last executing test programs: 49.678763325s ago: executing program 0 (id=470): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x44, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000) ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(0x0, 0xfffffff7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x6, 0xfffffffa, 0x6) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) mbind$auto(0x0, 0x2091d2, 0x7, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) 46.660907921s ago: executing program 0 (id=478): shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) uname$auto(0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x2, 0x6, 0x0) listen$auto(r0, 0x81) ioctl$auto(0x3, 0xc040ff0b, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e695f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r1, 0x0, 0xc004) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x567) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r4, &(0x7f0000000040)=""/4096, 0xfffffe82) clock_settime$auto(0xb, &(0x7f0000001040)={0xf47, 0x5}) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r5 = fsopen$auto(&(0x7f0000001080)='/dev/ttyS1\x00', 0x401) ioctl$auto_SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000010c0)="c74545609120c2a48456991bb6098098ebe63f7b0f0365e6a1828e9903442adf084b4d8dd55801787f54c819e7944b5a65fa2f") socket(0x21, 0x6, 0x3) socket(0xa, 0x3, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x46) 46.260034253s ago: executing program 0 (id=479): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r1, @ANYRES32=r1], 0x18}}, 0x80) io_uring_setup$auto(0x1, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram5\x00', 0x2000, 0x0) fchownat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6) ioctl$auto_BLKRASET(r3, 0x1262, 0x0) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) r4 = socketpair$auto(0x1e, 0x5, 0x10, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) fsmount$auto(r4, 0x2, 0x3) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) io_uring_setup$auto(0x6, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) 44.888840855s ago: executing program 0 (id=491): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty30\x00', 0x62c00, 0x0) r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xdff1, 0xfffffffffffffffd, 0xd4, 0xffffffffffffffc0, 0x6, 0x0, 0x80009, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x8, 0x5, 0x29a, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = fcntl$getown(r0, 0x9) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x4, 0x7ff) setpgid$auto(r1, r2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x8, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4) mprotect$auto(0x10000, 0xd4, 0x7ff) 43.849015902s ago: executing program 0 (id=485): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) poll$auto(&(0x7f0000000080)={r0, 0x0, 0x5}, 0x5, 0x49) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88282, 0x0) sendfile$auto(r1, r1, 0x0, 0x71) r2 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) read$auto(r2, 0x0, 0x4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/khugepaged/alloc_sleep_millisecs\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)='5', 0x1) tkill$auto(0x1, 0x7) msgrcv$auto(0xff, 0x0, 0x2400000000, 0x6, 0x6bc2cc7d) ioctl$auto_TIOCMBIC2(0xffffffffffffffff, 0x5417, &(0x7f0000000100)) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x2f5, 0x48eafc79) 42.626826303s ago: executing program 0 (id=488): unshare$auto(0x40000080) (async) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) mmap$auto(0x0, 0x0, 0x7fff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) (async) ftruncate$auto(0x3, 0x700) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x3) (async) capget$auto(0x0, 0xfffffffffffffffe) (async) fstat$auto(0x2, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) (async) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/ns_last_pid\x00', 0x68001, 0x0) (async) madvise$auto(0x110c234000, 0x1, 0x9) write$auto(r3, 0x0, 0x0) (async) pwrite64$auto(r0, &(0x7f0000000040)='/proc/sys/user/max_fanotify_g\b\x00\x00\x00s@', 0x7, 0x7) 42.182254537s ago: executing program 32 (id=488): unshare$auto(0x40000080) (async) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) mmap$auto(0x0, 0x0, 0x7fff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) (async) ftruncate$auto(0x3, 0x700) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x3) (async) capget$auto(0x0, 0xfffffffffffffffe) (async) fstat$auto(0x2, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) (async) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/ns_last_pid\x00', 0x68001, 0x0) (async) madvise$auto(0x110c234000, 0x1, 0x9) write$auto(r3, 0x0, 0x0) (async) pwrite64$auto(r0, &(0x7f0000000040)='/proc/sys/user/max_fanotify_g\b\x00\x00\x00s@', 0x7, 0x7) 13.032171769s ago: executing program 4 (id=570): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) msgctl$auto(0x8000, 0x6, &(0x7f0000000180)={{0x442, 0x0, 0xee01, 0x0, 0x1, 0x7, 0x83}, 0x0, 0x0, 0x4, 0xfffffffffffffffe, 0xc869be, 0x1, 0x12c, 0xa, 0x4, 0x3, @raw=0x313}) recvmmsg$auto(r0, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x6, 0xdf, 0x400009b72, 0x2, 0x80000000) socket(0x2, 0x1, 0x106) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) write$auto_mousedev_fops_mousedev(r1, &(0x7f00000000c0)="13", 0x1) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x100000001, 0x63, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0x7ffffff9, 0x5, 0xffffffff80000000, 0x9, 0x61, 0x105}) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f00000003c0)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 11.177542225s ago: executing program 4 (id=575): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x20000000001, 0x1) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x20000000001, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x121102, 0x0) write$auto(r2, &(0x7f0000000080)='[#FQ:\x00', 0x83) (async) write$auto(r2, &(0x7f0000000080)='[#FQ:\x00', 0x83) socket(0xa, 0x1, 0x84) (async) r3 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x4, 0x0) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x4000) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x24044011}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) (async) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001c00), r3) (async) r4 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001c00), r3) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r0, &(0x7f0000001d00)={0x0, 0x0, &(0x7f0000001cc0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000fddf4f887c327d9b60f0ea771fafc69696a8128d35dcc4b62c4d537be39059bbc7943ae687c32e36d9a816f6df6022b6ae38f9fc49d371e06de4bfa940b69540925266396845d7feba3b8b410240dd056ab52dafbedce3873cafbf3242a921f85c09a79ac2cda85210b06774df4fb162", @ANYRES16=r4, @ANYBLOB="311e27bd7000fddbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x400c010) 8.599772641s ago: executing program 2 (id=583): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x3, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/erspan0/queues/tx-0/byte_queue_limits/inflight\x00', 0x88040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/4106, 0x100a) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x800) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @none}, 0x6a) close_range$auto(0x2, 0x8, 0x0) 8.045860279s ago: executing program 4 (id=585): bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x2000000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) madvise$auto(0x0, 0x2000000080000001, 0x3) socket(0x2, 0x801, 0x106) socket(0x2, 0x2, 0x88) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) r1 = socket(0x10, 0x2, 0x0) openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/make-it-fail\x00', 0x40002, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0x4909b6f8, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10005, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84}, 0x1fe, 0xd) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)={0x24, r3, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_SCAN_SUPP_RATES={0x8, 0x7d, 0x0, 0x1, [@nested={0x4, 0x5}]}]}, 0x24}}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_MPP(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0x114, r3, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x7}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x415}, @NL80211_ATTR_VHT_CAPABILITY={0xdd, 0x9d, "fc09e3717664aad8cb17d6ef6ba4f122458cb3affb96f228dd2a0ba9ce100631d9a24d1b93874ebc688af519679c56a67fc8cee45cb7fdf431f53c23ac1d75ecf9f914a8883690d84a1fca61dff2c2386a3c3fb2e6a95f8013d92240bc1da6aee30c27b96cee52cb668217e5342f1f74137274e0160e35c2c2f498816e03e18daff3ec8758335e7745bef53de13220c2738ecf7c5d78883bfdab333fa1cd9c47b83a9e7efa9924d90d0ce9379281091b28a1fcc9ac7cee0a6332bf3688f06302e0e1a2b86ff709bdea5d32fd213c77996fe6d04b339c69b2af"}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}]}, 0x114}, 0x1, 0x0, 0x0, 0x20002881}, 0x1) madvise$auto(0x40, 0xffffffff, 0x7fffffff) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 8.044935829s ago: executing program 2 (id=586): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0xffb, 0x18, 0xffffffffffffffff, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x0, 0x5, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) shmat$auto(0x59, &(0x7f0000000580)='(\x04', 0xfffffffd) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8002) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x7ff, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x100000001, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0x9, 0xdeb5, 0x1800}) madvise$auto(0x0, 0x2003f0, 0x15) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x34000, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x2, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r2, &(0x7f0000000040)={{&(0x7f0000000040), 0x200001, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb5, r0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) 7.891012261s ago: executing program 1 (id=587): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x1, 0x0) listen$auto(0x3, 0xfffffffa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty30\x00', 0x62c00, 0x0) r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xdff1, 0xfffffffffffffffd, 0xd4, 0xffffffffffffffc0, 0x6, 0x0, 0x80009, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x8, 0x5, 0x29a, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = fcntl$getown(r0, 0x9) ptrace$auto(0x10, 0x0, 0x4, 0x7ff) ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, 0x0, 0x4, 0x8) setpgid$auto(r1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x8, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4) mprotect$auto(0x10000, 0xd4, 0x7ff) 7.18905097s ago: executing program 4 (id=588): sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="a02c0000", @ANYRES16, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYBLOB="08000100486652000a0002"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r0 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = socket(0x22, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x0, {{}, 0x1}}, 0x1) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0xacb) write$auto(r2, 0x0, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/comm\x00', 0x10000, 0x0) write$auto(r3, &(0x7f0000000080)='/dev/audio1\x00', 0x9) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, &(0x7f0000000300)={{@raw=0x4, 0x4, 0xf8, 0x80003, "a401d243a009000000cc2bd4dbe3e10d3cff1522303a3227f8d61b7ea40201a46800", @raw}, 0x1ea, 0x3, 0x1, @raw=0x8f10, @enumerated={0x5, 0x40, "3095515a1ccb98aaec08d4b73653a99a837a7edac832a782092945b0cb8bfb061f16498eadb8e29df7e85d16ba61ce6fa5870cd0caddcd0f25473b81009d5900", 0x8, 0x5}, "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ef819d3613ea5b4243440fc9595b760cee784decb284ff031aa97d8f831c11fd4f929"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x9, 0x62, 0x80000021, 0x7, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0) mmap$auto(0x0, 0x8000000b3d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x38}, 0x1, 0x0, 0x0, 0x7daaab7119aa4f13}, 0x22000000) 6.667166276s ago: executing program 2 (id=589): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) getcwd$auto(0x0, 0xffffffffffffffed) fchmodat$auto(0xffffffffffffffff, 0x0, 0x23) move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2) r2 = getpid() kcmp$auto(r0, r2, 0x7, 0xffffffffffffffff, r1) 5.488779378s ago: executing program 1 (id=592): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sysinfo$auto(0x0) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x8) close_range$auto(0x2, 0xa, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x200, 0x29, 0x940, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x400007, 0x2, 0x3, 0x5, 0x7, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x1fe, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) semctl$auto(0x6, 0x81, 0x10, 0xffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x16b101, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_DROP(r0, 0x40045730, &(0x7f0000000040)) r1 = socket(0x10, 0x2, 0x0) semctl$auto_SEM_STAT(0x80, 0x8000, 0x12, 0x7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) sendfile$auto(r2, r2, 0x0, 0x400000000003) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 5.401844573s ago: executing program 4 (id=593): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x14) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x40, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x6}, @OVS_DP_ATTR_NAME={0x11, 0x1, 'ovs_\xff\xc3\x00\x00\x00\x00\x00\x00\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) socket(0x11, 0x80003, 0x300) socket(0xa, 0x801, 0x100) socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop5/mq/0/nr_reserved_tags\x00', 0x80880, 0x0) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1, 0x7356, 0x33, 0x65f, 0x1ffde, 0x7, 0xffffffffffffffff, 0x20000009, 0x4, 0x3, 0x6, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x83, 0x4, 0x7ff, 0x400, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)="462b1bdffca387f9b48d3e8ddc56088cf226d70bfc07421095549358bc81fff05f1b5a52e33d2da3f986d1e726d811d9e6dc25c5a7a57ea7c12126026d8de6ca1aa4e974e22c7f4d2236df9bed3cbf6796829a56b1231f3f99c19048669797e33123764de05aefe39c322d48454c534ecce63439fc386a2c6697094df8f6e6816e5a", 0x40}, 0x4, 0x0, 0x7, 0xa509}, 0x800}, 0x1000, 0x4008) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) r4 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r4], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) 4.670711188s ago: executing program 2 (id=602): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r1 = open(0x0, 0x709043, 0xe2) fcntl$auto(r1, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/192, 0xc0) write$auto(0x3, 0x0, 0x100082) (async) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x8, 0xc, 0x0, 0x567) (async) setsockopt$auto(0xffffffffffffffff, 0x8, 0xc, 0x0, 0x567) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) (async) acct$auto(0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 4.278663974s ago: executing program 1 (id=595): r0 = socket(0x2, 0x0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000001c0)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(0x0, 0xfffffffffffffffd, 0x1) socket(0x2b, 0x5, 0x5) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/attr/apparmor/current\x00', 0x18900, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) getcwd$auto(0x0, 0xffffffffffffffff) mount_setattr$auto(0x5, 0x0, 0x8000, &(0x7f0000000640)={0x1, 0x4, 0x100000, @raw=0xf980}, 0x283) 3.395416384s ago: executing program 4 (id=597): socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd14/capability\x00', 0x180, 0x0) sendfile$auto(0x2, 0x3, 0x0, 0xc3e0) sysfs$auto(0x2, 0x2, 0x0) sendmsg$auto_NLBL_MGMT_C_LISTDEF(r0, 0x0, 0x200048d0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x4, 0x3, 0xb, 0x0) io_uring_enter$auto(0x3, 0x4, 0xffffffff, 0x6, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) 3.24859591s ago: executing program 1 (id=598): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) statx$auto(0xffffffffffffff9c, 0x0, 0x2, 0x9, &(0x7f0000001400)={0x1, 0xe23b, 0xebee, 0x80000001, 0xffffffffffffffff, 0x0, 0x81, 0x1, 0xffff, 0xc, 0x4, 0x8, {0x0, 0xfb0}, {0x7, 0x401}, {0xb03, 0x6}, {0x7, 0x9}, 0x3, 0x7, 0x5, 0x9, 0x7, 0x7, 0x6, 0x3, 0xff, 0x40, 0x8001, 0x401, [0x9b, 0x0, 0x7fff, 0x3, 0x935c, 0x9, 0x4, 0x9e1]}) sendmsg$auto_MACSEC_CMD_UPD_OFFLOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="44010000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fddbdf250a00000008000100", @ANYRES32=r3, @ANYBLOB="280109800c00ea006d61637365633000e7002e80ea546656278c93952f9101afd392a22ad5dee5c3d6fea5031c8d17ca812af7fe7b240d9f6a3469659743be1864c7db436e9e76d49111fd550a1ca8b35a7d9748c7374ce3c5ee0cb000d2af41cf3ff5ca2140a4345cd86d7fa409604cd47536c8c89ac53fcf904f2040e3fa588f7845d5a5a3c758d76a6ea3243d41523307b728c1eae2fae8f36da92dc889cdc79fd55c8d4d0ad53e9f9120101cf27eaf1d15ddb64f597c46cf34373303f61cfc19c15f173d7f0d2f6870beddf607a1ebd3b22caddd7f9fd609a1115beabcf4f867ddee569d307ebe1240f53b7999a06b1f915f882e7e0008004300", @ANYRES32, @ANYBLOB="0b0042006d6163736563000014002d00fc010000000000000000000000003f01080001"], 0x144}, 0x1, 0x0, 0x0, 0x4040085}, 0x0) 3.020227272s ago: executing program 1 (id=599): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x23, 0x5, 0x0) socket(0xa, 0x5, 0x0) socket(0x2, 0x80805, 0x0) socket(0x2, 0x1, 0x84) open(0x0, 0xc162, 0x0) socket(0x80000000000000a, 