda RBX: 00007f3d2a3b5fa0 RCX: 00007f3d2a18e969 [ 688.097014][T14869] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000008 [ 688.097033][T14869] RBP: 00007f3d2b080090 R08: 0000000000000000 R09: 0000000000000000 [ 688.097052][T14869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 688.097071][T14869] R13: 0000000000000000 R14: 00007f3d2a3b5fa0 R15: 00007ffec0153688 [ 688.097113][T14869] [ 688.517721][T14876] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1795'. [ 689.992099][T14898] ubi0: attaching mtd0 [ 690.146094][T14898] ubi0: scanning is finished [ 690.151165][T14898] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 690.755699][T14898] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 690.905265][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.912096][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.353645][T14940] netlink: 338 bytes leftover after parsing attributes in process `syz.6.1806'. [ 692.948350][T14982] netlink: 186 bytes leftover after parsing attributes in process `syz.6.1813'. [ 693.585250][T14999] Invalid ELF header magic: != ELF [ 694.661749][T14999] [U]  [ 694.664660][T14999] [U] [ 694.667420][T14999] [U] [ 694.670177][T14999] [U] [ 694.735920][T14999] [U] [ 694.738716][T14999] [U] [ 694.741481][T14999] [U] [ 694.744222][T14999] [U] [ 694.914145][T14999] [U] [ 694.916952][T14999] [U] [ 694.919736][T14999] [U] [ 694.922934][T14999] [U] [ 694.927832][T15024] [U] [ 694.974039][T15033] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1821'. [ 695.366652][T15043] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1823'. [ 695.406821][T15044] ima: policy update failed [ 695.436188][ T30] audit: type=1802 audit(4294967505.890:25): pid=15044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1824" res=0 errno=0 [ 696.039750][T15065] nvme_fcloop: unknown parameter or missing value '7' [ 700.249235][T15123] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 700.926666][T15120] ima: policy update failed [ 700.939723][ T30] audit: type=1802 audit(4294967511.400:26): pid=15120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1837" res=0 errno=0 [ 706.189930][T15207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1850'. [ 707.019087][T15218] vivid-009: ================= START STATUS ================= [ 707.026803][T15218] vivid-009: Enable Output Cropping: true grabbed [ 707.112290][T15218] vivid-009: Enable Output Composing: true grabbed [ 707.176286][T15218] vivid-009: Enable Output Scaler: true grabbed [ 707.262044][T15218] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 707.319333][T15218] vivid-009: Transmit Mode: HDMI grabbed [ 707.325087][T15218] vivid-009: Hotplug Present: 0x00000000 [ 707.369904][T15218] vivid-009: RxSense Present: 0x00000000 [ 707.386523][T15218] vivid-009: EDID Present: 0x00000000 [ 707.401964][T15218] vivid-009: ================== END STATUS ================== [ 708.901192][T15260] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1859'. [ 708.989359][T15264] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1860'. [ 709.035153][T15264] ipvlan1: entered allmulticast mode [ 709.049079][T15264] veth0_vlan: entered allmulticast mode [ 709.392109][T15270] nvme_fcloop: unknown parameter or missing value '7' [ 709.485602][T15278] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1861'. [ 710.060044][T15288] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1863'. [ 711.155391][T15319] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 711.312837][T15319] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 712.583182][T15336] sp0: Synchronizing with TNC [ 712.644729][T15348] sp0: Found TNC [ 714.130306][T15371] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1875'. [ 715.229178][T15395] can: request_module (can-proto-3) failed. [ 716.177302][T15412] Invalid ELF header magic: != ELF [ 717.537327][T15440] netlink: zone id is out of range [ 717.734618][T15440] netlink: zone id is out of range [ 717.745346][T15440] netlink: zone id is out of range [ 717.750767][T15440] netlink: zone id is out of range [ 717.756054][T15440] netlink: zone id is out of range [ 717.762285][T15440] netlink: zone id is out of range [ 717.767557][T15440] netlink: zone id is out of range [ 717.777699][T15440] netlink: zone id is out of range [ 717.789919][T15440] netlink: zone id is out of range [ 717.991343][T15440] netlink: zone id is out of range [ 718.663272][T15459] ptrace attach of "./syz-executor exec"[9722] was attempted by "./syz-executor exec"[15459] [ 720.377693][T15490] FAULT_INJECTION: forcing a failure. [ 720.377693][T15490] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 720.480068][T15490] CPU: 1 UID: 0 PID: 15490 Comm: syz.1.1889 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 720.480126][T15490] Tainted: [U]=USER [ 720.480136][T15490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 720.480155][T15490] Call Trace: [ 720.480166][T15490] [ 720.480178][T15490] dump_stack_lvl+0x16c/0x1f0 [ 720.480225][T15490] should_fail_ex+0x512/0x640 [ 720.480277][T15490] _copy_from_user+0x2e/0xd0 [ 720.480325][T15490] restore_sigcontext+0xcb/0x6a0 [ 720.480369][T15490] ? __pfx_restore_sigcontext+0x10/0x10 [ 720.480441][T15490] ? __pfx_restore_altstack+0x10/0x10 [ 720.480490][T15490] ? _raw_spin_unlock_irq+0x23/0x50 [ 720.480522][T15490] ? lockdep_hardirqs_on+0x7c/0x110 [ 720.480564][T15490] __do_sys_rt_sigreturn+0x1bb/0x230 [ 720.480611][T15490] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 720.480669][T15490] do_syscall_64+0xcd/0x230 [ 720.480712][T15490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.480745][T15490] RIP: 0033:0x7f7c4cf2ab39 [ 720.480771][T15490] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 720.480803][T15490] RSP: 002b:00007f7c4dd5fa80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 720.480833][T15490] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf2ab39 [ 720.480854][T15490] RDX: 00007f7c4dd5fa80 RSI: 00007f7c4dd5fbb0 RDI: 0000000000000011 [ 720.480874][T15490] RBP: 00007f7c4d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 720.480894][T15490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 720.480913][T15490] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 720.480966][T15490] [ 721.179710][T15505] FAULT_INJECTION: forcing a failure. [ 721.179710][T15505] name failslab, interval 1, probability 0, space 0, times 0 [ 721.241845][T15505] CPU: 1 UID: 0 PID: 15505 Comm: syz.1.1892 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 721.241913][T15505] Tainted: [U]=USER [ 721.241924][T15505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 721.241943][T15505] Call Trace: [ 721.241953][T15505] [ 721.241965][T15505] dump_stack_lvl+0x16c/0x1f0 [ 721.242010][T15505] should_fail_ex+0x512/0x640 [ 721.242059][T15505] ? __kmalloc_noprof+0xbf/0x510 [ 721.242098][T15505] ? lsm_blob_alloc+0x68/0x90 [ 721.242147][T15505] should_failslab+0xc2/0x120 [ 721.242185][T15505] __kmalloc_noprof+0xd2/0x510 [ 721.242228][T15505] lsm_blob_alloc+0x68/0x90 [ 721.242277][T15505] security_sk_alloc+0x30/0x270 [ 721.242313][T15505] sk_prot_alloc+0xfb/0x2a0 [ 721.242359][T15505] sk_alloc+0x36/0xc20 [ 721.242416][T15505] rxrpc_create+0x116/0x7d0 [ 721.242464][T15505] __sock_create+0x335/0x8d0 [ 721.242517][T15505] __sys_socket+0x14d/0x260 [ 721.242564][T15505] ? __pfx___sys_socket+0x10/0x10 [ 721.242613][T15505] ? rcu_is_watching+0x12/0xc0 [ 721.242650][T15505] __x64_sys_socket+0x72/0xb0 [ 721.242690][T15505] ? lockdep_hardirqs_on+0x7c/0x110 [ 721.242726][T15505] do_syscall_64+0xcd/0x230 [ 721.242769][T15505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.242803][T15505] RIP: 0033:0x7f7c4cf8e969 [ 721.242828][T15505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 721.242860][T15505] RSP: 002b:00007f7c4dd60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 721.242893][T15505] RAX: ffffffffffffffda RBX: 00007f7c4d1b5fa0 RCX: 00007f7c4cf8e969 [ 721.242927][T15505] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000021 [ 721.242946][T15505] RBP: 00007f7c4d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 721.242966][T15505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 721.242986][T15505] R13: 0000000000000000 R14: 00007f7c4d1b5fa0 R15: 00007ffd27713798 [ 721.243028][T15505] [ 721.470176][T15511] netlink: 334 bytes leftover after parsing attributes in process `syz.6.1893'. [ 722.112777][T15524] syz.1.1894(15524): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 723.534820][T15572] nvme_fcloop: unknown parameter or missing value '7' [ 724.031810][T15578] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1903'. [ 724.218297][T15569] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1902'. [ 724.825588][T15597] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1906'. [ 726.219747][T15642] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1915'. [ 726.329964][T15649] input input25: cannot allocate more than FF_MAX_EFFECTS effects [ 726.423471][T10726] Bluetooth: hci5: Unable to find connection for big 0xd2 [ 729.483526][T15658] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 730.460309][T15699] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1927'. [ 730.782718][T15706] mkiss: ax0: crc mode is auto. [ 731.351045][T15709] block2mtd: parameter too long [ 734.171506][T15772] net_ratelimit: 77 callbacks suppressed [ 734.171534][T15772] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 734.184125][T15772] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 734.249054][T15768] lo: entered allmulticast mode [ 734.263841][T15755] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1939'. [ 734.506165][T15768] lo: left allmulticast mode [ 735.381756][T15793] Invalid ELF header magic: != ELF [ 736.303916][T15765] kexec: Could not allocate control_code_buffer [ 736.607690][T15807] nvme_fcloop: unknown parameter or missing value '7' [ 736.645737][T15807] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1950'. [ 736.756695][T15811] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1951'. [ 737.963650][T15811] bond0: (slave bond_slave_0): Releasing backup interface [ 740.689247][T15859] can: request_module (can-proto-3) failed. [ 742.236138][T15871] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1963'. [ 743.402656][T15898] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 746.154113][T15919] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1970'. [ 746.629070][ T30] audit: type=1800 audit(4294967472.413:27): pid=15926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1973" name="discovery_nqn" dev="configfs" ino=51834 res=0 errno=0 [ 747.052361][T15929] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1975'. [ 750.252123][T15979] Invalid ELF header magic: != ELF [ 750.973296][T15988] bond0: option all_slaves_active: invalid value () [ 752.347940][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.354511][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.931039][T16009] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1993'. [ 753.593202][T16030] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input27 [ 756.695830][ T30] audit: type=1800 audit(4294967482.493:28): pid=16051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2000" name="discovery_nqn" dev="configfs" ino=52354 res=0 errno=0 [ 758.259233][T16070] can: request_module (can-proto-3) failed. [ 760.467299][T16115] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2009'. [ 760.504054][T16112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2012'. [ 761.160736][T16110] kAFS: Invalid Command on /proc/fs/afs/cells file [ 761.519620][T16129] netlink: 'syz.1.2013': attribute type 11 has an invalid length. [ 761.924620][T16137] could not allocate digest TFM handle binfmt_misc [ 762.277181][T16149] openvswitch: netlink: Multiple metadata blocks provided [ 763.791838][T16185] FAULT_INJECTION: forcing a failure. [ 763.791838][T16185] name failslab, interval 1, probability 0, space 0, times 0 [ 763.870294][T16185] CPU: 0 UID: 0 PID: 16185 Comm: syz.1.2024 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 763.870353][T16185] Tainted: [U]=USER [ 763.870364][T16185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 763.870385][T16185] Call Trace: [ 763.870396][T16185] [ 763.870408][T16185] dump_stack_lvl+0x16c/0x1f0 [ 763.870454][T16185] should_fail_ex+0x512/0x640 [ 763.870500][T16185] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 763.870542][T16185] should_failslab+0xc2/0x120 [ 763.870584][T16185] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 763.870633][T16185] ? alloc_inode+0xc3/0x240 [ 763.870677][T16185] alloc_inode+0xc3/0x240 [ 763.870714][T16185] iget_locked+0x2e4/0x830 [ 763.870764][T16185] ? __pfx_iget_locked+0x10/0x10 [ 763.870822][T16185] ? find_held_lock+0x2b/0x80 [ 763.870844][T16185] ? kernfs_root+0xee/0x2a0 [ 763.870899][T16185] kernfs_get_inode+0x48/0x460 [ 763.870935][T16185] kernfs_iop_lookup+0x1a7/0x2d0 [ 763.870957][T16185] ? __pfx_kernfs_iop_lookup+0x10/0x10 [ 763.870978][T16185] lookup_open.isra.0+0x4d7/0x1580 [ 763.871017][T16185] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 763.871065][T16185] ? mnt_get_write_access+0x20c/0x300 [ 763.871117][T16185] path_openat+0x905/0x2d40 [ 763.871149][T16185] ? __pfx_path_openat+0x10/0x10 [ 763.871179][T16185] do_filp_open+0x20b/0x470 [ 763.871201][T16185] ? __pfx_do_filp_open+0x10/0x10 [ 763.871245][T16185] ? alloc_fd+0x471/0x7d0 [ 763.871288][T16185] do_sys_openat2+0x11b/0x1d0 [ 763.871318][T16185] ? __pfx_do_sys_openat2+0x10/0x10 [ 763.871365][T16185] __x64_sys_openat+0x174/0x210 [ 763.871397][T16185] ? __pfx___x64_sys_openat+0x10/0x10 [ 763.871429][T16185] ? rcu_is_watching+0x12/0xc0 [ 763.871459][T16185] do_syscall_64+0xcd/0x230 [ 763.871491][T16185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.871514][T16185] RIP: 0033:0x7f7c4cf8e969 [ 763.871533][T16185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.871556][T16185] RSP: 002b:00007f7c4dd3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 763.871577][T16185] RAX: ffffffffffffffda RBX: 00007f7c4d1b6080 RCX: 00007f7c4cf8e969 [ 763.871593][T16185] RDX: 0000000000124001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 763.871608][T16185] RBP: 00007f7c4d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 763.871622][T16185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.871636][T16185] R13: 