last executing test programs: 3m42.696924222s ago: executing program 1 (id=2762): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x80000000df, 0x9b72, 0x2, 0x8000) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000280), 0x4080, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) ioctl$auto_RTC_IRQP_READ(r1, 0x8008700b, 0x0) (async) ioctl$auto_RTC_IRQP_READ(r1, 0x8008700b, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/cmdline\x00', 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) (async) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000580)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9\xe8\xb2\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6E*\xc9\xdd.q\xdbAX\xf6\xfaD\xcdz\xbc~\xf30LE\xb5\x18Wf\xd3\x9b\\\x1c\xbb^\xfb9\xe5\x1b:\xa4\xdd\x81\x91\\\xbc\x1fUl\xfa)\xbf\x9dPV\xae\xa9\x9c)\x01|\xfe\xd0!Rx\a\xc4\xb1$\x8eE\xc2j\x83sLS\xa8H\xf6\xf2,R\x90:\x8fx\xab\x90\xfe$h\x80!\xe2\nY#\xee\x1b}O=\x8bn\xd7zZ\x18\xa7\x9e~\x94k\x8e\xdba\xf2\xc3G\x8egR3\x1d\x01J\x87\x14(}\f\xb1}%N|z,\xbe\x1fB\xd3\xeb\xec\x83X\x8f\x97\x95\xfd\xed\xe6wt\x1d\xb3\xa8\xfb)L~}\x9f\xbf\xd0\xc9\x9d\x82-C\xc3Ez@\x8c\xbf\xa2 \x88\\\r6M\x83', 0x4, 0x0) (async) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000580)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9\xe8\xb2\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6E*\xc9\xdd.q\xdbAX\xf6\xfaD\xcdz\xbc~\xf30LE\xb5\x18Wf\xd3\x9b\\\x1c\xbb^\xfb9\xe5\x1b:\xa4\xdd\x81\x91\\\xbc\x1fUl\xfa)\xbf\x9dPV\xae\xa9\x9c)\x01|\xfe\xd0!Rx\a\xc4\xb1$\x8eE\xc2j\x83sLS\xa8H\xf6\xf2,R\x90:\x8fx\xab\x90\xfe$h\x80!\xe2\nY#\xee\x1b}O=\x8bn\xd7zZ\x18\xa7\x9e~\x94k\x8e\xdba\xf2\xc3G\x8egR3\x1d\x01J\x87\x14(}\f\xb1}%N|z,\xbe\x1fB\xd3\xeb\xec\x83X\x8f\x97\x95\xfd\xed\xe6wt\x1d\xb3\xa8\xfb)L~}\x9f\xbf\xd0\xc9\x9d\x82-C\xc3Ez@\x8c\xbf\xa2 \x88\\\r6M\x83', 0x4, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) (async) r2 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r2, 0x7, 0xd, 0x0) (async) fadvise64$auto_POSIX_FADV_NORMAL(r2, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7ffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), r0) (async) r3 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), r0) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB=', \x00\x00', @ANYRES16=r3, @ANYBLOB="00042cbd7000fddbdf252f000000050013000500000005001500850000000500360004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0xffffffffffffffff, 0x3, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) (async) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) connect$auto(0x3, 0x0, 0x55) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) 3m41.23507536s ago: executing program 1 (id=2768): vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x80000000002}, 0x3, 0x4) 3m40.878100873s ago: executing program 1 (id=2770): unshare$auto(0x40000080) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/ipvlan0/force_tllao\x00', 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 3m39.92102533s ago: executing program 1 (id=2771): ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x106) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@can, 0x18) r3 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4}, 0x6a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001140)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="00012cbd02000000df251d00000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x4000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001180)={'syzkaller1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000011c0)={'wg1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001380)={&(0x7f0000001200)={0x164, 0x0, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_CABLE_TEST_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x7c}]}, @ETHTOOL_A_CABLE_TEST_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_CABLE_TEST_HEADER={0x4}, @ETHTOOL_A_CABLE_TEST_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffffffff}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x3}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x40}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_CABLE_TEST_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x3ff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x4000000}, 0x48000) mmap$auto(0x0, 0x2, 0x2000de, 0x15, 0x7, 0x28000) connect$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x0, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/name\x00', 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r10, &(0x7f00000000c0)=""/4096, 0x1000) mmap$auto(0x0, 0x9, 0x49f, 0x9b72, 0x2, 0x8000000000008000) r11 = open(&(0x7f0000000000)='./file0\x00', 0x26142, 0x4b) write$auto(r11, 0x0, 0x100082) 3m38.41907242s ago: executing program 1 (id=2780): unshare$auto(0x40000080) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/ipvlan0/force_tllao\x00', 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 3m37.829323925s ago: executing program 1 (id=2781): socket(0x10, 0x80805, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/vlan/config\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x831d, 0xa78) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/lockd/nlm_end_grace\x00', 0x2800, 0x0) r2 = getsockopt$auto(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) move_pages$auto(0x1, 0x400000000f54, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) getsockopt$auto_SO_TXREHASH(r1, 0x7, 0x4a, &(0x7f00000001c0)='/proc/fs/lockd/nlm_end_grace\x00', &(0x7f0000000240)=0x5) read$auto(r3, 