0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) open(0x0, 0x2a4c0, 0x0) r0 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r0, &(0x7f00000000c0)="632d1bfe595046ab5c40bd6163307acb6d16baef6176e669a216aae1834ccafdd80500ffffffffdfff1a0e00"/56, 0x38) socket(0xa, 0x1, 0x84) socket(0x11, 0x3, 0x2) socket(0x2b, 0x1, 0x1) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x40, 0x0) socket(0x18, 0x5, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 2.69179429s ago: executing program 3 (id=600): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r0 = socket(0x2, 0x801, 0x106) getsockopt$auto(r0, 0x11c, 0x3, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4e32, @rand_addr=0x64010101}, 0x51) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 2.425375265s ago: executing program 1 (id=601): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0x16, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00', 0x0}) sendmsg$auto_NCSI_CMD_PKG_INFO(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x44088) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0x43403d05, 0x0) madvise$auto(0x0, 0x53, 0x9) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r0) sendmsg$auto_BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="02d989d539a89fddd2f1d39374a20c0feb000000", @ANYRES16=r3, @ANYBLOB="010025bd7000fbdbdf250200000008003a009b00000005000a0004000000050037000100000008000b00000080000a001d00ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x48010}, 0x4000044) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x40, 0x0) pread64$auto(r4, &(0x7f0000000100)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x100000001, 0x101) mremap$auto(0x1fc000, 0xfee0, 0x3fd8, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000956a4a25d090000000a68d40c593a8dbb67a276fc233e8bfdd9f555", @ANYRES16=r6, @ANYBLOB="010029bd7000ffdbdf2505000000180001801400020076657468315f746f5f62617461647600"], 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xc0, r6, 0xf18, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x8}, @ETHTOOL_A_PAUSE_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fffffff}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8000}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xf312}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @ETHTOOL_A_PAUSE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x4}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040}, 0x4800) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r7, 0xc0045006, 0x0) 2.142555449s ago: executing program 3 (id=603): r0 = socket$nl_generic(0x10, 0x3, 0x10) landlock_restrict_self$auto(r0, 0xfffffffc) 1.991563077s ago: executing program 3 (id=604): sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="a02c0000", @ANYRES16, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYBLOB="08000100486652000a0002"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r0 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = socket(0x22, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x0, {{}, 0x1}}, 0x1) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0xacb) write$auto(r2, 0x0, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/comm\x00', 0x10000, 0x0) write$auto(r3, &(0x7f0000000080)='/dev/audio1\x00', 0x9) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, &(0x7f0000000300)={{@raw=0x4, 0x4, 0xf8, 0x80003, "a401d243a009000000cc2bd4dbe3e10d3cff1522303a3227f8d61b7ea40201a46800", @raw}, 0x1ea, 0x3, 0x1, @raw=0x8f10, @enumerated={0x5, 0x40, "3095515a1ccb98aaec08d4b73653a99a837a7edac832a782092945b0cb8bfb061f16498eadb8e29df7e85d16ba61ce6fa5870cd0caddcd0f25473b81009d5900", 0x8, 0x5}, "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ef819d3613ea5b4243440fc9595b760cee784decb284ff031aa97d8f831c11fd4f929"}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x9, 0x62, 0x80000021, 0x7, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0) mmap$auto(0x0, 0x8000000b3d, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0], 0x38}, 0x1, 0x0, 0x0, 0x7daaab7119aa4f13}, 0x22000000) 1.266509224s ago: executing program 2 (id=605): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket(0x26, 0x80805, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x5, 0xf}, 0x4, 0x0, 0x0, 0x8) write$auto(0x3, 0x0, 0x100082) 613.638196ms ago: executing program 3 (id=606): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/03.0\x00', 0xa0002, 0x0) mmap$auto(0x0, 0x4e, 0xa, 0x9b72, 0x2, 0x28000) writev$auto(0xffffffffffffffff, 0x0, 0x3) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x8000, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r0, 0x28000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video2\x00', 0x1ab442, 0x0) ioctl$auto(0x3, 0x50434902, 0x38) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x80202, 0x0) r3 = openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000640), 0x401, 0x0) write$auto(r3, 0x0, 0xff) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000380), 0x82002, 0x0) ioctl$auto_RTC_ALM_SET(r4, 0x40247007, &(0x7f00000000c0)={0x8, 0x3, 0x17, 0x0, 0x5, 0x2003, 0x74f, 0x1fb, 0xf}) r5 = socket(0x21, 0x2, 0x2) sendfile$auto(r5, r2, 0x0, 0x3ff) 261.5399ms ago: executing program 3 (id=607): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3) writev$auto(r0, 0x0, 0x6) 31.529557ms ago: executing program 2 (id=608): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x48a22, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid\x00') mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone3(&(0x7f0000000200)={0x10a81c200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0, {0x30}, &(0x7f00000000c0)=""/37, 0x25, &(0x7f0000000180)=""/65, &(0x7f0000000100)=[0x0, 0x0], 0x2, {r0}}, 0x58) rt_sigqueueinfo$auto(r1, 0x2, &(0x7f0000000280)={@_si_pad}) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socket(0x22, 0x80000, 0xd67d) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) io_uring_setup$auto(0x3, &(0x7f0000000300)={0x1, 0x8, 0x9, 0xa, 0x8, 0x3, r0, [0x0, 0xe4, 0x400], {0x1, 0x5, 0xffffffff, 0x5, 0xb2, 0x3, 0x6, 0xba1b, 0xfffffffffffffc00}, {0x6, 0x1, 0x9, 0x173, 0xa077, 0x0, 0x0, 0x1, 0x5c}}) write$auto(r2, 0x0, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = getpid() sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24040004}, 0x800) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0) ioctl$auto(0x3, 0x40a0ae49, r5) lsm_list_modules$auto(0x0, 0x0, 0xfffffffe) socket(0x2, 0x801, 0x106) 0s ago: executing program 3 (id=609): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) statx$auto(0xffffffffffffff9c, 0x0, 0x2, 0x9, &(0x7f0000001400)={0x1, 0xe23b, 0xebee, 0x80000001, 0xffffffffffffffff, 0x0, 0x81, 0x1, 0xffff, 0xc, 0x4, 0x8, {0x0, 0xfb0}, {0x7, 0x401}, {0xb03, 0x6}, {0x7, 0x9}, 0x3, 0x7, 0x5, 0x9, 0x7, 0x7, 0x6, 0x3, 0xff, 0x40, 0x8001, 0x401, [0x9b, 0x0, 0x7fff, 0x3, 0x935c, 0x9, 0x4, 0x9e1]}) sendmsg$auto_MACSEC_CMD_UPD_OFFLOAD(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="44010000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fddbdf250a00000008000100", @ANYRES32=r3, @ANYBLOB="280109800c00ea006d61637365633000e7002e80ea546656278c93952f9101afd392a22ad5dee5c3d6fea5031c8d17ca812af7fe7b240d9f6a3469659743be1864c7db436e9e76d49111fd550a1ca8b35a7d9748c7374ce3c5ee0cb000d2af41cf3ff5ca2140a4345cd86d7fa409604cd47536c8c89ac53fcf904f2040e3fa588f7845d5a5a3c758d76a6ea3243d41523307b728c1eae2fae8f36da92dc889cdc79fd55c8d4d0ad53e9f9120101cf27eaf1d15ddb64f597c46cf34373303f61cfc19c15f173d7f0d2f6870beddf607a1ebd3b22caddd7f9fd609a1115beabcf4f867ddee569d307ebe1240f53b7999a06b1f915f882e7e0008004300", @ANYRES32, @ANYBLOB="0b0042006d6163736563000014002d00fc010000000000000000000000006001080001"], 0x144}, 0x1, 0x0, 0x0, 0x4040085}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. [ 95.164642][ T5827] cgroup: Unknown subsys name 'net' [ 95.275840][ T5827] cgroup: Unknown subsys name 'cpuset' [ 95.285466][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 97.094198][ T60] cfg80211: failed to load regulatory.db [ 97.150689][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 99.393308][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.412881][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.420724][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.429353][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.441820][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.505614][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 99.514528][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 99.524282][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 99.532840][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 99.540653][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 99.577949][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 99.593415][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 99.601926][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 99.631122][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 99.652056][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 99.660601][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 99.669210][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 99.669373][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 99.688890][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 99.698388][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 100.127429][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 100.221832][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 100.394076][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 100.425011][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 100.450713][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.458027][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.466888][ T5837] bridge_slave_0: entered allmulticast mode [ 100.475212][ T5837] bridge_slave_0: entered promiscuous mode [ 100.489454][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.496776][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.504721][ T5837] bridge_slave_1: entered allmulticast mode [ 100.512993][ T5837] bridge_slave_1: entered promiscuous mode [ 100.652834][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.666253][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.675884][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.683666][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.690886][ T5840] bridge_slave_0: entered allmulticast mode [ 100.698616][ T5840] bridge_slave_0: entered promiscuous mode [ 100.733351][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.740851][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.748483][ T5840] bridge_slave_1: entered allmulticast mode [ 100.756611][ T5840] bridge_slave_1: entered promiscuous mode [ 100.802246][ T5837] team0: Port device team_slave_0 added [ 100.868951][ T5837] team0: Port device team_slave_1 added [ 100.880885][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.890661][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.898191][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.905772][ T5842] bridge_slave_0: entered allmulticast mode [ 100.914371][ T5842] bridge_slave_0: entered promiscuous mode [ 100.953136][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.962759][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.969961][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.978606][ T5842] bridge_slave_1: entered allmulticast mode [ 100.987101][ T5842] bridge_slave_1: entered promiscuous mode [ 100.994556][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.002372][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.009963][ T5843] bridge_slave_0: entered allmulticast mode [ 101.018241][ T5843] bridge_slave_0: entered promiscuous mode [ 101.071108][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.078251][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.086473][ T5843] bridge_slave_1: entered allmulticast mode [ 101.094627][ T5843] bridge_slave_1: entered promiscuous mode [ 101.117100][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.124164][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.150379][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.206567][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.213740][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.240045][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.255000][ T5840] team0: Port device team_slave_0 added [ 101.265954][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.277919][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.297452][ T5840] team0: Port device team_slave_1 added [ 101.306171][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.335111][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.408907][ T5843] team0: Port device team_slave_0 added [ 101.433365][ T5842] team0: Port device team_slave_0 added [ 101.442492][ T5843] team0: Port device team_slave_1 added [ 101.465267][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.472533][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.499474][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.506082][ T5845] Bluetooth: hci0: command tx timeout [ 101.513986][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.523266][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.549345][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.563516][ T5842] team0: Port device team_slave_1 added [ 101.571214][ T5845] Bluetooth: hci1: command tx timeout [ 101.634405][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.641809][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.668658][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.686381][ T5837] hsr_slave_0: entered promiscuous mode [ 101.693627][ T5837] hsr_slave_1: entered promiscuous mode [ 101.731901][ T5845] Bluetooth: hci2: command tx timeout [ 101.734832][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.745799][ T5845] Bluetooth: hci3: command tx timeout [ 101.751537][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.778578][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.790511][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.797822][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.823979][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.871127][ T5840] hsr_slave_0: entered promiscuous mode [ 101.877685][ T5840] hsr_slave_1: entered promiscuous mode [ 101.884677][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.892543][ T5840] Cannot create hsr debugfs directory [ 101.898958][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.906031][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.932407][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.102389][ T5842] hsr_slave_0: entered promiscuous mode [ 102.109252][ T5842] hsr_slave_1: entered promiscuous mode [ 102.115856][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.123620][ T5842] Cannot create hsr debugfs directory [ 102.135195][ T5843] hsr_slave_0: entered promiscuous mode [ 102.141873][ T5843] hsr_slave_1: entered promiscuous mode [ 102.148122][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.155776][ T5843] Cannot create hsr debugfs directory [ 102.597712][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.612052][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.630193][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.643786][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.723834][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.765325][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.782850][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.804990][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.895269][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 102.914674][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 102.927103][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 102.940674][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 102.974348][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.075256][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.085909][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 103.099014][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 103.135465][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 103.147410][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 103.175400][ T142] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.182954][ T142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.208071][ T142] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.215237][ T142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.430874][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.446784][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.487253][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.510657][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.563173][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.570362][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.574477][ T5845] Bluetooth: hci0: command tx timeout [ 103.582934][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.583078][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.617116][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.624390][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.652050][ T5845] Bluetooth: hci1: command tx timeout [ 103.662952][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.670141][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.722523][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.742720][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.782897][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.811554][ T5845] Bluetooth: hci3: command tx timeout [ 103.817150][ T5845] Bluetooth: hci2: command tx timeout [ 103.828528][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.835736][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.879922][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.887110][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.990379][ T5837] veth0_vlan: entered promiscuous mode [ 104.073918][ T5837] veth1_vlan: entered promiscuous mode [ 104.257316][ T5837] veth0_macvtap: entered promiscuous mode [ 104.286730][ T5837] veth1_macvtap: entered promiscuous mode [ 104.344367][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.425733][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.466492][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.487223][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.515754][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.524921][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.535733][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.544614][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.557787][ T5840] veth0_vlan: entered promiscuous mode [ 104.589802][ T5840] veth1_vlan: entered promiscuous mode [ 104.632881][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.681992][ T5843] veth0_vlan: entered promiscuous mode [ 104.728417][ T5840] veth0_macvtap: entered promiscuous mode [ 104.775386][ T5843] veth1_vlan: entered promiscuous mode [ 104.789766][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.798988][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.814710][ T5840] veth1_macvtap: entered promiscuous mode [ 104.894546][ T5842] veth0_vlan: entered promiscuous mode [ 104.909004][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.920473][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.933484][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.942526][ T5883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.951225][ T5883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.955718][ T5843] veth0_macvtap: entered promiscuous mode [ 104.976386][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.987501][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.000184][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.010481][ T5843] veth1_macvtap: entered promiscuous mode [ 105.025144][ T5842] veth1_vlan: entered promiscuous mode [ 105.039891][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.056231][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.065240][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.074770][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.159542][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.170962][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.182527][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.193429][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.207645][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.224351][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.237881][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.248377][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.259383][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.270864][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.272420][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 105.339184][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.361867][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.370846][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.394613][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.446009][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.446485][ T5842] veth0_macvtap: entered promiscuous mode [ 105.467343][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.509364][ T5842] veth1_macvtap: entered promiscuous mode [ 105.589686][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.597838][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.644871][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.656604][ T5845] Bluetooth: hci0: command tx timeout [ 105.669713][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.680316][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.691334][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.701225][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.711799][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.725542][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.735346][ T5845] Bluetooth: hci1: command tx timeout [ 105.792605][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.808521][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.819286][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.834245][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.844286][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.855294][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.867510][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.892341][ T5845] Bluetooth: hci2: command tx timeout [ 105.897808][ T5845] Bluetooth: hci3: command tx timeout [ 105.915060][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.920879][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.937866][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.945790][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.947509][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.967510][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.073414][ T5900] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.183412][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.221110][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.343161][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.381140][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.539306][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.609917][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.712113][ T5903] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(36.134217728.3660302193), cmd(5) [ 107.021590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.088003][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 107.098535][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 107.662902][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.732632][ T5845] Bluetooth: hci0: command tx timeout [ 107.813061][ T5845] Bluetooth: hci1: command tx timeout [ 107.921730][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 107.972267][ T5845] Bluetooth: hci3: command tx timeout [ 107.977871][ T5150] Bluetooth: hci2: command tx timeout [ 108.413247][ T5942] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8'. [ 108.772942][ T5945] process 'syz.2.9' launched ':,' with NULL argv: empty string added [ 109.851182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 109.955617][ T5845] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 111.497928][ T5960] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12'. [ 111.510192][ T5960] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12'. [ 111.531475][ T5960] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12'. [ 111.561566][ T5960] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12'. [ 111.645943][ T5960] netlink: 342 bytes leftover after parsing attributes in process `syz.0.12'. [ 111.787454][ T5980] Invalid ELF header magic: != ELF [ 112.679300][ T5983] netlink: 20 bytes leftover after parsing attributes in process `syz.2.15'. [ 113.483247][ T5988] FAULT_INJECTION: forcing a failure. [ 113.483247][ T5988] name failslab, interval 1, probability 0, space 0, times 1 [ 113.535966][ T6016] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 113.598620][ T5988] CPU: 1 UID: 0 PID: 5988 Comm: syz.3.16 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 113.598668][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 113.598687][ T5988] Call Trace: [ 113.598698][ T5988] [ 113.598714][ T5988] dump_stack_lvl+0x16c/0x1f0 [ 113.598772][ T5988] should_fail_ex+0x512/0x640 [ 113.598808][ T5988] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 113.598862][ T5988] should_failslab+0xc2/0x120 [ 113.598893][ T5988] __kmalloc_cache_noprof+0x6a/0x3e0 [ 113.598937][ T5988] ? io_uring_setup+0x24f/0x2090 [ 113.598974][ T5988] io_uring_setup+0x24f/0x2090 [ 113.599010][ T5988] ? __pfx_io_uring_setup+0x10/0x10 [ 113.599040][ T5988] ? do_futex+0x122/0x350 [ 113.599086][ T5988] ? __pfx_do_futex+0x10/0x10 [ 113.599135][ T5988] ? find_held_lock+0x2b/0x80 [ 113.599194][ T5988] ? syscall_user_dispatch+0x78/0x140 [ 113.599238][ T5988] __x64_sys_io_uring_setup+0xc2/0x170 [ 113.599273][ T5988] do_syscall_64+0xcd/0x260 [ 113.599331][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.599364][ T5988] RIP: 0033:0x7f11a018d169 [ 113.599390][ T5988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.599420][ T5988] RSP: 002b:00007f11a0ff4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 113.599450][ T5988] RAX: ffffffffffffffda RBX: 00007f11a03a5fa0 RCX: 00007f11a018d169 [ 113.599470][ T5988] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 113.599487][ T5988] RBP: 00007f11a020e990 R08: 0000000000000000 R09: 0000000000000000 [ 113.599504][ T5988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.599522][ T5988] R13: 0000000000000000 R14: 00007f11a03a5fa0 R15: 00007ffefa30bd48 [ 113.599560][ T5988] [ 113.779867][ C1] vkms_vblank_simulate: vblank timer overrun [ 114.360310][ T5845] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 114.891334][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 114.901418][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 115.361381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.370059][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 117.210755][ T6068] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 117.324850][ T6070] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 117.554495][ T6071] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 117.783460][ T6055] netlink: 330 bytes leftover after parsing attributes in process `syz.2.24'. [ 117.851571][ T6055] Zero length message leads to an empty skb [ 118.209610][ T6083] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f953e476 pfn:0x78400 [ 118.263211][ T6083] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 118.312609][ T6083] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 118.361311][ T6083] raw: 00000007f953e476 0000000000000000 0000000400000002 0000000000000000 [ 118.370861][ T6083] page dumped because: unmovable page [ 118.482686][ T6083] page_owner tracks the page as allocated [ 118.545949][ T6083] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5833, tgid 5833 (syz-executor), ts 98877620358, free_ts 95437505151 [ 118.594898][ T6083] post_alloc_hook+0x181/0x1b0 [ 118.600781][ T6083] get_page_from_freelist+0x1193/0x39b0 [ 118.607094][ T6083] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 118.616308][ T6083] alloc_pages_mpol+0x1fb/0x550 [ 118.665374][ T6083] alloc_pages_noprof+0x131/0x390 [ 118.709220][ T6083] __vmalloc_node_range_noprof+0x732/0x1540 [ 118.731141][ T6083] vmalloc_user_noprof+0x6b/0x90 [ 118.743426][ T6083] kcov_ioctl+0x4c/0x730 [ 118.766028][ T6083] __x64_sys_ioctl+0x190/0x200 [ 118.781312][ T6083] do_syscall_64+0xcd/0x260 [ 118.781488][ T6085] could not allocate digest TFM handle [ 118.811461][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.818837][ T6083] page last free pid 5827 tgid 5827 stack trace: [ 118.825665][ T6083] __free_frozen_pages+0x69d/0xff0 [ 118.835798][ T6083] vfree+0x176/0x960 [ 118.842020][ T6083] kcov_close+0x34/0x60 [ 118.847572][ T6083] __fput+0x3ff/0xb70 [ 118.858347][ T6083] fput_close_sync+0x15e/0x1e0 [ 118.866398][ T6083] __x64_sys_close+0x8b/0x120 [ 118.873047][ T6083] do_syscall_64+0xcd/0x260 [ 118.879741][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.924117][ T6102] FAULT_INJECTION: forcing a failure. [ 119.924117][ T6102] name failslab, interval 1, probability 0, space 0, times 0 [ 119.948383][ T6102] CPU: 0 UID: 0 PID: 6102 Comm: syz.0.34 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 119.948426][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 119.948443][ T6102] Call Trace: [ 119.948453][ T6102] [ 119.948464][ T6102] dump_stack_lvl+0x16c/0x1f0 [ 119.948515][ T6102] should_fail_ex+0x512/0x640 [ 119.948550][ T6102] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 119.948598][ T6102] should_failslab+0xc2/0x120 [ 119.948627][ T6102] __kmalloc_cache_noprof+0x6a/0x3e0 [ 119.948669][ T6102] ? alloc_tty_struct+0x96/0x8c0 [ 119.948706][ T6102] alloc_tty_struct+0x96/0x8c0 [ 119.948738][ T6102] ? __pfx_alloc_tty_struct+0x10/0x10 [ 119.948781][ T6102] tty_init_dev.part.0+0x1e/0x500 [ 119.948814][ T6102] tty_open+0xa50/0xf90 [ 119.948846][ T6102] ? __pfx_tty_open+0x10/0x10 [ 119.948874][ T6102] ? chrdev_open+0x58c/0x6a0 [ 119.948939][ T6102] ? __pfx_tty_open+0x10/0x10 [ 119.948968][ T6102] chrdev_open+0x231/0x6a0 [ 119.949018][ T6102] ? __pfx_chrdev_open+0x10/0x10 [ 119.949072][ T6102] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 119.949133][ T6102] do_dentry_open+0x741/0x1c10 [ 119.949180][ T6102] ? __pfx_chrdev_open+0x10/0x10 [ 119.949239][ T6102] vfs_open+0x82/0x3f0 [ 119.949278][ T6102] path_openat+0x1e5e/0x2d40 [ 119.949342][ T6102] ? __pfx_path_openat+0x10/0x10 [ 119.949403][ T6102] do_filp_open+0x20b/0x470 [ 119.949452][ T6102] ? __pfx_do_filp_open+0x10/0x10 [ 119.949531][ T6102] ? alloc_fd+0x471/0x7d0 [ 119.949591][ T6102] do_sys_openat2+0x11b/0x1d0 [ 119.949626][ T6102] ? __pfx_do_sys_openat2+0x10/0x10 [ 119.949678][ T6102] __x64_sys_openat+0x174/0x210 [ 119.949714][ T6102] ? __pfx___x64_sys_openat+0x10/0x10 [ 119.949752][ T6102] ? rcu_is_watching+0x12/0xc0 [ 119.949805][ T6102] do_syscall_64+0xcd/0x260 [ 119.949858][ T6102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.949891][ T6102] RIP: 0033:0x7f54fb98d169 [ 119.949917][ T6102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.949947][ T6102] RSP: 002b:00007f54fc7b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 119.949976][ T6102] RAX: ffffffffffffffda RBX: 00007f54fbba5fa0 RCX: 00007f54fb98d169 [ 119.949998][ T6102] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 119.950018][ T6102] RBP: 00007f54fba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 119.950037][ T6102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.950057][ T6102] R13: 0000000000000000 R14: 00007f54fbba5fa0 R15: 00007ffcd64f4838 [ 119.950099][ T6102] [ 120.240315][ T6100] Invalid ELF header magic: != ELF [ 122.130539][ T6134] FAULT_INJECTION: forcing a failure. [ 122.130539][ T6134] name failslab, interval 1, probability 0, space 0, times 0 [ 122.146607][ T6134] CPU: 1 UID: 0 PID: 6134 Comm: syz.3.42 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 122.146653][ T6134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 122.146673][ T6134] Call Trace: [ 122.146691][ T6134] [ 122.146703][ T6134] dump_stack_lvl+0x16c/0x1f0 [ 122.146757][ T6134] should_fail_ex+0x512/0x640 [ 122.146793][ T6134] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 122.146843][ T6134] should_failslab+0xc2/0x120 [ 122.146873][ T6134] __kmalloc_cache_noprof+0x6a/0x3e0 [ 122.146918][ T6134] ? snd_seq_port_connect+0x61/0x550 [ 122.146973][ T6134] snd_seq_port_connect+0x61/0x550 [ 122.147021][ T6134] ? _raw_read_unlock+0x28/0x50 [ 122.147064][ T6134] ? check_subscription_permission.isra.0+0xf5/0x240 [ 122.147122][ T6134] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 122.147179][ T6134] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 122.147251][ T6134] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 122.147307][ T6134] snd_seq_oss_midi_open+0x442/0x660 [ 122.147347][ T6134] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 122.147397][ T6134] ? lockdep_hardirqs_on+0x7c/0x110 [ 122.147443][ T6134] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 122.147494][ T6134] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 122.147541][ T6134] snd_seq_oss_open+0x893/0xa20 [ 122.147600][ T6134] odev_open+0x6f/0x90 [ 122.147643][ T6134] ? __pfx_odev_open+0x10/0x10 [ 122.147693][ T6134] soundcore_open+0x409/0x580 [ 122.147741][ T6134] ? __pfx_soundcore_open+0x10/0x10 [ 122.147786][ T6134] chrdev_open+0x231/0x6a0 [ 122.147835][ T6134] ? __pfx_apparmor_file_open+0x10/0x10 [ 122.147876][ T6134] ? __pfx_chrdev_open+0x10/0x10 [ 122.147930][ T6134] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 122.147983][ T6134] do_dentry_open+0x741/0x1c10 [ 122.148029][ T6134] ? __pfx_chrdev_open+0x10/0x10 [ 122.148087][ T6134] vfs_open+0x82/0x3f0 [ 122.148125][ T6134] path_openat+0x1e5e/0x2d40 [ 122.148188][ T6134] ? __pfx_path_openat+0x10/0x10 [ 122.148247][ T6134] do_filp_open+0x20b/0x470 [ 122.148294][ T6134] ? __pfx_do_filp_open+0x10/0x10 [ 122.148372][ T6134] ? alloc_fd+0x471/0x7d0 [ 122.148428][ T6134] do_sys_openat2+0x11b/0x1d0 [ 122.148461][ T6134] ? __pfx_do_sys_openat2+0x10/0x10 [ 122.148498][ T6134] ? __pfx___might_resched+0x10/0x10 [ 122.148554][ T6134] __x64_sys_openat+0x174/0x210 [ 122.148590][ T6134] ? __pfx___x64_sys_openat+0x10/0x10 [ 122.148628][ T6134] ? rcu_is_watching+0x12/0xc0 [ 122.148679][ T6134] do_syscall_64+0xcd/0x260 [ 122.148736][ T6134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.148769][ T6134] RIP: 0033:0x7f11a018d169 [ 122.148794][ T6134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.148824][ T6134] RSP: 002b:00007f11a0ff4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 122.148854][ T6134] RAX: ffffffffffffffda RBX: 00007f11a03a5fa0 RCX: 00007f11a018d169 [ 122.148875][ T6134] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 