last executing test programs: 23.477017951s ago: executing program 0 (id=2228): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) io_uring_setup$auto(0x20006, 0x0) r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00', @ANYRES16=r0, @ANYBLOB="01012bbd7000fddbdf250d0000000c0006000100000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x400004000, 0xb8, 0x5, 0x3, 0x200000fffff000) mmap$auto(0x0, 0x2020009, 0xc, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) eventfd2$auto(0xff, 0xa99) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) r3 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/personality\x00', 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) splice$auto(0x6, 0xfffffffffffffffd, 0x5, 0xfffffffffffffffc, 0x526, 0x7) landlock_add_rule$auto(0xffffffffffffffff, 0x1, 0x0, 0x2) pread64$auto(r3, &(0x7f0000000180)='#\xca\xf2\x19\xad\xa0+M\x00a\x90\xa4\xc6:\x95JQ@\x90\xafes9b\xbb\xb7\\\xdd\xd5\x98\x11j\x04\x97\x04H\xad\xfd\x88\x0e\xa9\xb0\xfdxz\xb4}\x00]K\xc0\x84\xb5\xfaTp6 *\x04\x0f\x12\xd5r\xd7\xe8y\x1b\x9c\xc4\x01F\xdc\xf3\"', 0x88, 0xa) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000100)={0x2000060, 0x0, 0x100000, 0x7fffffffefff, 0xe09e7f81, 0x1, 0x7, 0x50b301c, 0x0, 0x40800000, 0x0, 0x2}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/transparent_hugepage/khugepaged/pages_collapsed\x00', 0x8080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001540)=""/104, 0x68) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x200, 0x0, 0x2000}, {0xfffffffa, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) open(0x0, 0x22240, 0x154) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) r5 = io_uring_setup$auto(0x3ff, 0x0) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(r6, 0xc1205531, r5) 10.884313597s ago: executing program 1 (id=2275): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = socket(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r3, 0xa01, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) r4 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/format\x00', 0x40, 0x0) pread64$auto(r4, 0x0, 0x3, 0xfdd) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x8, 0x8000000000000000, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) 10.656828789s ago: executing program 1 (id=2277): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)=""/124, 0x7c) socket(0x27, 0x2, 0x1000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0xfffffffffffffffd, 0x4, 0x5, 0x10004) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d63882a313, 0x0) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto_USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000040)=0x6) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) openat$auto_ima_measurements_count_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) 9.852649341s ago: executing program 1 (id=2282): sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = prctl$auto_PR_SET_MM_START_BRK(0xe7, 0x6, 0xffffffffffffffff, 0x0, 0x4) getsockopt$auto_SO_TYPE(r0, 0x716, 0x3, &(0x7f0000000000)='\x00', &(0x7f0000000040)=0x8) socket(0x10, 0x2, 0x0) (async) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 9.251562358s ago: executing program 1 (id=2284): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x46c282, 0x0) io_pgetevents$auto(0x8000000000000000, 0x6, 0x9, &(0x7f0000000000)={0x6, 0x1, 0xc02, 0x4}, &(0x7f0000000200)={0x100, 0x8}, &(0x7f0000000280)={&(0x7f0000000240)={0x7}}) ioctl$auto_USBDEVFS_FREE_STREAMS(r0, 0x8008551d, 0x0) mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x8) listmount$auto(0xfffffffffffffffe, 0xfffffffffffffffc, 0x1, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) io_uring_enter$auto(r1, 0x10000, 0x2, 0x7, &(0x7f0000000180)="ac5597ac3f69081ec360365764808f98235c8b230a8ae6bf48a036f42d234f187122d3b3866791a28c77662267d64d6ef32a57aac4a55df3c85126c96aef6c702c5703dacad28490af41a28f5c", 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/rpc/auth.rpcsec.init/flush\x00', 0x441, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) setfsgid$auto(0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty34\x00', 0x8000, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r3, 0x80dc5521, r2) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r4 = socket(0x11, 0x3, 0x98b) ioctl$sock_SIOCGIFINDEX(r4, 0x8955, 0x0) 8.284368832s ago: executing program 1 (id=2286): mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) r0 = socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r0, 0x0, 0x4080) read$auto(r2, 0x0, 0xc4) stat$auto(0x0, &(0x7f0000000380)={0x3, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x80000000, 0xaa}) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, r0, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) getsockopt$auto_SO_PASSCRED(r5, 0x1, 0x10, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/tty/ptypb/power/control\x00', 0x124001, 0x0) mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty56\x00', 0x802, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, 0x0, 0x20048801) ioperm$auto(0xffff, 0xe, 0x1) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) fcntl$auto_F_SETLK(0xffffffffffffffff, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bond0\x00'}) statmount$auto(0x0, &(0x7f0000000180)={0x8000008, 0x1, 0x9, 0x3, 0x400826, 0x940, 0x1ffde, 0x3, 0x6, 0x11, 0xfffffffa, 0x400005, 0xfff, 0x0, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x8, 0x0, 0xffffffff, 0x56, 0x0, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, [0xfffffffffffffffc, 0x0, 0x7, 0x0, 0x0, 0x4, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0xffffffffffffffff]}, 0xfffff7fffffffffa, 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x42201, 0x0) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000180), 0x142, 0x0) 7.156627656s ago: executing program 2 (id=2287): sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, 0x0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) close_range$auto(0x2, 0x8, 0x0) (async) r0 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) (async) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) (async) openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x2, 0x0) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 6.746621378s ago: executing program 2 (id=2288): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES8=r0, @ANYBLOB="01002cbd7000fbdbdf250a000008080003000000000008000100", @ANYRES8=r0], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) mmap$auto(0x0, 0x4020009, 0xe3, 0xfffffffffffffffb, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x4, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x3, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x42, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xb03840, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000003c0)=""/20, 0xfffffcc4) sendfile$auto(r2, 0xffffffffffffffff, 0x0, 0x1) madvise$auto(0x1, 0x4, 0x19) r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSA(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000001c40)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fcdbdf743d61", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x20004010) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages\x00', 0x40200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000040)=""/65, 0x41) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) mbind$auto(0x1bfc3809, 0x800605, 0x8003, &(0x7f0000000100)=0x7d, 0x3, 0x1) 6.435761213s ago: executing program 1 (id=2290): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x6, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) open(0x0, 0xa240, 0x1de) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x80c0}, 0x40801) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x178, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x82}]}, @ETHTOOL_A_CHANNELS_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9ac}]}, @ETHTOOL_A_CHANNELS_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7ff}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x42}]}, @ETHTOOL_A_CHANNELS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_CHANNELS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_CHANNELS_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xd}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x80}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x4008801}, 0x10) 6.280088893s ago: executing program 0 (id=2236): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_stats_fops_2(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) pread64$auto(r0, &(0x7f000000b040)='\x00', 0x7, 0x6) close_range$auto(r0, r0, 0x0) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80c, 0x67) r3 = socket(0x27, 0x2, 0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) r4 = fanotify_init$auto(0x2, 0x20000008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x28, 0x5, 0x0) socket(0xa, 0x3, 0x73) landlock_create_ruleset$auto(&(0x7f0000000340)={0x6, 0x3, 0x100000004}, 0x18, 0x80000000) connect$auto(0x3, &(0x7f00000018c0)=@qipcrtr={0x2a, 0x2, 0xfffffffe}, 0x55) r5 = open(&(0x7f0000000040)='./file0\x00', 0x161342, 0xe4) write$auto(r5, 0x0, 0x100884) fcntl$auto_F_ADD_SEALS(r5, 0x409, 0xa) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000000c0)={0x68f336a3, 0xa, [{r3, 0x0, 0x8001, 0xffffffffffffffb4}]}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0001, 0x0) pread64$auto(r1, &(0x7f0000000080)='/\x03\x00\x00\x00\x00\x00\x00\x00\x00', 0x3, 0x82) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x408800, 0x0) socket(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'ip6gretap0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x28400000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000126bd7000ffdbdf2597000004c100f60008007300001494328008d8ef550e02ce1822820ff01a74c217", @ANYRES32=r6, @ANYBLOB="08000400", @ANYRES32=r7, @ANYBLOB="06005101ffff000021001800070000000000000081870c4e4600db74a6dc3c941b754e781a9e5c1853000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4800}, 0x4081) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x4, 0x0, 0x8000000041, 0xfffffffffffffffc, 0x70) 6.062556967s ago: executing program 3 (id=2292): socket(0x10, 0x2, 0x0) prctl$auto(0x23, 0xf, 0x8000000000000000, 0x0, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="d3da02fe1b59afa8df25030000000400080004000380120001008b097914854700000040000000000000100002800c001000"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000280)={{0x0, 0x8, 0x0, 0x2, 0x0, 0x9, 0xb52}, 0x6}, 0x40, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000280)={{0x0, 0x1ff, &(0x7f0000000040)={0x0, 0xd}, 0x9, 0x0, 0x80000001, 0x2}, 0x1}, 0x80000000, 0x7956, 0x0) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) ioctl$auto_RTC_RD_TIME(r0, 0x80247009, 0x0) socket(0xa, 0x2, 0x88) sendmsg$auto_OVS_VPORT_CMD_NEW(0xffffffffffffffff, 0x0, 0x8100) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, 0x0, 0x40) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x80044944, 0x0) close_range$auto(0x2, 0x8, 0x0) getuid() socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0x1, 0xd4, 0x7fffffff, 0x6, 0x0, 0xa89e, 0x3690, 0x2, {0xfffffffc, 0x10000}, 0xa81e, 0x6, 0xffffffffffffffff, 0x1008000, 0x0, 0x80000080000004, 0x84, 0xffffffffffff6291, 0xffff, 0xdeb1, 0x806}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101080, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/igmp6\x00', 0x101d41, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) setresuid$auto(0x8, 0x8, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1c, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000a00000008000200", @ANYRES32=0x0, @ANYBLOB="0801"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) 5.288544755s ago: executing program 0 (id=2293): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(0x0, 0x149443, 0x0) (async) open(0x0, 0x149443, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) (async) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) membarrier$auto(0x4, 0x8000000000000000, 0xffffffff) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) (async) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) write$auto(0xffffffffffffffff, &(0x7f0000000440)='O\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf0F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\xed\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0xb8c5) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) (async) open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r0, 0x0, 0x6) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) init_module$auto(0x0, 0xffff9, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) ioperm$auto(0x3, 0xe, 0x2000000000000149) request_key$auto(0x0, 0x0, 0xfffffffffffffffd, 0x5) socket(0x0, 0x5, 0xa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) syz_open_procfs$namespace(0x0, 0x0) (async) syz_open_procfs$namespace(0x0, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0x2003f0, 0x15) (async) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) (async) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7000fbdbdf2502000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 4.576695069s ago: executing program 3 (id=2294): r0 = socketcall$auto(0x5, &(0x7f0000000280)=0x3) waitid$auto(0x3a, 0xffffffffffffffff, &(0x7f0000000300)={@_si_pad}, 0x8, &(0x7f0000000380)={{0xffff, 0x8}, {0xd, 0x5}, 0xffffffff80000001, 0x2, 0x10000000007, 0x6, 0x2, 0x2, 0x7fffffff, 0x80000001, 0x9, 0xff, 0x4af2, 0x400000000000, 0xf800000000000000}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'lo\x00', 