0x0, 0x20) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r5 = open(0x0, 0x22240, 0x154) execveat$auto(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto_PTRACE_SECCOMP_GET_FILTER(0x420c, r6, 0xffffffffffffffc0, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) r8 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000280), r2) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(r7, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x98, r8, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x80000001}, @NL802154_ATTR_SEC_LEVEL={0x5e, 0x2d, 0x0, 0x1, [@generic="c09a903fc88f86cb8b81c1004c8a7e39f73505aba5cc36961c5227549b69634456923056180acf6d3958f91617d609d968d0531447ff8b79aebfc5899e124c0c83af862b9bb09933b7c6b75a7b84aa4e5a8030cf9cb613f47f70"]}, @NL802154_ATTR_SEC_ENABLED={0x5, 0x29, 0x1}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x6}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x221}]}, 0x98}, 0x1, 0x0, 0x0, 0x20040004}, 0x4040014) 3m22.604141008s ago: executing program 32 (id=2781): socket(0x10, 0x80805, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/vlan/config\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x831d, 0xa78) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/lockd/nlm_end_grace\x00', 0x2800, 0x0) r2 = getsockopt$auto(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) move_pages$auto(0x1, 0x400000000f54, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) getsockopt$auto_SO_TXREHASH(r1, 0x7, 0x4a, &(0x7f00000001c0)='/proc/fs/lockd/nlm_end_grace\x00', &(0x7f0000000240)=0x5) read$auto(r3, 0x0, 0x20) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r5 = open(0x0, 0x22240, 0x154) execveat$auto(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto_PTRACE_SECCOMP_GET_FILTER(0x420c, r6, 0xffffffffffffffc0, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) r8 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000280), r2) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(r7, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x98, r8, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x80000001}, @NL802154_ATTR_SEC_LEVEL={0x5e, 0x2d, 0x0, 0x1, [@generic="c09a903fc88f86cb8b81c1004c8a7e39f73505aba5cc36961c5227549b69634456923056180acf6d3958f91617d609d968d0531447ff8b79aebfc5899e124c0c83af862b9bb09933b7c6b75a7b84aa4e5a8030cf9cb613f47f70"]}, @NL802154_ATTR_SEC_ENABLED={0x5, 0x29, 0x1}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x6}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x221}]}, 0x98}, 0x1, 0x0, 0x0, 0x20040004}, 0x4040014) 13.205868316s ago: executing program 4 (id=3492): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x4000800) msgctl$auto(0x7, 0xa3, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8003) getpgrp(0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r1, 0x4018620d, 0x9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x6) 11.222863462s ago: executing program 4 (id=3497): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg1\x00', 0x72042, 0x0) ioctl$auto_BLKTRACESETUP2(r2, 0xc0481273, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r1, 0x5, 0xffffffffffffffff) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto(0xffffffffffffffff, 0x4b3a, 0x1) socket(0x2, 0x2, 0x73) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/netfilter/nf_log/3\x00', 0x800, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x20001, 0x0) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x80900, 0x0) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x6a, 0x3, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4000800) 10.03817786s ago: executing program 4 (id=3499): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r0) r1 = open(0x0, 0x34b041, 0x408) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(r1, 0x7, r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x2000, 0x0) mmap$auto(0x0, 0x200005, 0x2, 0xc0eb1, 0x602, 0x9) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup8/active_time_ms\x00', 0x8400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000001c0)=""/176, 0xb0) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf250400000004"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0xfffffffffffffffe, 0x400008, 0x7, 0x9b72, r5, 0x100000008000) madvise$auto(0x80000000000000, 0xffffffffffff0001, 0x15) close_range$auto(r3, 0x8, 0x0) brk$auto(0xffffffffffffff66) r7 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r7, &(0x7f0000001b40)=""/4119, 0x1017) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) r8 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r8, 0x0, 0x800003, 0x270) ioctl$auto(0x3, 0x80004509, 0x10000000000402) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0x400a, r3, [0x0, 0x0, 0x7], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x7, 0x52, 0x9, 0x2, 0x1a7b870a, 0x76c5, 0x1, 0x100000000}}) 4.832327342s ago: executing program 0 (id=3515): r0 = getsockopt$auto(0xffffffffffffffff, 0x10000, 0x5, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/comp_algorithm\x00', &(0x7f0000000040)=0x100) r1 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x200, 0x70bd25, 0x25dfdbff, {}, [@OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x8aa4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x841}, 0x4011) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001140)='/sys/devices/virtual/block/zram0/comp_algorithm\x00', 0x20b42, 0x0) sendfile$auto(r2, 0x3, 0x0, 0x7) prctl$auto(0xe, 0x0, 0x3, 0x4, 0x400) 