0000000000000000 R14: 00007f7c4d1b6080 R15: 00007ffd27713798 [ 763.871666][T16185] [ 764.983181][T16185] Console: switching to colour VGA+ 80x25 [ 765.074166][T16185] FAULT_INJECTION: forcing a failure. [ 765.074166][T16185] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 765.109052][T16185] CPU: 0 UID: 0 PID: 16185 Comm: syz.1.2024 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 765.109104][T16185] Tainted: [U]=USER [ 765.109114][T16185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 765.109132][T16185] Call Trace: [ 765.109142][T16185] [ 765.109154][T16185] dump_stack_lvl+0x16c/0x1f0 [ 765.109195][T16185] should_fail_ex+0x512/0x640 [ 765.109242][T16185] should_fail_alloc_page+0xe7/0x130 [ 765.109281][T16185] prepare_alloc_pages+0x3c2/0x610 [ 765.109441][T16185] ? rcu_is_watching+0x12/0xc0 [ 765.109483][T16185] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 765.109528][T16185] ? __lock_acquire+0x5ca/0x1ba0 [ 765.109574][T16185] ? xas_create+0x1d7/0x1460 [ 765.109629][T16185] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 765.109664][T16185] ? cgroup_rstat_updated+0x2a/0xb20 [ 765.109731][T16185] ? __lock_acquire+0x5ca/0x1ba0 [ 765.109769][T16185] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 765.109813][T16185] ? policy_nodemask+0xea/0x4e0 [ 765.109861][T16185] alloc_pages_mpol+0x1fb/0x550 [ 765.109900][T16185] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 765.109939][T16185] ? filemap_get_entry+0x1a7/0x3b0 [ 765.109986][T16185] folio_alloc_noprof+0x20/0x2d0 [ 765.110033][T16185] filemap_alloc_folio_noprof+0x3a1/0x470 [ 765.110073][T16185] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 765.110107][T16185] ? rcu_is_watching+0x12/0xc0 [ 765.110143][T16185] __filemap_get_folio+0x5e9/0xc10 [ 765.110199][T16185] ioctx_alloc+0x761/0x2060 [ 765.110263][T16185] ? __pfx_ioctx_alloc+0x10/0x10 [ 765.110305][T16185] ? __might_fault+0x13b/0x190 [ 765.110354][T16185] __x64_sys_io_setup+0xc9/0x210 [ 765.110405][T16185] do_syscall_64+0xcd/0x230 [ 765.110449][T16185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.110483][T16185] RIP: 0033:0x7f7c4cf8e969 [ 765.110511][T16185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 765.110545][T16185] RSP: 002b:00007f7c4dd3f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 765.110577][T16185] RAX: ffffffffffffffda RBX: 00007f7c4d1b6080 RCX: 00007f7c4cf8e969 [ 765.110611][T16185] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 765.110633][T16185] RBP: 00007f7c4d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 765.110653][T16185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 765.110673][T16185] R13: 0000000000000000 R14: 00007f7c4d1b6080 R15: 00007ffd27713798 [ 765.110716][T16185] [ 765.500210][T16185] Console: switching to colour frame buffer device 128x48 [ 765.514771][T10727] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 765.516305][T10727] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 765.516410][T10727] CPU: 1 UID: 0 PID: 10727 Comm: kworker/u9:3 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 765.516456][T10727] Tainted: [U]=USER [ 765.516466][T10727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 765.516485][T10727] Workqueue: hci1 hci_rx_work [ 765.516531][T10727] Call Trace: [ 765.516541][T10727] [ 765.516553][T10727] dump_stack_lvl+0x16c/0x1f0 [ 765.516593][T10727] sysfs_warn_dup+0x7f/0xa0 [ 765.516641][T10727] sysfs_create_dir_ns+0x24b/0x2b0 [ 765.516690][T10727] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 765.516735][T10727] ? find_held_lock+0x2b/0x80 [ 765.516772][T10727] ? do_raw_spin_unlock+0x172/0x230 [ 765.516822][T10727] kobject_add_internal+0x2c4/0x9b0 [ 765.516873][T10727] kobject_add+0x16e/0x240 [ 765.516914][T10727] ? __pfx_kobject_add+0x10/0x10 [ 765.516957][T10727] ? do_raw_spin_unlock+0x172/0x230 [ 765.517005][T10727] ? kobject_put+0xab/0x5a0 [ 765.517056][T10727] device_add+0x288/0x1a70 [ 765.517096][T10727] ? __pfx_dev_set_name+0x10/0x10 [ 765.517140][T10727] ? __pfx_device_add+0x10/0x10 [ 765.517179][T10727] ? mgmt_send_event_skb+0x2fb/0x460 [ 765.517233][T10727] hci_conn_add_sysfs+0x17e/0x230 [ 765.517283][T10727] le_conn_complete_evt+0x1075/0x1d70 [ 765.517342][T10727] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 765.517381][T10727] ? bt_warn+0xe4/0x120 [ 765.517417][T10727] ? __pfx_bt_warn+0x10/0x10 [ 765.517464][T10727] hci_le_conn_complete_evt+0x23c/0x370 [ 765.517516][T10727] hci_le_meta_evt+0x2f3/0x5e0 [ 765.517561][T10727] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 765.517610][T10727] hci_event_packet+0x669/0x1190 [ 765.517651][T10727] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 765.517697][T10727] ? __pfx_hci_event_packet+0x10/0x10 [ 765.517743][T10727] ? kcov_remote_start+0x3c9/0x6d0 [ 765.517783][T10727] ? lockdep_hardirqs_on+0x7c/0x110 [ 765.517829][T10727] hci_rx_work+0x2c5/0x16b0 [ 765.517873][T10727] ? rcu_is_watching+0x12/0xc0 [ 765.517908][T10727] process_one_work+0x9cc/0x1b70 [ 765.517971][T10727] ? __pfx_process_one_work+0x10/0x10 [ 765.518031][T10727] ? assign_work+0x1a0/0x250 [ 765.518079][T10727] worker_thread+0x6c8/0xf10 [ 765.518137][T10727] ? __kthread_parkme+0x19e/0x250 [ 765.518177][T10727] ? __pfx_worker_thread+0x10/0x10 [ 765.518223][T10727] kthread+0x3c2/0x780 [ 765.518266][T10727] ? __pfx_kthread+0x10/0x10 [ 765.518305][T10727] ? __pfx_kthread+0x10/0x10 [ 765.518353][T10727] ? __pfx_kthread+0x10/0x10 [ 765.518394][T10727] ? __pfx_kthread+0x10/0x10 [ 765.518433][T10727] ? rcu_is_watching+0x12/0xc0 [ 765.518462][T10727] ? __pfx_kthread+0x10/0x10 [ 765.518505][T10727] ret_from_fork+0x45/0x80 [ 765.518550][T10727] ? __pfx_kthread+0x10/0x10 [ 765.518593][T10727] ret_from_fork_asm+0x1a/0x30 [ 765.518656][T10727] [ 765.518690][T10727] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 765.518736][T10727] Bluetooth: hci1: failed to register connection device [ 767.154734][T16203] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2025'. [ 769.116491][T16237] netlink: 'syz.3.2035': attribute type 11 has an invalid length. [ 770.593244][T10726] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 n[ 776.669532][T16366] FAULT_INJECTION: forcing a failure. [ 776.669532][T16366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 776.709447][T16383] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 776.768056][T16366] CPU: 1 UID: 0 PID: 16366 Comm: syz.5.2061 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 776.768109][T16366] Tainted: [U]=USER [ 776.768119][T16366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 776.768136][T16366] Call Trace: [ 776.768146][T16366] [ 776.768158][T16366] dump_stack_lvl+0x16c/0x1f0 [ 776.768199][T16366] should_fail_ex+0x512/0x640 [ 776.768248][T16366] core_sys_select+0x4b2/0xbe0 [ 776.768304][T16366] ? __pfx_core_sys_select+0x10/0x10 [ 776.768359][T16366] ? futex_wake+0x18d/0x4e0 [ 776.768429][T16366] ? __pfx_do_futex+0x10/0x10 [ 776.768465][T16366] ? fd_install+0x244/0x750 [ 776.768517][T16366] kern_select+0x15d/0x1e0 [ 776.768563][T16366] ? __pfx_kern_select+0x10/0x10 [ 776.768610][T16366] ? xfd_validate_state+0x5d/0x180 [ 776.768661][T16366] ? rcu_is_watching+0x12/0xc0 [ 