0x0}) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000000500)=ANY=[@ANYBLOB="11051b00", @ANYRES16=0x0, @ANYBLOB="100026bd7000fcdbdf25000000003d0002807790716756fdf9d86bf19fb9f629b13057fde1d2fe609b17237612fbe80ca4e106c00407b48d4f236eea481d0dd2035a69185c05cca02a1972000000d5000980ccfe18782a2f81dd3ddf0a13a3918d1b969dfa89fd10ac2bdef728bebc1388222cb8009dca532ccf716e1989ddf75287cd42a2be4deb9ccb01e19c4fa4e58662c355a7c6161404b9e8f2a59ec3738ce3165c7fa2dbc5f74915ff09764ebb473ea9291bd1a2db48d95f2c7112eacab6b42b884c3a80a984d1f10b0660aae103d510ee917e8c62d1f2c389efdc22e70705fd30effc179555d094c7759f6ebbfd90181e6c03f764cd570293c93d12516d84fe2e05ca11c08fd8ad04003b800c003b000000000000000000080037000a01010000000008000100", @ANYRES32=r1, @ANYBLOB], 0x134}, 0x1, 0x0, 0x0, 0x4042810}, 0x1) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'gretap0\x00', 0x0}) bpf$auto(0x200000, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x0, 0x8, r2, @relative_id=0x13, 0xe5fc}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000480)='/dev/radio21\x00', 0x80000, 0x0) mmap$auto(0x0, 0x9, 0x9, 0x8000000008011, 0x3, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x8002, 0x0) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/oss\x00', 0x88400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000180)=""/210, 0xd2) r6 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r7 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x480, 0x0) ioctl$auto(0x3, 0x541b, 0x38) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) setsockopt$auto(r7, 0x5, 0xffff, &(0x7f0000000a40)='/dev/sequencer\x00', 0x4) syz_genetlink_get_family_id$auto_thermal(&(0x7f00000006c0), r7) write$auto_proc_loginuid_operations_base(r6, &(0x7f0000000b80)="bf2f428ae61318566555d09a2f3145d2ad60a55f67ebd2957683b14725c4ac1468da", 0x22) 4.298714769s ago: executing program 0 (id=2295): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)=""/124, 0x7c) socket(0x27, 0x2, 0x1000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0xfffffffffffffffd, 0x4, 0x5, 0x10004) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d63882a313, 0x0) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto_USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000040)=0x6) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) openat$auto_ima_measurements_count_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) 3.787817902s ago: executing program 3 (id=2296): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="374e800272807b9bb2b9fd73d58b32a77c91c8a2c5dd7fc18f4847030f309e61fadbdb17c655b0cf1bf75eb1870781f9afeca7f000e121b8833b6e55b7bd82ed02f93e551265a04d6c6ee34ed78030a8a7d149e13400"/100, @ANYRES16=r1, @ANYBLOB="000228bd7000fbdbdf254f00000005003901050000001e039100ee99f2006443431bd9ec67352fa9d2bf8b89f973afa806bfc845585da66b8e0762ba94d6090fdcb4b7968e70c6ce5c0f858d8947fcaf33d9fe49545fa375ab6464cf628513338a8caf4511a709ef07c06a07958c62a686361f29140c1bf6bf0bd2eb6623c9187a02051664cab85a6f10ea2b0e14763f2938f7638fa8223468b8a7f86db6a8b14bd53e55392aa53970b2a5d0e72cd5f3db50b10fa209e40df89b153967a80a55a51ce4e9e9536a40031fdec14d56575d03755a0af4bb0794e2e2a06e12c1a1a7ed1e270f225bd7434b87dd4061b0f2cf58f4a7650125a0a05f39f6aa30d32ee586a441301091b562b35b2d7772d6a46c7021881884330904efcca56ba3cb62c4dccd969f778204b2c2b25363a89151cc300cb8db18cb5ee02741c1056ba6353d6832865c19ba998435273219bf952264aa4d15248b002f70a154bdb3330b65ef702ba8d878aa3222794e4b8fbb9eda8d54a5e4883ee2af3f6be433473c79defc29e9b35bcd54b799f5df8cefe9adc38c0877d24c86256c95bd22a2fab3600a29826f05709dac26423329e25763ec4c7cfbeb8913291c84642af53172a5a813100e8eeef2bab05a59436cdbcee24bd5d82efc6024a587aef5152df927069aaeedd348434d30c5025ed087a0effb7ff1b2b48232855cfc72f5c5ccb43f2b377ed8b31cc4f7dae783e3f637b010b94173267731bf6c2c14c91e413bbd3a289a17a111953f8dbcb0bea92da88c5fe999f5a9263d045c0c4794d611ce147fa10c7fe90f2b2bfe4ebab302732530db643f18f6eb2923b96f5ff50b7201725f3373bb2d7123d9f80d658e1e70cb8e60bd6d25aad698e782573ca6bd3367e73e8f20e11ea92e914cbe6d8b82fef76d2dbbeb21e4bbf12e0cb873bf46a1579921c6f3bca040bf0d61bd4cf3c8a442b02c41af0f3e0380b859cf4021d2a698f845dc7720d708aa309abb330b8b2495fcc7fe084f99472eb703ffd6a61a64155741f1ac6350da3413c4ee5de11d050058073b7ddad726cbacd2f552f96a16787f0ea5a4303c87f2d76bb00136e3a86a9c9c6b012b5929642c6600bff47b7e0b7118b8c49719425b1ba8c09654cd3e20fd0a9080f81a176ca03400000400ae0005002a010f00000005009200c5000000"], 0x350}, 0x1, 0x0, 0x0, 0x100}, 0x40851) close_range$auto(0x2, 0x8, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/current_tracer\x00', 0x800, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000540)='/dev/video35\x00', 0x280, 0x0) ioctl$auto(0x3, 0x80885659, 0x38) mmap$auto(0x2, 0x8, 0xffffffffffffffff, 0x373f, 0xffffffffffffffff, 0xcb) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000440), 0x191080, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r4, &(0x7f0000003700)={0x0, 0x0, &(0x7f00000036c0)={&(0x7f0000003500)={0x14, r5, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r6) sendmsg$auto_IPVS_CMD_GET_DEST(r6, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000003a00)={&(0x7f0000000e80)={0x1c, r7, 0xc0dce8a66cb0a7ff, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x5, 0x2, 0x0, 0x1, [@generic="f1"]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040011}, 0x40010) sendmsg$auto_IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, r7, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040800}, 0x2008080) sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) r8 = socket(0x29, 0x6, 0x0) r9 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000002c0), r8) sendmsg$auto_IPVS_CMD_GET_CONFIG(r8, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x24822100}, 0xc, &(0x7f0000000300)={&(0x7f0000000a80)={0x35c, r9, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x348, 0x2, 0x0, 0x1, [@generic="767058dd3840dd047983fb898457b76f9bf9f00541efb5386cc7ad8199e95bf29e3fa8fa0c6846a75c462b3c497f1c952d93f9cfe3fbf2202b2811060188356561d8dadd42457f123ae81757e7165a1838e75ada53638e9cc615a380c0306e8c6afa384704a53e6dcb635ab9d0f94a231529", @generic="1d123df665f9d4a92429d94fac132e3aadae", @generic="a2af6b14a6d2514aec7a89a222b89cd15a998647144303e424daa17f4d78f1c18e87f80feabf9726767620cb21c9583f7bc943a69933013885066c9c4fcbfc3d56605864cb20c0d8f39b6018ece714b33afcbda7bc5e6af6e033a4cd7216c98bc74ef2fef00b2e60acc2b4515e517618512eb06eaabf96010830b8d4c4d5aea30e39f1dc07ec716dde85982462c1c06ab20742f817fe10f29212cc34ac55792cd40f3fe6dd2397e1f0d43cbc7884aadcff840b8aa1ee3cc58c3eac5a1bc929d659acc13493c18af6d4a1db4a95195968a01a57bdbd747d4e3f9bcbffc7de77fa28676f1d118b916a534082827f1694970f2daf22", @nested={0x1cb, 0xb2, 0x0, 0x1, [@generic="e83c6584ab5a0c81ba48b09a3cd90895f32109af2b0922515dbb05324d393bfbf8ec03591d9ce28223e12f6b217768905d61c3cfbd548c4b663e1597ab0d0491a78ca38127317991ef47fb36007828a9b3ce828447bfdd5c2aa9544af33d8b82410d6d47e26965c50a6fc5697cac9e64c3c7267b08686ff64496deeed58360c8e350b0320c5e132f1dcd98009ac1d70010acb8510e2abaaf306ab759894dedd803b9face95f10c6ce464ecc8b58c1343cf106e712da47341f9d8d40de35bf9ee563531880c", @generic="2eee4021635f9046170ac8282ca60a", @generic="0de2b94f0e9c54f225720f2c586e6d53808b803833a5247cc251ca10b0cb3a655fa8c929db5cbfd459accbb72048335d8c3556d77a77d7ef3eedba11bbe55c978af6194e13f1ad4b08200a444109ab370f68c0ea00519e78ac33c8aa06ddba6be6d4aa8f43cbea1732bd1ae06ab577245033a9e9036a8a7b36c7ab018125a41d81a8e46d061c4c623a972a1a102749a432f66cacd95cddda94b55c266d49e9e51045b7f59e5ff34abf3666c800966dbab6a90f9edca044ad9457cc3f5f4bb42339355065be145670051d1c2eeb93a3cccbcf45", @nested={0x4, 0x80}, @typed={0x7, 0xc4, 0x0, 0x0, @str='&+\x00'}, @typed={0x14, 0x3a, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}]}]}]}, 0x35c}, 0x1, 0x0, 0x0, 0x4000081}, 0x4000058) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/self/gid_map\x00', 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) 3.756184807s ago: executing program 2 (id=2297): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x102, 0x0) setxattr$auto(0x0, &(0x7f0000000200)='*\x00', 0x0, 0x800000, 0x0) setreuid$auto(0x3, 0x7) prctl$auto(0x2f, 0x2, 0x8, 0x0, 0x0) ioctl$auto_SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000040)) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f00000000c0), 0x80300, 0x0) mmap$auto(0x0, 0x9, 0x9cad, 0x8012, 0x3, 0x8000) ioctl$auto_SNDCTL_SEQ_TESTMIDI(r0, 0x40045108, &(0x7f0000000100)) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioprio_set$auto(0x3, 0xffffffffffffffff, 0x200) r1 = io_uring_setup$auto(0x6, 0x0) getsockopt$auto_SO_REUSEPORT(r0, 0x3, 0xf, &(0x7f0000000040)='/dev/zero\x00', &(0x7f0000000080)=0x4) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) sendfile$auto(r2, r2, 0x0, 0x8) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1) sendmsg$auto_NL80211_CMD_TDLS_MGMT(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x28, r3, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_MBSSID_ELEMS={0x8, 0x133, 0x0, 0x1, [@nested={0x4, 0xa}]}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x1000}]}, 0x28}}, 0x8000) 3.445882039s ago: executing program 2 (id=2298): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x3f, 0x8000, 0x1ffde, 0x7, 0x2, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3000, 0x9, 0x6, 0x10002, 0x80, 0x400, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd) modify_ldt$auto(0x11, 0xfffffffffffffffc, 0x23b94) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x8, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) landlock_create_ruleset$auto(&(0x7f0000000300)={0x35, 0x81}, 0x8, 0x0) ioctl$auto(0x3, 0x541b, 0x38) r3 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000000), r1) sendmsg$auto_TCP_METRICS_CMD_DEL(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)={0x14, r3, 0x901, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 3.035117291s ago: executing program 2 (id=2299): r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x220000, 0x24) r1 = open_tree_attr$auto(r0, &(0x7f0000000040)='./file0\x00', 0x4, &(0x7f0000000080)={0x3, 0x0, 0x7, @raw=0xa3c}, 0x7) r2 = clone$auto(0xfffffffffffffff9, 0x30e, &(0x7f00000000c0)=0x7, &(0x7f0000000100)=0x1000, 0x800) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) epoll_ctl$auto_EPOLL_CTL_DEL(r1, 0x2, r3, &(0x7f0000000140)={0x5, 0x7}) madvise$auto(0xffffffff, 0x5db, 0x1000) write$auto_configfs_file_operations_configfs_internal(r1, &(0x7f0000000180)="d73298ad0242f909bc78fdaa9fd9336638ab734d0816151821829b8ba7b51943e471dacc0809a0502e5e328bb38eabf86905e06a998f95682143469454dfe960216c9bb7095362f388c448e72f60ed84", 0x50) epoll_ctl$auto_EPOLL_CTL_MOD(r3, 0x3, r3, &(0x7f0000000200)={0x27dfaa13}) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0) ioctl$auto_UI_DEV_CREATE(r4, 0x5501, 0x0) io_uring_register$auto_IORING_REGISTER_PBUF_STATUS(r0, 0x1a, &(0x7f0000000280)="a2ec81c45c658d8442723c9315b8de8847a32c208a", 0x9) madvise$auto(0x15098c24, 0xffff, 0x4) r5 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/usbmon4\x00', 0x100, 0x0) ioctl$auto_MON_IOCQ_URB_LEN(r5, 0x9201, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000340)={0x3, 0xc, 0x3, 0x8, 0xfffb, 0x5, &(0x7f0000000300)="0c6faa6ff2bb753a802a"}) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), r3) r7 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000400), r1) syz_clone3(&(0x7f00000006c0)={0x44840000, &(0x7f0000000440)=0xffffffffffffffff, &(0x7f0000000480)=0x0, &(0x7f00000004c0), {0x28}, &(0x7f0000000500)=""/117, 0x75, &(0x7f0000000580)=""/251, &(0x7f0000000680)=[r2, r2, r2, r2, 0x0, r2, r2], 0x7, {r3}}, 0x58) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f00000007c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x34, r7, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x3}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x5}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x9}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r9}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40001) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000001c40)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001c00)={&(0x7f0000000840)={0x1388, r6, 0x100, 0x70bd29, 0x25dfdbff, {}, [@NL80211_ATTR_REKEY_DATA={0x1374, 0x7a, 0x0, 0x1, [@nested={0x1370, 0xce, 0x0, 