4.693328416s ago: executing program 0 (id=3516): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r0, @ANYBLOB="010025bd7000fedbdf257e000000000066004e2100000000268000000200040000000000020000000000175c0100090000000000010004000000000002000700001f0000980006000000000014010f000000000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9435396cccca249745963693d456f0b13551ebd2714a5d2aa5eec9d61d2d6b9aba3d482f4c49906435b1d783f381a7180a5077358717dfc2e117d31e141382b11db23fb0c7d8ec13b0e2e542cfe4b44f2e9b0a440dcf9143f3be9494f3bc2004047e86405b4190fb667d269f2a7d1c48509fbdc3bb3e99d6f68a309ffff000006007347b9c70c7a48913b05957bbb9826fc681df1b98ace4a88eebe405b8400e41aa87a86c1aca27323448d0dfed2b28ecfa7d65c7264311080712e8fa3874f7ee38b02120b885602b84d954479702f51ac45a331dfe2ef76c45014c84415189885b9c9613c2acb7a41c6ace876ee5af4fc50407fc3361a128a2e59e60f11b47277c9a5f3cbe0424d3886a3a3a0f40c5ef46d2b331ca3d83f2f444bc6998d06926c6a1c"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) 4.490700147s ago: executing program 4 (id=3517): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dri/renderD128\x00', 0x80400, 0x0) ioctl$auto(r0, 0x800064b9, 0x1e6) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_LIST_ASSOCIATIONS(r2, &(0x7f0000000180)={0x0, 0xfff0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x305, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0xffff0000}, 0x84) r4 = userfaultfd$auto(0x1) statx$auto(r4, 0x0, 0x1000, 0x8, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_fd=r4, r5, 0x8, 0x5, 0xffffffffffffffff, @relative_id=0x6, 0xe600}, 0xf) sendmsg$auto_NL802154_CMD_NEW_SEC_DEV(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r3, 0x58aee36fc1bae691, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008c50}, 0x8008810) 4.443900208s ago: executing program 0 (id=3518): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x60, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@HSR_A_IF2_SEQ={0x6, 0x7, 0x7ffe}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x1}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @remote}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40080) socket(0x2, 0x3, 0x100) socket(0x10, 0x1, 0xfffffffb) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24004c5d}, 0x24000080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 4.358278414s ago: executing program 0 (id=3519): socket(0x11, 0x80003, 0x300) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 4.358092147s ago: executing program 3 (id=3520): socket(0x11, 0x80003, 0x300) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r1 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r1, 0x0, 0x8fb5) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 4.22610487s ago: executing program 4 (id=3521): memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x4) fallocate$auto(0x3, 0x8, 0x200000000000b, 0x9) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_CREATE(0xffffffffffffffff, 0x0, 0x800) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/sunrpc/parameters/pool_mode\x00', 0x181302, 0x0) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/mem\x00', 0x402, 0x0) sendfile$auto(0xffffffffffffffff, r2, &(0x7f0000001300)=0xfffffffffffffffb, 0x9) sendfile$auto(r1, r1, 0x0, 0x43) 4.107352093s ago: executing program 2 (id=3522): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r0, @ANYBLOB="010025bd7000fedbdf257e000000000066004e2100000000268000000200040000000000020000000000007f0100090000000000010004000000000002000700001f0000980006000000000014010f000000000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9435396cccca249745963693d456f0b13551ebd2714a5d2aa5eec9d61d2d6b9aba3d482f4c49906435b1d783f381a7180a5077358717dfc2e117d31e141382b11db23fb0c7d8ec13b0e2e542cfe4b44f2e9b0a440dcf9143f3be9494f3bc2004047e86405b4190fb667d269f2a7d1c48509fbdc3bb3e99d6f68a309ffff000006007347b9c70c7a48913b05957bbb9826fc681df1b98ace4a88eebe405b8400e41aa87a86c1aca27323448d0dfed2b28ecfa7d65c7264311080712e8fa3874f7ee38b02120b885602b84d954479702f51ac45a331dfe2ef76c45014c84415189885b9c9613c2acb7a41c6ace876ee5af4fc50407fc3361a128a2e59e60f11b47277c9a5f3cbe0424d3886a3a3a0f40c5ef46d2b331ca3d83f2f444bc6998d06926c6a1c"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) 3.81205378s ago: executing program 2 (id=3523): close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x4000800) msgctl$auto(0x7, 0xa3, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8003) getpgrp(0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r1, 0x4018620d, 0x9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x6) 3.250504157s ago: executing program 3 (id=3524): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r0, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "a060292f83d9"}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r2) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}]}, 0x1c}}, 0x40040) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) (async) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r0, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "a060292f83d9"}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r2) (async) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}]}, 0x1c}}, 0x40040) (async) 2.952858129s ago: executing program 0 (id=3525): r0 = socket(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macsec0\x00'}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/ip6gre0/netdev_group\x00', 0x102, 0x0) sendfile$auto(r1, r1, 0x0, 0xb) memfd_create$auto(0x0, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x1, 