122.148896][ T6134] RBP: 00007f11a020e990 R08: 0000000000000000 R09: 0000000000000000 [ 122.148915][ T6134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.148933][ T6134] R13: 0000000000000000 R14: 00007f11a03a5fa0 R15: 00007ffefa30bd48 [ 122.148976][ T6134] [ 122.470380][ C1] vkms_vblank_simulate: vblank timer overrun [ 123.044732][ T6141] FAULT_INJECTION: forcing a failure. [ 123.044732][ T6141] name failslab, interval 1, probability 0, space 0, times 0 [ 123.058147][ T6141] CPU: 1 UID: 0 PID: 6141 Comm: syz.2.44 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 123.058193][ T6141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 123.058212][ T6141] Call Trace: [ 123.058223][ T6141] [ 123.058235][ T6141] dump_stack_lvl+0x16c/0x1f0 [ 123.058289][ T6141] should_fail_ex+0x512/0x640 [ 123.058326][ T6141] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 123.058379][ T6141] should_failslab+0xc2/0x120 [ 123.058409][ T6141] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 123.058458][ T6141] ? __proc_create+0xc3/0x8c0 [ 123.058491][ T6141] ? __proc_create+0x2ce/0x8c0 [ 123.058531][ T6141] __proc_create+0x2ce/0x8c0 [ 123.058576][ T6141] ? __pfx___proc_create+0x10/0x10 [ 123.058616][ T6141] ? do_raw_spin_unlock+0x172/0x230 [ 123.058656][ T6141] ? _raw_spin_unlock+0x28/0x50 [ 123.058703][ T6141] proc_create_reg+0x7d/0x180 [ 123.058744][ T6141] proc_create_net_data+0x8e/0x1b0 [ 123.058782][ T6141] ? __pfx_proc_create_net_data+0x10/0x10 [ 123.058818][ T6141] ? __asan_memcpy+0x3c/0x60 [ 123.058863][ T6141] ? __pfx_unix_net_init+0x10/0x10 [ 123.058911][ T6141] ? __pfx_unix_net_init+0x10/0x10 [ 123.058957][ T6141] unix_net_init+0xb7/0x350 [ 123.059007][ T6141] ? __pfx_unix_net_init+0x10/0x10 [ 123.059053][ T6141] ops_init+0x1df/0x5f0 [ 123.059103][ T6141] setup_net+0x21e/0x850 [ 123.059152][ T6141] ? __pfx_setup_net+0x10/0x10 [ 123.059194][ T6141] ? lockdep_init_map_type+0x5c/0x280 [ 123.059225][ T6141] ? __pfx_down_read_killable+0x10/0x10 [ 123.059261][ T6141] ? debug_mutex_init+0x37/0x70 [ 123.059305][ T6141] copy_net_ns+0x2a6/0x5f0 [ 123.059359][ T6141] create_new_namespaces+0x3ea/0xad0 [ 123.059437][ T6141] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 123.059488][ T6141] ksys_unshare+0x45b/0xa40 [ 123.059540][ T6141] ? __pfx_ksys_unshare+0x10/0x10 [ 123.059593][ T6141] ? xfd_validate_state+0x5d/0x180 [ 123.059631][ T6141] ? rcu_is_watching+0x12/0xc0 [ 123.059682][ T6141] __x64_sys_unshare+0x31/0x40 [ 123.059733][ T6141] do_syscall_64+0xcd/0x260 [ 123.059785][ T6141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.059817][ T6141] RIP: 0033:0x7f2a4a18d169 [ 123.059844][ T6141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.059875][ T6141] RSP: 002b:00007f2a47ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 123.059905][ T6141] RAX: ffffffffffffffda RBX: 00007f2a4a3a5fa0 RCX: 00007f2a4a18d169 [ 123.059926][ T6141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 123.059944][ T6141] RBP: 00007f2a4a20e990 R08: 0000000000000000 R09: 0000000000000000 [ 123.059962][ T6141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.059980][ T6141] R13: 0000000000000000 R14: 00007f2a4a3a5fa0 R15: 00007ffe31aaa888 [ 123.060020][ T6141] [ 123.338204][ C1] vkms_vblank_simulate: vblank timer overrun [ 124.325553][ T6159] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.774857][ T6166] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 128.063829][ T30] audit: type=1326 audit(6039552542.099:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6198 comm="syz.0.54" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 128.211642][ T6209] netlink: 'syz.0.54': attribute type 2 has an invalid length. [ 128.221907][ T6209] netlink: 12 bytes leftover after parsing attributes in process `syz.0.54'. [ 132.754560][ T6264] FAULT_INJECTION: forcing a failure. [ 132.754560][ T6264] name failslab, interval 1, probability 0, space 0, times 0 [ 132.817661][ T6264] CPU: 0 UID: 0 PID: 6264 Comm: syz.0.65 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 132.817728][ T6264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.817759][ T6264] Call Trace: [ 132.817770][ T6264] [ 132.817781][ T6264] dump_stack_lvl+0x16c/0x1f0 [ 132.817837][ T6264] should_fail_ex+0x512/0x640 [ 132.817874][ T6264] ? __kmalloc_noprof+0xbf/0x510 [ 132.817926][ T6264] ? constrain_params_by_rules+0x175/0xca0 [ 132.817957][ T6264] should_failslab+0xc2/0x120 [ 132.817987][ T6264] __kmalloc_noprof+0xd2/0x510 [ 132.818048][ T6264] constrain_params_by_rules+0x175/0xca0 [ 132.818082][ T6264] ? mark_held_locks+0x49/0x80 [ 132.818132][ T6264] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.818174][ T6264] ? stack_depot_save_flags+0x3e6/0xa50 [ 132.818209][ T6264] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 132.818244][ T6264] ? __kasan_kmalloc+0xaa/0xb0 [ 132.818282][ T6264] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 132.818329][ T6264] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 132.818355][ T6264] ? snd_pcm_oss_ioctl+0x31aa/0x37a0 [ 132.818392][ T6264] ? rcu_is_watching+0x12/0xc0 [ 132.818426][ T6264] ? snd_interval_refine+0x2fa/0x580 [ 132.818466][ T6264] snd_pcm_hw_refine+0x7de/0xad0 [ 132.818500][ T6264] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 132.818542][ T6264] ? __asan_memset+0x23/0x50 [ 132.818602][ T6264] ? _snd_pcm_hw_param_min+0x259/0x630 [ 132.818660][ T6264] snd_pcm_oss_change_params_locked+0x65e/0x3b40 [ 132.818715][ T6264] ? preempt_count_sub+0x120/0x160 [ 132.818769][ T6264] ? __mutex_lock+0x1ca/0xb90 [ 132.818820][ T6264] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 132.818884][ T6264] ? __pfx___mutex_lock+0x10/0x10 [ 132.818947][ T6264] ? find_held_lock+0x2b/0x80 [ 132.818995][ T6264] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 132.819043][ T6264] snd_pcm_oss_ioctl+0x31aa/0x37a0 [ 132.819077][ T6264] ? find_held_lock+0x2b/0x80 [ 132.819118][ T6264] ? hook_file_ioctl_common+0x145/0x410 [ 132.819155][ T6264] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 132.819193][ T6264] ? __fget_files+0x20e/0x3c0 [ 132.819248][ T6264] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 132.819284][ T6264] __x64_sys_ioctl+0x190/0x200 [ 132.819326][ T6264] do_syscall_64+0xcd/0x260 [ 132.819378][ T6264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.819410][ T6264] RIP: 0033:0x7f54fb98d169 [ 132.819435][ T6264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.819465][ T6264] RSP: 002b:00007f54fc7b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 132.819494][ T6264] RAX: ffffffffffffffda RBX: 00007f54fbba5fa0 RCX: 00007f54fb98d169 [ 132.819515][ T6264] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000006 [ 132.819534][ T6264] RBP: 00007f54fba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 132.819553][ T6264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.819572][ T6264] R13: 0000000000000000 R14: 00007f54fbba5fa0 R15: 00007ffcd64f4838 [ 132.819614][ T6264] [ 133.215330][ T6241] netlink: 334 bytes leftover after parsing attributes in process `syz.1.60'. [ 133.286030][ T6258] svc: failed to register nfsdv3 RPC service (errno 512). [ 133.370170][ T6258] svc: failed to register nfsaclv3 RPC service (errno 111). [ 133.612309][ T6268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66'. [ 133.779280][ T5845] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 136.936015][ T6321] netlink: 28 bytes leftover after parsing attributes in process `syz.2.76'. [ 137.010441][ T6314] mmap: syz.3.71 (6314) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 137.107488][ T6321] veth0_macvtap: left promiscuous mode [ 137.242787][ T6305] netlink: 28 bytes leftover after parsing attributes in process `syz.1.73'. [ 137.301220][ T6305] macvtap0: entered promiscuous mode [ 137.357028][ T6305] macvtap0: entered allmulticast mode [ 137.371084][ T6305] veth0_macvtap: entered allmulticast mode [ 137.425646][ T6324] netlink: 'syz.0.75': attribute type 2 has an invalid length. [ 137.448478][ T6324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.75'. [ 138.071994][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.078648][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.342010][ T6328] random: crng reseeded on system resumption [ 138.482293][ T6331] netlink: 144 bytes leftover after parsing attributes in process `syz.1.78'. [ 139.002066][ T6346] ima: policy update failed [ 139.013079][ T30] audit: type=1802 audit(6039552561.037:3): pid=6346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.80" res=0 errno=0 [ 141.073127][ T6366] program syz.3.85 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.218593][ T6363] netlink: 'syz.1.83': attribute type 2 has an invalid length. [ 141.271643][ T6363] netlink: 12 bytes leftover after parsing attributes in process `syz.1.83'. [ 141.436983][ T6373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'. [ 145.833273][ T30] audit: type=1326 audit(6039552575.866:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6429 comm="syz.0.98" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 146.149097][ T6437] netlink: 'syz.0.98': attribute type 2 has an invalid length. [ 146.156786][ T6437] netlink: 12 bytes leftover after parsing attributes in process `syz.0.98'. [ 146.811155][ T6444] sd 0:0:1:0: PR command failed: 1026 [ 146.826104][ T6444] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 146.862818][ T6444] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 148.703170][ T30] audit: type=1326 audit(6039552578.736:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.0.109" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 148.724605][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.961791][ T6491] netlink: 'syz.0.109': attribute type 2 has an invalid length. [ 148.971514][ T6491] netlink: 12 bytes leftover after parsing attributes in process `syz.0.109'. [ 149.249287][ T6493] random: crng reseeded on system resumption [ 149.641376][ T6496] syz.1.113 uses obsolete (PF_INET,SOCK_PACKET) [ 150.488137][ T6499] FAULT_INJECTION: forcing a failure. [ 150.488137][ T6499] name failslab, interval 1, probability 0, space 0, times 0 [ 150.511189][ T6499] CPU: 0 UID: 0 PID: 6499 Comm: syz.0.114 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 150.511236][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 150.511255][ T6499] Call Trace: [ 150.511266][ T6499] [ 150.511278][ T6499] dump_stack_lvl+0x16c/0x1f0 [ 150.511329][ T6499] should_fail_ex+0x512/0x640 [ 150.511362][ T6499] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 150.511413][ T6499] should_failslab+0xc2/0x120 [ 150.511445][ T6499] __kmalloc_cache_noprof+0x6a/0x3e0 [ 150.511489][ T6499] ? audit_net_init+0x190/0x440 [ 150.511533][ T6499] ? uevent_net_init+0xd3/0x350 [ 150.511586][ T6499] uevent_net_init+0xd3/0x350 [ 150.511619][ T6499] ? __pfx_uevent_net_init+0x10/0x10 [ 150.511654][ T6499] ? __pfx_uevent_net_rcv+0x10/0x10 [ 150.511700][ T6499] ? __pfx_uevent_net_init+0x10/0x10 [ 150.511731][ T6499] ops_init+0x1df/0x5f0 [ 150.511783][ T6499] setup_net+0x21e/0x850 [ 150.511833][ T6499] ? __pfx_setup_net+0x10/0x10 [ 150.511877][ T6499] ? lockdep_init_map_type+0x5c/0x280 [ 150.511909][ T6499] ? __pfx_down_read_killable+0x10/0x10 [ 150.511947][ T6499] ? debug_mutex_init+0x37/0x70 [ 150.511992][ T6499] copy_net_ns+0x2a6/0x5f0 [ 150.512047][ T6499] create_new_namespaces+0x3ea/0xad0 [ 150.512103][ T6499] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 150.512153][ T6499] ksys_unshare+0x45b/0xa40 [ 150.512204][ T6499] ? __pfx_ksys_unshare+0x10/0x10 [ 150.512252][ T6499] ? xfd_validate_state+0x5d/0x180 [ 150.512290][ T6499] ? rcu_is_watching+0x12/0xc0 [ 150.512450][ T6499] __x64_sys_unshare+0x31/0x40 [ 150.512503][ T6499] do_syscall_64+0xcd/0x260 [ 150.512556][ T6499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.512590][ T6499] RIP: 0033:0x7f54fb98d169 [ 150.512624][ T6499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.512655][ T6499] RSP: 002b:00007f54fc7b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 150.512685][ T6499] RAX: ffffffffffffffda RBX: 00007f54fbba5fa0 RCX: 00007f54fb98d169 [ 150.512707][ T6499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 150.512727][ T6499] RBP: 00007f54fba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 150.512747][ T6499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.512767][ T6499] R13: 0000000000000000 R14: 00007f54fbba5fa0 R15: 00007ffcd64f4838 [ 150.512809][ T6499] [ 151.003049][ T6515] Device name cannot be null; rc = [-22] [ 152.906877][ T6555] netlink: 28 bytes leftover after parsing attributes in process `syz.1.126'. [ 155.147537][ T6569] netlink: 504 bytes leftover after parsing attributes in process `syz.3.130'. [ 155.747527][ T6565] delete_channel: no stack [ 155.905460][ T30] audit: type=1326 audit(6039552585.936:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.1.134" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb29158d169 code=0x0 [ 156.051058][ T30] audit: type=1326 audit(6039552586.076:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6581 comm="syz.3.133" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 156.591748][ T6593] netlink: 'syz.1.134': attribute type 2 has an invalid length. [ 156.599466][ T6593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.134'. [ 157.035479][ T6605] netlink: 'syz.3.133': attribute type 2 has an invalid length. [ 157.114855][ T6605] netlink: 12 bytes leftover after parsing attributes in process `syz.3.133'. [ 159.916616][ T6637] bridge0: port 3(team0) entered blocking state [ 159.960760][ T6637] bridge0: port 3(team0) entered disabled state [ 160.031249][ T6637] team0: entered allmulticast mode [ 160.036460][ T6637] team_slave_0: entered allmulticast mode [ 160.531295][ T6637] team_slave_1: entered allmulticast mode [ 160.540775][ T6637] team0: entered promiscuous mode [ 160.611157][ T6637] team_slave_0: entered promiscuous mode [ 160.617236][ T6637] team_slave_1: entered promiscuous mode [ 160.782468][ T6637] bridge0: port 3(team0) entered blocking state [ 160.789123][ T6637] bridge0: port 3(team0) entered forwarding state [ 162.261481][ T30] audit: type=1326 audit(6039552592.276:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6660 comm="syz.3.147" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 162.921740][ T6672] netlink: 'syz.3.147': attribute type 2 has an invalid length. [ 162.971977][ T6672] netlink: 12 bytes leftover after parsing attributes in process `syz.3.147'. [ 163.299182][ T6687] netlink: 'syz.0.152': attribute type 29 has an invalid length. [ 167.991362][ T6751] FAULT_INJECTION: forcing a failure. [ 167.991362][ T6751] name failslab, interval 1, probability 0, space 0, times 0 [ 168.011263][ T6751] CPU: 0 UID: 0 PID: 6751 Comm: syz.0.167 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 168.011315][ T6751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 168.011335][ T6751] Call Trace: [ 168.011346][ T6751] [ 168.011358][ T6751] dump_stack_lvl+0x16c/0x1f0 [ 168.011413][ T6751] should_fail_ex+0x512/0x640 [ 168.011448][ T6751] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 168.011502][ T6751] should_failslab+0xc2/0x120 [ 168.011532][ T6751] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 168.011581][ T6751] ? __kernfs_new_node+0xd2/0x8a0 [ 168.011639][ T6751] __kernfs_new_node+0xd2/0x8a0 [ 168.011694][ T6751] ? __pfx___kernfs_new_node+0x10/0x10 [ 168.011763][ T6751] ? find_held_lock+0x2b/0x80 [ 168.011805][ T6751] ? kernfs_root+0xee/0x2a0 [ 168.011862][ T6751] kernfs_new_node+0x13c/0x1e0 [ 168.011899][ T6751] __kernfs_create_file+0x53/0x350 [ 168.011947][ T6751] sysfs_add_file_mode_ns+0x207/0x3c0 [ 168.012007][ T6751] internal_create_group+0x578/0xf30 [ 168.012070][ T6751] ? __pfx_internal_create_group+0x10/0x10 [ 168.012196][ T6751] ? kernfs_create_link+0x1bd/0x240 [ 168.012251][ T6751] internal_create_groups+0x9d/0x150 [ 168.012311][ T6751] device_add+0x6d1/0x1a70 [ 168.012350][ T6751] ? __pfx_device_add+0x10/0x10 [ 168.012384][ T6751] ? lockdep_init_map_type+0x5c/0x280 [ 168.012418][ T6751] ? __init_waitqueue_head+0xca/0x150 [ 168.012467][ T6751] netdev_register_kobject+0x182/0x3a0 [ 168.012523][ T6751] register_netdevice+0x13dc/0x2270 [ 168.012580][ T6751] ? __pfx_register_netdevice+0x10/0x10 [ 168.012630][ T6751] ? alloc_netdev_mqs+0xe7e/0x1570 [ 168.012677][ T6751] ? __pfx_loopback_net_init+0x10/0x10 [ 168.012710][ T6751] register_netdev+0x34/0x50 [ 168.012756][ T6751] loopback_net_init+0x7a/0x170 [ 168.012788][ T6751] ? __pfx_loopback_net_init+0x10/0x10 [ 168.012819][ T6751] ops_init+0x1df/0x5f0 [ 168.012920][ T6751] setup_net+0x21e/0x850 [ 168.012975][ T6751] ? __pfx_setup_net+0x10/0x10 [ 168.013021][ T6751] ? lockdep_init_map_type+0x5c/0x280 [ 168.013053][ T6751] ? __pfx_down_read_killable+0x10/0x10 [ 168.013090][ T6751] ? debug_mutex_init+0x37/0x70 [ 168.013133][ T6751] copy_net_ns+0x2a6/0x5f0 [ 168.013187][ T6751] create_new_namespaces+0x3ea/0xad0 [ 168.013254][ T6751] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 168.013301][ T6751] ksys_unshare+0x45b/0xa40 [ 168.013344][ T6751] ? __pfx_ksys_unshare+0x10/0x10 [ 168.013383][ T6751] ? xfd_validate_state+0x5d/0x180 [ 168.013415][ T6751] ? rcu_is_watching+0x12/0xc0 [ 168.013456][ T6751] __x64_sys_unshare+0x31/0x40 [ 168.013497][ T6751] do_syscall_64+0xcd/0x260 [ 168.013539][ T6751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.013566][ T6751] RIP: 0033:0x7f54fb98d169 [ 168.013588][ T6751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.013613][ T6751] RSP: 