0x1, [@generic="58326014aafa3ccda80c1d440e3fa678986028a614cae1f61c226a4a549e35e95ac957139174b0d187c14c25db146cf4d3f4fd04cab41760205312d696ca82663698bf2fb89af177a0d896491ad1835e85041a3bdedf6b3fe808ec4ff2779133339337312aaede30bf785f71410fad4bd6ca7faaa66bee3f303ab8543664b2ff21fcaabae4d1a3332dbd18ebc5f0dd25d7e191595af44eb11a12bde16278db914cd1f7fa2ef6d80bb3ac5c969add2e10ef717b5046b899844714eb4e61b6d50e1bbc787685ab26e16837b08cf8bb5f9d3089ac97d4c7eab4c45622b0796ef4e6001d4f7ef9dc2aa4b3f1400dbe104ce839205e3b639b8850b63da2174ec7ff79b10ffdd4e3716f63c2aea7c3c6f6cf64348ff663ce02c9728fee33d54a7db9695803d7cd8a95ce0673461c4e23b2cb8d2cb38d514f2466b3d38764540dac7d0738a7bec1dc73bba66b2cc3bc468885f8a1b6c2299550eff21e3649a256ad17de1e5adef2871e8f356f2b570bed72fdce5bdb195032828f3feab476114741efd92b82066c93bdcf0861ae4aa377be702f106ad1e77c00b5be082ba7bf3e214de43cc78a8ff16026c779e41fe59b6314c1c63b029c1de6b8a6cb4bba040b393fab878302cd1d024e4895e6310c1cf0fe06b0ccfffaec59a65846c551a80117b2d696fa4e38c4429b691ec6ce3a6a9e1f0ed4a8e952cd4047f0d1e99f99880ada427f94444196d93d6269b98ddcfe9e291e21d9923df28cab86c318e904ecdde21a284605301b287b4456fbdd8c2744fc115c716f2eb6bc0b2c32c926a45367bfcb6174653d6a8e530eccc2febb498b77a380774b373757fb05bf19a16602f2f3de2b02cb6d23d11d98ff3c7b57e2fc25b03e4601f2bc6814ab57d976abaa235b5898b3efabc5e353160137da5125b436c3ce2986d121aa1eef5b7485e16efa25a6c7cf9a89826d7755979f74c290c17fd3e85702696e5da00fd06634125c2d974755fe6d2c4bfb16771f2bbcfb13b8851676062da9380c427f824e3b6770cfef1f025a87e3cc8f8dd4155eb11699df3c8ab72853a92d13f4b67bdca831b3462f6be0cca31748a54bfb9c2e7f3976b61bc9b4fbe58afa305e84765407ef92d4ad45da9a5018e8196d14bd73a5e2bf4c7a12a4d4dddaf805dd3f9a79ac56fb1b2bfd2facef690be061bf1e73d6e4b4a04ff9ebc0afc9d8f3df094c6eda4c82490529b27d4b2ea8a6bbbdb466dc675dd256286d21669a6fed44ad863311c5d59b667eb415148b878b6f88f17428995d75b0880c25053ecf2b97279e658be7fea2bb6f6b8cea6345dc50891b1f30cb69f4f2c65d8af82fd97260958ce141ca6fa8a09e2ec6498a87fe920f3a277122845afcf2236f4fa0afda3a012b953c043d0392b0987d73c0670714a42dcdf1b325e1feff8ad34203e3814e96ffbd1def37e7c3785142b7450a54db6e9b9bc14494c707f5a6e268c0fd014c174657328b73b662a24cb6c9038d4878f46ba86124df90da5d12da953c728f71b3da0f1ba6f97123110df30da21d946ffb0669b317f41a29ffa518ffbda953d132a8bd0c5fef8ee3cf8e300146a3165548c3da4bd8ebac67260345ba3eba542d7ed69e6ac9443fed7f6e735281c3eb319ba864c03809d1adc2ef2344ca4893b8a15218187b011c4112fc71626fcc233a63ea9c21d57376463be6b6c322bb40e10fa2bd8633be5dd21ec829f71c01f70a5fd2073924c79559dfe42fb906f29caaeae9b0d21c45e0b394a6121a148303f13c3805e761b873c760d91f4e946b85f77018b2ae60ad4a88c5cf245cc4715bd7e635747faeb1b7baabd053ab26a2aa63abd4cfad1d722b0f5df3140fb4bc14786c4203524644f8cdd8a979600210d0c7fa42a60fd2f3cfb0ddb799bd61ccff6487128b25b58536fbdb39609d3bb5124bead7af9a675d238609cc492f4863f54e6d6028f783150a5797ca73bbfc76029bcc9dcbc9dead98f142c1535da3572869ebf27c802915bf5291534c4d4b87a02bcc1455babb5334cfdc6fdf8d50aba952d61428fccc1c51162cd2ac3b3b63ab2d86d2c4e8a31e789ff9b932e46cc976fd96767f25e3051485403f2ec3660945a49192e3cc0ebf2e140df5f8bb419162259c5f114a2f91f669bfbaab50ea401b2b8fa1c4ede60474e333ecc4839371bc0f128f487e1854a011e550c8543637d2f164c7773fef565155e97219dd332435ba9ed345f232786e1e32cc43b4be8ef715a3027f088f4ad6a966551d3ac70a2474f5c8345a35b3f1ce3bb1f99da1e31b956444307a5d9c49af4d1df1a6a78f9080e68699f42f2f65192dec340a2d49af0d94c493b36a3a77ada34e93774944eff60774fef0a96f88f5031d5690cf32c9dc43fb0e22799b38d05f8561ee6be0f69c3136c86caed67d3475f56e9c36a37cdcfb942187ec5aff20a45dd4f3de52b8f4f1611d9cd34f869fa33e73719fc1f7f5d434e0486923f394f3b392b086523be04df5531cd6e06df103313ac303d5490377b4778d4c4cd20966311c1b1d0e7a7e152bc299605c4ab0cae9b0e73ed353cbb2d0167c3c7526beda0f47e4562d4131c36b019b0685b03039192c20d0d0cf20a34fa56138132b03c445e65738c27f334da9e9e1c10312368285a4b2a54d01958ca7769408803bb79e600ebe0efdbb01cad8c4de2b1457f57fa1c9174952f33c54b634b7665b3ec20d41fbe9c641c11c4f9817daf762074f561dae9587190cea38ae84d1e3782065ac9ddab85ccf9650eece21c3a8af971309c0229ca37d2be174e1d02fcad25c8700be24b7002cf1e93d238ba49df6b296eb1818d069e0ed8592bd2afc4a6b41c960f69c16c9c82ae3e750b4095d297584e74001dd37277d08f4a2af0e700baf4a60e3be8a6eac272017a0b144aa9d63ffdb126c587ec83b0151d91366b8d9fc4369fcce1cb0b5d1e94131f5f98251fa66fe09d2aeee9bd2d2c4a7380f5a3599bd2632d46db232f56b7fb59ad5f32f7ceabd7096d19853ed0fd51296d0e535e7452347093723615c1425d5268ee8a892210766b544f5e0ee1fc94117b4357d694067987efd3c7e0c920f9aa9672fd579718e50f5ba77bd57641ecfa0a725ce0c6da4745776a0ac8d01b26c08ba84d5475b16a63a7c9b7764fa951e497e5ff25ee431fa66c92c34fe11670dd5005e2feb897335c85100b03986aed1d7f5df14a356e47f8f621559d7f5fa90add46bd26045e6b6866c4992a46edef5732ea596f9d509492e6cbd2dc3ae3ebd0f5ee4ed3f243fcf80f52eea8922b439289d9fa9be075cb0054baa37bd2d626e76e7b53e789f82dd6d6edda8aba61d22795e1c75e5ee1a91b959002a7b20c817c40ff0c8269def60f5d742fc366d1ff743e622c638e21cda8cb3df13d2023a97abf72d30e6b12fd32e480b762d0ee43b5162030f676c304f4b0b723712b18bcadc1e39e5aea35993b94fcd0b9eb0e2b4fce17a5bd83eb675a82e7df7f1a50e08b061aa37058ff34826fdc3a1411aa92801103ac08de5bb2565497957792ed35afd7493b7e7de85fb12af1c207052c89cc43b5b9cf1f8cb6f1e8f93c1cc891ec6abce58e764fa739315177b224310a37e62904c8b370de2c16fe33cdfe3933dffb91cde3caa03952ce6d1eae90e388f0fecd930407540e3638680211fd4c6463fdec5935240aa2075816f2c98bc4fea8d6ac052f708d8961ff33636088b93f6d12cd78892facd2e1b6ff0817d3370c27726341a9f128781adea64846a1d4e0dd13bed8485c614f588330a7c1b1423dc4efe64d029744fadfdf0dffedd606f3fd934d3b3fe75667503fd39a6450ad759c4da3753d3a3d4d62e016c82c3761e667c8af011f74696af4c4740816a07c6b7a5d89697917c28d6fd804a5f20b566efcfb7e9b9cce1944b70695a2a67774370ea0e33f2fdf74f7604f84f2e28b27fed7104f310d50e8048c02a964ceb26ea58bf6dd09d6455096ecb09b5c30924f57cab38e66594e74eb41c3d0a5ba0da78b2867e190e3d21dcfefcf61205e8fb7645640f4b081bcae975abb587305aa683971d35bdda37a82529b0d897c8038db6e09762d692b33cee8f1d8c3cc9db776a896a00d16e826704165d882c1d452c722dd1d60a2259c4515601a3194e0d8dd187366edb97428d23c5fad3de42394877915235b3a249c9f72c1b6cce88a9837d91b938514999ed90f72e5dfd642265d2ef1dd3ca007a719234cc054468b8309615a963acb64ad962713b002653536d415e639c05c67d42abfc05458cc18d2f99a14032bbf8213812e3967bdc913c19020e4d094818a0a151e33054c65acdd99534e9537e4ee913c4f5f1efa78e3e9035f208211708a2f3495195c9cd560523cd1e7ebb73a7f279a2731965b762d5cfadd2affb11d0f51ba7d711ac1232753bc31309a06be8f9149559943a4949fce3c54943ec8da43e311cb93ec754b90b1331354228ae61cac11eaffe00c81cac6eb4694286de0e1885fd30fc2e72162c7dbc821aab064b9899a7b5dd81c43823d4d31165fb022dd7ecad99466a0077ff893304fc1388abaa2160162051a2d7133c7a4fbe90c0e343661cab661ede7b9893284a1552ee6a1201f2401f308aae85073e675196e7327c5ecfeaa4467c42687649905cc76d2f3acdf0a9ede5446a21fc6f73d614e6ba6e87ae16e1d022219c1473c7e9845d1bbc74787fe49cd689d1eb3f11bed964769480c3113c327012950448dacb9fb9a985cbca46d2df28ee0c6c129dd567753f8987c513dd748f1fd9193f98e1e2ed0fc84492acd060da3be5f5283517fdb040f6795d56832a873470e63b85b61489f2fa47a0e7c2f48b5ddd0190dc6e298e434819753aed095c68f725203ae75b951b30f484fa260f345b11a3c2219165b32215810f536a65b11edfa66cf14622d539d5fd165d71dd320305b669cb66d2a63ce799b17da35d1b7e4e7dc5e54f8ffe424b477c7933933c23a70ac0fa202075482e6358f3e3387f983c578e74d52c2e29bfa023c9be8289b68be0089cc5106ab6f932fa0b15bc6deded9f8e28ab275d7fa8fe7edc73de3544876e03919bb384d78d4ea9448528058fba6801e9746b90ae50f6f1fe116385c37fd762ab77d06536ec30c8cf8c5fa1b51da60d53cf916096789b6b5c8fba06cc39dc278ca229fb8db01a27c20096bba8147b291288964b9a53bb6f4e452bb9c5c4a5d944a6ce1c2ce5439936b1904b9081ab1f0e98e1d081bceb8d8ea0a46b3138a5f7d035f92c8b36d7cc95a63842aa96d4b6cbc1fd4dad37abdaa38db3aead02a4efb0ddd3c7146bf1b65525c5973e1736ebabf3153470fd0548af7e6b79c7ec02e7086b2d9e17c8487879a8a6a969a0648cdba5276c0de2d6183674a771a26d1068f370d85a05166d396a34befa883fbfe404af4ebb15d859481a5db893812a68ef4cb96b0ba0e5c4aae5fb525acdd7afb819e3891e97d87f8ec97510d78b96f8cf52805c9d0d0d1fe196458ea6ee3ac967bf73e400a004dddab6b5d0c9c2b28d19e468b54bce1d26b24c2cb1dba2e1aca31111ff44b702289a0c5fd7208c93548ce7ebed0ce01a17ccab80b53d4fca0d7fa4e35f77a2f8af896b16d97e57fd9448f5760d21590882ff6a0230c3454a773dd9b22308f4d0c8849df68173289fbf09cdc8723d442794015dce15e71e943d29a5c467c5c15b0cd97949b1237440a81259d481597d8a734035b9dad471ec0d3dce630149ce0c4c429e88dc02ba0c62851e40584a828ef129839b26c65149d901ae16461130022ccaaa", @typed={0xc, 0x6, 0x0, 0x0, @u64=0x7}, @generic="f04d3edcb8ae56e8623ede78387502d798a9d83958d14dfb31727202f5a914e2256da57fae855dad31e9a019ce4431ce42652dcfdd9bf9d2fee8f07223bdb66241b6c40cc534f3cd9c03252b62f66210e43d3fc596d6d206ac6d1f356467dbf4953d01527c9c5cd70b15de0f0679bd262db8f675499664d2c17f15cab78f9cfd0ae81787d6a49af474de8e2408fdfc217204e002aeb1b80ef78b8433b12988a3c8d19263140d91ff96e2478888dbacc36e82d073e193ab05f5428a099442a51f60b6ab3ba50215691701e1da250c0c16e4dd73c88f8c7fa6d8e2e9d7ca86998fc32e471b8e05812d6995b63749d4c8f53889df81de5a7d21b981f070dfa5da", @typed={0x8, 0xe4, 0x0, 0x0, @u32}, @generic="7acf769e60dbe68521a1166664734e00a665b4231467e719749816244a19dd7ddab39ccae69c1d5f135683f1b347147b8af373531b1945a806a5e81f518d6f3017661ab87781ff77852fce12c8fe21c9e32eaf519576e3300deffdd4c4e8bd5df089aa7bb9a25a6cb5f5b487", @typed={0xea, 0x8c, 0x0, 0x0, @binary="947a422a16ef50cdd3a4c2c1a6c00b4000abdea9c58315df4765b3e1a804ea5c543ebddc30afbd806ff527a8cb4263fcc6d7a5b943126630eb838c5b8e61596488ec3f3a68562cb95dfe0b98688204119d6a578454bd8f96d0845c472a75d96a4af225589990f7ba59d32d152fc664cc1f6869061fde4e4647a0b689fb32cba29453e682478329feba8a50fae82df3312c622c3022b65cbab649dbc3e1fe64c387dcae79ec83b4a74a28f4a54c97020de0c5e1f026f82f238f0ab6c89591e4842212942c7bff1f6a052ca2fd2b0791bedfe8a5d86c906a27de6d4e7df655fa37ed870767bba1"}, @generic="c40778d9d921d223416a686be34d37db6459bb29b0e7c3f7ecbabb0a766ebc992a9dea59a44add83e0dafb1602c6715ec4ccec6d3663bbc2e60548acb6196b604fc8394fc3303353193202391ccccc33bea951697684fdd2723a88afc650564ddba42c10f425ea4a227fdd025df7f37f76f7a70d0f9a8cc98834bf3e47899354d2afa98a94d295ee292cf40bc7ead2c3f8764feca7cb2bd788ef5230d9f3a5abcc863c60e439734638f3bfce01d0f368fcca07183d3979110d957eec4635efb4a6cad52f49206c71a7339f43adcb555d3b03ce4ce2a8bb1979057a0e7e0c2c6f4a", @typed={0xc, 0x8, 0x0, 0x0, @u64=0x3db}, @typed={0x10, 0x7f, 0x0, 0x0, @str='/dev/uinput\x00'}, @nested={0x4, 0xff}]}]}]}, 0x1388}, 0x1, 0x0, 0x0, 0x4008000}, 0x4004801) sendmsg$auto_NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000001ec0)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001e80)={&(0x7f0000001cc0)={0x1a0, r6, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x2}, @NL80211_ATTR_IE_ASSOC_RESP={0x15f, 0x80, "99619104c4108ac08b364f0039724db0a71fb89a408237a8b8ed43524d9e1307a3fb6b3b58bd0bfec852aec69ee6ac6400ef929e055b7316c34c856feaee1f3eb4664e340c25eac44c2373db9c65ac1ccc0c695ceb01dca58395bdcdce9d2c4e70a27d1a2a7f3520216f7805019eeef816dae084249fcfeeb44baedaf8c84bc2af349627a216279516107e8f42a9f71cb68188bdc72ab28ce62a33ef422de0b32dd218edadbd9f61f8867ddaef8fb1ec06d3f59fd44bb901b252e06c156c42774cd648acaf5b06dbe0145f53765e6b3b729fe7eddf442e25d8a465d6be7b77e980cb9a753edafb32f9a46c3125f981695c03462e084f0cd26811e44561a3427340faa2acdf9142c6ee2222f7457aa98c6c56fbbca1af692e0a68ba2fdb34894f77197e7d662df06e0b74b02a57964bc9200f5cba04920cce2efba5c8f8a11fc830cd22504857c4e99ac01ff8a9729ee68e0bb329d83835dfe9376e"}, @NL80211_ATTR_HE_BSS_COLOR={0x20, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x6}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5}]}, @NL80211_ATTR_TDLS_INITIATOR={0x4}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8004}, 0x4040041) r10 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000001f00)='/sys/kernel/tracing/trace_clock\x00', 0x200000, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r3, 0x40087543, &(0x7f0000001f40)={0x8, 0x6, [{r5, 0x0, 0x5, 0xe617}, {r8, 0x0, 0x1, 0x3}, {r0, 0x0, 0xffffffffffffff25, 0xd}, {r5, 0x0, 0x8, 0xfffffffffffff9f4}, {r0, 0x0, 0xc, 0x2}, {r1, 0x0, 0x9, 0x5}, {r10, 0x0, 0x10000, 0x7}, {r8, 0x0, 0x9, 0x6e}, {r8, 0x0, 0x100000001}]}) execveat$auto(0xffffffffffffffff, &(0x7f0000002040)='./file0\x00', &(0x7f00000020c0)=&(0x7f0000002080)=']][@)^*\x00', &(0x7f0000002140)=&(0x7f0000002100)='#!^u\x00', 0x48) ioctl$auto_UI_GET_VERSION(r12, 0x8004552d, &(0x7f0000002180)=0x8) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r11, 0x4008af60, &(0x7f00000021c0)=0x4) rseq$auto(&(0x7f0000002200)={0x3, 0x7, 0x4, 0x7ab, 0x0, 0x2, "5229f419a1e8a95a47354156b8168a43f4411d5105004821cbad575b967364dd6f8d40567928b1f27af05ab3c100d7ecb3dd35ae5016db942beecfa21c438ca6c132383c05c875357440d6591910bf64b732465d1b0ef25a0d780c204c5547f6d0c7d0076c403a3cdd9832dfb21d6ab48f1f2976ba1981fad0425c74785484e0fbd5de31253289ac244c46369d9158404bdb8e43dcb027a4910429d06813dc92f8a129a84ac0fa52f8463c88aeb8432fdfb58fcbfd44e21aa401cdc26975"}, 0xfffff801, 0x9, 0x3) msync$auto(0x14d9, 0x2, 0xfffffffd) r13 = ioctl$auto_TUNSETPERSIST(r8, 0x400454cb, &(0x7f0000002300)=0x1) read$auto(r13, &(0x7f0000002340)='/dev/uinput\x00', 0x7) 2.721375815s ago: executing program 3 (id=2300): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x143602, 0x0) listmount$auto(0x0, 0x0, 0xf4240, 0x1) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) write$auto(0x3, 0x0, 0xfffffdef) 2.547993279s ago: executing program 3 (id=2301): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x8002, 0x2) mmap$auto(0x4, 0x9, 0x4000000000df, 0x1000000000040eb1, 0xffffffffffffffff, 0x300000000000) adjtimex$auto(&(0x7f00000006c0)={0x7, 0x0, 0x10, 0x8, 0x3, 0x7, 0x80000009, 0x0, 0x10001, 0xfffffffffffffffe, 0x0, {0x7, 0x10000}, 0x1, 0x40000e, 0xfffffffffffffffc, 0x1008000, 0x0, 0x80000005, 0x83, 0xffffffffffff628f, 0xa747, 0x10080005, 0xb}) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101002, 0x0) r1 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_size_kb\x00', 0x40, 0x0) readv$auto(r1, &(0x7f0000000100)={&(0x7f0000000040), 0x3}, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/sg/def_reserved_size\x00', 0x0, 0x0) lseek$auto(0x3, 0x8, 0x1) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x17) r3 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mmap$auto(0xfffffffffffffffd, 0x2020009, 0xa45, 0x12, r3, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/virtual/net/ip_vti0/power/autosuspend_delay_ms\x00', 0xa2500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000002c0)=""/106, 0x6a) msgsnd$auto(0x7, &(0x7f0000000140)={0x6, 0x9}, 0x8001, 0x7) adjtimex$auto(&(0x7f00000002c0)={0x80, 0x0, 0x5, 0x9, 0x8000000000000001, 0x9, 0x4, 0x0, 0x1ff, 0x7, 0x3, {0x6, 0x5}, 0x7, 0x0, 0x3, 0xc68, 0x0, 0x6, 0x4, 0x7fffffff, 0x80, 0x1, 0x10001}) mmap$auto(0x0, 0x20009, 0xe3, 0x410, 0xffffffffffffffff, 0x400008000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/mounts\x00', 0x40800, 0x0) mmap$auto(0x2, 0x0, 0x3, 0xeb1, r0, 0x40008000) 2.355658447s ago: executing program 0 (id=2302): socket(0xa, 0x6, 0x0) mmap$auto(0x0, 0x8, 0xdb, 0x9b74, 0xffffffffffffffff, 0x200000008000) r0 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x3213c1, 0x1c9) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r1, 0x0, 0x1) write$auto(r0, 0x0, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f00000008c0)={0x7, 0x3, 0x3}, 0xa2b, 0x0) landlock_restrict_self$auto(r2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) link$auto(&(0x7f0000003240)='./file0\x00', &(0x7f0000003280)='./file2\x00') capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000040)={0xdfc7, 0x4017, 0xb}) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) 2.053595811s ago: executing program 0 (id=2303): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d6, 0x4, 0x0, 0x6, 0xda) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x9, 0x5, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x81, 0x6, 0x0, 0x4, 0x3, 0x101, 0xffff, 0x0, 0x7}, {0x7, 0xa, 0xf, 0x0, 0x803, 0x0, 0x0, 0xfffffffa, 0xc}}) bind$auto(0xffffffffffffffff, 0x0, 0x66) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x5ca02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f0000000180)={{@raw=0x5, 0x6, 0x3, 0xb38, "0bd3a2c326172c92aae5b2a2d02f3a23ef92da93d9998c808879dc6394a7e6cf8a9bee3bbd26d7c49efab627"}, 