776.768694][T16366] __x64_sys_select+0xbd/0x160 [ 776.768737][T16366] ? do_syscall_64+0x91/0x230 [ 776.768782][T16366] ? lockdep_hardirqs_on+0x7c/0x110 [ 776.768818][T16366] do_syscall_64+0xcd/0x230 [ 776.768859][T16366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.768890][T16366] RIP: 0033:0x7f1413b8e969 [ 776.768914][T16366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.768949][T16366] RSP: 002b:00007f141499a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 776.768978][T16366] RAX: ffffffffffffffda RBX: 00007f1413db5fa0 RCX: 00007f1413b8e969 [ 776.768998][T16366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 776.769016][T16366] RBP: 00007f1413c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 776.769035][T16366] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000 [ 776.769053][T16366] R13: 0000000000000000 R14: 00007f1413db5fa0 R15: 00007ffeafad4ee8 [ 776.769093][T16366] [ 778.139806][T16400] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2069'. [ 779.544922][T16410] ima: policy update failed [ 779.555858][ T30] audit: type=1802 audit(4294967505.353:29): pid=16410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2071" res=0 errno=0 [ 780.019288][T16402] Bluetooth: hci5: command 0x0406 tx timeout [ 780.770891][T16444] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 781.016615][T10727] Bluetooth: hci3: Malformed LE Event: 0x1d [ 782.892454][T16482] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2086'. [ 782.916996][T16482] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 784.376426][T16493] FAULT_INJECTION: forcing a failure. [ 784.376426][T16493] name failslab, interval 1, probability 0, space 0, times 0 [ 784.618109][T16493] CPU: 0 UID: 0 PID: 16493 Comm: syz.6.2088 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 784.618159][T16493] Tainted: [U]=USER [ 784.618167][T16493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 784.618181][T16493] Call Trace: [ 784.618188][T16493] [ 784.618197][T16493] dump_stack_lvl+0x16c/0x1f0 [ 784.618231][T16493] should_fail_ex+0x512/0x640 [ 784.618263][T16493] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 784.618293][T16493] should_failslab+0xc2/0x120 [ 784.618322][T16493] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 784.618347][T16493] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 784.618379][T16493] ? __d_alloc+0x31/0xaa0 [ 784.618406][T16493] __d_alloc+0x31/0xaa0 [ 784.618428][T16493] ? look_up_lock_class+0x59/0x150 [ 784.618458][T16493] d_alloc_pseudo+0x1c/0xc0 [ 784.618489][T16493] alloc_file_pseudo+0xcf/0x230 [ 784.618521][T16493] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 784.618550][T16493] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 784.618596][T16493] create_pipe_files+0x364/0x930 [ 784.618624][T16493] do_pipe2+0xaf/0x1c0 [ 784.618646][T16493] ? __pfx_do_pipe2+0x10/0x10 [ 784.618680][T16493] __x64_sys_pipe+0x33/0x50 [ 784.618703][T16493] do_syscall_64+0xcd/0x230 [ 784.618735][T16493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.618759][T16493] RIP: 0033:0x7fc0f818e969 [ 784.618778][T16493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.618801][T16493] RSP: 002b:00007fc0f8f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 784.618822][T16493] RAX: ffffffffffffffda RBX: 00007fc0f83b5fa0 RCX: 00007fc0f818e969 [ 784.618837][T16493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200 [ 784.618851][T16493] RBP: 00007fc0f8210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 784.618864][T16493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 784.618878][T16493] R13: 0000000000000000 R14: 00007fc0f83b5fa0 R15: 00007ffe02913d48 [ 784.618907][T16493] [ 787.659707][T16536] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 813.785147][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.791612][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.225074][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.231930][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.665142][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.671879][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 949.462248][ T31] INFO: task jbd2/sda1-8:5165 blocked for more than 143 seconds. [ 949.472562][ T31] Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 [ 949.487692][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 949.523901][ T31] task:jbd2/sda1-8 state:D stack:26616 pid:5165 tgid:5165 ppid:2 task_flags:0x240040 flags:0x00004000 [ 949.552774][ T31] Call Trace: [ 949.556241][ T31] [ 949.564123][ T31] __schedule+0x116f/0x5de0 [ 949.568703][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 949.585428][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 949.599743][ T31] ? __pfx___schedule+0x10/0x10 [ 949.604667][ T31] ? find_held_lock+0x2b/0x80 [ 949.618986][ T31] ? schedule+0x2d7/0x3a0 [ 949.623399][ T31] schedule+0xe7/0x3a0 [ 949.627519][ T31] io_schedule+0xbf/0x130 [ 949.648980][ T31] bit_wait_io+0x15/0xe0 [ 949.653305][ T31] __wait_on_bit+0x62/0x180 [ 949.657986][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 949.678909][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 949.684366][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 949.695904][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 949.704214][ T31] ? __pfx___might_resched+0x10/0x10 [ 949.709826][ T31] __wait_on_buffer+0x64/0x70 [ 949.714582][ T31] jbd2_journal_commit_transaction+0x382e/0x6830 [ 949.721345][ T31] ? __pfx_jbd2_journal_commit_transaction+0x10/0x10 [ 949.728093][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 949.734251][ T31] ? debug_object_deactivate+0x1ec/0x3a0 [ 949.740201][ T31] ? __pfx_debug_object_deactivate+0x10/0x10 [ 949.746257][ T31] ? find_held_lock+0x2b/0x80 [ 949.753603][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 949.759825][ T31] ? rcu_is_watching+0x12/0xc0 [ 949.764641][ T31] kjournald2+0x1f4/0x760 [ 949.769285][ T31] ? __pfx_kjournald2+0x10/0x10 [ 949.774249][ T31] ? find_held_lock+0x2b/0x80 [ 949.779398][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 949.785521][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 949.791237][ T31] ? __kthread_parkme+0x19e/0x250 [ 949.796331][ T31] ? __pfx_kjournald2+0x10/0x10 [ 949.802113][ T31] kthread+0x3c2/0x780 [ 949.806255][ T31] ? __pfx_kthread+0x10/0x10 [ 949.812694][ T31] ? __pfx_kthread+0x10/0x10 [ 949.817362][ T31] ? __pfx_kthread+0x10/0x10 [ 949.822270][ T31] ? __pfx_kthread+0x10/0x10 [ 949.826939][ T31] ? rcu_is_watching+0x12/0xc0 [ 949.832132][ T31] ? __pfx_kthread+0x10/0x10 [ 949.836804][ T31] ret_from_fork+0x45/0x80 [ 949.841660][ T31] ? __pfx_kthread+0x10/0x10 [ 949.846329][ T31] ret_from_fork_asm+0x1a/0x30 [ 949.851513][ T31] [ 949.854646][ T31] INFO: task syz-executor:5819 blocked for more than 143 seconds. [ 949.863173][ T31] Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 [ 949.872712][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 949.881616][ T31] task:syz-executor state:D stack:22440 pid:5819 tgid:5819 ppid:5817 task_flags:0x440100 flags:0x00000002 [ 949.893843][ T31] Call Trace: [ 949.897158][ T31] [ 949.900658][ T31] __schedule+0x116f/0x5de0 [ 