002b:00007f54fc7b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 168.013639][ T6751] RAX: ffffffffffffffda RBX: 00007f54fbba5fa0 RCX: 00007f54fb98d169 [ 168.013656][ T6751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 168.013672][ T6751] RBP: 00007f54fba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 168.013688][ T6751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.013703][ T6751] R13: 0000000000000000 R14: 00007f54fbba5fa0 R15: 00007ffcd64f4838 [ 168.013737][ T6751] [ 168.352530][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.662451][ T6772] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 169.879160][ T30] audit: type=1326 audit(6039552599.906:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6773 comm="syz.0.172" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 170.080512][ T6783] netlink: 'syz.0.172': attribute type 2 has an invalid length. [ 170.095298][ T6783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.172'. [ 172.675018][ T6818] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 174.066012][ T30] audit: type=1326 audit(6039552604.086:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6831 comm="syz.2.186" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 174.087538][ C1] vkms_vblank_simulate: vblank timer overrun [ 174.257073][ T6837] netlink: 'syz.2.186': attribute type 2 has an invalid length. [ 174.304000][ T6837] netlink: 12 bytes leftover after parsing attributes in process `syz.2.186'. [ 174.960372][ T6849] [U] [ 174.963345][ T6849] [U] [ 174.966101][ T6849] [U] [ 174.968868][ T6849] [U] [ 175.026082][ T6849] [U] [ 175.028871][ T6849] [U] [ 175.031630][ T6849] [U] [ 175.034381][ T6849] [U] [ 175.056493][ T6849] [U] [ 175.059297][ T6849] [U] [ 175.062055][ T6849] [U] [ 175.064811][ T6849] [U] [ 175.082408][ T6849] [U] [ 175.085193][ T6849] [U] [ 175.087945][ T6849] [U] [ 175.090697][ T6849] [U] [ 175.229871][ T6849] [U] [ 175.232668][ T6849] [U] [ 175.235405][ T6849] [U] [ 175.238136][ T6849] [U] [ 175.289761][ T6849] [U] [ 175.292513][ T6849] [U] [ 175.295223][ T6849] [U] [ 175.297929][ T6849] [U] [ 175.347068][ T6849] [U] [ 175.349835][ T6849] [U] [ 175.352558][ T6849] [U] [ 175.355270][ T6849] [U] [ 175.440501][ T6849] [U] [ 175.443289][ T6849] [U] [ 175.446037][ T6849] [U] [ 175.734113][ T6848] [U] [ 176.224777][ T6867] Invalid ELF header magic: != ELF [ 178.437938][ T6879] FAULT_INJECTION: forcing a failure. [ 178.437938][ T6879] name failslab, interval 1, probability 0, space 0, times 0 [ 178.491244][ T6879] CPU: 0 UID: 0 PID: 6879 Comm: syz.3.196 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 178.491285][ T6879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 178.491306][ T6879] Call Trace: [ 178.491315][ T6879] [ 178.491328][ T6879] dump_stack_lvl+0x16c/0x1f0 [ 178.491377][ T6879] should_fail_ex+0x512/0x640 [ 178.491408][ T6879] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 178.491454][ T6879] should_failslab+0xc2/0x120 [ 178.491480][ T6879] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 178.491520][ T6879] ? __proc_create+0xc3/0x8c0 [ 178.491548][ T6879] ? __proc_create+0x2ce/0x8c0 [ 178.491581][ T6879] __proc_create+0x2ce/0x8c0 [ 178.491611][ T6879] ? __pfx___proc_create+0x10/0x10 [ 178.491637][ T6879] ? _raw_write_unlock+0x28/0x50 [ 178.491673][ T6879] ? proc_register+0x314/0x5f0 [ 178.491714][ T6879] _proc_mkdir+0xb9/0x200 [ 178.491744][ T6879] ? __pfx__proc_mkdir+0x10/0x10 [ 178.491782][ T6879] ? __pfx_netfilter_net_init+0x10/0x10 [ 178.491815][ T6879] netfilter_net_init+0x37b/0x4b0 [ 178.491846][ T6879] ? sysctl_net_init+0x27/0x30 [ 178.491886][ T6879] ops_init+0x1df/0x5f0 [ 178.491929][ T6879] setup_net+0x21e/0x850 [ 178.491970][ T6879] ? __pfx_setup_net+0x10/0x10 [ 178.492007][ T6879] ? lockdep_init_map_type+0x5c/0x280 [ 178.492034][ T6879] ? __pfx_down_read_killable+0x10/0x10 [ 178.492064][ T6879] ? debug_mutex_init+0x37/0x70 [ 178.492102][ T6879] copy_net_ns+0x2a6/0x5f0 [ 178.492148][ T6879] create_new_namespaces+0x3ea/0xad0 [ 178.492195][ T6879] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 178.492245][ T6879] ksys_unshare+0x45b/0xa40 [ 178.492287][ T6879] ? __pfx_ksys_unshare+0x10/0x10 [ 178.492327][ T6879] ? xfd_validate_state+0x5d/0x180 [ 178.492360][ T6879] ? rcu_is_watching+0x12/0xc0 [ 178.492403][ T6879] __x64_sys_unshare+0x31/0x40 [ 178.492444][ T6879] do_syscall_64+0xcd/0x260 [ 178.492488][ T6879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.492519][ T6879] RIP: 0033:0x7f11a018d169 [ 178.492541][ T6879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.492567][ T6879] RSP: 002b:00007f11a0ff4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 178.492593][ T6879] RAX: ffffffffffffffda RBX: 00007f11a03a5fa0 RCX: 00007f11a018d169 [ 178.492611][ T6879] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 178.492627][ T6879] RBP: 00007f11a020e990 R08: 0000000000000000 R09: 0000000000000000 [ 178.492643][ T6879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.492659][ T6879] R13: 0000000000000000 R14: 00007f11a03a5fa0 R15: 00007ffefa30bd48 [ 178.492695][ T6879] [ 178.492706][ T6879] cannot create netfilter proc entry [ 178.979473][ T30] audit: type=1326 audit(6039552609.006:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.2.198" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 179.006372][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.039936][ T6887] Invalid ELF header magic: != ELF [ 179.322033][ T6893] netlink: 'syz.2.198': attribute type 2 has an invalid length. [ 179.371133][ T6893] netlink: 12 bytes leftover after parsing attributes in process `syz.2.198'. [ 180.114671][ T6904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'. [ 180.402191][ T6912] FAULT_INJECTION: forcing a failure. [ 180.402191][ T6912] name failslab, interval 1, probability 0, space 0, times 0 [ 180.432763][ T6912] CPU: 0 UID: 0 PID: 6912 Comm: syz.3.203 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 180.432810][ T6912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 180.432837][ T6912] Call Trace: [ 180.432848][ T6912] [ 180.432859][ T6912] dump_stack_lvl+0x16c/0x1f0 [ 180.432912][ T6912] should_fail_ex+0x512/0x640 [ 180.432948][ T6912] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 180.433003][ T6912] should_failslab+0xc2/0x120 [ 180.433033][ T6912] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 180.433083][ T6912] ? find_inode_fast+0x1e9/0x600 [ 180.433118][ T6912] ? __d_alloc+0x31/0xaa0 [ 180.433153][ T6912] __d_alloc+0x31/0xaa0 [ 180.433188][ T6912] d_alloc_pseudo+0x1c/0xc0 [ 180.433226][ T6912] alloc_file_pseudo_noaccount+0xcf/0x230 [ 180.433267][ T6912] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 180.433303][ T6912] ? iput+0xd3/0x880 [ 180.433345][ T6912] bdev_file_open_by_dev+0x13e/0x210 [ 180.433386][ T6912] blkdev_bszset+0x170/0x240 [ 180.433435][ T6912] ? __pfx_blkdev_bszset+0x10/0x10 [ 180.433485][ T6912] ? find_held_lock+0x2b/0x80 [ 180.433525][ T6912] ? hook_file_ioctl_common+0x145/0x410 [ 180.433564][ T6912] blkdev_ioctl+0x44e/0x6d0 [ 180.433615][ T6912] ? __pfx_blkdev_ioctl+0x10/0x10 [ 180.433671][ T6912] ? __pfx_blkdev_ioctl+0x10/0x10 [ 180.433723][ T6912] __x64_sys_ioctl+0x190/0x200 [ 180.433765][ T6912] do_syscall_64+0xcd/0x260 [ 180.433835][ T6912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.433866][ T6912] RIP: 0033:0x7f11a018d169 [ 180.433893][ T6912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.433924][ T6912] RSP: 002b:00007f11a0fd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.433955][ T6912] RAX: ffffffffffffffda RBX: 00007f11a03a6080 RCX: 00007f11a018d169 [ 180.433975][ T6912] RDX: 0000200000000600 RSI: 0000000040081271 RDI: 0000000000000008 [ 180.433994][ T6912] RBP: 00007f11a020e990 R08: 0000000000000000 R09: 0000000000000000 [ 180.434012][ T6912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.434029][ T6912] R13: 0000000000000000 R14: 00007f11a03a6080 R15: 00007ffefa30bd48 [ 180.434068][ T6912] [ 181.163748][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.1.204'. [ 181.221746][ T6923] input: f0?\hՐJL'$d)KLo1oN0ø.m)$cj@qwR=X as /devices/virtual/input/input9 [ 181.285119][ T6906] netlink: 28 bytes leftover after parsing attributes in process `syz.0.200'. [ 182.741222][ T6947] netlink: 1544 bytes leftover after parsing attributes in process `syz.0.211'. [ 183.547353][ T6956] erspan0: entered allmulticast mode [ 183.897406][ T6959] netlink: 'syz.0.214': attribute type 1 has an invalid length. [ 183.906691][ T6959] nbd: error processing sock list [ 184.461204][ T6972] netlink: 16 bytes leftover after parsing attributes in process `syz.1.216'. [ 185.402632][ T6983] netlink: 98 bytes leftover after parsing attributes in process `syz.3.219'. [ 186.047097][ T6990] netlink: 80 bytes leftover after parsing attributes in process `syz.3.221'. [ 186.163033][ T6992] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 186.172295][ T6992] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 186.223778][ T6992] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 186.286913][ T6992] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 186.297201][ T6992] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 186.344754][ T6992] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 186.371272][ T6992] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 186.381784][ T6992] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 186.389810][ T6994] netlink: 338 bytes leftover after parsing attributes in process `syz.1.222'. [ 186.413998][ T6994] netlink: 338 bytes leftover after parsing attributes in process `syz.1.222'. [ 186.425264][ T6992] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 186.443167][ T6992] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 186.452398][ T6992] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 186.555611][ T6992] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 186.790779][ T7002] usbip-vudc usbip-vudc.0: gadget not bound [ 186.804520][ T7002] FAULT_INJECTION: forcing a failure. [ 186.804520][ T7002] name failslab, interval 1, probability 0, space 0, times 0 [ 186.857800][ T7002] CPU: 0 UID: 0 PID: 7002 Comm: syz.3.224 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 186.857837][ T7002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 186.857853][ T7002] Call Trace: [ 186.857861][ T7002] [ 186.857871][ T7002] dump_stack_lvl+0x16c/0x1f0 [ 186.857915][ T7002] should_fail_ex+0x512/0x640 [ 186.857944][ T7002] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 186.857990][ T7002] should_failslab+0xc2/0x120 [ 186.858014][ T7002] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 186.858054][ T7002] ? security_socket_post_create+0x21d/0x260 [ 186.858081][ T7002] ? __d_alloc+0x31/0xaa0 [ 186.858110][ T7002] __d_alloc+0x31/0xaa0 [ 186.858139][ T7002] d_alloc_pseudo+0x1c/0xc0 [ 186.858170][ T7002] alloc_file_pseudo+0xcf/0x230 [ 186.858201][ T7002] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 186.858231][ T7002] ? alloc_fd+0x471/0x7d0 [ 186.858274][ T7002] sock_alloc_file+0x50/0x210 [ 186.858314][ T7002] __sys_socket+0x1c0/0x260 [ 186.858346][ T7002] ? __pfx___sys_socket+0x10/0x10 [ 186.858373][ T7002] ? rcu_is_watching+0x12/0xc0 [ 186.858414][ T7002] __x64_sys_socket+0x72/0xb0 [ 186.858438][ T7002] ? lockdep_hardirqs_on+0x7c/0x110 [ 186.858476][ T7002] do_syscall_64+0xcd/0x260 [ 186.858518][ T7002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.858545][ T7002] RIP: 0033:0x7f11a018d169 [ 186.858565][ T7002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.858591][ T7002] RSP: 002b:00007f11a0ff4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 186.858615][ T7002] RAX: ffffffffffffffda RBX: 00007f11a03a5fa0 RCX: 00007f11a018d169 [ 186.858632][ T7002] RDX: 0000000000000100 RSI: 0000000000000801 RDI: 0000000000000002 [ 186.858647][ T7002] RBP: 00007f11a020e990 R08: 0000000000000000 R09: 0000000000000000 [ 186.858662][ T7002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.858677][ T7002] R13: 0000000000000000 R14: 00007f11a03a5fa0 R15: 00007ffefa30bd48 [ 186.858711][ T7002] [ 187.177776][ T7011] netlink: 28 bytes leftover after parsing attributes in process `syz.0.227'. [ 187.188442][ T7011] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 187.292122][ T7011] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 187.506725][ T7017] netlink: 28 bytes leftover after parsing attributes in process `syz.3.229'. [ 187.706742][ T7016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.229'. [ 187.764899][ T7015] ovs_: entered promiscuous mode [ 188.231399][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.291144][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.411742][ T7033] [U]  [ 188.414600][ T7033] [U] [ 188.417327][ T7033] [U] [ 188.420055][ T7033] [U] [ 188.451313][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.451324][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 188.467204][ T7033] [U] [ 188.469973][ T7033] [U] [ 188.472720][ T7033] [U] [ 188.475468][ T7033] [U] [ 188.508665][ T7033] [U] [ 188.511457][ T7033] [U] [ 188.514219][ T7033] [U] [ 188.516973][ T7033] [U] [ 188.534981][ T7033] [U] [ 188.537765][ T7033] [U] [ 188.540514][ T7033] [U] [ 188.543268][ T7033] [U] [ 188.559448][ T7033] [U] [ 188.562226][ T7033] [U] [ 188.564964][ T7033] [U] [ 188.567687][ T7033] [U] [ 188.583670][ T7033] [U] [ 188.586441][ T7033] [U] [ 188.589177][ T7033] [U] [ 188.591915][ T7033] [U] [ 188.643795][ T7033] [U] [ 188.646591][ T7033] [U] [ 188.649340][ T7033] [U] [ 188.652080][ T7033] [U] [ 188.734507][ T7033] [U] [ 188.737301][ T7033] [U] [ 188.740063][ T7033] [U] [ 188.742906][ T7033] [U] [ 188.797500][ T7033] [U] [ 188.800304][ T7033] [U] [ 188.803036][ T7033] [U] [ 188.805759][ T7033] [U] [ 188.837567][ T7033] [U] [ 188.840349][ T7033] [U] [ 188.843115][ T7033] [U] [ 188.845877][ T7033] [U] [ 188.849791][ T7033] [U] [ 188.852560][ T7033] [U] [ 188.855298][ T7033] [U] [ 188.858044][ T7033] [U] [ 188.862442][ T7033] [U] [ 188.865221][ T7033] [U] [ 188.867985][ T7033] [U] [ 188.870735][ T7033] [U] [ 189.001472][ T7033] [U] [ 189.004276][ T7033] [U] [ 189.007118][ T7033] [U] [ 189.009943][ T7033] [U] [ 189.015602][ T7033] [U] [ 189.018475][ T7033] [U] [ 189.021233][ T7033] [U] [ 189.024028][ T7033] [U] [ 189.081563][ T7033] [U] [ 189.084446][ T7033] [U] [ 189.087195][ T7033] [U] [ 189.089948][ T7033] [U] [ 189.122574][ T7033] [U] [ 189.125347][ T7033] [U] [ 189.128112][ T7033] [U] [ 189.130874][ T7033] [U] [ 189.168818][ T7033] [U] [ 189.171613][ T7033] [U] [ 189.174365][ T7033] [U] [ 189.177142][ T7033] [U] [ 189.389234][ T7033] [U] [ 189.554302][ T7067] FAULT_INJECTION: forcing a failure. [ 189.554302][ T7067] name failslab, interval 1, probability 0, space 0, times 0 [ 189.588744][ T7067] CPU: 0 UID: 0 PID: 7067 Comm: syz.2.240 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 189.588789][ T7067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 189.588809][ T7067] Call Trace: [ 189.588821][ T7067] [ 189.588833][ T7067] dump_stack_lvl+0x16c/0x1f0 [ 189.588893][ T7067] should_fail_ex+0x512/0x640 [ 189.588930][ T7067] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 189.588978][ T7067] should_failslab+0xc2/0x120 [ 189.589008][ T7067] __kmalloc_cache_noprof+0x6a/0x3e0 [ 189.589053][ T7067] ? v4l2_m2m_ctx_init+0x4d/0x380 [ 189.589110][ T7067] ? __pfx_queue_init+0x10/0x10 [ 189.589157][ T7067] v4l2_m2m_ctx_init+0x4d/0x380 [ 189.589210][ T7067] vicodec_open+0xb1a/0xf90 [ 189.589266][ T7067] v4l2_open+0x222/0x490 [ 189.589313][ T7067] ? __pfx_v4l2_open+0x10/0x10 [ 189.589361][ T7067] chrdev_open+0x231/0x6a0 [ 189.589409][ T7067] ? __pfx_apparmor_file_open+0x10/0x10 [ 189.589449][ T7067] ? __pfx_chrdev_open+0x10/0x10 [ 189.589501][ T7067] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 189.589555][ T7067] do_dentry_open+0x741/0x1c10 [ 189.589602][ T7067] ? __pfx_chrdev_open+0x10/0x10 [ 189.589660][ T7067] vfs_open+0x82/0x3f0 [ 189.589698][ T7067] path_openat+0x1e5e/0x2d40 [ 189.589761][ T7067] ? __pfx_path_openat+0x10/0x10 [ 189.589819][ T7067] do_filp_open+0x20b/0x470 [ 189.589867][ T7067] ? __pfx_do_filp_open+0x10/0x10 [ 189.589946][ T7067] ? alloc_fd+0x471/0x7d0 [ 189.590003][ T7067] do_sys_openat2+0x11b/0x1d0 [ 189.590037][ T7067] ? __pfx_do_sys_openat2+0x10/0x10 [ 189.590096][ T7067] __x64_sys_openat+0x174/0x210 [ 189.590143][ T7067] ? __pfx___x64_sys_openat+0x10/0x10 [ 189.590179][ T7067] ? rcu_is_watching+0x12/0xc0 [ 189.590229][ T7067] do_syscall_64+0xcd/0x260 [ 189.590279][ T7067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.590310][ T7067] RIP: 0033:0x7f2a4a18d169 [ 189.590335][ T7067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.590365][ T7067] RSP: 002b:00007f2a47ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 189.590395][ T7067] RAX: ffffffffffffffda RBX: 00007f2a4a3a5fa0 RCX: 00007f2a4a18d169 [ 189.590414][ T7067] RDX: 00000000001ab442 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 189.590433][ T7067] RBP: 00007f2a4a20e990 R08: 0000000000000000 R09: 0000000000000000 [ 189.590451][ T7067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.590468][ T7067] R13: 0000000000000000 R14: 00007f2a4a3a5fa0 R15: 00007ffe31aaa888 [ 189.590508][ T7067] [ 190.291138][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 190.371211][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 190.401772][ T30] audit: type=1326 audit(6039552620.426:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7071 comm="syz.1.242" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb29158d169 code=0x0 [ 190.530515][ T30] audit: type=1326 audit(6039552620.556:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7070 comm="syz.3.241" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 190.554687][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 190.561097][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 190.728211][ T5845] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 190.760633][ T7079] netlink: 'syz.1.242': attribute type 2 has an invalid length. [ 190.831270][ T7079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.242'. [ 190.979351][ T7093] netlink: 'syz.3.241': attribute type 2 has an invalid length. [ 191.013147][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.3.241'. [ 191.394379][ T30] audit: type=1800 audit(6039552621.416:14): pid=7085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.245" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 191.414319][ C1] vkms_vblank_simulate: vblank timer overrun [ 192.371318][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 192.452098][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 192.581490][ T7104] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input10 [ 192.618472][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.618486][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 193.993200][ T7138] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 195.484905][ T7160] Invalid ELF header magic: != ELF [ 195.831629][ T30] audit: type=1326 audit(6039552625.866:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7173 comm="syz.0.260" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 197.014632][ T7181] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 197.096281][ T7181] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 198.509643][ T30] audit: type=1326 audit(6039552628.536:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7209 comm="syz.2.269" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 198.716859][ T7217] netlink: 'syz.2.269': attribute type 2 has an invalid length. [ 198.736814][ T7217] netlink: 12 bytes leftover after parsing attributes in process `syz.2.269'. [ 199.511689][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.518062][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.212924][ T7233] capability: warning: `syz.2.272' uses 32-bit capabilities (legacy support in use) [ 200.748736][ T7244] netlink: 93 bytes leftover after parsing attributes in process `syz.2.273'. [ 201.672430][ T7264] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 203.069765][ T7276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.280'. [ 203.374822][ T30] audit: type=1800 audit(6039552633.396:17): pid=7282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.281" name="SYSV08000400" dev="tmpfs" ino=0 res=0 errno=0 [ 204.088786][ T7298] netlink: 504 bytes leftover after parsing attributes in process `syz.0.286'. [ 204.143176][ T7298] netlink: 350 bytes leftover after parsing attributes in process `syz.0.286'. [ 204.167624][ T7300] FAULT_INJECTION: forcing a failure. [ 204.167624][ T7300] name fail_futex, interval 1, probability 0, space 0, times 1 [ 204.242661][ T7300] CPU: 0 UID: 0 PID: 7300 Comm: syz.2.287 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 204.242700][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 204.242716][ T7300] Call Trace: [ 204.242726][ T7300] [ 204.242737][ T7300] dump_stack_lvl+0x16c/0x1f0 [ 204.242789][ T7300] should_fail_ex+0x512/0x640 [ 204.242831][ T7300] get_futex_key+0x49e/0x1000 [ 204.242875][ T7300] ? __pfx_direct_splice_actor+0x10/0x10 [ 204.242923][ T7300] ? __pfx_get_futex_key+0x10/0x10 [ 204.242974][ T7300] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 204.243030][ T7300] futex_wake+0xe7/0x4e0 [ 204.243058][ T7300] ? do_splice_direct+0x1b4/0x240 [ 204.243102][ T7300] ? __pfx_futex_wake+0x10/0x10 [ 204.243141][ T7300] ? rw_verify_area+0xcf/0x680 [ 204.243185][ T7300] do_futex+0x1e3/0x350 [ 204.243230][ T7300] ? __pfx_do_futex+0x10/0x10 [ 204.243276][ T7300] ? __pfx_do_sendfile+0x10/0x10 [ 204.243324][ T7300] __x64_sys_futex+0x1e0/0x4c0 [ 204.243374][ T7300] ? __pfx___x64_sys_futex+0x10/0x10 [ 204.243422][ T7300] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 204.243451][ T7300] ? rcu_is_watching+0x12/0xc0 [ 204.243502][ T7300] do_syscall_64+0xcd/0x260 [ 204.243553][ T7300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.243579][ T7300] RIP: 0033:0x7f2a4a18d169 [ 204.243601][ T7300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.243626][ T7300] RSP: 002b:00007f2a47ff60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 204.243650][ T7300] RAX: ffffffffffffffda RBX: 00007f2a4a3a5fa8 RCX: 00007f2a4a18d169 [ 204.243667][ T7300] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2a4a3a5fac [ 204.243683][ T7300] RBP: 00007f2a4a3a5fa0 R08: 00007f2a4aef4000 R09: 0000000000000000 [ 204.243699][ T7300] R10: 0000000000000001 R11: 0000000000000246 R12: 00007f2a4a3a5fac [ 204.243714][ T7300] R13: 0000000000000000 R14: 00007ffe31aaa7a0 R15: 00007ffe31aaa888 [ 204.243748][ T7300] [ 205.599671][ T7319] Invalid ELF header magic: != ELF [ 205.705888][ T7318] .SR: entered promiscuous mode [ 206.591686][ T7325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.294'. [ 206.613997][ T7325] netlink: 25 bytes leftover after parsing attributes in process `syz.2.294'. [ 208.768823][ T7352] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ=85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)>5ޡsj1 not available [ 208.838602][ T7359] Invalid ELF header magic: != ELF [ 211.091383][ T7378] bridge0: port 3(team0) entered blocking state [ 211.097886][ T7378] bridge0: port 3(team0) entered disabled state [ 211.116314][ T7378] team0: entered allmulticast mode [ 211.126179][ T7378] team_slave_0: entered allmulticast mode [ 211.133885][ T7378] team_slave_1: entered allmulticast mode [ 211.199995][ T7378] team0: entered promiscuous mode [ 211.271296][ T7378] team_slave_0: entered promiscuous mode [ 211.331601][ T7378] team_slave_1: entered promiscuous mode [ 211.405093][ T7378] bridge0: port 3(team0) entered blocking state [ 211.412409][ T7378] bridge0: port 3(team0) entered forwarding state [ 212.530778][ T7398] Invalid ELF header magic: != ELF [ 213.347247][ T30] audit: type=1326 audit(6039552643.366:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7404 comm="syz.2.310" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 213.368735][ C1] vkms_vblank_simulate: vblank timer overrun [ 213.861156][ T7413] netlink: 'syz.2.310': attribute type 2 has an invalid length. [ 213.879168][ T7413] netlink: 12 bytes leftover after parsing attributes in process `syz.2.310'. [ 214.578349][ T7396] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ<85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)> not available [ 215.815710][ T7434] netlink: 338 bytes leftover after parsing attributes in process `syz.3.315'. [ 215.985384][ T7437] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 216.332826][ T7444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.319'. [ 216.362612][ T7443] netlink: 'syz.0.317': attribute type 10 has an invalid length. [ 216.391227][ T7444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.433810][ T7443] netlink: 230 bytes leftover after parsing attributes in process `syz.0.317'. [ 216.484466][ T7445] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 216.764552][ T30] audit: type=1326 audit(6039552646.796:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7446 comm="syz.2.321" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 216.786083][ C1] vkms_vblank_simulate: vblank timer overrun [ 216.836701][ T7444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.886308][ T7459] netlink: 'syz.2.321': attribute type 2 has an invalid length. [ 216.895600][ T7459] netlink: 12 bytes leftover after parsing attributes in process `syz.2.321'. [ 217.107043][ T7443] bond0: (slave bond_slave_1): Releasing backup interface [ 217.756995][ T7465] netlink: 326 bytes leftover after parsing attributes in process `syz.2.322'. [ 219.591167][ T30] audit: type=1326 audit(6039552649.616:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7499 comm="syz.2.331" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 219.791673][ T7511] netlink: 'syz.2.331': attribute type 2 has an invalid length. [ 219.841029][ T7511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.331'. [ 222.309226][ T7533] netlink: 20 bytes leftover after parsing attributes in process `syz.2.336'. [ 223.877667][ T7566] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input12 [ 223.922805][ T7568] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 224.790767][ T7580] Invalid ELF header magic: != ELF [ 225.696409][ T7597] FAULT_INJECTION: forcing a failure. [ 225.696409][ T7597] name failslab, interval 1, probability 0, space 0, times 0 [ 225.780772][ T7597] CPU: 0 UID: 0 PID: 7597 Comm: syz.2.347 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 225.780819][ T7597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 225.780838][ T7597] Call Trace: [ 225.780848][ T7597] [ 225.780860][ T7597] dump_stack_lvl+0x16c/0x1f0 [ 225.780916][ T7597] should_fail_ex+0x512/0x640 [ 225.780958][ T7597] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 225.781005][ T7597] should_failslab+0xc2/0x120 [ 225.781034][ T7597] __kmalloc_cache_noprof+0x6a/0x3e0 [ 225.781079][ T7597] ? snd_midi_event_new+0x6f/0x210 [ 225.781134][ T7597] snd_midi_event_new+0x6f/0x210 [ 225.781183][ T7597] snd_virmidi_input_open+0x107/0x4a0 [ 225.781252][ T7597] open_substream+0x478/0x9b0 [ 225.781291][ T7597] rawmidi_open_priv+0x513/0x6e0 [ 225.781336][ T7597] snd_rawmidi_open+0x4cc/0xbf0 [ 225.781382][ T7597] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 225.781423][ T7597] ? __pfx_default_wake_function+0x10/0x10 [ 225.781472][ T7597] ? kobject_get_unless_zero+0x156/0x1e0 [ 225.781529][ T7597] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 225.781567][ T7597] snd_open+0x1fe/0x450 [ 225.781615][ T7597] ? __pfx_snd_open+0x10/0x10 [ 225.781661][ T7597] chrdev_open+0x231/0x6a0 [ 225.781711][ T7597] ? __pfx_apparmor_file_open+0x10/0x10 [ 225.781753][ T7597] ? __pfx_chrdev_open+0x10/0x10 [ 225.781809][ T7597] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 225.781863][ T7597] do_dentry_open+0x741/0x1c10 [ 225.781912][ T7597] ? __pfx_chrdev_open+0x10/0x10 [ 225.781971][ T7597] vfs_open+0x82/0x3f0 [ 225.782009][ T7597] path_openat+0x1e5e/0x2d40 [ 225.782074][ T7597] ? __pfx_path_openat+0x10/0x10 [ 225.782133][ T7597] do_filp_open+0x20b/0x470 [ 225.782183][ T7597] ? __pfx_do_filp_open+0x10/0x10 [ 225.782277][ T7597] ? alloc_fd+0x471/0x7d0 [ 225.782336][ T7597] do_sys_openat2+0x11b/0x1d0 [ 225.782371][ T7597] ? __pfx_do_sys_openat2+0x10/0x10 [ 225.782423][ T7597] __x64_sys_openat+0x174/0x210 [ 225.782459][ T7597] ? __pfx___x64_sys_openat+0x10/0x10 [ 225.782497][ T7597] ? rcu_is_watching+0x12/0xc0 [ 225.782549][ T7597] do_syscall_64+0xcd/0x260 [ 225.782600][ T7597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.782633][ T7597] RIP: 0033:0x7f2a4a18d169 [ 225.782658][ T7597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.782689][ T7597] RSP: 002b:00007f2a47fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 225.782719][ T7597] RAX: ffffffffffffffda RBX: 00007f2a4a3a6160 RCX: 00007f2a4a18d169 [ 225.782739][ T7597] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 225.782759][ T7597] RBP: 00007f2a4a20e990 R08: 0000000000000000 R09: 0000000000000000 [ 225.782778][ T7597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.782796][ T7597] R13: 0000000000000000 R14: 00007f2a4a3a6160 R15: 00007ffe31aaa888 [ 225.782836][ T7597] [ 226.589251][ T7603] page: refcount:5 mapcount:4 mapping:0000000000000000 index:0x7f953e476 pfn:0x78400 [ 226.602548][ T7603] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 226.630648][ T7603] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 226.672393][ T7603] raw: 00000007f953e476 0000000000000000 0000000500000003 0000000000000000 [ 226.722060][ T7611] Invalid ELF header magic: != ELF [ 226.758728][ T7607] .SR: entered promiscuous mode [ 226.776056][ T7603] page dumped because: unmovable page [ 226.805527][ T7603] page_owner tracks the page as allocated [ 226.821212][ T7604] could not allocate digest TFM handle [ 226.831131][ T7603] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5833, tgid 5833 (syz-executor), ts 98877620358, free_ts 95437505151 [ 226.931007][ T7603] post_alloc_hook+0x181/0x1b0 [ 226.935885][ T7603] get_page_from_freelist+0x1193/0x39b0 [ 226.979903][ T7603] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 226.993268][ T7603] alloc_pages_mpol+0x1fb/0x550 [ 226.999263][ T7603] alloc_pages_noprof+0x131/0x390 [ 227.004766][ T7603] __vmalloc_node_range_noprof+0x732/0x1540 [ 227.020745][ T7603] vmalloc_user_noprof+0x6b/0x90 [ 227.026282][ T7603] kcov_ioctl+0x4c/0x730 [ 227.036666][ T7603] __x64_sys_ioctl+0x190/0x200 [ 227.041967][ T7603] do_syscall_64+0xcd/0x260 [ 227.056792][ T7603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.063212][ T7603] page last free pid 5827 tgid 5827 stack trace: [ 227.089961][ T7603] __free_frozen_pages+0x69d/0xff0 [ 227.097346][ T7603] vfree+0x176/0x960 [ 227.102453][ T7603] kcov_close+0x34/0x60 [ 227.107033][ T7603] __fput+0x3ff/0xb70 [ 227.125406][ T7603] fput_close_sync+0x15e/0x1e0 [ 227.130325][ T7603] __x64_sys_close+0x8b/0x120 [ 227.135200][ T7603] do_syscall_64+0xcd/0x260 [ 227.139912][ T7603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.459247][ T7667] could not allocate digest TFM handle [ 232.739854][ T30] audit: type=1326 audit(6039552662.766:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7695 comm="syz.0.368" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 232.970595][ T7703] netlink: 'syz.0.368': attribute type 2 has an invalid length. [ 232.987665][ T7703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.368'. [ 234.458239][ T7724] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 237.570174][ T30] audit: type=1326 audit(6039560467.594:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7745 comm="syz.0.380" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 237.591702][ C1] vkms_vblank_simulate: vblank timer overrun [ 238.057217][ T7754] netlink: 'syz.0.380': attribute type 2 has an invalid length. [ 238.065168][ T7754] netlink: 12 bytes leftover after parsing attributes in process `syz.0.380'. [ 241.872106][ T7825] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 241.878907][ T7825] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 249.784207][ T30] audit: type=1326 audit(6039560479.814:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7907 comm="syz.0.406" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 249.817122][ T7906] Line length is too long: Should be less than 4094 [ 250.023779][ T7914] netlink: 'syz.0.406': attribute type 2 has an invalid length. [ 250.042785][ T7914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.406'. [ 252.673098][ T7939] syz.3.407 (7939) used greatest stack depth: 21256 bytes left [ 253.891938][ T7925] syz.3.407 (7925) used greatest stack depth: 20280 bytes left [ 254.872341][ T7972] FAULT_INJECTION: forcing a failure. [ 254.872341][ T7972] name failslab, interval 1, probability 0, space 0, times 0 [ 254.911031][ T7972] CPU: 0 UID: 0 PID: 7972 Comm: syz.0.418 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 254.911076][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 254.911095][ T7972] Call Trace: [ 254.911105][ T7972] [ 254.911117][ T7972] dump_stack_lvl+0x16c/0x1f0 [ 254.911170][ T7972] should_fail_ex+0x512/0x640 [ 254.911206][ T7972] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 254.911263][ T7972] should_failslab+0xc2/0x120 [ 254.911293][ T7972] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 254.911349][ T7972] ? mas_alloc_nodes+0x18b/0x8b0 [ 254.911399][ T7972] mas_alloc_nodes+0x18b/0x8b0 [ 254.911450][ T7972] mas_node_count_gfp+0x105/0x130 [ 254.911494][ T7972] mas_preallocate+0x53e/0xcd0 [ 254.911528][ T7972] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 254.911565][ T7972] ? __pfx_mas_preallocate+0x10/0x10 [ 254.911612][ T7972] ? anon_vma_name+0x75/0x100 [ 254.911653][ T7972] __split_vma+0x33b/0x1030 [ 254.911706][ T7972] ? __pfx___split_vma+0x10/0x10 [ 254.911773][ T7972] vma_modify+0x33f/0x410 [ 254.911824][ T7972] vma_modify_policy+0x219/0x2d0 [ 254.911874][ T7972] ? __pfx_vma_modify_policy+0x10/0x10 [ 254.911954][ T7972] mbind_range+0x175/0x570 [ 254.912001][ T7972] do_mbind+0x848/0xf30 [ 254.912046][ T7972] ? __pfx_vfs_writev+0x10/0x10 [ 254.912087][ T7972] ? __pfx_do_mbind+0x10/0x10 [ 254.912124][ T7972] ? do_writev+0x218/0x330 [ 254.912184][ T7972] ? __pfx_get_nodes+0x10/0x10 [ 254.912246][ T7972] kernel_mbind+0x1e3/0x1f0 [ 254.912287][ T7972] ? __pfx_kernel_mbind+0x10/0x10 [ 254.912321][ T7972] ? rcu_is_watching+0x12/0xc0 [ 254.912373][ T7972] do_syscall_64+0xcd/0x260 [ 254.912424][ T7972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.912456][ T7972] RIP: 0033:0x7f54fb98d169 [ 254.912482][ T7972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.912513][ T7972] RSP: 002b:00007f54fc795038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 254.912543][ T7972] RAX: ffffffffffffffda RBX: 00007f54fbba6080 RCX: 00007f54fb98d169 [ 254.912563][ T7972] RDX: 0000000000000001 RSI: 00000000002091d2 RDI: 0000200000002000 [ 254.912582][ T7972] RBP: 00007f54fba0e990 R08: 0000000000000006 R09: 0000000000000002 [ 254.912601][ T7972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.912619][ T7972] R13: 