0x7, 0x9, 0xa969, @raw=0x5, @reserved="43ee1a6615c9c6cae81027105fbc8c31742b8210887c89b1aeb8bb7bb773875f1244f6d9437760e1963e39c721c1e71016631aaa52f35d486f34a38181ff13499e6f5f95ce478df796981d512ebb69359186c9a94fb5f4d2388e5ccec6d706ae1b22f795328fd0243c18428f0365a4ba3df7cc1481d93739ca65d6aab96f2761", "9daf3df4e8335eef1177c7c72ccc2d2e58328579b90dce5f8f8ea43524b9ffacd7aa27a7ca72c8c8baf1250dcb932882993f917d1b875eddebce5895e9f866c5"}) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x84, 0x11, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x591002, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x39f7a715, 0x2, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) readv$auto(r3, 0x0, 0x3) writev$auto(0xffffffffffffffff, 0x0, 0x3) unshare$auto(0x40000080) mprotect$auto(0x8000, 0x8, 0x8) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f) unshare$auto(0x8) 357.653µs ago: executing program 2 (id=2304): r0 = socketcall$auto(0x5, &(0x7f0000000280)=0x3) waitid$auto(0x3a, 0xffffffffffffffff, &(0x7f0000000300)={@_si_pad}, 0x8, &(0x7f0000000380)={{0xffff, 0x8}, {0xd, 0x5}, 0xffffffff80000001, 0x2, 0x10000000007, 0x6, 0x2, 0x2, 0x7fffffff, 0x80000001, 0x9, 0xff, 0x4af2, 0x400000000000, 0xf800000000000000}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'lo\x00', 0x0}) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000000500)=ANY=[@ANYBLOB="11051b00", @ANYRES16=0x0, @ANYBLOB="100026bd7000fcdbdf25000000003d0002807790716756fdf9d86bf19fb9f629b13057fde1d2fe609b17237612fbe80ca4e106c00407b48d4f236eea481d0dd2035a69185c05cca02a1972000000d5000980ccfe18782a2f81dd3ddf0a13a3918d1b969dfa89fd10ac2bdef728bebc1388222cb8009dca532ccf716e1989ddf75287cd42a2be4deb9ccb01e19c4fa4e58662c355a7c6161404b9e8f2a59ec3738ce3165c7fa2dbc5f74915ff09764ebb473ea9291bd1a2db48d95f2c7112eacab6b42b884c3a80a984d1f10b0660aae103d510ee917e8c62d1f2c389efdc22e70705fd30effc179555d094c7759f6ebbfd90181e6c03f764cd570293c93d12516d84fe2e05ca11c08fd8ad04003b800c003b000000000000000000080037000a01010000000008000100", @ANYRES32=r1, @ANYBLOB], 0x134}, 0x1, 0x0, 0x0, 0x4042810}, 0x1) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'gretap0\x00', 0x0}) bpf$auto(0x200000, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x0, 0x8, r2, @relative_id=0x13, 0xe5fc}, 0xf) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000480)='/dev/radio21\x00', 0x80000, 0x0) mmap$auto(0x0, 0x9, 0x9, 0x8000000008011, 0x3, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x8002, 0x0) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/oss\x00', 0x88400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000180)=""/210, 0xd2) r6 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r7 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x480, 0x0) ioctl$auto(0x3, 0x541b, 0x38) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) setsockopt$auto(r7, 0x5, 0xffff, &(0x7f0000000a40)='/dev/sequencer\x00', 0x4) syz_genetlink_get_family_id$auto_thermal(&(0x7f00000006c0), r7) write$auto_proc_loginuid_operations_base(r6, &(0x7f0000000b80)="bf2f428ae61318566555d09a2f3145d2ad60a55f67ebd2957683b14725c4ac1468da", 0x22) 0s ago: executing program 3 (id=2305): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0) write$auto(r0, 0x0, 0x800f) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/bConfigurationValue\x00', 0x101142, 0x0) write$auto(r1, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) (async) write$auto(r1, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) sendmmsg$auto(0x4, 0x0, 0x9ae, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) (async) r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r2, 0x0, 0xe) mincore$auto(0x9, 0xcc, &(0x7f0000000080)='\\&-\'\x00') (async) mincore$auto(0x9, 0xcc, &(0x7f0000000080)='\\&-\'\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) (async) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) connect$auto(0x4, 0x0, 0x10) (async) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socketpair$auto(0x2d, 0x2, 0x8000000000000000, 0x0) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 syzkaller syzkaller login: [ 300.167268][ T9427] could not allocate digest TFM handle [ 300.186027][ T9426] could not allocate digest TFM handle [ 300.356305][ T9421] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.016632][ T9476] FAULT_INJECTION: forcing a failure. [ 302.016632][ T9476] name failslab, interval 1, probability 0, space 0, times 0 [ 302.048325][ T9476] CPU: 1 UID: 0 PID: 9476 Comm: syz.2.779 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 302.048371][ T9476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 302.048389][ T9476] Call Trace: [ 302.048400][ T9476] [ 302.048412][ T9476] dump_stack_lvl+0x16c/0x1f0 [ 302.048462][ T9476] should_fail_ex+0x512/0x640 [ 302.048500][ T9476] ? fs_reclaim_acquire+0xae/0x150 [ 302.048555][ T9476] should_failslab+0xc2/0x120 [ 302.048596][ T9476] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 302.048636][ T9476] ? security_inode_alloc+0x3b/0x2b0 [ 302.048679][ T9476] security_inode_alloc+0x3b/0x2b0 [ 302.048715][ T9476] inode_init_always_gfp+0xce4/0x1030 [ 302.048753][ T9476] alloc_inode+0x86/0x240 [ 302.048794][ T9476] new_inode+0x22/0x1c0 [ 302.048838][ T9476] __rpc_create_common+0x57/0x2f0 [ 302.048894][ T9476] rpc_populate.constprop.0+0x20a/0x5d0 [ 302.048954][ T9476] rpc_fill_super+0x485/0x840 [ 302.048979][ T9476] ? sget_fc+0x808/0xc20 [ 302.049013][ T9476] ? __pfx_rpc_fill_super+0x10/0x10 [ 302.049039][ T9476] get_tree_keyed+0x10b/0x1d0 [ 302.049071][ T9476] vfs_get_tree+0x8b/0x340 [ 302.049116][ T9476] vfs_cmd_create+0xd7/0x2a0 [ 302.049154][ T9476] __do_sys_fsconfig+0x7b8/0xbe0 [ 302.049205][ T9476] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 302.049245][ T9476] ? xfd_validate_state+0x5d/0x180 [ 302.049279][ T9476] ? rcu_is_watching+0x12/0xc0 [ 302.049324][ T9476] do_syscall_64+0xcd/0x230 [ 302.049377][ T9476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.049408][ T9476] RIP: 0033:0x7fad2eb8e169 [ 302.049433][ T9476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.049461][ T9476] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 302.049491][ T9476] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 302.049511][ T9476] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000006 [ 302.049528][ T9476] RBP: 00007fad2ec10a68 R08: 0000000000000000 R09: 0000000000000000 [ 302.049545][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.049561][ T9476] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 302.049600][ T9476] [ 302.280743][ T9476] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info [ 302.291676][ T9476] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX [ 304.023955][ T9509] netlink: 'syz.1.791': attribute type 3 has an invalid length. [ 304.127185][ T9512] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 syzkaller syzkaller login: [ 415.955023][T11609] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 417.989733][T11638] ptrace attach of "./syz-executor exec"[5836] was attempted by "./syz-executor exec"[11638] [ 421.495646][T11699] bridge0: port 3(team0) entered blocking state [ 421.517581][T11699] bridge0: port 3(team0) entered disabled state [ 421.544167][T11699] team0: entered allmulticast mode [ 421.561399][T11699] team_slave_0: entered allmulticast mode [ 421.571684][T11699] team_slave_1: entered allmulticast mode [ 421.579337][T11699] team0: entered promiscuous mode [ 421.609543][T11699] team_slave_0: entered promiscuous mode [ 421.642932][T11699] team_slave_1: entered promiscuous mode [ 421.792521][T11699] bridge0: port 3(team0) entered blocking state [ 421.798913][T11699] bridge0: port 3(team0) entered listening state [ 423.769433][T11726] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1352'. [ 423.778885][T11726] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 424.013654][T11735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1354'. [ 425.229986][T11773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1362'. [ 426.070422][T11787] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1364'. [ 426.176933][T11787] veth1_macvtap: left promiscuous mode [ 426.983406][T11803] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1367'. [ 427.326296][T11816] FAULT_INJECTION: forcing a failure. [ 427.326296][T11816] name failslab, interval 1, probability 0, space 0, times 0 [ 427.401022][T11816] CPU: 1 UID: 0 PID: 11816 Comm: syz.2.1372 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 427.401057][T11816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 427.401071][T11816] Call Trace: [ 427.401078][T11816] [ 427.401087][T11816] dump_stack_lvl+0x16c/0x1f0 [ 427.401125][T11816] should_fail_ex+0x512/0x640 [ 427.401152][T11816] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 427.401184][T11816] should_failslab+0xc2/0x120 [ 427.401214][T11816] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 427.401261][T11816] ? sk_prot_alloc+0x60/0x2a0 [ 427.401319][T11816] sk_prot_alloc+0x60/0x2a0 [ 427.401366][T11816] sk_alloc+0x36/0xc20 [ 427.401396][T11816] inet_create+0x3a1/0x1090 [ 427.401418][T11816] ? inet_create+0x93/0x1090 [ 427.401443][T11816] __sock_create+0x335/0x8d0 [ 427.401471][T11816] inet_ctl_sock_create+0x94/0x230 [ 427.401509][T11816] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 427.401546][T11816] ? lockdep_init_map_type+0x5c/0x280 [ 427.401581][T11816] ? lockdep_init_map_type+0x5c/0x280 [ 427.401615][T11816] ? __pfx_igmp_net_init+0x10/0x10 [ 427.401646][T11816] igmp_net_init+0xd0/0x1a0 [ 427.401678][T11816] ops_init+0x1df/0x5f0 [ 427.401727][T11816] setup_net+0x21e/0x850 [ 427.401774][T11816] ? __pfx_setup_net+0x10/0x10 [ 427.401818][T11816] ? lockdep_init_map_type+0x5c/0x280 [ 427.401853][T11816] ? __pfx_down_read_killable+0x10/0x10 [ 427.401878][T11816] ? debug_mutex_init+0x37/0x70 [ 427.401904][T11816] copy_net_ns+0x2a6/0x5f0 [ 427.401943][T11816] create_new_namespaces+0x3ea/0xad0 [ 427.401978][T11816] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 427.402009][T11816] ksys_unshare+0x45b/0xa40 [ 427.402043][T11816] ? __pfx_ksys_unshare+0x10/0x10 [ 427.402075][T11816] ? xfd_validate_state+0x5d/0x180 [ 427.402101][T11816] ? rcu_is_watching+0x12/0xc0 [ 427.402131][T11816] __x64_sys_unshare+0x31/0x40 [ 427.402164][T11816] do_syscall_64+0xcd/0x230 [ 427.402200][T11816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.402223][T11816] RIP: 0033:0x7fad2eb8e169 [ 427.402250][T11816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.402273][T11816] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 427.402295][T11816] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 427.402310][T11816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 427.402324][T11816] RBP: 00007fad2ec10a68 R08: 0000000000000000 R09: 0000000000000000 [ 427.402339][T11816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.402352][T11816] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 427.402410][T11816] [ 427.802828][T11816] Failed to initialize the IGMP autojoin socket (err -12) [ 429.534261][T11865] netlink: 'syz.0.1382': attribute type 1 has an invalid length. [ 430.118914][T11884] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1387'. [ 430.444339][T11891] kafs: addr_prefs: Invalid Command [ 430.918755][ T30] audit: type=1326 audit(4294969653.577:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11893 comm="syz.0.1389" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed96b8e169 code=0x0 [ 431.430073][T11907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1392'. [ 431.717846][T11914] svc: failed to register nfsdv3 RPC service (errno 111). [ 431.748385][T11914] svc: failed to register nfsaclv3 RPC service (errno 111). [ 431.971216][ T5854] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 433.721710][T11944] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1401'. [ 436.824944][ C1] bridge0: port 3(team0) entered learning state [ 436.896319][T12003] FAULT_INJECTION: forcing a failure. [ 436.896319][T12003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 436.972066][T12003] CPU: 0 UID: 0 PID: 12003 Comm: syz.3.1414 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 436.972106][T12003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 436.972123][T12003] Call Trace: [ 436.972131][T12003] [ 436.972142][T12003] dump_stack_lvl+0x16c/0x1f0 [ 436.972184][T12003] should_fail_ex+0x512/0x640 [ 436.972224][T12003] _copy_to_user+0x32/0xd0 [ 436.972263][T12003] simple_read_from_buffer+0xcb/0x170 [ 436.972320][T12003] proc_fail_nth_read+0x197/0x270 [ 436.972370][T12003] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 436.972416][T12003] ? rw_verify_area+0xcf/0x680 [ 436.972459][T12003] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 436.972504][T12003] vfs_read+0x1de/0xc70 [ 436.972538][T12003] ? __pfx___mutex_lock+0x10/0x10 [ 436.972580][T12003] ? __pfx_vfs_read+0x10/0x10 [ 436.972620][T12003] ? __fget_files+0x20e/0x3c0 [ 436.972659][T12003] ksys_read+0x12a/0x240 [ 436.972688][T12003] ? __pfx_ksys_read+0x10/0x10 [ 436.972726][T12003] do_syscall_64+0xcd/0x230 [ 436.972772][T12003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.972801][T12003] RIP: 0033:0x7fbfe2b8cb7c [ 436.972823][T12003] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 436.972851][T12003] RSP: 002b:00007fbfe3944030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 436.972877][T12003] RAX: ffffffffffffffda RBX: 00007fbfe2db5fa0 RCX: 00007fbfe2b8cb7c [ 436.972896][T12003] RDX: 000000000000000f RSI: 00007fbfe39440a0 RDI: 0000000000000003 [ 436.972911][T12003] RBP: 00007fbfe3944090 R08: 0000000000000000 R09: 0000000000000000 [ 436.972927][T12003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.972942][T12003] R13: 0000000000000001 R14: 00007fbfe2db5fa0 R15: 00007ffd026a81e8 [ 436.972978][T12003] [ 438.055737][T12021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1421'. [ 