0x106) setsockopt$auto(r2, 0x1, 0xd, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0x9) listen$auto(0x3, 0x81) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x400000000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x400) madvise$auto(0x0, 0x3, 0x19) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/dsp\x00', 0x1, 0x0) poll$auto(0x0, 0x7f, 0x9) write$auto(0x3, 0x0, 0xfffffdf2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2000000000000021, 0x2, 0x10000000000002) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r3, 0x0, 0x4000050) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/acpi/interrupts/gpe02\x00', 0x2, 0x0) mmap$auto(0x9, 0x400008, 0xdf, 0x9b72, r4, 0x2) write$auto(0x1, 0x0, 0x80000000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0xca, 0x0, 0x2b) 2.95229084s ago: executing program 3 (id=3526): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) readv$auto(r0, &(0x7f0000000280)={0x0, 0x7}, 0x3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(r0, &(0x7f0000000080)={&(0x7f0000000000)="b7c0b298e924fc81fc2f9b112eaced838cc5ce8e9e8caf3cb0eaffd1c91fb911ac4197e8154e14c975a06dca8a29b1cd3aeb9e7874da54c5a260769d4e1af11386dfc40d609d87e934449b1ac26714734ebf0f142e6db77628d7a7f4b1c4117e433b", 0xffffffffffffffff}, 0x239) 2.743910914s ago: executing program 3 (id=3527): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_NEW(r0, 0x0, 0x40) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x48401, 0x0) ioctl$auto(r2, 0x901064af, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/input/event1\x00', 0x40000, 0x0) ioctl$auto_EVIOCREVOKE(r3, 0x40044591, 0x0) ioctl$auto(0x3, 0x40081271, 0x38) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000) io_uring_setup$auto(0x4, 0x0) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) 2.61481137s ago: executing program 4 (id=3528): mmap$auto(0x1ff, 0x400008, 0xdf, 0x9b72, 0x2, 0x7) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0x1e, 0x4, 0xa92) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, 0x0, 0x4d) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) eventfd$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) readv$auto(0x3, &(0x7f0000000600)={0x0, 0x4}, 0x1da) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=0x4, 0x4, @old_prog_fd=r1}, 0xa3) shmctl$auto_SHM_STAT_ANY(0x38ed, 0xf, &(0x7f0000000580)={{0x4, 0xee01, 0xee00, 0x6, 0xfffffc00, 0x800, 0x5}, 0x80000000, 0x9, 0x7, 0x5, @inferred, @inferred=0xffffffffffffffff, 0x70, 0x0, &(0x7f0000000440)="27c9c8a7081b3457cad85714232b7ed4e568b536193d931ef0dbf82caeafdba95a768e6316781be6f4c2f6724bd4a1293ce3aabe1896f9aa02381242a70054bc3f4115ee9a1a9a1ec2bb5291094e4c47789bf4666a6683f35063ae19515ae9bf8d2e852db584a3132011712101dfca5818fbf395a5bbc3836ee0063af5aee2ad18da4bcba6e94cf734c791f6", &(0x7f00000000c0)="f435213577aed1f7c1a0e6e18a81d69e76774697a29d615a444d9dfeb845d22c838701bfb08391cb537bea983571ac4c18e06d8738ae7613d64a1fd13c39b2f9305ab43295a2d606c229e06b8a337b62a344da9bc503"}) r3 = set_tid_address$auto(0x0) syz_open_procfs$namespace(r3, &(0x7f0000000080)) 2.241877539s ago: executing program 2 (id=3529): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/hugetlb.1GB.rsvd.limit_in_bytes\x00', 0xc2481, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x4000800) msgctl$auto(0x7, 0xa3, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8003) getpgrp(0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r1, 0x4018620d, 0x9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) socket(0x10, 0x2, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x6) 1.863120445s ago: executing program 0 (id=3530): prctl$auto(0x5, 0x80000000, 0x0, 0x78, 0x8) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) syz_clone(0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x663, 0xdf, 0x19, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x101780, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sysfs$auto(0x2, 0x23, 0x0) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) write$auto(r2, 0x0, 0x4) rseq$auto(0x0, 0x8000, 0x0, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000400), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010b27bd7000fda5c5a62073660008000300", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040080) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) 1.095319467s ago: executing program 2 (id=3531): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/devices/virtual/net/nr11/queues/rx-0/rps_flow_cnt\x00', 0x20681, 0x0) setfsuid$auto(0xee00) fchmod$auto(r1, 0x6) ioctl$auto(r0, 0x921064a5, r0) 1.023626748s ago: executing program 3 (id=3532): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) io_uring_setup$auto(0x85, 0x0) ioctl$auto(r0, 0x4008af03, r0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r1 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu1\x00', 0x28180, 0x0) ioctl$auto_FIOASYNC(r1, 0x5452, 0x5) 947.669243ms ago: executing program 2 (id=3533): r0 = socket(0x2, 0x3, 0xa) io_uring_setup$auto(0x55, &(0x7f0000000100)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400b, r0, [], {0x6, 0x80006, 0x8c48, 0x7, 0x3, 0x7f, 0x0, 0x2}, {0x100, 0x1, 0x52, 0x81, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) socket(0x11, 0x3, 0x80000001) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x7, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) utimes$auto(0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) 899.692042ms ago: executing program 3 (id=3534): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/usbmon8\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) clock_settime$auto(0xfffffffe, &(0x7f0000000000)={0x100000004, 0x8}) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x400, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0x22, 0x1, 0x100) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x2, 0x1007ff) ptrace$auto_PTRACE_SETREGSET(0x4205, r0, 0x2, 0x9193) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) mremap$auto(0x100, 0x6, 0x5, 0x200b, 0xfff) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0xffff, 0x3, 0x15f4da0a, 0x1, 0x7, 0x62, 0x80000004, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xf663, 0x15) close_range$auto(0x2, 0x8000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x5, &(0x7f0000000080)={0x7fffffff, 0xc, 0x2, 0x6, 0xffffffff, 0x8, 0xffffffffffffffff, [], {0x6, 0xa, 0xf, 0x29f, 0x1008, 0x7f, 0x101, 0x6, 0x40000000000000}, {0x3, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x49, 0x100000000}}) r4 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0) write$auto_nvmf_dev_fops_fabrics(r4, 0x0, 0x0) io_uring_enter$auto(r3, 0x9, 0x820e, 0x29, 0x0, 0x18) syz_genetlink_get_family_id$auto_psample(0x0, 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r2, 0x0, 0x801) mmap$auto(0x7, 0x20009, 0x5, 0xffffffff, 0x405, 0x8000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 0s ago: executing program 2 (id=3535): close_range$auto(0x2, 0x8, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x1f, 0x0, &(0x7f0000000100)=0x4, 0x440a48d3) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/block/nbd12/queue/write_cache\x00', 0x80002, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000003, 0x64b5, 0x80000001, 0xff, 0x3ff, 0x7, 0xfbfffffe, 0x7, 0x4, 0x7, 0x80000005}) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca437c4d1316833843180bb151ed36e8ce6cb454168d6c", 0x3ff, 0xc9, 0x1000, 0xd, 0x9}) ioctl$auto_BLKTRACESTART(r1, 0x1274, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) mq_timedsend$auto(r0, 0x0, 0x7d, 0x4000009, 0x0) socketpair$auto(0x1, 0x2, 0xa3ce, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) madvise$auto(0xffffffffffffffff, 0xffffffffffff0005, 0x17) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) madvise$auto(0x0, 0xffffffffffff0005, 0x19) kernel console output (not intermixed with test programs): Compute Engine, BIOS Google 10/02/2025 [ 701.414894][T17128] Call Trace: [ 701.414901][T17128] [ 701.414908][T17128] dump_stack_lvl+0x16c/0x1f0 [ 701.414939][T17128] should_fail_ex+0x512/0x640 [ 701.414965][T17128] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 701.414987][T17128] should_failslab+0xc2/0x120 [ 701.415010][T17128] kmem_cache_alloc_noprof+0x75/0x6e0 [ 701.415027][T17128] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 701.415046][T17128] ? acpi_ut_create_generic_state+0x61/0xc0 [ 701.415077][T17128] ? acpi_ut_create_generic_state+0x61/0xc0 [ 701.415101][T17128] acpi_ut_create_generic_state+0x61/0xc0 [ 701.415127][T17128] acpi_ps_push_scope+0x42/0x280 [ 701.415157][T17128] acpi_ps_parse_loop+0x334/0x2470 [ 701.415190][T17128] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 701.415214][T17128] ? kmem_cache_alloc_noprof+0x2a1/0x6e0 [ 701.415231][T17128] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 701.415246][T17128] ? acpi_ut_create_thread_state+0x6d/0x170 [ 701.415280][T17128] acpi_ps_parse_aml+0x817/0x1170 [ 701.415311][T17128] acpi_ps_execute_method+0x5c4/0xe90 [ 701.415334][T17128] acpi_ns_evaluate+0x98c/0x16d0 [ 701.415366][T17128] acpi_evaluate_object+0x4ca/0xdf0 [ 701.415396][T17128] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 701.415421][T17128] ? __mutex_trylock_common+0xe9/0x250 [ 701.415452][T17128] acpi_evaluate_integer+0xdd/0x200 [ 701.415473][T17128] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 701.415504][T17128] ? __pfx_status_show+0x10/0x10 [ 701.415528][T17128] status_show+0xa0/0x120 [ 701.415553][T17128] ? __pfx_status_show+0x10/0x10 [ 701.415582][T17128] dev_attr_show+0x56/0xe0 [ 701.415609][T17128] ? __pfx_dev_attr_show+0x10/0x10 [ 701.415633][T17128] sysfs_kf_seq_show+0x216/0x3e0 [ 701.415657][T17128] seq_read_iter+0x50e/0x12d0 [ 701.415694][T17128] kernfs_fop_read_iter+0x46c/0x610 [ 701.415711][T17128] ? rw_verify_area+0xcf/0x6c0 [ 701.415730][T17128] vfs_read+0x8bf/0xcf0 [ 701.415751][T17128] ? __pfx___mutex_lock+0x10/0x10 [ 701.415773][T17128] ? __pfx_vfs_read+0x10/0x10 [ 701.415807][T17128] ksys_read+0x12a/0x250 [ 701.415825][T17128] ? __pfx_ksys_read+0x10/0x10 [ 701.415850][T17128] do_syscall_64+0xcd/0xfa0 [ 701.415871][T17128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.415889][T17128] RIP: 0033:0x7fe75a18f6c9 [ 701.415903][T17128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.415920][T17128] RSP: 002b:00007fe75aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 701.415937][T17128] RAX: ffffffffffffffda RBX: 00007fe75a3e5fa0 RCX: 00007fe75a18f6c9 [ 701.415948][T17128] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004 [ 701.415959][T17128] RBP: 00007fe75a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 701.415969][T17128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 701.415979][T17128] R13: 00007fe75a3e6038 R14: 00007fe75a3e5fa0 R15: 00007ffd24b2b8a8 [ 701.416002][T17128] [ 702.091645][T17113] Invalid ELF header magic: != ELF [ 702.245262][T16980] mkiss: ax0: crc mode is auto. [ 702.812965][ T7505] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 