949.906123][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 949.911414][ T31] ? __pfx___schedule+0x10/0x10 [ 949.916329][ T31] ? find_held_lock+0x2b/0x80 [ 949.922499][ T31] ? schedule+0x2d7/0x3a0 [ 949.926887][ T31] schedule+0xe7/0x3a0 [ 949.931251][ T31] io_schedule+0xbf/0x130 [ 949.935631][ T31] bit_wait_io+0x15/0xe0 [ 949.940655][ T31] __wait_on_bit+0x62/0x180 [ 949.945278][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 949.950597][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 949.956031][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 949.962308][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 949.967963][ T31] do_get_write_access+0x93d/0x12a0 [ 949.973511][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 949.981228][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 949.987365][ T31] ext4_reserve_inode_write+0x1be/0x320 [ 949.993995][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 950.001460][ T31] ? trace_kmem_cache_alloc+0x28/0xc0 [ 950.007992][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 950.015662][ T31] ? rcu_is_watching+0x12/0xc0 [ 950.022270][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 950.027974][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 950.036588][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 950.044069][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 950.050776][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 950.055768][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 950.063055][ T31] ext4_dirty_inode+0xd9/0x130 [ 950.068002][ T31] ? rcu_is_watching+0x12/0xc0 [ 950.073130][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 950.078217][ T31] generic_update_time+0xcf/0xf0 [ 950.084621][ T31] file_update_time+0x17d/0x1c0 [ 950.089738][ T31] ext4_page_mkwrite+0x35e/0x1750 [ 950.094817][ T31] ? tcp_recvmsg+0x1f9/0x680 [ 950.100540][ T31] ? __pfx_tcp_recvmsg+0x10/0x10 [ 950.105599][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 950.113519][ T31] ? vm_normal_page+0x13b/0x2b0 [ 950.118450][ T31] ? find_held_lock+0x2b/0x80 [ 950.124364][ T31] ? find_held_lock+0x2b/0x80 [ 950.131052][ T31] do_page_mkwrite+0x171/0x380 [ 950.135886][ T31] do_wp_page+0xb9e/0x58e0 [ 950.142071][ T31] ? __pfx_do_wp_page+0x10/0x10 [ 950.146996][ T31] ? do_raw_spin_lock+0x12c/0x2b0 [ 950.152429][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 950.157867][ T31] ? ___pte_offset_map+0x1bc/0x540 [ 950.163295][ T31] __handle_mm_fault+0x1ada/0x2a40 [ 950.168624][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 950.174410][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 950.179969][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 950.185307][ T31] handle_mm_fault+0x3fe/0xad0 [ 950.192310][ T31] do_user_addr_fault+0x60c/0x1370 [ 950.197507][ T31] exc_page_fault+0x5c/0xc0 [ 950.202410][ T31] asm_exc_page_fault+0x26/0x30 [ 950.207313][ T31] RIP: 0033:0x7f0123477dcf [ 950.213084][ T31] RSP: 002b:00007fff81544380 EFLAGS: 00010246 [ 950.219440][ T31] RAX: 00007f0121ca4000 RBX: 000055556eb59240 RCX: 0000000000000000 [ 950.227451][ T31] RDX: 1ffffffff1207390 RSI: 000055556eb4ad88 RDI: 0000000000000001 [ 950.237999][ T31] RBP: 00007fff81544670 R08: 000055556eb4ad88 R09: 0000000000000e72 [ 950.246467][ T31] R10: 0000000000000001 R11: 00007fff81544880 R12: 00007fff815446d0 [ 950.259862][ T31] R13: 0000000000000004 R14: 00007fff815443f0 R15: 00007fff815444c0 [ 950.267994][ T31] [ 950.273943][ T31] INFO: task kworker/u8:11:6474 blocked for more than 144 seconds. [ 950.282901][ T31] Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 [ 950.295803][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 950.307654][ T31] task:kworker/u8:11 state:D stack:22584 pid:6474 tgid:6474 ppid:2 task_flags:0x4248060 flags:0x00004000 [ 950.323646][ T31] Workqueue: writeback wb_workfn (flush-8:0) [ 950.329903][ T31] Call Trace: [ 950.333213][ T31] [ 950.336178][ T31] __schedule+0x116f/0x5de0 [ 950.343549][ T31] ? blk_mq_flush_plug_list+0x75a/0x1c70 [ 950.349616][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 950.354622][ T31] ? __pfx___schedule+0x10/0x10 [ 950.364946][ T31] ? __blk_flush_plug+0x2f3/0x4b0 [ 950.370461][ T31] ? find_held_lock+0x2b/0x80 [ 950.375303][ T31] ? schedule+0x2d7/0x3a0 [ 950.382278][ T31] schedule+0xe7/0x3a0 [ 950.386401][ T31] io_schedule+0xbf/0x130 [ 950.391004][ T31] bit_wait_io+0x15/0xe0 [ 950.395300][ T31] __wait_on_bit+0x62/0x180 [ 950.405552][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 950.414096][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 950.422180][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 950.428232][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 950.434050][ T31] do_get_write_access+0x93d/0x12a0 [ 950.441936][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 950.447989][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 950.454442][ T31] ext4_reserve_inode_write+0x1be/0x320 [ 950.462729][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 950.468277][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 950.477624][ T31] ? __lock_acquire+0xaa4/0x1ba0 [ 950.483316][ T31] ? __pfx___might_resched+0x10/0x10 [ 950.488678][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 950.494237][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 950.500178][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 950.505889][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 950.512380][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 950.518628][ T31] ext4_dirty_inode+0xd9/0x130 [ 950.528030][ T31] ? rcu_is_watching+0x12/0xc0 [ 950.534565][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 950.540746][ T31] ext4_da_update_reserve_space+0x2b4/0x750 [ 950.546718][ T31] ext4_es_insert_extent+0xbf1/0x11b0 [ 950.554128][ T31] ? __pfx_ext4_es_insert_extent+0x10/0x10 [ 950.561025][ T31] ? lock_acquire+0x179/0x350 [ 950.565779][ T31] ? ext4_es_lookup_extent+0x7d6/0xc50 [ 950.573138][ T31] ? rcu_is_watching+0x12/0xc0 [ 950.578091][ T31] ? ext4_es_lookup_extent+0xc7/0xc50 [ 950.586268][ T31] ext4_map_blocks+0x902/0x1390 [ 950.593262][ T31] ? __pfx_ext4_map_blocks+0x10/0x10 [ 950.598619][ T31] ? trace_kmem_cache_alloc+0x28/0xc0 [ 950.605211][ T31] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 950.612660][ T31] ext4_do_writepages+0x1a2c/0x3490 [ 950.620631][ T31] ? __pfx_ext4_do_writepages+0x10/0x10 [ 950.626308][ T31] ? ext4_writepages+0x37a/0x7d0 [ 950.637238][ T31] ext4_writepages+0x37a/0x7d0 [ 950.642270][ T31] ? __pfx_ext4_writepages+0x10/0x10 [ 950.647645][ T31] ? arch_scale_cpu_capacity+0x15/0xb0 [ 950.655745][ T31] ? __pfx_ext4_writepages+0x10/0x10 [ 950.661335][ T31] do_writepages+0x1b2/0x820 [ 950.665984][ T31] ? __pfx_do_writepages+0x10/0x10 [ 950.673743][ T31] ? __lock_acquire+0xaa4/0x1ba0 [ 950.678758][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 950.684471][ T31] __writeback_single_inode+0x160/0xfb0 [ 950.693915][ T31] ? __pfx___writeback_single_inode+0x10/0x10 [ 950.701382][ T31] ? do_raw_spin_unlock+0x172/0x230 [ 950.706653][ T31] writeback_sb_inodes+0x601/0xf90 [ 950.712117][ T31] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 950.717856][ T31] ? _raw_spin_unlock+0x28/0x50 [ 950.723815][ T31] ? move_expired_inodes+0x5a0/0x850 [ 950.731078][ T31] __writeback_inodes_wb+0xf8/0x2d0 [ 950.736345][ T31] ? __pfx___writeback_inodes_wb+0x10/0x10 [ 950.747835][ T31] ? queue_io+0x3f6/0x520 [ 950.754030][ T31] wb_writeback+0x7f3/0xb70 [ 950.758604][ T31] ? __pfx_wb_writeback+0x10/0x10 [ 950.764796][ T31] ? get_nr_dirty_inodes+0x170/0x1e0 [ 950.772042][ T31] wb_workfn+0x8ca/0xbe0 [ 950.776346][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 950.783399][ T31] ? __pfx_wb_workfn+0x10/0x10 [ 950.788241][ T31] ? rcu_is_watching+0x12/0xc0 [ 950.794938][ T31] process_one_work+0x9cc/0x1b70 [ 950.803735][ T31] ? __pfx_process_one_work+0x10/0x10 [ 950.811268][ T31] ? assign_work+0x1a0/0x250 [ 950.815927][ T31] worker_thread+0x6c8/0xf10 [ 950.822180][ T31] ? __kthread_parkme+0x19e/0x250 [ 950.828281][ T31] ? __pfx_worker_thread+0x10/0x10 [ 950.835321][ T31] kthread+0x3c2/0x780 [ 950.841593][ T31] ? __pfx_kthread+0x10/0x10 [ 950.846245][ T31] ? __pfx_kthread+0x10/0x10 [ 950.854010][ T31] ? __pfx_kthread+0x10/0x10 [ 950.858657][ T31] ? __pfx_kthread+0x10/0x10 [ 950.863625][ T31] ? rcu_is_watching+0x12/0xc0 [ 950.868449][ T31] ? __pfx_kthread+0x10/0x10 [ 950.874636][ T31] ret_from_fork+0x45/0x80 [ 950.879306][ T31] ? __pfx_kthread+0x10/0x10 [ 950.883957][ T31] ret_from_fork_asm+0x1a/0x30 [ 950.889184][ T31] [ 950.892330][ T31] INFO: task syz.6.2093:16524 blocked for more than 144 seconds. [ 950.902381][ T31] Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 [ 950.913931][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 950.924944][ T31] task:syz.6.2093 state:D stack:26488 pid:16524 tgid:16524 ppid:14404 task_flags:0x440040 flags:0x00000004 [ 950.940514][ T31] Call Trace: [ 950.943834][ T31] [ 950.946796][ T31] __schedule+0x116f/0x5de0 [ 950.952637][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 950.957658][ T31] ? __pfx___schedule+0x10/0x10 [ 950.964076][ T31] ? find_held_lock+0x2b/0x80 [ 950.968811][ T31] ? schedule+0x2d7/0x3a0 [ 950.973562][ T31] schedule+0xe7/0x3a0 [ 950.977683][ T31] io_schedule+0xbf/0x130 [ 950.982643][ T31] bit_wait_io+0x15/0xe0 [ 950.986948][ T31] __wait_on_bit+0x62/0x180 [ 950.991845][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 950.996841][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 951.002514][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 951.008551][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 951.014323][ T31] do_get_write_access+0x93d/0x12a0 [ 951.021025][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 951.027102][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 951.035918][ T31] ext4_reserve_inode_write+0x1be/0x320 [ 951.042549][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 951.048081][ T31] ? trace_kmem_cache_alloc+0x28/0xc0 [ 951.055634][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 951.064191][ T31] ? rcu_is_watching+0x12/0xc0 [ 951.073887][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 951.080646][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 951.085913][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 951.093513][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 951.100263][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 951.105264][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 951.112504][ T31] ext4_dirty_inode+0xd9/0x130 [ 951.117319][ T31] ? rcu_is_watching+0x12/0xc0 [ 951.123183][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 951.128728][ T31] generic_update_time+0xcf/0xf0 [ 951.138640][ T31] file_update_time+0x17d/0x1c0 [ 951.147352][ T31] ext4_page_mkwrite+0x35e/0x1750 [ 951.154224][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 951.160739][ T31] do_page_mkwrite+0x171/0x380 [ 951.165568][ T31] do_pte_missing+0x29c/0x3fb0 [ 951.173709][ T31] ? __handle_mm_fault+0x1010/0x2a40 [ 951.183176][ T31] __handle_mm_fault+0x103d/0x2a40 [ 951.188367][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 951.195789][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 951.202130][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 951.207429][ T31] handle_mm_fault+0x3fe/0xad0 [ 951.214113][ T31] do_user_addr_fault+0x60c/0x1370 [ 951.221934][ T31] exc_page_fault+0x5c/0xc0 [ 951.226501][ T31] asm_exc_page_fault+0x26/0x30 [ 951.234464][ T31] RIP: 0033:0x7fc0f806eada [ 951.242101][ T31] RSP: 002b:00007ffe02913d80 EFLAGS: 00010202 [ 951.248309][ T31] RAX: 0000001b2efaa000 RBX: 00007fc0f8ee5720 RCX: 0000001b2efa9ff8 [ 951.259465][ T31] RDX: 0000001b2ea20220 RSI: 0000000000000008 RDI: 00007fc0f8ee5720 [ 951.267484][ T31] RBP: ffffffff8943bfe7 R08: 00007fc0f83b6038 R09: 00007fc0f83a2000 [ 951.278276][ T31] R10: 00007fc0f77ff008 R11: 000000000000001d R12: 000000000000001d [ 951.288052][ T31] R13: 00000000000001ab R14: ffffffff8943b28b R15: 0000000000000742 [ 951.300616][ T31] ? netdev_init_one_queue+0xab/0x3b0 [ 951.306084][ T31] ? netdev_ops_assert_locked+0x117/0x200 [ 951.312316][ T31] [ 951.315426][ T31] INFO: task syz.5.2094:16527 blocked for more than 145 seconds. [ 951.323532][ T31] Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 [ 951.332985][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 951.344014][ T31] task:syz.5.2094 state:D stack:26488 pid:16527 tgid:16527 ppid:9722 task_flags:0x440040 flags:0x00000004 [ 951.359262][ T31] Call Trace: [ 951.362599][ T31] [ 951.365558][ T31] __schedule+0x116f/0x5de0 [ 951.373090][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 951.378091][ T31] ? __pfx___schedule+0x10/0x10 [ 951.383838][ T31] ? find_held_lock+0x2b/0x80 [ 951.388567][ T31] ? schedule+0x2d7/0x3a0 [ 951.395182][ T31] schedule+0xe7/0x3a0 [ 951.400603][ T31] io_schedule+0xbf/0x130 [ 951.404993][ T31] bit_wait_io+0x15/0xe0 [ 951.413204][ T31] __wait_on_bit+0x62/0x180 [ 951.417790][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 951.423013][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 951.428441][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 951.438346][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 951.444092][ T31] do_get_write_access+0x93d/0x12a0 [ 951.451849][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 951.457893][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 951.465283][ T31] ext4_reserve_inode_write+0x1be/0x320 [ 951.474487][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 951.480748][ T31] ? trace_kmem_cache_alloc+0x28/0xc0 [ 951.486181][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 951.494816][ T31] ? rcu_is_watching+0x12/0xc0 [ 951.501594][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 951.507296][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 951.516156][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 951.524254][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 951.533200][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 951.538457][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 951.545098][ T31] ext4_dirty_inode+0xd9/0x130 [ 951.552389][ T31] ? rcu_is_watching+0x12/0xc0 [ 951.557200][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 951.562541][ T31] generic_update_time+0xcf/0xf0 [ 951.567537][ T31] file_update_time+0x17d/0x1c0 [ 951.575136][ T31] ext4_page_mkwrite+0x35e/0x1750 [ 951.581481][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 951.587013][ T31] do_page_mkwrite+0x171/0x380 [ 951.594603][ T31] do_pte_missing+0x29c/0x3fb0 [ 951.599630][ T31] ? __handle_mm_fault+0x1010/0x2a40 [ 951.605099][ T31] __handle_mm_fault+0x103d/0x2a40 [ 951.614064][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 951.621105][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 951.626368][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 951.636474][ T31] handle_mm_fault+0x3fe/0xad0 [ 951.641880][ T31] do_user_addr_fault+0x60c/0x1370 [ 951.647942][ T31] exc_page_fault+0x5c/0xc0 [ 951.655287][ T31] asm_exc_page_fault+0x26/0x30 [ 951.660360][ T31] RIP: 0033:0x7f1413a6eada [ 951.664814][ T31] RSP: 002b:00007ffeafad4f20 EFLAGS: 00010202 [ 951.673645][ T31] RAX: 0000001b3320d000 RBX: 00007f14148e5720 RCX: 0000001b3320cff8 [ 951.682953][ T31] RDX: 0000001b32e20220 RSI: 0000000000000008 RDI: 00007f14148e5720 [ 951.695483][ T31] RBP: ffffffff84811156 R08: 00007f1413db6038 R09: 00007f1413da2000 [ 951.705796][ T31] R10: 00007f14131ff008 R11: 0000000000000009 R12: 0000000000000009 [ 951.716450][ T31] R13: 0000000000000079 R14: ffffffff84811dad R15: 0000000000000147 [ 951.726167][ T31] ? security_file_release+0x6d/0x110 [ 951.735101][ T31] ? security_inode_killpriv+0x1a6/0x210 [ 951.743515][ T31] [ 951.747594][ T31] INFO: task syz.1.2096:16538 blocked for more than 145 seconds. [ 951.757830][ T31] Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 [ 951.767284][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 951.778436][ T31] task:syz.1.2096 state:D stack:28632 pid:16538 tgid:16538 ppid:5835 task_flags:0x440040 flags:0x00000004 [ 951.797271][ T31] Call Trace: [ 951.801919][ T31] [ 951.804902][ T31] __schedule+0x116f/0x5de0 [ 951.812330][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 951.817345][ T31] ? __pfx___schedule+0x10/0x10 [ 951.822589][ T31] ? find_held_lock+0x2b/0x80 [ 951.827344][ T31] ? schedule+0x2d7/0x3a0 [ 951.835667][ T31] schedule+0xe7/0x3a0 [ 951.841743][ T31] io_schedule+0xbf/0x130 [ 951.846525][ T31] bit_wait_io+0x15/0xe0 [ 951.856420][ T31] __wait_on_bit+0x62/0x180 [ 951.861343][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 951.866340][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 951.874336][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 951.880800][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 951.886322][ T31] do_get_write_access+0x93d/0x12a0 [ 951.894106][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 951.901801][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 951.907942][ T31] ext4_reserve_inode_write+0x1be/0x320 [ 951.917246][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 951.923233][ T31] ? trace_kmem_cache_alloc+0x28/0xc0 [ 951.928685][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 951.937344][ T31] ? rcu_is_watching+0x12/0xc0 [ 951.943499][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 951.952883][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 951.958143][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 951.964472][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 951.970444][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 951.975435][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 951.981120][ T31] ext4_dirty_inode+0xd9/0x130 [ 951.985932][ T31] ? rcu_is_watching+0x12/0xc0 [ 951.991030][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 951.996120][ T31] generic_update_time+0xcf/0xf0 [ 952.001357][ T31] file_update_time+0x17d/0x1c0 [ 952.006264][ T31] ext4_page_mkwrite+0x35e/0x1750 [ 952.011764][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 952.017274][ T31] ? __pfx_filemap_map_pages+0x10/0x10 [ 952.039324][ T31] ? pte_alloc_one+0x2b1/0x380 [ 952.044171][ T31] do_page_mkwrite+0x171/0x380 [ 952.062102][ T31] do_pte_missing+0x29c/0x3fb0 [ 952.066938][ T31] ? do_raw_spin_unlock+0x172/0x230 [ 952.088931][ T31] ? __pmd_alloc+0x3c2/0x870 [ 952.093611][ T31] __handle_mm_fault+0x103d/0x2a40 [ 952.098783][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 952.118998][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 952.124288][ T31] ? lock_vma_under_rcu+0x47d/0x970 [ 952.138930][ T31] handle_mm_fault+0x3fe/0xad0 [ 952.143776][ T31] do_user_addr_fault+0x60c/0x1370 [ 952.158924][ T31] exc_page_fault+0x5c/0xc0 [ 952.163523][ T31] asm_exc_page_fault+0x26/0x30 [ 952.168428][ T31] RIP: 0033:0x7f7c4ce6547b [ 952.188948][ T31] RSP: 002b:00007ffd27713900 EFLAGS: 00010246 [ 952.195098][ T31] RAX: 00000000003ffde8 RBX: 0000000000000000 RCX: 0000000000000000 [ 952.218932][ T31] RDX: 0000001b2fe20000 RSI: 0000000000400000 RDI: 00007f7c4d098d50 [ 952.226986][ T31] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000040000 [ 952.248915][ T31] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 952.257613][ T31] R13: 00000000000927c0 R14: 00000000000c051f R15: 00007ffd27713bb0 [ 952.279003][ T31] [ 952.288917][ T31] [ 952.288917][ T31] Showing all locks held in the system: [ 952.296678][ T31] 3 locks held by kworker/1:0/24: [ 952.318898][ T31] 1 lock held by khungtaskd/31: [ 952.323816][ T31] #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 952.348941][ T31] 3 locks held by syz-executor/5819: [ 952.354295][ T31] #0: ffff888028d33e48 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 952.378969][ T31] #1: ffff8880347ea518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 952.388574][ T31] #2: ffff8880347ee950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 952.419005][ T31] 6 locks held by kworker/u8:11/6474: [ 952.424594][ T31] #0: ffff8881442c4948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 952.448895][ T31] #1: ffffc90003927d18 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 952.478915][ T31] #2: ffff8880347ea0e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 [ 952.499006][ T31] #3: ffff8880347ecb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b2/0x820 [ 952.518922][ T31] #4: ffff8880347ee950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 952.528752][ T31] #5: ffff88807c043e38 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x355/0x1390 [ 952.548728][ T31] 2 locks held by kworker/u8:14/6488: [ 952.568984][ T31] 5 locks held by syz.4.670/9558: [ 952.574077][ T31] 2 locks held by getty/12600: [ 952.589011][ T31] #0: ffff8880364d10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 952.608978][ T31] #1: ffffc90003f4d2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 952.628991][ T31] 3 locks held by syz.6.2093/16524: [ 952.634253][ T31] #0: ffff888034fc5d08 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 952.658899][ T31] #1: ffff8880347ea518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 952.678898][ T31] #2: ffff8880347ee950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 952.688670][ T31] 3 locks held by syz.5.2094/16527: [ 952.700499][ T31] #0: ffff88808fe146c8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 952.710282][ T31] #1: ffff8880347ea518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 952.719895][ T31] #2: ffff8880347ee950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 