438.191937][T12021] bond0: (slave bond_slave_1): Releasing backup interface [ 440.592351][T12079] kAFS: Invalid Command on /proc/fs/afs/cells file [ 440.703686][T12072] could not allocate digest TFM handle [ 441.065703][T12094] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1435'. [ 442.038840][T12105] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 442.432872][ T5854] Bluetooth: hci1: unexpected event 0x02 length: 552 > 260 [ 442.433175][ T5854] Bluetooth: hci1: unexpected event 0x02 length: 552 > 260 [ 443.820386][T12126] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 443.889571][T12126] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 443.921187][T12126] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 443.981134][T12126] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 443.987335][T12126] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 445.154776][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.162237][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.549359][ T5854] Bluetooth: hci0: command 0x0406 tx timeout [ 445.950965][ T5854] Bluetooth: hci1: command 0x0406 tx timeout [ 446.029983][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 446.036069][ T5854] Bluetooth: hci2: command 0x0406 tx timeout [ 446.069932][T12181] Invalid ELF header magic: != ELF [ 446.408733][T12187] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1456'. [ 446.465149][T12181] Invalid ELF header magic: != ELF [ 447.630415][ T5854] Bluetooth: hci0: command 0x0406 tx timeout [ 448.156115][T12222] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1465'. [ 450.218942][ T30] audit: type=1804 audit(4294969672.898:13): pid=12267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1476" name="/newroot/sys/kernel/debug/tracing/current_tracer" dev="tracefs" ino=1256 res=1 errno=0 [ 450.303018][T12262] Invalid ELF header magic: != ELF [ 450.643069][T12275] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1479'. [ 452.065867][T12288] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1480'. [ 452.193711][ C1] bridge0: port 3(team0) entered forwarding state [ 452.200245][ C1] bridge0: topology change detected, propagating [ 452.782307][T12303] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1484'. [ 453.309817][T12296] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 453.320716][T12296] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 453.343517][T12296] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 453.349669][T12296] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 454.038387][T12325] Invalid ELF header magic: != ELF [ 454.594739][ T5854] Bluetooth: hci0: command 0x0406 tx timeout [ 455.044349][T12353] could not allocate digest TFM handle [ 455.407069][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 455.407129][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 455.413136][ T5854] Bluetooth: hci1: command 0x0406 tx timeout [ 457.080255][ T30] audit: type=1326 audit(4294969679.764:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12391 comm="syz.3.1503" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbfe2b8e169 code=0x0 [ 457.101926][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.804659][T12451] FAULT_INJECTION: forcing a failure. [ 459.804659][T12451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.822604][T12451] CPU: 0 UID: 0 PID: 12451 Comm: syz.3.1517 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 459.822648][T12451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 459.822667][T12451] Call Trace: [ 459.822677][T12451] [ 459.822689][T12451] dump_stack_lvl+0x16c/0x1f0 [ 459.822742][T12451] should_fail_ex+0x512/0x640 [ 459.822786][T12451] _copy_to_iter+0x2a4/0x15a0 [ 459.822834][T12451] ? chacha_block_generic+0x189/0x260 [ 459.822872][T12451] ? __pfx__copy_to_iter+0x10/0x10 [ 459.822922][T12451] ? __pfx___might_resched+0x10/0x10 [ 459.822959][T12451] ? crng_make_state+0x48e/0x6d0 [ 459.823002][T12451] get_random_bytes_user+0x17f/0x3c0 [ 459.823044][T12451] ? __pfx_get_random_bytes_user+0x10/0x10 [ 459.823093][T12451] ? do_futex+0x122/0x350 [ 459.823149][T12451] ? import_ubuf+0x1b6/0x220 [ 459.823190][T12451] __x64_sys_getrandom+0x183/0x290 [ 459.823233][T12451] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 459.823290][T12451] ? xfd_validate_state+0x5d/0x180 [ 459.823345][T12451] ? rcu_is_watching+0x12/0xc0 [ 459.823389][T12451] do_syscall_64+0xcd/0x230 [ 459.823441][T12451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.823475][T12451] RIP: 0033:0x7fbfe2b8e169 [ 459.823501][T12451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.823534][T12451] RSP: 002b:00007fbfe3923038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 459.823565][T12451] RAX: ffffffffffffffda RBX: 00007fbfe2db6080 RCX: 00007fbfe2b8e169 [ 459.823585][T12451] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 459.823604][T12451] RBP: 00007fbfe2c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 459.823623][T12451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.823641][T12451] R13: 0000000000000000 R14: 00007fbfe2db6080 R15: 00007ffd026a81e8 [ 459.823682][T12451] [ 460.015657][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.232756][T12456] Invalid ELF header magic: != ELF [ 462.250803][T12492] openvswitch: netlink: Message has 8 unknown bytes. [ 465.222604][T12556] netlink: Conntrack attr type has unexpected length (type=3, length=0, expected=8) [ 465.835848][T12567] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1543'. [ 468.155483][T12643] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1563'. [ 468.529172][T12648] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 5 [ 471.959554][ T5854] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 472.083019][ T5848] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 473.345896][T12737] cougar: G6 mapped to space [ 473.777134][T12749] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1591'. [ 473.803730][T12750] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1591'. [ 475.512731][T12774] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1600'. [ 476.884761][T12807] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1605'. [ 477.884441][T12844] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1615'. [ 479.319164][T12822] kexec: Could not allocate control_code_buffer [ 481.054851][T12894] random: crng reseeded on system resumption [ 484.363175][T12951] openvswitch: netlink: Key type 261 is out of range max 32 [ 485.461596][T12982] Invalid ELF header magic: != ELF [ 487.524210][T13019] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1661'. [ 488.587485][T13049] Invalid ELF header magic: != ELF [ 492.624348][T13128] FAULT_INJECTION: forcing a failure. [ 492.624348][T13128] name failslab, interval 1, probability 0, space 0, times 0 [ 492.644358][T13128] CPU: 0 UID: 0 PID: 13128 Comm: syz.2.1688 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 492.644407][T13128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 492.644427][T13128] Call Trace: [ 492.644436][T13128] [ 492.644449][T13128] dump_stack_lvl+0x16c/0x1f0 [ 492.644511][T13128] should_fail_ex+0x512/0x640 [ 492.644548][T13128] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 492.644592][T13128] should_failslab+0xc2/0x120 [ 492.644633][T13128] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 492.644672][T13128] ? shmem_alloc_inode+0x25/0x50 [ 492.644721][T13128] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 492.644766][T13128] shmem_alloc_inode+0x25/0x50 [ 492.644811][T13128] alloc_inode+0x61/0x240 [ 492.644851][T13128] new_inode+0x22/0x1c0 [ 492.644894][T13128] shmem_get_inode+0x19a/0xfb0 [ 492.644932][T13128] shmem_mknod+0x1a8/0x450 [ 492.644967][T13128] ? __pfx_shmem_create+0x10/0x10 [ 492.644994][T13128] lookup_open.isra.0+0x11d0/0x1580 [ 492.645049][T13128] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 492.645116][T13128] ? __pfx_down_write+0x10/0x10 [ 492.645159][T13128] ? mnt_get_write_access+0x20c/0x300 [ 492.645206][T13128] path_openat+0x905/0x2d40 [ 492.645252][T13128] ? __pfx_path_openat+0x10/0x10 [ 492.645302][T13128] do_filp_open+0x20b/0x470 [ 492.645334][T13128] ? __pfx_do_filp_open+0x10/0x10 [ 492.645406][T13128] ? alloc_fd+0x471/0x7d0 [ 492.645444][T13128] do_sys_openat2+0x11b/0x1d0 [ 492.645484][T13128] ? __pfx_do_sys_openat2+0x10/0x10 [ 492.645539][T13128] __x64_sys_openat+0x174/0x210 [ 492.645580][T13128] ? __pfx___x64_sys_openat+0x10/0x10 [ 492.645642][T13128] ? rcu_is_watching+0x12/0xc0 [ 492.645684][T13128] do_syscall_64+0xcd/0x230 [ 492.645731][T13128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.645761][T13128] RIP: 0033:0x7fad2eb8e169 [ 492.645785][T13128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.645815][T13128] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 492.645844][T13128] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 492.645864][T13128] RDX: 0000000000040141 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 492.645882][T13128] RBP: 00007fad2ec10a68 R08: 0000000000000000 R09: 0000000000000000 [ 492.645899][T13128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.645916][T13128] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 492.645954][T13128] [ 492.945903][T13128] FAULT_INJECTION: forcing a failure. [ 492.945903][T13128] name failslab, interval 1, probability 0, space 0, times 0 [ 492.965630][T13128] CPU: 1 UID: 0 PID: 13128 Comm: syz.2.1688 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 492.965672][T13128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 492.965708][T13128] Call Trace: [ 492.965718][T13128] [ 492.965730][T13128] dump_stack_lvl+0x16c/0x1f0 [ 492.965782][T13128] should_fail_ex+0x512/0x640 [ 492.965821][T13128] ? __kvmalloc_node_noprof+0x122/0x600 [ 492.965863][T13128] should_failslab+0xc2/0x120 [ 492.965907][T13128] __kvmalloc_node_noprof+0x135/0x600 [ 492.965945][T13128] ? __pfx___mutex_lock+0x10/0x10 [ 492.965990][T13128] ? traverse.part.0.constprop.0+0x392/0x640 [ 492.966050][T13128] ? traverse.part.0.constprop.0+0x392/0x640 [ 492.966100][T13128] traverse.part.0.constprop.0+0x392/0x640 [ 492.966152][T13128] ? __pfx_futex_wake_mark+0x10/0x10 [ 492.966215][T13128] seq_read_iter+0x932/0x12c0 [ 492.966283][T13128] proc_reg_read_iter+0x21d/0x310 [ 492.966323][T13128] vfs_read+0x8c8/0xc70 [ 492.966363][T13128] ? __pfx_vfs_read+0x10/0x10 [ 492.966393][T13128] ? find_held_lock+0x2b/0x80 [ 492.966452][T13128] __x64_sys_pread64+0x1f4/0x250 [ 492.966489][T13128] ? __pfx___x64_sys_pread64+0x10/0x10 [ 492.966523][T13128] ? rcu_is_watching+0x12/0xc0 [ 492.966565][T13128] do_syscall_64+0xcd/0x230 [ 492.966616][T13128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.966648][T13128] RIP: 0033:0x7fad2eb8e169 [ 492.966673][T13128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.966705][T13128] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 492.966734][T13128] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 492.966754][T13128] RDX: 0000000100000001 RSI: 0000000000000000 RDI: 000000000000000b [ 492.966773][T13128] RBP: 00007fad2ec10a68 R08: 0000000000000000 R09: 0000000000000000 [ 492.966791][T13128] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000000 [ 492.966808][T13128] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 492.966848][T13128] [ 493.179038][ C1] vkms_vblank_simulate: vblank timer overrun [ 500.321057][ T30] audit: type=1326 audit(4294969722.983:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13200 comm="syz.1.1709" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f17e898e169 code=0x0 [ 501.013525][T13211] Invalid ELF header magic: != ELF [ 504.364016][T13243] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1719'. [ 504.903615][T13249] capability: warning: `syz.3.1722' uses deprecated v2 capabilities in a way that may be insecure [ 505.040164][T13249] batman_adv: Routing algorithm '' is not supported [ 505.676955][T13268] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1727'. [ 506.625843][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.633678][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.635577][T13285] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1731'. [ 510.442171][ T5854] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 510.442214][ T5854] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 510.461009][ T5854] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 510.461074][ T5854] Bluetooth: hci2: Malformed LE Event: 0x0d [ 514.150882][ T5854] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 514.150924][ T5854] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 514.166118][ T5854] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 514.166157][ T5854] Bluetooth: hci2: adv larger than maximum supported [ 514.174032][ T5854] Bluetooth: hci2: Malformed LE Event: 0x0d [ 520.944991][T13446] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(3) [ 522.533965][T13474] netlink: 'syz.3.1775': attribute type 1 has an invalid length. [ 523.049105][T13491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1782'. [ 523.118886][T13494] FAULT_INJECTION: forcing a failure. [ 523.118886][T13494] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 523.159404][T13494] CPU: 0 UID: 0 PID: 13494 Comm: syz.2.1783 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 523.159445][T13494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 523.159462][T13494] Call Trace: [ 523.159470][T13494] [ 523.159480][T13494] dump_stack_lvl+0x16c/0x1f0 [ 523.159523][T13494] should_fail_ex+0x512/0x640 [ 523.159561][T13494] should_fail_alloc_page+0xe7/0x130 [ 523.159602][T13494] prepare_alloc_pages+0x3c2/0x610 [ 523.159661][T13494] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 523.159708][T13494] ? __lock_acquire+0x5ca/0x1ba0 [ 523.159754][T13494] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 523.159789][T13494] ? look_up_lock_class+0x59/0x150 [ 523.159830][T13494] ? register_lock_class+0x41/0x4c0 [ 523.159881][T13494] ? __lock_acquire+0xaa4/0x1ba0 [ 523.159944][T13494] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 523.159989][T13494] ? policy_nodemask+0xea/0x4e0 [ 523.160030][T13494] alloc_pages_mpol+0x1fb/0x550 [ 523.160071][T13494] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 523.160106][T13494] ? __pfx___might_resched+0x10/0x10 [ 523.160162][T13494] alloc_pages_noprof+0x131/0x390 [ 523.160200][T13494] __pmd_alloc+0x3f/0x870 [ 523.160246][T13494] huge_pte_alloc+0x292/0x3a0 [ 523.160279][T13494] hugetlb_fault+0x373/0x2e90 [ 523.160314][T13494] ? __pfx_hugetlb_fault+0x10/0x10 [ 523.160358][T13494] ? find_vma+0xbf/0x140 [ 523.160399][T13494] ? __pfx_find_vma+0x10/0x10 [ 523.160438][T13494] ? get_pid_task+0xfc/0x250 [ 523.160482][T13494] handle_mm_fault+0x95d/0xad0 [ 523.160520][T13494] do_user_addr_fault+0x7a6/0x1370 [ 523.160556][T13494] ? rcu_is_watching+0x12/0xc0 [ 523.160589][T13494] exc_page_fault+0x5c/0xc0 [ 523.160628][T13494] asm_exc_page_fault+0x26/0x30 [ 523.160662][T13494] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 523.160695][T13494] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 523.160740][T13494] RSP: 0018:ffffc9000479fe10 EFLAGS: 00050216 [ 523.160764][T13494] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000030 [ 523.160782][T13494] RDX: fffff520008f3fd6 RSI: 0000000000000000 RDI: ffffc9000479fe80 [ 523.160801][T13494] RBP: 0000000000000030 R08: 0000000000000001 R09: fffff520008f3fd5 [ 523.160819][T13494] R10: ffffc9000479feaf R11: 0000000000000000 R12: 0000000000000000 [ 523.160837][T13494] R13: ffffc9000479fe80 R14: 0000000000000001 R15: 0000000000000001 [ 523.160877][T13494] _copy_from_user+0x98/0xd0 [ 523.160918][T13494] __x64_sys_rt_sigqueueinfo+0xff/0x260 [ 523.160968][T13494] ? __pfx___x64_sys_rt_sigqueueinfo+0x10/0x10 [ 523.161012][T13494] ? fput+0x70/0xf0 [ 523.161069][T13494] do_syscall_64+0xcd/0x230 [ 523.161116][T13494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.161145][T13494] RIP: 0033:0x7fad2eb8e169 [ 523.161169][T13494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.161198][T13494] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000081 [ 523.161224][T13494] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 523.161244][T13494] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000063e [ 523.161262][T13494] RBP: 00007fad2f9d4090 R08: 0000000000000000 R09: 0000000000000000 [ 523.161280][T13494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 523.161297][T13494] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 523.161337][T13494] [ 523.513136][ C0] vkms_vblank_simulate: vblank timer overrun [ 524.528946][T13498] netlink: 'syz.0.1780': attribute type 2 has an invalid length. [ 525.950310][T13544] FAULT_INJECTION: forcing a failure. [ 525.950310][T13544] name failslab, interval 1, probability 0, space 0, times 0 [ 525.973452][T13544] CPU: 1 UID: 0 PID: 13544 Comm: syz.2.1794 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 525.973498][T13544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 525.973516][T13544] Call Trace: [ 525.973526][T13544] [ 525.973538][T13544] dump_stack_lvl+0x16c/0x1f0 [ 525.973593][T13544] should_fail_ex+0x512/0x640 [ 525.973630][T13544] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 525.973674][T13544] should_failslab+0xc2/0x120 [ 525.973717][T13544] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 525.973757][T13544] ? __pmd_alloc+0xc3/0x870 [ 525.973813][T13544] __pmd_alloc+0xc3/0x870 [ 525.973867][T13544] huge_pte_alloc+0x292/0x3a0 [ 525.973903][T13544] hugetlb_fault+0x373/0x2e90 [ 525.973943][T13544] ? __pfx_hugetlb_fault+0x10/0x10 [ 525.973993][T13544] ? find_vma+0xbf/0x140 [ 525.974039][T13544] ? __pfx_find_vma+0x10/0x10 [ 525.974082][T13544] ? get_pid_task+0xfc/0x250 [ 525.974155][T13544] handle_mm_fault+0x95d/0xad0 [ 525.974198][T13544] do_user_addr_fault+0x7a6/0x1370 [ 525.974239][T13544] ? rcu_is_watching+0x12/0xc0 [ 525.974277][T13544] exc_page_fault+0x5c/0xc0 [ 525.974322][T13544] asm_exc_page_fault+0x26/0x30 [ 525.974352][T13544] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 525.974389][T13544] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 525.974420][T13544] RSP: 0018:ffffc900046ffe10 EFLAGS: 00050216 [ 525.974444][T13544] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000030 [ 525.974463][T13544] RDX: fffff520008dffd6 RSI: 0000000000000000 RDI: ffffc900046ffe80 [ 525.974482][T13544] RBP: 0000000000000030 R08: 0000000000000001 R09: fffff520008dffd5 [ 525.974500][T13544] R10: ffffc900046ffeaf R11: 0000000000000000 R12: 0000000000000000 [ 525.974518][T13544] R13: ffffc900046ffe80 R14: 0000000000000001 R15: 0000000000000001 [ 525.974570][T13544] _copy_from_user+0x98/0xd0 [ 525.974610][T13544] __x64_sys_rt_sigqueueinfo+0xff/0x260 [ 525.974660][T13544] ? __pfx___x64_sys_rt_sigqueueinfo+0x10/0x10 [ 525.974705][T13544] ? fput+0x70/0xf0 [ 525.974761][T13544] do_syscall_64+0xcd/0x230 [ 525.974809][T13544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.974838][T13544] RIP: 0033:0x7fad2eb8e169 [ 525.974860][T13544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.974890][T13544] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000081 [ 525.974917][T13544] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 525.974936][T13544] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000064c [ 525.974952][T13544] RBP: 00007fad2f9d4090 R08: 0000000000000000 R09: 0000000000000000 [ 525.974970][T13544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 525.974986][T13544] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 525.975026][T13544] [ 526.831185][T13550] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1797'. [ 529.368886][T13584] FAULT_INJECTION: forcing a failure. [ 529.368886][T13584] name fail_futex, interval 1, probability 0, space 0, times 1 [ 529.392237][T13584] CPU: 1 UID: 0 PID: 13584 Comm: syz.3.1804 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 529.392292][T13584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 529.392308][T13584] Call Trace: [ 529.392317][T13584] [ 529.392327][T13584] dump_stack_lvl+0x16c/0x1f0 [ 529.392373][T13584] should_fail_ex+0x512/0x640 [ 529.392412][T13584] should_fail_futex+0x4c/0x60 [ 529.392462][T13584] __x64_sys_futex+0x25e/0x4c0 [ 529.392503][T13584] ? __pfx___x64_sys_futex+0x10/0x10 [ 529.392540][T13584] ? rcu_is_watching+0x12/0xc0 [ 529.392582][T13584] do_syscall_64+0xcd/0x230 [ 529.392629][T13584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.392660][T13584] RIP: 0033:0x7fbfe2b8e169 [ 529.392683][T13584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.392713][T13584] RSP: 002b:00007ffd026a8348 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 529.392741][T13584] RAX: ffffffffffffffda RBX: 0000000000081387 RCX: 00007fbfe2b8e169 [ 529.392761][T13584] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbfe2db608c [ 529.392779][T13584] RBP: 0000000000000032 R08: 00007fbfe3945000 R09: 00000018026a863f [ 529.392810][T13584] R10: 00007ffd026a8440 R11: 0000000000000246 R12: 00007fbfe2db608c [ 529.392827][T13584] R13: 00007ffd026a8440 R14: 00000000000813b9 R15: 00007ffd026a8460 [ 529.392863][T13584] [ 531.026479][T13625] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1813'. [ 532.203008][T13651] random: crng reseeded on system resumption [ 540.110591][T13790] netlink: 18 bytes leftover after parsing attributes in process `syz.0.1848'. [ 541.174309][T13805] ubi0: attaching mtd0 [ 541.195200][T13805] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 541.223661][T13805] ubi0 error: validate_ec_hdr: bad EC header [ 541.247912][T13805] Erase counter header dump: [ 541.258411][T13805] magic 0x55424923 [ 541.263140][T13805] version 1 [ 541.266982][T13805] ec 1 [ 541.361664][T13805] vid_hdr_offset 64 [ 541.365614][T13805] data_offset 128 [ 541.419216][T13805] image_seq 677548622 [ 541.423788][T13805] hdr_crc 0x13c1cf5a [ 541.692048][T13805] erase counter header hexdump: [ 541.771255][T13805] CPU: 1 UID: 0 PID: 13805 Comm: syz.3.1851 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 541.771292][T13805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 541.771310][T13805] Call Trace: [ 541.771320][T13805] [ 541.771331][T13805] dump_stack_lvl+0x16c/0x1f0 [ 541.771380][T13805] validate_ec_hdr+0x28c/0x330 [ 541.771423][T13805] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 541.771466][T13805] ubi_attach+0x5e7/0x4bd0 [ 541.771530][T13805] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 541.771566][T13805] ? __pfx_ubi_attach+0x10/0x10 [ 541.771613][T13805] ? lockdep_init_map_type+0x5c/0x280 [ 541.771657][T13805] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 541.771701][T13805] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 541.771749][T13805] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 541.771797][T13805] ? __pfx_get_mtd_device+0x10/0x10 [ 541.771846][T13805] ctrl_cdev_ioctl+0x337/0x3d0 [ 541.771875][T13805] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 541.771914][T13805] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 541.771945][T13805] __x64_sys_ioctl+0x190/0x200 [ 541.771992][T13805] do_syscall_64+0xcd/0x230 [ 541.772039][T13805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.772069][T13805] RIP: 0033:0x7fbfe2b8e169 [ 541.772093][T13805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.772122][T13805] RSP: 002b:00007fbfe3944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.772150][T13805] RAX: ffffffffffffffda RBX: 00007fbfe2db5fa0 RCX: 00007fbfe2b8e169 [ 541.772170][T13805] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000004 [ 541.772188][T13805] RBP: 00007fbfe2c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 541.772205][T13805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.772222][T13805] R13: 0000000000000000 R14: 00007fbfe2db5fa0 R15: 00007ffd026a81e8 [ 541.772259][T13805] [ 541.772270][T13805] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 542.259272][T13805] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 548.709574][T13899] program syz.2.1880 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 549.534999][T13903] kexec: Could not allocate control_code_buffer [ 550.928539][T13925] Invalid ELF header magic: != ELF [ 552.585761][T13942] Invalid ELF header magic: != ELF [ 555.047384][ T5854] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 561.355195][T14053] netlink: 294 bytes leftover after parsing attributes in process `syz.1.1909'. [ 562.727880][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 562.778019][T14044] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 563.145498][T14044] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 563.165324][T14044] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 563.205673][T14044] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 564.446166][T14099] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1917'. [ 564.559541][T14093] ip_vti0: entered allmulticast mode [ 564.815169][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 565.209302][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 565.215395][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 566.933598][T14114] netlink: 294 bytes leftover after parsing attributes in process `syz.0.1919'. [ 568.103106][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.109611][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.386903][T14150] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1928'. [ 569.689922][T14144] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 569.731867][T14144] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 569.792813][T14144] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 569.800863][T14161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 569.827503][T14144] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 571.384179][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 571.772769][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 571.852427][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 571.858525][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 572.162747][T14196] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1940'. [ 573.994312][T14236] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1951'. [ 578.669811][T14311] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1969'. [ 578.681339][T14311] geneve1: entered allmulticast mode [ 582.368485][T14362] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 582.409716][T14362] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 582.458636][T14362] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 582.479381][T14362] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 584.334788][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 584.414503][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 584.494650][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 584.501804][ T5854] Bluetooth: hci2: command 0x0406 tx timeout [ 588.846533][T14454] ICMPv6: process `syz.3.1999' is using deprecated sysctl (syscall) net.ipv6.neigh.macsec0.base_reachable_time - use net.ipv6.neigh.macsec0.base_reachable_time_ms instead [ 590.232450][T14475] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2003'. [ 597.676365][T14597] netlink: 'syz.2.2027': attribute type 19 has an invalid length. [ 597.697808][T14597] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2027'. syzkaller syzkaller login: [ 600.407389][T14647] CIFS mount error: No usable UNC path provided in device string! [ 600.407389][T14647] [ 600.412661][T14636] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 600.439765][T14647] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 600.444643][T14636] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 600.534943][T14636] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 