703.193092][T17146] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 703.237382][T17128] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250807/psparse-529) [ 703.407027][T17146] CPU: 0 UID: 0 PID: 17146 Comm: syz.1.2694 Tainted: G U syzkaller #0 PREEMPT(full) [ 703.407058][T17146] Tainted: [U]=USER [ 703.407064][T17146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 703.407074][T17146] Call Trace: [ 703.407081][T17146] [ 703.407088][T17146] dump_stack_lvl+0x16c/0x1f0 [ 703.407114][T17146] sysfs_warn_dup+0x7f/0xa0 [ 703.407137][T17146] sysfs_create_dir_ns+0x24b/0x2b0 [ 703.407157][T17146] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 703.407178][T17146] ? find_held_lock+0x2b/0x80 [ 703.407201][T17146] ? nfs_netns_namespace+0xd/0x40 [ 703.407225][T17146] kobject_add_internal+0x2c4/0x9b0 [ 703.407252][T17146] kobject_init_and_add+0x11b/0x190 [ 703.407277][T17146] ? __pfx_kobject_init_and_add+0x10/0x10 [ 703.407311][T17146] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 703.407337][T17146] nfs_net_init+0x10a/0x340 [ 703.407360][T17146] ? __pfx_nfs_net_init+0x10/0x10 [ 703.407382][T17146] ops_init+0x1e2/0x5f0 [ 703.407402][T17146] setup_net+0x100/0x390 [ 703.407428][T17146] ? __pfx_setup_net+0x10/0x10 [ 703.407447][T17146] ? debug_mutex_init+0x37/0x70 [ 703.407467][T17146] copy_net_ns+0x2f8/0x690 [ 703.407489][T17146] create_new_namespaces+0x3ea/0xa90 [ 703.407516][T17146] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 703.407538][T17146] ksys_unshare+0x45b/0xa40 [ 703.407562][T17146] ? __pfx_ksys_unshare+0x10/0x10 [ 703.407586][T17146] ? xfd_validate_state+0x61/0x180 [ 703.407617][T17146] __x64_sys_unshare+0x31/0x40 [ 703.407639][T17146] do_syscall_64+0xcd/0xfa0 [ 703.407660][T17146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.407677][T17146] RIP: 0033:0x7fe75a18f6c9 [ 703.407692][T17146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.407708][T17146] RSP: 002b:00007fe75afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 703.407726][T17146] RAX: ffffffffffffffda RBX: 00007fe75a3e6090 RCX: 00007fe75a18f6c9 [ 703.407737][T17146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 703.407747][T17146] RBP: 00007fe75a211f91 R08: 0000000000000000 R09: 0000000000000000 [ 703.407758][T17146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.407768][T17146] R13: 00007fe75a3e6128 R14: 00007fe75a3e6090 R15: 00007ffd24b2b8a8 [ 703.407789][T17146] [ 703.407810][T17146] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 705.922994][T17188] binder: 17186:17188 ioctl c018620c 0 returned -22 [ 706.470897][T17189] mkiss: ax1: crc mode is auto. [ 706.944780][ T7505] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 707.115017][T17205] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2711'. [ 707.806537][T17219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2715'. [ 708.489875][T17230] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2717'. [ 708.642930][T17229] Process accounting paused [ 708.835116][T17238] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 710.349601][T17245] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 710.444576][T17245] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 710.631952][T17245] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 710.658068][T17245] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 710.723662][T17245] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 710.754566][T17245] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 710.790010][T17269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2726'. [ 712.398819][ T7505] Bluetooth: hci0: command 0x0406 tx timeout [ 712.479784][ T7505] Bluetooth: hci1: command 0x0406 tx timeout [ 712.495497][T17308] mkiss: ax1: crc mode is auto. [ 712.641471][ T7505] Bluetooth: hci3: command 0x0406 tx timeout [ 712.810993][ T7505] Bluetooth: hci2: command 0x0406 tx timeout [ 713.064959][T17321] blktrace: Concurrent blktraces are not allowed on sg0 [ 713.793818][T17148] mkiss: ax0: crc mode is auto. [ 714.708009][ T7488] Bluetooth: hci3: command 0x0406 tx timeout [ 714.781273][T17349] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 714.792176][T17349] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 714.800241][T17349] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 714.811678][T17349] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 714.920557][ T30] audit: type=1800 audit(4294967381.662:16): pid=17368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2752" name="dbroot" dev="configfs" ino=70049 res=0 errno=0 [ 715.448394][T17376] blktrace: Concurrent blktraces are not allowed on sg0 [ 716.139448][ T7505] Bluetooth: hci0: command 0x0406 tx timeout [ 716.400774][T17380] ima: policy update failed [ 716.418495][T17398] blktrace: Concurrent blktraces are not allowed on sg0 [ 716.453840][ T30] audit: type=1802 audit(4294967383.200:17): pid=17380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2755" res=0 errno=0 [ 716.756296][T17401] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2760'. [ 716.802994][T17403] __vm_enough_memory: pid: 17403, comm: syz.0.2761, bytes: 4398046511104 not enough memory for the allocation [ 716.857826][ T7505] Bluetooth: hci2: command 0x0406 tx timeout [ 716.863920][ T7505] Bluetooth: hci3: command 0x0406 tx timeout [ 716.870218][ T7505] Bluetooth: hci1: command 0x0406 tx timeout [ 720.453337][T17477] binder: 17476:17477 ioctl c018620c 0 returned -22 [ 