952.729813][ T31] 3 locks held by syz.1.2096/16538: [ 952.735044][ T31] #0: ffff8880701fbd08 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 952.744606][ T31] #1: ffff8880347ea518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 952.754289][ T31] #2: ffff8880347ee950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 952.764198][ T31] [ 952.766561][ T31] ============================================= [ 952.766561][ T31] [ 952.775797][ T31] NMI backtrace for cpu 1 [ 952.775840][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 952.775887][ T31] Tainted: [U]=USER [ 952.775897][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 952.775916][ T31] Call Trace: [ 952.775925][ T31] [ 952.775937][ T31] dump_stack_lvl+0x116/0x1f0 [ 952.775978][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 952.776026][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 952.776088][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 952.776141][ T31] watchdog+0xf70/0x12c0 [ 952.776188][ T31] ? __pfx_watchdog+0x10/0x10 [ 952.776224][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 952.776261][ T31] ? __kthread_parkme+0x19e/0x250 [ 952.776319][ T31] ? __pfx_watchdog+0x10/0x10 [ 952.776359][ T31] kthread+0x3c2/0x780 [ 952.776404][ T31] ? __pfx_kthread+0x10/0x10 [ 952.776444][ T31] ? __pfx_kthread+0x10/0x10 [ 952.776483][ T31] ? __pfx_kthread+0x10/0x10 [ 952.776532][ T31] ? __pfx_kthread+0x10/0x10 [ 952.776573][ T31] ? rcu_is_watching+0x12/0xc0 [ 952.776602][ T31] ? __pfx_kthread+0x10/0x10 [ 952.776646][ T31] ret_from_fork+0x45/0x80 [ 952.776692][ T31] ? __pfx_kthread+0x10/0x10 [ 952.776735][ T31] ret_from_fork_asm+0x1a/0x30 [ 952.776797][ T31] [ 952.776807][ T31] Sending NMI from CPU 1 to CPUs 0: [ 952.915737][ C0] NMI backtrace for cpu 0 [ 952.915758][ C0] CPU: 0 UID: 4096 PID: 9558 Comm: syz.4.670 Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 952.915797][ C0] Tainted: [U]=USER [ 952.915805][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 952.915820][ C0] RIP: 0010:__local_bh_enable_ip+0x3f/0x120 [ 952.915855][ C0] Code: 0f 00 0f 85 bc 00 00 00 48 c7 c0 94 3d 85 90 48 ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 <38> d0 7c 08 84 d2 0f 85 c3 00 00 00 8b 05 13 aa 08 0f 85 c0 74 0b [ 952.915879][ C0] RSP: 0018:ffffc9000485f430 EFLAGS: 00000202 [ 952.915899][ C0] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 1ffffffff210a7b2 [ 952.915915][ C0] RDX: 0000000000000000 RSI: 0000000000000200 RDI: ffffffff815f7609 [ 952.915930][ C0] RBP: ffffffff815f7609 R08: 0000000000000007 R09: 0000000000000000 [ 952.915945][ C0] R10: 0000000000000200 R11: 000000008b4e1269 R12: 0000000000001000 [ 952.915960][ C0] R13: ffff888021b64000 R14: ffffffff817553d0 R15: ffffc9000485f4b8 [ 952.915977][ C0] FS: 00007f0a868ae6c0(0000) GS:ffff8881249ef000(0000) knlGS:0000000000000000 [ 952.916001][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 952.916017][ C0] CR2: 000055cfcd84f080 CR3: 00000000608b2000 CR4: 00000000003526f0 [ 952.916033][ C0] Call Trace: [ 952.916040][ C0] [ 952.916049][ C0] kernel_fpu_end+0x5e/0x70 [ 952.916078][ C0] _sha256_update+0xc3/0xf0 [ 952.916106][ C0] ima_calc_file_hash_tfm+0x300/0x3d0 [ 952.916147][ C0] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 952.916208][ C0] ? stack_trace_save+0x8e/0xc0 [ 952.916233][ C0] ? ima_alloc_tfm+0x21a/0x2e0 [ 952.916274][ C0] ? generic_fillattr+0x6bf/0x940 [ 952.916305][ C0] ima_calc_file_hash+0x1ba/0x490 [ 952.916345][ C0] ima_collect_measurement+0x897/0xa40 [ 952.916374][ C0] ? __pfx_ima_collect_measurement+0x10/0x10 [ 952.916409][ C0] ? trace_contention_end+0xdd/0x130 [ 952.916443][ C0] ? __mutex_lock+0x1ca/0xb90 [ 952.916472][ C0] ? is_bad_inode+0xd/0x40 [ 952.916506][ C0] ? xattr_resolve_name+0x27b/0x3f0 [ 952.916546][ C0] ? vfs_getxattr_alloc+0xec/0x340 [ 952.916588][ C0] ? ima_get_hash_algo+0x27c/0x400 [ 952.916621][ C0] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 952.916658][ C0] ? process_measurement+0x11fa/0x23e0 [ 952.916693][ C0] process_measurement+0x11fa/0x23e0 [ 952.916736][ C0] ? __pfx_process_measurement+0x10/0x10 [ 952.916771][ C0] ? __lock_acquire+0x5ca/0x1ba0 [ 952.916803][ C0] ? init_file+0x93/0x4c0 [ 952.916829][ C0] ? alloc_empty_file+0x73/0x1e0 [ 952.916858][ C0] ? hugetlb_file_setup+0x4cd/0x620 [ 952.916888][ C0] ? ksys_mmap_pgoff+0x189/0x5c0 [ 952.916922][ C0] ? __x64_sys_mmap+0x125/0x190 [ 952.916970][ C0] ima_file_mmap+0x1b1/0x1d0 [ 952.917005][ C0] ? __pfx_ima_file_mmap+0x10/0x10 [ 952.917045][ C0] security_mmap_file+0x88c/0x990 [ 952.917077][ C0] vm_mmap_pgoff+0xec/0x450 [ 952.917113][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 952.917146][ C0] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 952.917178][ C0] ? hugetlbfs_get_inode+0x31f/0x730 [ 952.917211][ C0] ksys_mmap_pgoff+0x1c8/0x5c0 [ 952.917246][ C0] ? rcu_is_watching+0x12/0xc0 [ 952.917275][ C0] __x64_sys_mmap+0x125/0x190 [ 952.917300][ C0] do_syscall_64+0xcd/0x230 [ 952.917331][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.917356][ C0] RIP: 0033:0x7f0a8598e969 [ 952.917375][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 952.917399][ C0] RSP: 002b:00007f0a868ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 952.917421][ C0] RAX: ffffffffffffffda RBX: 00007f0a85bb5fa0 RCX: 00007f0a8598e969 [ 952.917437][ C0] RDX: 00004000000000df RSI: 0000010000000004 RDI: 0000000000000002 [ 952.917453][ C0] RBP: 00007f0a85a10ab1 R08: ffffffffffffffff R09: 0000300000000000 [ 952.917469][ C0] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 952.917485][ C0] R13: 0000000000000000 R14: 00007f0a85bb5fa0 R15: 00007ffe68b79f78 [ 952.917510][ C0] [ 952.917904][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 953.325369][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 953.338765][ T31] Tainted: [U]=USER [ 953.342578][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 953.352650][ T31] Call Trace: [ 953.355941][ T31] [ 953.358888][ T31] dump_stack_lvl+0x3d/0x1f0 [ 953.363508][ T31] panic+0x71c/0x800 [ 953.367436][ T31] ? __pfx_panic+0x10/0x10 [ 953.371893][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 953.377393][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 953.383410][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 953.388823][ T31] ? watchdog+0xdda/0x12c0 [ 953.393273][ T31] ? watchdog+0xdcd/0x12c0 [ 953.397723][ T31] watchdog+0xdeb/0x12c0 [ 953.401998][ T31] ? __pfx_watchdog+0x10/0x10 [ 953.406700][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 953.411922][ T31] ? __kthread_parkme+0x19e/0x250 [ 953.416970][ T31] ? __pfx_watchdog+0x10/0x10 [ 953.421697][ T31] kthread+0x3c2/0x780 [ 953.425796][ T31] ? __pfx_kthread+0x10/0x10 [ 953.430414][ T31] ? __pfx_kthread+0x10/0x10 [ 953.435031][ T31] ? __pfx_kthread+0x10/0x10 [ 953.439654][ T31] ? __pfx_kthread+0x10/0x10 [ 953.444276][ T31] ? rcu_is_watching+0x12/0xc0 [ 953.449060][ T31] ? __pfx_kthread+0x10/0x10 [ 953.453698][ T31] ret_from_fork+0x45/0x80 [ 953.458149][ T31] ? __pfx_kthread+0x10/0x10 [ 953.462777][ T31] ret_from_fork_asm+0x1a/0x30 [ 953.467589][ T31] [ 953.470778][ T31] Kernel Offset: disabled [ 953.475111][ T31] Rebooting in 86400 seconds..