600.541134][T14636] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 600.662373][T14655] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2040'. [ 601.826747][ T5848] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 602.174372][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 602.494434][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 602.574466][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 602.583114][ T5854] Bluetooth: hci2: command 0x0406 tx timeout [ 602.597851][T14702] netlink: 'syz.0.2048': attribute type 1 has an invalid length. [ 606.360874][T14772] ICMPv6: process `syz.2.2063' is using deprecated sysctl (syscall) net.ipv6.neigh.macsec0.base_reachable_time - use net.ipv6.neigh.macsec0.base_reachable_time_ms instead [ 606.813212][T14780] could not allocate digest TFM handle [ 606.914714][T14787] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2067'. [ 610.038492][T14822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2074'. [ 610.066382][T14823] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2073'. [ 612.006138][T14847] Invalid ELF header magic: != ELF [ 619.182141][T14997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2111'. [ 619.790809][T15008] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2112'. [ 620.241094][T15012] Invalid ELF header magic: != ELF [ 620.350837][T15018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2116'. [ 620.397925][T15020] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2117'. [ 620.566243][T15025] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2118'. [ 621.003332][ T30] audit: type=1800 audit(4294967336.890:16): pid=15030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2119" name="discovery_nqn" dev="configfs" ino=47511 res=0 errno=0 [ 623.479098][T15084] FAULT_INJECTION: forcing a failure. [ 623.479098][T15084] name failslab, interval 1, probability 0, space 0, times 0 [ 623.596554][T15084] CPU: 0 UID: 0 PID: 15084 Comm: syz.3.2125 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 623.596606][T15084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 623.596626][T15084] Call Trace: [ 623.596637][T15084] [ 623.596649][T15084] dump_stack_lvl+0x16c/0x1f0 [ 623.596703][T15084] should_fail_ex+0x512/0x640 [ 623.596740][T15084] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 623.596778][T15084] should_failslab+0xc2/0x120 [ 623.596817][T15084] __kmalloc_cache_noprof+0x6a/0x3e0 [ 623.596845][T15084] ? io_uring_setup+0x24f/0x1ff0 [ 623.596877][T15084] io_uring_setup+0x24f/0x1ff0 [ 623.596907][T15084] ? __pfx_io_uring_setup+0x10/0x10 [ 623.596933][T15084] ? do_futex+0x122/0x350 [ 623.596964][T15084] ? __pfx_do_futex+0x10/0x10 [ 623.596992][T15084] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 623.597052][T15084] ? rcu_is_watching+0x12/0xc0 [ 623.597085][T15084] __x64_sys_io_uring_setup+0xc2/0x170 [ 623.597114][T15084] do_syscall_64+0xcd/0x230 [ 623.597166][T15084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.597193][T15084] RIP: 0033:0x7fbfe2b8e169 [ 623.597214][T15084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.597240][T15084] RSP: 002b:00007fbfe05d3038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 623.597265][T15084] RAX: ffffffffffffffda RBX: 00007fbfe2db6240 RCX: 00007fbfe2b8e169 [ 623.597282][T15084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 623.597297][T15084] RBP: 00007fbfe2c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 623.597313][T15084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.597328][T15084] R13: 0000000000000000 R14: 00007fbfe2db6240 R15: 00007ffd026a81e8 [ 623.597360][T15084] [ 623.955695][T15090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2132'. [ 624.027801][T15096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2132'. [ 626.826891][T15157] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2143'. [ 627.037299][T15159] CIFS mount error: No usable UNC path provided in device string! [ 627.037299][T15159] [ 627.077939][T15159] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 627.920279][T15183] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 628.156813][T15186] Invalid ELF header magic: != ELF [ 628.738649][T15190] size and base must be multiples of 4 kiB [ 628.744703][T15190] CPU: 0 UID: 0 PID: 15190 Comm: syz.2.2150 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 628.744746][T15190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 628.744766][T15190] Call Trace: [ 628.744777][T15190] [ 628.744789][T15190] dump_stack_lvl+0x16c/0x1f0 [ 628.744839][T15190] mtrr_add+0xdf/0x110 [ 628.744892][T15190] mtrr_ioctl+0x7ef/0xcf0 [ 628.744924][T15190] ? __pfx_mtrr_ioctl+0x10/0x10 [ 628.744963][T15190] ? find_held_lock+0x2b/0x80 [ 628.745007][T15190] ? __fget_files+0x20e/0x3c0 [ 628.745040][T15190] ? __pfx_mtrr_ioctl+0x10/0x10 [ 628.745070][T15190] proc_reg_unlocked_ioctl+0x226/0x320 [ 628.745106][T15190] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 628.745147][T15190] __x64_sys_ioctl+0x190/0x200 [ 628.745199][T15190] do_syscall_64+0xcd/0x230 [ 628.745250][T15190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.745283][T15190] RIP: 0033:0x7fad2eb8e169 [ 628.745308][T15190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.745341][T15190] RSP: 002b:00007fad2f992038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 628.745372][T15190] RAX: ffffffffffffffda RBX: 00007fad2edb6160 RCX: 00007fad2eb8e169 [ 628.745393][T15190] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 628.745411][T15190] RBP: 00007fad2ec10a68 R08: 0000000000000000 R09: 0000000000000000 [ 628.745431][T15190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.745449][T15190] R13: 0000000000000000 R14: 00007fad2edb6160 R15: 00007ffcc78f77c8 [ 628.745491][T15190] [ 629.557038][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.563641][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.597966][T15231] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2160'. [ 630.967491][T15240] program syz.3.2163 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 632.813598][T15271] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2171'. [ 633.002718][T15274] Invalid ELF header magic: != ELF [ 634.690219][T15292] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2175'. [ 634.699754][T15292] : renamed from hsr0 (while UP) [ 634.832165][T15292] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2175'. [ 636.551936][ T5848] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 636.559912][ T5848] Bluetooth: hci0: Invalid handle: 0xe200 > 0x0eff [ 636.786898][T15311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2178'. [ 638.273909][T15342] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2187'. [ 639.716960][T15369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2193'. [ 639.855808][ T5848] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 639.863474][ T5848] Bluetooth: hci3: Invalid handle: 0xe200 > 0x0eff [ 646.285726][T15429] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2205'. [ 647.537227][T15459] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2210'. syzkaller syzkaller login: [ 650.924769][T15512] CIFS mount error: No usable UNC path provided in device string! [ 650.924769][T15512] [ 650.953773][T15512] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 653.682695][T15559] Process accounting resumed [ 654.447206][T15580] delete_channel: no stack [ 654.463386][T15580] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2231'. [ 654.850260][T15579] random: crng reseeded on system resumption [ 658.004530][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 658.016327][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 658.025819][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 658.034220][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 658.042171][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 660.060272][T15624] chnl_net:caif_netlink_parms(): no params data found [ 660.075055][ T5848] Bluetooth: hci4: command tx timeout [ 660.112197][T15656] FAULT_INJECTION: forcing a failure. [ 660.112197][T15656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 660.228755][T15656] CPU: 1 UID: 0 PID: 15656 Comm: syz.2.2248 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 660.228801][T15656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 660.228819][T15656] Call Trace: [ 660.228829][T15656] [ 660.228841][T15656] dump_stack_lvl+0x16c/0x1f0 [ 660.228891][T15656] should_fail_ex+0x512/0x640 [ 660.228934][T15656] _copy_from_user+0x2e/0xd0 [ 660.228975][T15656] copy_msghdr_from_user+0x98/0x160 [ 660.229026][T15656] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 660.229089][T15656] ___sys_sendmsg+0xfe/0x1d0 [ 660.229134][T15656] ? __pfx____sys_sendmsg+0x10/0x10 [ 660.229226][T15656] __sys_sendmsg+0x16d/0x220 [ 660.229270][T15656] ? __pfx___sys_sendmsg+0x10/0x10 [ 660.229326][T15656] ? rcu_is_watching+0x12/0xc0 [ 660.229370][T15656] do_syscall_64+0xcd/0x230 [ 660.229419][T15656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.229451][T15656] RIP: 0033:0x7fad2eb8e169 [ 660.229476][T15656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.229507][T15656] RSP: 002b:00007fad2f9d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 660.229536][T15656] RAX: ffffffffffffffda RBX: 00007fad2edb5fa0 RCX: 00007fad2eb8e169 [ 660.229556][T15656] RDX: 0000000000000040 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 660.229575][T15656] RBP: 00007fad2f9d4090 R08: 0000000000000000 R09: 0000000000000000 [ 660.229593][T15656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 660.229611][T15656] R13: 0000000000000000 R14: 00007fad2edb5fa0 R15: 00007ffcc78f77c8 [ 660.229652][T15656] [ 660.523185][T15669] random: crng reseeded on system resumption [ 661.101448][T15624] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.142401][T15624] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.167154][T15624] bridge_slave_0: entered allmulticast mode [ 661.193066][T15624] bridge_slave_0: entered promiscuous mode [ 661.304163][T15624] bridge0: port 2(bridge_slave_1) entered blocking state [ 661.311389][T15624] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.384263][T15624] bridge_slave_1: entered allmulticast mode [ 661.392587][T15624] bridge_slave_1: entered promiscuous mode [ 662.111340][T15624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 662.149506][T15624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 662.153816][ T5848] Bluetooth: hci4: command tx timeout [ 662.628995][T15624] team0: Port device team_slave_0 added [ 662.682923][T15624] team0: Port device team_slave_1 added [ 662.915645][T15624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 662.936966][T15624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 662.994863][T15624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 663.051493][T15624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 663.071826][T15624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 663.145660][T15624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 663.338737][T15624] hsr_slave_0: entered promiscuous mode [ 663.368313][T15624] hsr_slave_1: entered promiscuous mode [ 663.404367][T15624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 663.412100][T15624] Cannot create hsr debugfs directory [ 663.801922][ T5848] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 664.164599][T15624] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.232517][ T5848] Bluetooth: hci4: command tx timeout [ 664.354569][T15624] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.567185][T15624] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.220974][T15624] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 665.316597][T15624] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 665.345141][T15624] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 665.422555][T15624] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 665.764891][T15624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 665.824069][T15624] 8021q: adding VLAN 0 to HW filter on device team0 [ 665.909355][ T6258] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.916626][ T6258] bridge0: port 1(bridge_slave_0) entered forwarding state [ 665.962970][ T6254] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.970183][ T6254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 666.103905][T15762] tipc: Started in network mode [ 666.109428][T15762] tipc: Node identity ee00, cluster identity 4711 [ 666.144248][T15762] tipc: Node number set to 60928 [ 666.311024][ T5848] Bluetooth: hci4: command tx timeout [ 666.363808][T15772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2282'. [ 666.378931][T15773] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2282'. [ 667.448649][T15624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 667.686952][T15624] veth0_vlan: entered promiscuous mode [ 667.715604][T15624] veth1_vlan: entered promiscuous mode [ 667.957364][T15624] veth0_macvtap: entered promiscuous mode [ 667.993943][T15624] veth1_macvtap: entered promiscuous mode [ 668.126007][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.169881][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.189837][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.219946][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.253259][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.374962][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.408114][T15624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 668.556729][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.599675][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.644222][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.672310][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.710059][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.730922][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.759402][T15624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.779726][T15624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.801097][T15624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 