720.671503][T17481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2777'. [ 720.682006][T17481] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 720.692091][T17481] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 720.755006][T17481] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 720.763318][T17481] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 720.882807][T17484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2775'. [ 721.274043][ T983] usb usb38-port5: attempt power cycle [ 721.883044][ T983] usb usb38-port5: unable to enumerate USB device [ 722.808270][T17508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 722.815197][T17508] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 722.824822][T17508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 722.841081][T17508] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 723.438729][T17529] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2786'. [ 723.923959][T17536] mkiss: ax1: crc mode is auto. [ 724.076741][ T30] audit: type=1800 audit(4294967390.870:18): pid=17540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2789" name="dbroot" dev="configfs" ino=70833 res=0 errno=0 [ 724.117805][T17404] Bluetooth: hci0: command 0x0406 tx timeout [ 724.493079][T17546] blktrace: Concurrent blktraces are not allowed on sg0 [ 724.623130][T17543] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 724.726399][T17543] CPU: 0 UID: 0 PID: 17543 Comm: syz.2.2790 Tainted: G U syzkaller #0 PREEMPT(full) [ 724.726430][T17543] Tainted: [U]=USER [ 724.726436][T17543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 724.726447][T17543] Call Trace: [ 724.726453][T17543] [ 724.726461][T17543] dump_stack_lvl+0x16c/0x1f0 [ 724.726486][T17543] sysfs_warn_dup+0x7f/0xa0 [ 724.726508][T17543] sysfs_create_dir_ns+0x24b/0x2b0 [ 724.726530][T17543] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 724.726550][T17543] ? find_held_lock+0x2b/0x80 [ 724.726572][T17543] ? nfs_netns_namespace+0xd/0x40 [ 724.726598][T17543] kobject_add_internal+0x2c4/0x9b0 [ 724.726624][T17543] kobject_init_and_add+0x11b/0x190 [ 724.726648][T17543] ? __pfx_kobject_init_and_add+0x10/0x10 [ 724.726682][T17543] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 724.726708][T17543] nfs_net_init+0x10a/0x340 [ 724.726731][T17543] ? __pfx_nfs_net_init+0x10/0x10 [ 724.726753][T17543] ops_init+0x1e2/0x5f0 [ 724.726774][T17543] setup_net+0x100/0x390 [ 724.726792][T17543] ? __pfx_setup_net+0x10/0x10 [ 724.726810][T17543] ? debug_mutex_init+0x37/0x70 [ 724.726830][T17543] copy_net_ns+0x2f8/0x690 [ 724.726853][T17543] create_new_namespaces+0x3ea/0xa90 [ 724.726878][T17543] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 724.726900][T17543] ksys_unshare+0x45b/0xa40 [ 724.726924][T17543] ? __pfx_ksys_unshare+0x10/0x10 [ 724.726949][T17543] ? xfd_validate_state+0x61/0x180 [ 724.726980][T17543] __x64_sys_unshare+0x31/0x40 [ 724.727002][T17543] do_syscall_64+0xcd/0xfa0 [ 724.727023][T17543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.727041][T17543] RIP: 0033:0x7f0a6158f6c9 [ 724.727056][T17543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 724.727073][T17543] RSP: 002b:00007f0a6243d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 724.727090][T17543] RAX: ffffffffffffffda RBX: 00007f0a617e5fa0 RCX: 00007f0a6158f6c9 [ 724.727102][T17543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 724.727112][T17543] RBP: 00007f0a61611f91 R08: 0000000000000000 R09: 0000000000000000 [ 724.727123][T17543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.727133][T17543] R13: 00007f0a617e6038 R14: 00007f0a617e5fa0 R15: 00007ffc85a6fa08 [ 724.727155][T17543] [ 724.727184][T17543] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 725.002775][T17404] Bluetooth: hci3: command 0x0406 tx timeout [ 725.009018][T17404] Bluetooth: hci1: command 0x0406 tx timeout [ 725.015759][T17404] Bluetooth: hci2: command 0x0406 tx timeout [ 725.383008][T17365] mkiss: ax0: crc mode is auto. [ 726.115490][T17561] random: crng reseeded on system resumption [ 726.125308][T17561] FAULT_INJECTION: forcing a failure. [ 726.125308][T17561] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 726.139008][T17561] CPU: 0 UID: 0 PID: 17561 Comm: syz.3.2794 Tainted: G U syzkaller #0 PREEMPT(full) [ 726.139036][T17561] Tainted: [U]=USER [ 726.139043][T17561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 726.139053][T17561] Call Trace: [ 726.139059][T17561] [ 726.139066][T17561] dump_stack_lvl+0x16c/0x1f0 [ 726.139091][T17561] should_fail_ex+0x512/0x640 [ 726.139122][T17561] should_fail_alloc_page+0xe7/0x130 [ 726.139147][T17561] prepare_alloc_pages+0x3c2/0x610 [ 726.139180][T17561] ? rcu_is_watching+0x12/0xc0 [ 726.139202][T17561] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 726.139227][T17561] ? stack_trace_save+0x8e/0xc0 [ 726.139248][T17561] ? __pfx_stack_trace_save+0x10/0x10 [ 726.139271][T17561] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 726.139292][T17561] ? kasan_save_stack+0x42/0x60 [ 726.139311][T17561] ? kasan_save_stack+0x33/0x60 [ 726.139334][T17561] ? do_dentry_open+0x982/0x1530 [ 726.139353][T17561] ? vfs_open+0x82/0x3f0 [ 726.139375][T17561] ? path_openat+0x1de4/0x2cb0 [ 726.139392][T17561] ? do_filp_open+0x20b/0x470 [ 726.139408][T17561] ? do_sys_openat2+0x11b/0x1d0 [ 726.139431][T17561] ? __x64_sys_openat+0x174/0x210 [ 726.139455][T17561] ? do_syscall_64+0xcd/0xfa0 [ 726.139473][T17561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.139492][T17561] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 