0000000000000000 R14: 00007f54fbba6080 R15: 00007ffcd64f4838 [ 254.912660][ T7972] [ 255.161726][ C0] vkms_vblank_simulate: vblank timer overrun [ 256.218866][ T7968] FAULT_INJECTION: forcing a failure. [ 256.218866][ T7968] name failslab, interval 1, probability 0, space 0, times 0 [ 256.236372][ T7980] bridge0: port 4(hsr_slave_1) entered blocking state [ 256.291034][ T7968] CPU: 0 UID: 0 PID: 7968 Comm: syz.2.417 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 256.291079][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.291099][ T7968] Call Trace: [ 256.291110][ T7968] [ 256.291123][ T7968] dump_stack_lvl+0x16c/0x1f0 [ 256.291182][ T7968] should_fail_ex+0x512/0x640 [ 256.291220][ T7968] ? fs_reclaim_acquire+0xae/0x150 [ 256.291265][ T7968] should_failslab+0xc2/0x120 [ 256.291301][ T7968] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 256.291352][ T7968] ? security_inode_alloc+0x3b/0x2b0 [ 256.291398][ T7968] security_inode_alloc+0x3b/0x2b0 [ 256.291436][ T7968] inode_init_always_gfp+0xce4/0x1030 [ 256.291495][ T7968] alloc_inode+0x86/0x240 [ 256.291532][ T7968] sock_alloc+0x40/0x280 [ 256.291581][ T7968] __sock_create+0xc1/0x8d0 [ 256.291621][ T7968] inet_ctl_sock_create+0x94/0x230 [ 256.291679][ T7968] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 256.291732][ T7968] ? ndisc_net_init+0x1bc/0x250 [ 256.291786][ T7968] ? __pfx_ndisc_net_init+0x10/0x10 [ 256.291844][ T7968] igmp6_net_init+0x1b2/0x470 [ 256.291904][ T7968] ? __pfx_igmp6_net_init+0x10/0x10 [ 256.291959][ T7968] ops_init+0x1df/0x5f0 [ 256.292012][ T7968] setup_net+0x21e/0x850 [ 256.292066][ T7968] ? __pfx_setup_net+0x10/0x10 [ 256.292110][ T7968] ? lockdep_init_map_type+0x5c/0x280 [ 256.292146][ T7968] ? __pfx_down_read_killable+0x10/0x10 [ 256.292183][ T7968] ? debug_mutex_init+0x37/0x70 [ 256.292232][ T7968] copy_net_ns+0x2a6/0x5f0 [ 256.292290][ T7968] create_new_namespaces+0x3ea/0xad0 [ 256.292349][ T7968] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 256.292404][ T7968] ksys_unshare+0x45b/0xa40 [ 256.292456][ T7968] ? __pfx_ksys_unshare+0x10/0x10 [ 256.292508][ T7968] ? xfd_validate_state+0x5d/0x180 [ 256.292547][ T7968] ? syscall_user_dispatch+0x78/0x140 [ 256.292599][ T7968] __x64_sys_unshare+0x31/0x40 [ 256.292649][ T7968] do_syscall_64+0xcd/0x260 [ 256.292702][ T7968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.292738][ T7968] RIP: 0033:0x7f2a4a18d169 [ 256.292763][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.292794][ T7968] RSP: 002b:00007f2a47ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 256.292829][ T7968] RAX: ffffffffffffffda RBX: 00007f2a4a3a5fa0 RCX: 00007f2a4a18d169 [ 256.292849][ T7968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 256.292867][ T7968] RBP: 00007f2a4a20e990 R08: 0000000000000000 R09: 0000000000000000 [ 256.292886][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.292904][ T7968] R13: 0000000000000000 R14: 00007f2a4a3a5fa0 R15: 00007ffe31aaa888 [ 256.292957][ T7968] [ 256.310486][ T7968] socket: no more sockets [ 256.310517][ T7968] Failed to initialize the IGMP6 autojoin socket (err -23) [ 256.381672][ T7980] bridge0: port 4(hsr_slave_1) entered disabled state [ 256.584448][ T7982] openvswitch: netlink: IP tunnel dst address not specified [ 256.672308][ T7980] hsr_slave_1: entered allmulticast mode [ 256.681608][ T7980] hsr_slave_1: left allmulticast mode [ 256.726660][ T7982] openvswitch: netlink: IP tunnel dst address not specified [ 258.413136][ T30] audit: type=1326 audit(6039560488.444:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8002 comm="syz.0.434" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f54fb98d169 code=0x0 [ 258.761684][ T8012] FAULT_INJECTION: forcing a failure. [ 258.761684][ T8012] name failslab, interval 1, probability 0, space 0, times 0 [ 258.805067][ T8015] netlink: 'syz.0.434': attribute type 2 has an invalid length. [ 258.823805][ T8015] netlink: 12 bytes leftover after parsing attributes in process `syz.0.434'. [ 259.103003][ T8012] CPU: 0 UID: 0 PID: 8012 Comm: syz.3.426 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 259.103045][ T8012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 259.103063][ T8012] Call Trace: [ 259.103072][ T8012] [ 259.103084][ T8012] dump_stack_lvl+0x16c/0x1f0 [ 259.103134][ T8012] should_fail_ex+0x512/0x640 [ 259.103168][ T8012] ? fs_reclaim_acquire+0xae/0x150 [ 259.103208][ T8012] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 259.103251][ T8012] should_failslab+0xc2/0x120 [ 259.103280][ T8012] __kmalloc_noprof+0xd2/0x510 [ 259.103335][ T8012] tomoyo_realpath_from_path+0xc2/0x6e0 [ 259.103381][ T8012] ? tomoyo_profile+0x47/0x60 [ 259.103432][ T8012] tomoyo_path_number_perm+0x245/0x580 [ 259.103467][ T8012] ? tomoyo_path_number_perm+0x237/0x580 [ 259.103507][ T8012] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 259.103549][ T8012] ? find_held_lock+0x2b/0x80 [ 259.103624][ T8012] ? find_held_lock+0x2b/0x80 [ 259.103668][ T8012] ? hook_file_ioctl_common+0x145/0x410 [ 259.103728][ T8012] ? __fget_files+0x20e/0x3c0 [ 259.103782][ T8012] security_file_ioctl+0x9b/0x240 [ 259.103824][ T8012] __x64_sys_ioctl+0xb7/0x200 [ 259.103866][ T8012] do_syscall_64+0xcd/0x260 [ 259.103917][ T8012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.103949][ T8012] RIP: 0033:0x7f11a018d169 [ 259.103973][ T8012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.104002][ T8012] RSP: 002b:00007f11a0ff4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 259.104030][ T8012] RAX: ffffffffffffffda RBX: 00007f11a03a5fa0 RCX: 00007f11a018d169 [ 259.104050][ T8012] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000004 [ 259.104081][ T8012] RBP: 00007f11a0ff4090 R08: 0000000000000000 R09: 0000000000000000 [ 259.104099][ T8012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.104117][ T8012] R13: 0000000000000000 R14: 00007f11a03a5fa0 R15: 00007ffefa30bd48 [ 259.104156][ T8012] [ 259.391057][ T8012] ERROR: Out of memory at tomoyo_realpath_from_path. [ 260.847469][ T7590] syz.3.345 (7590) used greatest stack depth: 20200 bytes left [ 260.937873][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.944367][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.368642][ T8046] FAULT_INJECTION: forcing a failure. [ 261.368642][ T8046] name failslab, interval 1, probability 0, space 0, times 0 [ 261.401278][ T8046] CPU: 1 UID: 0 PID: 8046 Comm: syz.3.436 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 261.401326][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 261.401347][ T8046] Call Trace: [ 261.401357][ T8046] [ 261.401369][ T8046] dump_stack_lvl+0x16c/0x1f0 [ 261.401425][ T8046] should_fail_ex+0x512/0x640 [ 261.401461][ T8046] ? __kmalloc_noprof+0xbf/0x510 [ 261.401513][ T8046] ? xfrm_hash_alloc+0xd1/0x100 [ 261.401542][ T8046] should_failslab+0xc2/0x120 [ 261.401572][ T8046] __kmalloc_noprof+0xd2/0x510 [ 261.401619][ T8046] ? xfrm_state_init+0x2d1/0x630 [ 261.401655][ T8046] xfrm_hash_alloc+0xd1/0x100 [ 261.401686][ T8046] xfrm_net_init+0x35f/0xcc0 [ 261.401726][ T8046] ? __pfx_xfrm_net_init+0x10/0x10 [ 261.401759][ T8046] ops_init+0x1df/0x5f0 [ 261.401808][ T8046] setup_net+0x21e/0x850 [ 261.401856][ T8046] ? __pfx_setup_net+0x10/0x10 [ 261.401898][ T8046] ? lockdep_init_map_type+0x5c/0x280 [ 261.401929][ T8046] ? __pfx_down_read_killable+0x10/0x10 [ 261.401964][ T8046] ? debug_mutex_init+0x37/0x70 [ 261.402008][ T8046] copy_net_ns+0x2a6/0x5f0 [ 261.402061][ T8046] create_new_namespaces+0x3ea/0xad0 [ 261.402116][ T8046] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 261.402165][ T8046] ksys_unshare+0x45b/0xa40 [ 261.402214][ T8046] ? __pfx_ksys_unshare+0x10/0x10 [ 261.402268][ T8046] ? xfd_validate_state+0x5d/0x180 [ 261.402306][ T8046] ? rcu_is_watching+0x12/0xc0 [ 261.402356][ T8046] __x64_sys_unshare+0x31/0x40 [ 261.402406][ T8046] do_syscall_64+0xcd/0x260 [ 261.402456][ T8046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.402488][ T8046] RIP: 0033:0x7f11a018d169 [ 261.402513][ T8046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.402550][ T8046] RSP: 002b:00007f11a0ff4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 261.402580][ T8046] RAX: ffffffffffffffda RBX: 00007f11a03a5fa0 RCX: 00007f11a018d169 [ 261.402601][ T8046] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 261.402618][ T8046] RBP: 00007f11a020e990 R08: 0000000000000000 R09: 0000000000000000 [ 261.402637][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.402654][ T8046] R13: 0000000000000000 R14: 00007f11a03a5fa0 R15: 00007ffefa30bd48 [ 261.402695][ T8046] [ 261.642070][ C1] vkms_vblank_simulate: vblank timer overrun [ 262.423207][ T8040] FAULT_INJECTION: forcing a failure. [ 262.423207][ T8040] name failslab, interval 1, probability 0, space 0, times 0 [ 262.477300][ T8040] CPU: 0 UID: 0 PID: 8040 Comm: syz.0.433 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 262.477345][ T8040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.477363][ T8040] Call Trace: [ 262.477374][ T8040] [ 262.477386][ T8040] dump_stack_lvl+0x16c/0x1f0 [ 262.477441][ T8040] should_fail_ex+0x512/0x640 [ 262.477477][ T8040] ? __kvmalloc_node_noprof+0x122/0x600 [ 262.477529][ T8040] should_failslab+0xc2/0x120 [ 262.477560][ T8040] __kvmalloc_node_noprof+0x135/0x600 [ 262.477609][ T8040] ? bucket_table_alloc.isra.0+0x83/0x460 [ 262.477653][ T8040] ? bucket_table_alloc.isra.0+0x83/0x460 [ 262.477686][ T8040] bucket_table_alloc.isra.0+0x83/0x460 [ 262.477725][ T8040] rhashtable_init_noprof+0x41a/0x7e0 [ 262.477764][ T8040] ? __pfx_ip6mr_new_table_set+0x10/0x10 [ 262.477816][ T8040] rhltable_init_noprof+0x20/0x60 [ 262.477853][ T8040] mr_table_alloc+0x116/0x2e0 [ 262.477898][ T8040] ? __pfx_ipmr_expire_process+0x10/0x10 [ 262.477952][ T8040] ? __pfx_ip6mr_net_init+0x10/0x10 [ 262.477984][ T8040] ip6mr_net_init+0x3c4/0x4e0 [ 262.478016][ T8040] ? __pfx_ip6mr_net_init+0x10/0x10 [ 262.478047][ T8040] ops_init+0x1df/0x5f0 [ 262.478098][ T8040] setup_net+0x21e/0x850 [ 262.478156][ T8040] ? __pfx_setup_net+0x10/0x10 [ 262.478199][ T8040] ? lockdep_init_map_type+0x5c/0x280 [ 262.478232][ T8040] ? __pfx_down_read_killable+0x10/0x10 [ 262.478268][ T8040] ? debug_mutex_init+0x37/0x70 [ 262.478310][ T8040] copy_net_ns+0x2a6/0x5f0 [ 262.478364][ T8040] create_new_namespaces+0x3ea/0xad0 [ 262.478421][ T8040] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 262.478473][ T8040] ksys_unshare+0x45b/0xa40 [ 262.478523][ T8040] ? __pfx_ksys_unshare+0x10/0x10 [ 262.478570][ T8040] ? __get_user_nocheck_1+0x6/0x20 [ 262.478613][ T8040] ? syscall_user_dispatch+0x78/0x140 [ 262.478660][ T8040] __x64_sys_unshare+0x31/0x40 [ 262.478708][ T8040] do_syscall_64+0xcd/0x260 [ 262.478760][ T8040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.478793][ T8040] RIP: 0033:0x7f54fb98d169 [ 262.478818][ T8040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.478847][ T8040] RSP: 002b:00007f54fc7b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 262.478876][ T8040] RAX: ffffffffffffffda RBX: 00007f54fbba5fa0 RCX: 00007f54fb98d169 [ 262.478897][ T8040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 262.478915][ T8040] RBP: 00007f54fba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 262.478934][ T8040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.478951][ T8040] R13: 0000000000000000 R14: 00007f54fbba5fa0 R15: 00007ffcd64f4838 [ 262.478991][ T8040] [ 263.646475][ T30] audit: type=1326 audit(6039560493.674:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8059 comm="syz.2.439" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 264.191994][ T8066] netlink: 'syz.2.439': attribute type 2 has an invalid length. [ 264.221086][ T8066] netlink: 12 bytes leftover after parsing attributes in process `syz.2.439'. [ 265.315523][ T8088] CIFS: VFS: Invalid SecurityFlags: [ 266.260906][ T30] audit: type=1326 audit(6039560496.284:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8102 comm="syz.3.446" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 266.576578][ T8111] netlink: 'syz.3.446': attribute type 2 has an invalid length. [ 266.596364][ T8111] netlink: 12 bytes leftover after parsing attributes in process `syz.3.446'. [ 268.144450][ T30] audit: type=1326 audit(6039560498.174:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8123 comm="syz.3.451" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 268.165952][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.418343][ T8138] netlink: 'syz.3.451': attribute type 2 has an invalid length. [ 268.426196][ T8138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.451'. [ 270.165368][ T8163] netlink: 330 bytes leftover after parsing attributes in process `syz.2.457'. [ 270.262194][ T8163] : renamed from bond0 (while UP) [ 270.903761][ T30] audit: type=1326 audit(6039560500.924:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.458" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 271.242831][ T8173] netlink: 'syz.2.458': attribute type 2 has an invalid length. [ 271.250594][ T8173] netlink: 12 bytes leftover after parsing attributes in process `syz.2.458'. [ 272.171605][ T8188] FAULT_INJECTION: forcing a failure. [ 272.171605][ T8188] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 272.190231][ T30] audit: type=1326 audit(6039560502.214:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8185 comm="syz.1.463" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb29158d169 code=0x0 [ 272.211113][ T8188] CPU: 0 UID: 0 PID: 8188 Comm: syz.0.464 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 272.211161][ T8188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 272.211180][ T8188] Call Trace: [ 272.211192][ T8188] [ 272.211221][ T8188] dump_stack_lvl+0x16c/0x1f0 [ 272.211285][ T8188] should_fail_ex+0x512/0x640 [ 272.211328][ T8188] _copy_from_user+0x2e/0xd0 [ 272.211378][ T8188] do_procmap_query+0x110/0x1090 [ 272.211429][ T8188] ? do_vfs_ioctl+0x512/0x1990 [ 272.211477][ T8188] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 272.211525][ T8188] ? __pfx_do_procmap_query+0x10/0x10 [ 272.211624][ T8188] ? __fget_files+0x20e/0x3c0 [ 272.211688][ T8188] procfs_procmap_ioctl+0x7d/0xb0 [ 272.211733][ T8188] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 272.211776][ C1] vkms_vblank_simulate: vblank timer overrun [ 272.211779][ T8188] __x64_sys_ioctl+0x190/0x200 [ 272.211818][ T8188] do_syscall_64+0xcd/0x260 [ 272.211867][ T8188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.211896][ T8188] RIP: 0033:0x7f54fb98d169 [ 272.211920][ T8188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.211948][ T8188] RSP: 002b:00007f54fc7b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.211976][ T8188] RAX: ffffffffffffffda RBX: 00007f54fbba5fa0 RCX: 00007f54fb98d169 [ 272.211996][ T8188] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000004 [ 272.212014][ T8188] RBP: 00007f54fc7b6090 R08: 0000000000000000 R09: 0000000000000000 [ 272.212030][ T8188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.212047][ T8188] R13: 0000000000000000 R14: 00007f54fbba5fa0 R15: 00007ffcd64f4838 [ 272.212085][ T8188] [ 272.654474][ T8191] netlink: 'syz.1.463': attribute type 2 has an invalid length. [ 272.673469][ T8191] netlink: 12 bytes leftover after parsing attributes in process `syz.1.463'. [ 275.590068][ T8230] netlink: 28 bytes leftover after parsing attributes in process `syz.1.475'. [ 275.752486][ T8233] netlink: 'syz.3.476': attribute type 1 has an invalid length. [ 281.389604][ T30] audit: type=1326 audit(6039560511.414:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8295 comm="syz.2.493" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 281.782836][ T8305] netlink: 'syz.2.493': attribute type 2 has an invalid length. [ 281.791098][ T8305] netlink: 12 bytes leftover after parsing attributes in process `syz.2.493'. [ 282.244111][ T5150] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 282.257031][ T5150] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 282.265955][ T5150] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 282.274993][ T5150] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 282.283975][ T5150] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 283.465090][ T8312] chnl_net:caif_netlink_parms(): no params data found [ 284.371528][ T5845] Bluetooth: hci4: command tx timeout [ 284.380822][ T8312] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.413680][ T8312] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.437944][ T8312] bridge_slave_0: entered allmulticast mode [ 284.475302][ T8312] bridge_slave_0: entered promiscuous mode [ 284.522498][ T8312] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.541430][ T8312] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.581441][ T8312] bridge_slave_1: entered allmulticast mode [ 284.641265][ T8312] bridge_slave_1: entered promiscuous mode [ 285.386022][ T8312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.770377][ T30] audit: type=1326 audit(6039560515.654:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8358 comm="syz.2.504" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 286.355030][ T8312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.454390][ T5845] Bluetooth: hci4: command tx timeout [ 286.582219][ T8368] netlink: 'syz.2.504': attribute type 2 has an invalid length. [ 286.589997][ T8368] netlink: 12 bytes leftover after parsing attributes in process `syz.2.504'. [ 286.712741][ T8312] team0: Port device team_slave_0 added [ 287.118451][ T8312] team0: Port device team_slave_1 added [ 287.336008][ T8312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.354052][ T8312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.380162][ C0] vkms_vblank_simulate: vblank timer overrun [ 287.436196][ T8312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.499475][ T8312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.515445][ T8312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.593623][ T8312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.900478][ T8312] hsr_slave_0: entered promiscuous mode [ 287.911054][ T8380] can0: slcan on ttyS2. [ 287.926937][ T8312] hsr_slave_1: entered promiscuous mode [ 287.941859][ T8312] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 287.949564][ T8312] Cannot create hsr debugfs directory [ 288.041733][ T8381] can0 (unregistered): slcan off ttyS2. [ 288.531051][ T5845] Bluetooth: hci4: command tx timeout [ 289.223596][ T8312] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 289.398728][ T8312] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 289.605873][ T8312] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 289.656567][ T8312] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 290.611198][ T5845] Bluetooth: hci4: command tx timeout [ 291.942768][ T8312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.027973][ T8312] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.086065][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.093294][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.127443][ T30] audit: type=1326 audit(6039560522.134:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8416 comm="syz.3.517" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 292.262139][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.269271][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.488625][ T8312] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 292.812195][ T8421] netlink: 'syz.3.517': attribute type 2 has an invalid length. [ 292.819890][ T8421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.517'. [ 293.377755][ T8312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.619413][ T8430] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 294.389547][ T8312] veth0_vlan: entered promiscuous mode [ 294.449121][ T8312] veth1_vlan: entered promiscuous mode [ 295.129431][ T8312] veth0_macvtap: entered promiscuous mode [ 295.374767][ T8312] veth1_macvtap: entered promiscuous mode [ 295.473460][ T8312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.538804][ T8312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.555757][ T8312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.574961][ T8312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.600995][ T8312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.638249][ T8312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.666366][ T8312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.712796][ T8312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.734111][ T8312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.753201][ T8312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.768373][ T8312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.820641][ T8312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.872968][ T8312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.942128][ T8312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 296.049953][ T8312] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.101790][ T8312] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.144230][ T8312] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.235203][ T8312] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.962554][ T3456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.970442][ T3456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.228240][ T3456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.250232][ T3456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.649388][ T30] audit: type=1326 audit(6039560527.674:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8472 comm="syz.1.526" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb29158d169 code=0x0 [ 298.021465][ T8481] netlink: 'syz.1.526': attribute type 2 has an invalid length. [ 298.101042][ T8481] netlink: 12 bytes leftover after parsing attributes in process `syz.1.526'. [ 298.190535][ T8493] netlink: 'syz.4.529': attribute type 1 has an invalid length. [ 299.619987][ T8523] netlink: 16 bytes leftover after parsing attributes in process `syz.4.539'. [ 301.380763][ T30] audit: type=1326 audit(6039560531.404:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8536 comm="syz.2.541" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a4a18d169 code=0x0 [ 301.691839][ T8541] netlink: 'syz.2.541': attribute type 2 has an invalid length. [ 301.705529][ T8541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.541'. [ 302.617126][ T8555] netlink: 'syz.2.545': attribute type 1 has an invalid length. [ 303.014055][ T30] audit: type=1326 audit(6039560533.034:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8557 comm="syz.4.544" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f50fc18d169 code=0x0 [ 303.265551][ T8567] netlink: 'syz.4.544': attribute type 2 has an invalid length. [ 303.278692][ T8567] netlink: 12 bytes leftover after parsing attributes in process `syz.4.544'. [ 304.205446][ T5845] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5 [ 306.386981][ T8594] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 308.918431][ T8620] ======================================================= [ 308.918431][ T8620] WARNING: The mand mount option has been deprecated and [ 308.918431][ T8620] and is ignored by this kernel. Remove the mand [ 308.918431][ T8620] option from the mount to silence this warning. [ 308.918431][ T8620] ======================================================= [ 309.873219][ T8646] can0: slcan on ttyS2. [ 310.472148][ T8664] netlink: 4 bytes leftover after parsing attributes in process `syz.3.569'. [ 310.551429][ T8670] netlink: 4 bytes leftover after parsing attributes in process `syz.4.570'. [ 311.457288][ T8670] netlink: 28 bytes leftover after parsing attributes in process `syz.4.570'. [ 312.374138][ T30] audit: type=1326 audit(6039560542.374:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8689 comm="syz.3.573" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 312.763438][ T8709] netlink: 'syz.3.573': attribute type 2 has an invalid length. [ 312.892656][ T8709] netlink: 12 bytes leftover after parsing attributes in process `syz.3.573'. [ 313.752477][ T8721] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 315.163895][ T8742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.584'. [ 315.638965][ T8749] netlink: 28 bytes leftover after parsing attributes in process `syz.4.585'. [ 315.784281][ T8743] netlink: 28 bytes leftover after parsing attributes in process `syz.3.584'. [ 315.824297][ T8749] geneve1: entered allmulticast mode [ 316.642493][ T30] audit: type=1326 audit(6039560546.674:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8756 comm="syz.4.588" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f50fc18d169 code=0x0 [ 317.287998][ T8762] netlink: 'syz.4.588': attribute type 2 has an invalid length. [ 317.393000][ T8762] netlink: 12 bytes leftover after parsing attributes in process `syz.4.588'. [ 318.012995][ T8775] netlink: 28 bytes leftover after parsing attributes in process `syz.1.592'. [ 318.052103][ T8775] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 318.209492][ T8778] netlink: 28 bytes leftover after parsing attributes in process `syz.4.593'. [ 318.213931][ T8775] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 318.521203][ T8782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.593'. [ 318.778639][ T8777] ovs_: entered promiscuous mode [ 320.171389][ T8809] netlink: 'syz.1.598': attribute type 1 has an invalid length. [ 321.771117][ T30] audit: type=1326 audit(6039560551.794:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8826 comm="syz.3.604" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f11a018d169 code=0x0 [ 322.028118][ T8832] netlink: 'syz.3.604': attribute type 2 has an invalid length. [ 322.083371][ T8832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.604'. [ 322.376480][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.382907][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.501979][ T8854] netlink: 'syz.3.609': attribute type 1 has an invalid length. [ 323.621335][ T8853] ================================================================== [ 323.629734][ T8853] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 323.637684][ T8853] Read of size 8 at addr ffff8880279a0800 by task syz.2.608/8853 [ 323.645450][ T8853] [ 323.647814][ T8853] CPU: 1 UID: 0 PID: 8853 Comm: syz.2.608 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 323.647859][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 323.647880][ T8853] Call Trace: [ 323.647890][ T8853] [ 323.647902][ T8853] dump_stack_lvl+0x116/0x1f0 [ 323.647954][ T8853] print_report+0xc3/0x670 [ 323.648005][ T8853] ? __virt_addr_valid+0x5e/0x590 [ 323.648053][ T8853] ? __phys_addr+0xc6/0x150 [ 323.648101][ T8853] ? force_devcd_write+0x312/0x340 [ 323.648132][ T8853] kasan_report+0xe0/0x110 [ 323.648161][ T8853] ? force_devcd_write+0x312/0x340 [ 323.648196][ T8853] force_devcd_write+0x312/0x340 [ 323.648227][ T8853] ? __pfx_force_devcd_write+0x10/0x10 [ 323.648259][ T8853] ? __debugfs_file_get+0x1fe/0x840 [ 323.648292][ T8853] ? __pfx___debugfs_file_get+0x10/0x10 [ 323.648332][ T8853] full_proxy_write+0x13c/0x200 [ 323.648376][ T8853] vfs_write+0x25c/0x1180 [ 323.648419][ T8853] ? __pfx_full_proxy_write+0x10/0x10 [ 323.648457][ T8853] ? __pfx___mutex_lock+0x10/0x10 [ 323.648505][ T8853] ? __pfx_vfs_write+0x10/0x10 [ 323.648555][ T8853] ? __fget_files+0x20e/0x3c0 [ 323.648606][ T8853] ksys_write+0x12a/0x240 [ 323.648650][ T8853] ? __pfx_ksys_write+0x10/0x10 [ 323.648693][ T8853] ? rcu_is_watching+0x12/0xc0 [ 323.648739][ T8853] do_syscall_64+0xcd/0x260 [ 323.648788][ T8853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.648821][ T8853] RIP: 0033:0x7f2a4a18d169 [ 323.648846][ T8853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.648877][ T8853] RSP: 002b:00007f2a47ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 323.648908][ T8853] RAX: ffffffffffffffda RBX: 00007f2a4a3a5fa0 RCX: 00007f2a4a18d169 [ 323.648927][ T8853] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000008 [ 323.648941][ T8853] RBP: 00007f2a4a20e990 R08: 0000000000000000 R09: 0000000000000000 [ 323.648957][ T8853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.648971][ T8853] R13: 0000000000000000 R14: 00007f2a4a3a5fa0 R15: 00007ffe31aaa888 [ 323.648994][ T8853] [ 323.649003][ T8853] [ 323.863632][ T8853] Allocated by task 8786: [ 323.867997][ T8853] kasan_save_stack+0x33/0x60 [ 323.872744][ T8853] kasan_save_track+0x14/0x30 [ 323.877488][ T8853] __kasan_kmalloc+0xaa/0xb0 [ 323.882149][ T8853] snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 323.888557][ T8853] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 323.894552][ T8853] snd_pcm_oss_write+0x4c3/0xa10 [ 323.899547][ T8853] vfs_write+0x25c/0x1180 [ 323.903961][ T8853] ksys_write+0x12a/0x240 [ 323.908370][ T8853] do_syscall_64+0xcd/0x260 [ 323.912932][ T8853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.918882][ T8853] [ 323.921237][ T8853] Freed by task 8786: [ 323.925345][ T8853] kasan_save_stack+0x33/0x60 [ 323.930089][ T8853] kasan_save_track+0x14/0x30 [ 323.934851][ T8853] kasan_save_free_info+0x3b/0x60 [ 323.939998][ T8853] __kasan_slab_free+0x51/0x70 [ 323.944842][ T8853] kfree+0x2b6/0x4d0 [ 323.948798][ T8853] snd_pcm_oss_change_params_locked+0x247d/0x3b40 [ 323.955287][ T8853] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 323.961264][ T8853] snd_pcm_oss_write+0x4c3/0xa10 [ 323.966269][ T8853] vfs_write+0x25c/0x1180 [ 323.970661][ T8853] ksys_write+0x12a/0x240 [ 323.975056][ T8853] do_syscall_64+0xcd/0x260 [ 323.979636][ T8853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.985664][ T8853] [ 323.988005][ T8853] The buggy address belongs to the object at ffff8880279a0800 [ 323.988005][ T8853] which belongs to the cache kmalloc-1k of size 1024 [ 324.002096][ T8853] The buggy address is located 0 bytes inside of [ 324.002096][ T8853] freed 1024-byte region [ffff8880279a0800, ffff8880279a0c00) [ 324.015901][ T8853] [ 324.018258][ T8853] The buggy address belongs to the physical page: [ 324.024706][ T8853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x279a0 [ 324.033513][ T8853] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 324.042045][ T8853] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 324.049724][ T8853] page_type: f5(slab) [ 324.053746][ T8853] raw: 00fff00000000040 ffff88801b441dc0 dead000000000100 dead000000000122 [ 324.062368][ T8853] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 324.071001][ T8853] head: 00fff00000000040 ffff88801b441dc0 dead000000000100 dead000000000122 [ 324.079723][ T8853] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 324.088446][ T8853] head: 00fff00000000003 ffffea00009e6801 00000000ffffffff 00000000ffffffff [ 324.097173][ T8853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 324.105881][ T8853] page dumped because: kasan: bad access detected [ 324.112338][ T8853] page_owner tracks the page as allocated [ 324.118174][ T8853] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 66, tgid 66 (kworker/u8:4), ts 15226847483, free_ts 0 [ 324.136559][ T8853] post_alloc_hook+0x181/0x1b0 [ 324.141386][ T8853] get_page_from_freelist+0x1193/0x39b0 [ 324.146985][ T8853] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 324.152944][ T8853] new_slab+0x94/0x330 [ 324.157064][ T8853] ___slab_alloc+0xd9c/0x1940 [ 324.161793][ T8853] __slab_alloc.constprop.0+0x56/0xb0 [ 324.167217][ T8853] __kmalloc_cache_node_noprof+0x100/0x420 [ 324.173185][ T8853] blk_mq_alloc_and_init_hctx+0x639/0x11c0 [ 324.179063][ T8853] __blk_mq_realloc_hw_ctxs+0x495/0x610 [ 324.184678][ T8853] blk_mq_realloc_hw_ctxs+0x583/0x670 [ 324.190115][ T8853] blk_mq_init_allocated_queue+0x3b1/0x1230 [ 324.196064][ T8853] blk_mq_alloc_queue+0x1c2/0x290 [ 324.201132][ T8853] scsi_alloc_sdev+0x88f/0xd80 [ 324.205950][ T8853] scsi_probe_and_add_lun+0x76b/0xd80 [ 324.211462][ T8853] __scsi_scan_target+0x1e8/0x580 [ 324.216547][ T8853] scsi_scan_channel+0x149/0x1e0 [ 324.221540][ T8853] page_owner free stack trace missing [ 324.226933][ T8853] [ 324.229274][ T8853] Memory state around the buggy address: [ 324.234938][ T8853] ffff8880279a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 324.243053][ T8853] ffff8880279a0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 324.251248][ T8853] >ffff8880279a0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 324.259346][ T8853] ^ [ 324.263464][ T8853] ffff8880279a0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 324.271604][ T8853] ffff8880279a0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 324.279698][ T8853] ================================================================== [ 324.325714][ T8853] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 324.332975][ T8853] CPU: 1 UID: 0 PID: 8853 Comm: syz.2.608 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 324.344907][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 324.355008][ T8853] Call Trace: [ 324.358308][ T8853] [ 324.361261][ T8853] dump_stack_lvl+0x3d/0x1f0 [ 324.365988][ T8853] panic+0x71c/0x800 [ 324.369912][ T8853] ? __pfx_panic+0x10/0x10 [ 324.374353][ T8853] ? mark_held_locks+0x49/0x80 [ 324.379166][ T8853] ? preempt_schedule_thunk+0x16/0x30 [ 324.384565][ T8853] ? force_devcd_write+0x312/0x340 [ 324.389694][ T8853] ? preempt_schedule_common+0x44/0xc0 [ 324.395192][ T8853] ? force_devcd_write+0x312/0x340 [ 324.400409][ T8853] check_panic_on_warn+0xab/0xb0 [ 324.405550][ T8853] end_report+0x107/0x170 [ 324.409917][ T8853] kasan_report+0xee/0x110 [ 324.414365][ T8853] ? force_devcd_write+0x312/0x340 [ 324.419501][ T8853] force_devcd_write+0x312/0x340 [ 324.424603][ T8853] ? __pfx_force_devcd_write+0x10/0x10 [ 324.430103][ T8853] ? __debugfs_file_get+0x1fe/0x840 [ 324.435347][ T8853] ? __pfx___debugfs_file_get+0x10/0x10 [ 324.440946][ T8853] full_proxy_write+0x13c/0x200 [ 324.445837][ T8853] vfs_write+0x25c/0x1180 [ 324.450206][ T8853] ? __pfx_full_proxy_write+0x10/0x10 [ 324.455661][ T8853] ? __pfx___mutex_lock+0x10/0x10 [ 324.460739][ T8853] ? __pfx_vfs_write+0x10/0x10 [ 324.465539][ T8853] ? __fget_files+0x20e/0x3c0 [ 324.470255][ T8853] ksys_write+0x12a/0x240 [ 324.474618][ T8853] ? __pfx_ksys_write+0x10/0x10 [ 324.479496][ T8853] ? rcu_is_watching+0x12/0xc0 [ 324.484299][ T8853] do_syscall_64+0xcd/0x260 [ 324.488842][ T8853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.494754][ T8853] RIP: 0033:0x7f2a4a18d169 [ 324.499184][ T8853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.518915][ T8853] RSP: 002b:00007f2a47ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 324.527548][ T8853] RAX: ffffffffffffffda RBX: 00007f2a4a3a5fa0 RCX: 00007f2a4a18d169 [ 324.535557][ T8853] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000008 [ 324.543635][ T8853] RBP: 00007f2a4a20e990 R08: 0000000000000000 R09: 0000000000000000 [ 324.551631][ T8853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.559623][ T8853] R13: 0000000000000000 R14: 00007f2a4a3a5fa0 R15: 00007ffe31aaa888 [ 324.567629][ T8853] [ 324.570905][ T8853] Kernel Offset: disabled [ 324.575343][ T8853] Rebooting in 86400 seconds..