668.904144][T15624] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.956598][T15624] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.979271][T15624] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.988049][T15624] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.094289][T15794] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2287'. [ 669.120058][T15795] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2287'. [ 669.435968][ T6278] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 669.467263][ T6278] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 669.542612][ T6273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 669.565956][ T6273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 669.769949][T15801] tty tty36: ldisc open failed (-12), clearing slot 35 [ 671.170950][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 671.193760][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 671.211469][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 671.239099][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 671.247972][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 671.986742][T15820] chnl_net:caif_netlink_parms(): no params data found [ 672.416191][ T6254] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.764144][T15846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2298'. [ 672.775436][ T6254] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.812060][T15820] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.820116][T15820] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.829074][T15820] bridge_slave_0: entered allmulticast mode [ 672.838908][T15820] bridge_slave_0: entered promiscuous mode [ 672.853736][T15846] veth0_macvtap: left promiscuous mode [ 672.921913][ T6254] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.960012][T15820] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.972246][T15820] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.992114][T15820] bridge_slave_1: entered allmulticast mode [ 673.005862][T15820] bridge_slave_1: entered promiscuous mode [ 673.105241][ T6254] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.232069][T15820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.253954][T15820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.346930][ T5848] Bluetooth: hci5: command tx timeout [ 673.381550][T15820] team0: Port device team_slave_0 added [ 673.397322][T15820] team0: Port device team_slave_1 added [ 673.509368][T15820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 673.517551][T15820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 673.576545][T15820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 673.777631][T15820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 673.785213][T15820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 673.926590][T15820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 674.247059][T15856] kernel read not supported for file /\*)A (pid: 15856 comm: syz.3.2301) [ 674.256189][ T30] audit: type=1800 audit(4294967394.163:17): pid=15856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2301" name="\*)A" dev="mqueue" ino=48441 res=0 errno=0 [ 674.276064][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.401129][T15820] hsr_slave_0: entered promiscuous mode [ 674.448051][T15820] hsr_slave_1: entered promiscuous mode [ 674.454586][T15820] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 674.533575][T15820] Cannot create hsr debugfs directory [ 674.689815][T15588] syz.2.2234 (15588) used greatest stack depth: 19976 bytes left [ 674.760039][ T6254] bridge_slave_1: left allmulticast mode [ 674.770371][ T6254] bridge_slave_1: left promiscuous mode [ 674.788830][ T6254] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.815865][ T6254] bridge_slave_0: left allmulticast mode [ 674.821698][ T6254] bridge_slave_0: left promiscuous mode [ 674.827893][ T6254] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.364551][ T5848] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 675.428228][ T5854] Bluetooth: hci5: command tx timeout [ 675.530797][ T6254] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 675.543604][ T6254] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 675.563740][ T6254] bond0 (unregistering): Released all slaves [ 676.623931][T15884] ================================================================== [ 676.632044][T15884] BUG: KASAN: slab-use-after-free in force_devcd_write+0x312/0x340 [ 676.639948][T15884] Read of size 8 at addr ffff88814dbfa000 by task syz.3.2305/15884 [ 676.647841][T15884] [ 676.650167][T15884] CPU: 0 UID: 0 PID: 15884 Comm: syz.3.2305 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 676.650197][T15884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 676.650212][T15884] Call Trace: [ 676.650219][T15884] [ 676.650228][T15884] dump_stack_lvl+0x116/0x1f0 [ 676.650263][T15884] print_report+0xc3/0x670 [ 676.650297][T15884] ? __virt_addr_valid+0x5e/0x590 [ 676.650329][T15884] ? __phys_addr+0xc6/0x150 [ 676.650361][T15884] ? force_devcd_write+0x312/0x340 [ 676.650384][T15884] kasan_report+0xe0/0x110 [ 676.650413][T15884] ? force_devcd_write+0x312/0x340 [ 676.650439][T15884] force_devcd_write+0x312/0x340 [ 676.650462][T15884] ? __pfx_force_devcd_write+0x10/0x10 [ 676.650486][T15884] ? __debugfs_file_get+0x1fe/0x840 [ 676.650513][T15884] ? __pfx___debugfs_file_get+0x10/0x10 [ 676.650545][T15884] full_proxy_write+0x13c/0x200 [ 676.650573][T15884] vfs_write+0x25c/0x1180 [ 676.650594][T15884] ? __pfx_full_proxy_write+0x10/0x10 [ 676.650622][T15884] ? __pfx___mutex_lock+0x10/0x10 [ 676.650653][T15884] ? __pfx_vfs_write+0x10/0x10 [ 676.650678][T15884] ? __fget_files+0x20e/0x3c0 [ 676.650702][T15884] ksys_write+0x12a/0x240 [ 676.650724][T15884] ? __pfx_ksys_write+0x10/0x10 [ 676.650745][T15884] ? rcu_is_watching+0x12/0xc0 [ 676.650771][T15884] do_syscall_64+0xcd/0x230 [ 676.650803][T15884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.650825][T15884] RIP: 0033:0x7fbfe2b8e169 [ 676.650843][T15884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.650867][T15884] RSP: 002b:00007fbfe0993038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 676.650888][T15884] RAX: ffffffffffffffda RBX: 00007fbfe2db6400 RCX: 00007fbfe2b8e169 [ 676.650903][T15884] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000009 [ 676.650917][T15884] RBP: 00007fbfe2c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 676.650932][T15884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.650946][T15884] R13: 0000000000000000 R14: 00007fbfe2db6400 R15: 00007ffd026a81e8 [ 676.650968][T15884] [ 676.650976][T15884] [ 676.864693][T15884] Allocated by task 5836: [ 676.869036][T15884] kasan_save_stack+0x33/0x60 [ 676.873732][T15884] kasan_save_track+0x14/0x30 [ 676.878432][T15884] __kasan_kmalloc+0xaa/0xb0 [ 676.883064][T15884] vhci_open+0x4c/0x430 [ 676.887231][T15884] misc_open+0x35a/0x420 [ 676.891502][T15884] chrdev_open+0x231/0x6a0 [ 676.895937][T15884] do_dentry_open+0x741/0x1c10 [ 676.900718][T15884] vfs_open+0x82/0x3f0 [ 676.904824][T15884] path_openat+0x1e5e/0x2d40 [ 676.909426][T15884] do_filp_open+0x20b/0x470 [ 676.913950][T15884] do_sys_openat2+0x11b/0x1d0 [ 676.918669][T15884] __x64_sys_openat+0x174/0x210 [ 676.923545][T15884] do_syscall_64+0xcd/0x230 [ 676.928079][T15884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.933992][T15884] [ 676.936322][T15884] Freed by task 15528: [ 676.940420][T15884] kasan_save_stack+0x33/0x60 [ 676.945126][T15884] kasan_save_track+0x14/0x30 [ 676.949823][T15884] kasan_save_free_info+0x3b/0x60 [ 676.954878][T15884] __kasan_slab_free+0x51/0x70 [ 676.959669][T15884] kfree+0x2b6/0x4d0 [ 676.963573][T15884] vhci_release+0xbb/0xf0 [ 676.967915][T15884] __fput+0x3ff/0xb70 [ 676.971925][T15884] task_work_run+0x14d/0x240 [ 676.976618][T15884] do_exit+0xafb/0x2c30 [ 676.980888][T15884] do_group_exit+0xd3/0x2a0 [ 676.985418][T15884] get_signal+0x2673/0x26d0 [ 676.989947][T15884] arch_do_signal_or_restart+0x8f/0x7a0 [ 676.995529][T15884] irqentry_exit_to_user_mode+0x13f/0x280 [ 677.001277][T15884] asm_exc_stack_segment+0x26/0x30 [ 677.006416][T15884] [ 677.008768][T15884] The buggy address belongs to the object at ffff88814dbfa000 [ 677.008768][T15884] which belongs to the cache kmalloc-1k of size 1024 [ 677.022847][T15884] The buggy address is located 0 bytes inside of [ 677.022847][T15884] freed 1024-byte region [ffff88814dbfa000, ffff88814dbfa400) [ 677.036582][T15884] [ 677.038918][T15884] The buggy address belongs to the physical page: [ 677.045732][T15884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88814dbfb000 pfn:0x14dbf8 [ 677.055895][T15884] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 677.064407][T15884] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff) [ 677.073018][T15884] page_type: f5(slab) [ 677.077016][T15884] raw: 057ff00000000240 ffff88801b441dc0 ffffea000516d610 ffffea0005012c10 [ 677.085702][T15884] raw: ffff88814dbfb000 000000000010000f 00000000f5000000 0000000000000000 [ 677.094330][T15884] head: 057ff00000000240 ffff88801b441dc0 ffffea000516d610 ffffea0005012c10 [ 677.103018][T15884] head: ffff88814dbfb000 000000000010000f 00000000f5000000 0000000000000000 [ 677.111703][T15884] head: 057ff00000000003 ffffea000536fe01 00000000ffffffff 00000000ffffffff [ 677.120394][T15884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 677.129097][T15884] page dumped because: kasan: bad access detected [ 677.135627][T15884] page_owner tracks the page as allocated [ 677.141358][T15884] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 30662942069, free_ts 0 [ 677.161205][T15884] post_alloc_hook+0x181/0x1b0 [ 677.165989][T15884] get_page_from_freelist+0x135c/0x3920 [ 677.171556][T15884] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 677.177469][T15884] alloc_pages_mpol+0x1fb/0x550 [ 677.182339][T15884] new_slab+0x244/0x340 [ 677.186504][T15884] ___slab_alloc+0xd9c/0x1940 [ 677.191198][T15884] __slab_alloc.constprop.0+0x56/0xb0 [ 677.196586][T15884] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 677.203037][T15884] krealloc_noprof+0x157/0x380 [ 677.207829][T15884] add_sysfs_param+0xd3/0xa00 [ 677.212527][T15884] param_sysfs_builtin_init+0x2ca/0x460 [ 677.218086][T15884] do_one_initcall+0x120/0x6e0 [ 677.223057][T15884] kernel_init_freeable+0x5c2/0x900 [ 677.228302][T15884] kernel_init+0x1c/0x2b0 [ 677.232646][T15884] ret_from_fork+0x45/0x80 [ 677.237076][T15884] ret_from_fork_asm+0x1a/0x30 [ 677.241892][T15884] page_owner free stack trace missing [ 677.247269][T15884] [ 677.249598][T15884] Memory state around the buggy address: [ 677.255245][T15884] ffff88814dbf9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 677.263320][T15884] ffff88814dbf9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 677.271401][T15884] >ffff88814dbfa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 677.279562][T15884] ^ [ 677.283635][T15884] ffff88814dbfa080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 677.291708][T15884] ffff88814dbfa100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 677.299785][T15884] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 677.344754][T15884] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 677.352016][T15884] CPU: 0 UID: 0 PID: 15884 Comm: syz.3.2305 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 677.364125][T15884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 677.374221][T15884] Call Trace: [ 677.377534][T15884] [ 677.380507][T15884] dump_stack_lvl+0x3d/0x1f0 [ 677.385158][T15884] panic+0x71c/0x800 [ 677.389116][T15884] ? __pfx_panic+0x10/0x10 [ 677.393589][T15884] ? mark_held_locks+0x49/0x80 [ 677.398501][T15884] ? preempt_schedule_thunk+0x16/0x30 [ 677.403919][T15884] ? force_devcd_write+0x312/0x340 [ 677.409117][T15884] ? preempt_schedule_common+0x44/0xc0 [ 677.414626][T15884] ? check_panic_on_warn+0x1f/0xb0 [ 677.419775][T15884] ? force_devcd_write+0x312/0x340 [ 677.424903][T15884] check_panic_on_warn+0xab/0xb0 [ 677.429879][T15884] end_report+0x107/0x170 [ 677.434236][T15884] kasan_report+0xee/0x110 [ 677.438678][T15884] ? force_devcd_write+0x312/0x340 [ 677.443814][T15884] force_devcd_write+0x312/0x340 [ 677.448779][T15884] ? __pfx_force_devcd_write+0x10/0x10 [ 677.454268][T15884] ? __debugfs_file_get+0x1fe/0x840 [ 677.459492][T15884] ? __pfx___debugfs_file_get+0x10/0x10 [ 677.465075][T15884] full_proxy_write+0x13c/0x200 [ 677.469948][T15884] vfs_write+0x25c/0x1180 [ 677.474295][T15884] ? __pfx_full_proxy_write+0x10/0x10 [ 677.479690][T15884] ? __pfx___mutex_lock+0x10/0x10 [ 677.484747][T15884] ? __pfx_vfs_write+0x10/0x10 [ 677.489535][T15884] ? __fget_files+0x20e/0x3c0 [ 677.494240][T15884] ksys_write+0x12a/0x240 [ 677.498591][T15884] ? __pfx_ksys_write+0x10/0x10 [ 677.503462][T15884] ? rcu_is_watching+0x12/0xc0 [ 677.508256][T15884] do_syscall_64+0xcd/0x230 [ 677.512796][T15884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.518727][T15884] RIP: 0033:0x7fbfe2b8e169 [ 677.523163][T15884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.542798][T15884] RSP: 002b:00007fbfe0993038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 677.551235][T15884] RAX: ffffffffffffffda RBX: 00007fbfe2db6400 RCX: 00007fbfe2b8e169 [ 677.559224][T15884] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000009 [ 677.567229][T15884] RBP: 00007fbfe2c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 677.575216][T15884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 677.583239][T15884] R13: 0000000000000000 R14: 00007fbfe2db6400 R15: 00007ffd026a81e8 [ 677.591237][T15884] [ 677.594515][T15884] Kernel Offset: disabled [ 677.598948][T15884] Rebooting in 86400 seconds..