726.139519][T17561] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 726.139548][T17561] ? policy_nodemask+0xea/0x4e0 [ 726.139572][T17561] alloc_pages_mpol+0x1fb/0x550 [ 726.139596][T17561] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 726.139625][T17561] alloc_pages_noprof+0x131/0x390 [ 726.139649][T17561] get_zeroed_page_noprof+0x18/0xb0 [ 726.139670][T17561] get_image_page+0x18/0x190 [ 726.139689][T17561] alloc_rtree_node+0x3c/0xb0 [ 726.139707][T17561] memory_bm_create+0x519/0x810 [ 726.139734][T17561] create_basic_memory_bitmaps+0xbd/0x320 [ 726.139757][T17561] snapshot_open+0x235/0x2b0 [ 726.139778][T17561] ? __pfx_snapshot_open+0x10/0x10 [ 726.139799][T17561] misc_open+0x26d/0x450 [ 726.139825][T17561] ? __pfx_misc_open+0x10/0x10 [ 726.139849][T17561] chrdev_open+0x234/0x6a0 [ 726.139869][T17561] ? __pfx_apparmor_file_open+0x10/0x10 [ 726.139895][T17561] ? __pfx_chrdev_open+0x10/0x10 [ 726.139916][T17561] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 726.139940][T17561] do_dentry_open+0x982/0x1530 [ 726.139960][T17561] ? __pfx_chrdev_open+0x10/0x10 [ 726.139984][T17561] vfs_open+0x82/0x3f0 [ 726.140011][T17561] path_openat+0x1de4/0x2cb0 [ 726.140036][T17561] ? __pfx_path_openat+0x10/0x10 [ 726.140056][T17561] ? __lock_acquire+0xb8a/0x1c90 [ 726.140082][T17561] do_filp_open+0x20b/0x470 [ 726.140100][T17561] ? __pfx_do_filp_open+0x10/0x10 [ 726.140135][T17561] ? alloc_fd+0x471/0x7d0 [ 726.140158][T17561] do_sys_openat2+0x11b/0x1d0 [ 726.140190][T17561] ? __pfx_do_sys_openat2+0x10/0x10 [ 726.140223][T17561] __x64_sys_openat+0x174/0x210 [ 726.140249][T17561] ? __pfx___x64_sys_openat+0x10/0x10 [ 726.140283][T17561] do_syscall_64+0xcd/0xfa0 [ 726.140304][T17561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.140322][T17561] RIP: 0033:0x7f9d61b8f6c9 [ 726.140337][T17561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 726.140353][T17561] RSP: 002b:00007f9d6297a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 726.140370][T17561] RAX: ffffffffffffffda RBX: 00007f9d61de6090 RCX: 00007f9d61b8f6c9 [ 726.140381][T17561] RDX: 00000000001438bf RSI: 0000200000000000 RDI: ffffffffffffff9c [ 726.140392][T17561] RBP: 00007f9d61c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 726.140402][T17561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 726.140412][T17561] R13: 00007f9d61de6128 R14: 00007f9d61de6090 R15: 00007ffd906e92f8 [ 726.140435][T17561] [ 726.596888][T17563] mkiss: ax1: crc mode is auto. [ 728.815169][T17583] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2797'. [ 730.752532][T17601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2802'. [ 731.046837][T17599] Invalid ELF header magic: != ELF [ 731.264744][T17610] FAULT_INJECTION: forcing a failure. [ 731.264744][T17610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 731.288608][T17610] CPU: 0 UID: 0 PID: 17610 Comm: syz.3.2804 Tainted: G U syzkaller #0 PREEMPT(full) [ 731.288639][T17610] Tainted: [U]=USER [ 731.288645][T17610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 731.288655][T17610] Call Trace: [ 731.288662][T17610] [ 731.288668][T17610] dump_stack_lvl+0x16c/0x1f0 [ 731.288693][T17610] should_fail_ex+0x512/0x640 [ 731.288724][T17610] _copy_from_user+0x2e/0xd0 [ 731.288753][T17610] mem_rw+0x1d6/0x640 [ 731.288785][T17610] ? __pfx_mem_write+0x10/0x10 [ 731.288811][T17610] vfs_write+0x2a0/0x11d0 [ 731.288834][T17610] ? __pfx___mutex_lock+0x10/0x10 [ 731.288856][T17610] ? __pfx_vfs_write+0x10/0x10 [ 731.288882][T17610] ? __fget_files+0x20e/0x3c0 [ 731.288905][T17610] ksys_write+0x12a/0x250 [ 731.288924][T17610] ? __pfx_ksys_write+0x10/0x10 [ 731.288950][T17610] do_syscall_64+0xcd/0xfa0 [ 731.288972][T17610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.288990][T17610] RIP: 0033:0x7f9d61b8f6c9 [ 731.289005][T17610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.289022][T17610] RSP: 002b:00007f9d6299b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 731.289039][T17610] RAX: ffffffffffffffda RBX: 00007f9d61de5fa0 RCX: 00007f9d61b8f6c9 [ 731.289051][T17610] RDX: 000000007fffffff RSI: 0000000000000000 RDI: 0000000000000003 [ 731.289061][T17610] RBP: 00007f9d6299b090 R08: 0000000000000000 R09: 0000000000000000 [ 731.289072][T17610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 731.289082][T17610] R13: 00007f9d61de6038 R14: 00007f9d61de5fa0 R15: 00007ffd906e92f8 [ 731.289104][T17610] [ 731.889403][ T7488] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 732.962226][T17626] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2808'. [ 734.312267][T17645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2813'. [ 735.095748][T17637] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 735.165975][T17637] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 735.236845][T17637] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 735.328302][T17637] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 735.592454][T17667] program syz.3.2819 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 735.852687][T17674] delete_channel: no stack [ 736.115639][ T7488] Bluetooth: hci0: command 0x0406 tx timeout [ 737.229699][ T7488] Bluetooth: hci1: command 0x0406 tx timeout [ 737.298127][ T7488] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 737.301767][T17705] binder: 17704:17705 ioctl c018620c 0 returned -22 [ 737.316727][ T7488] Bluetooth: hci3: command 0x0406 tx timeout [ 737.389246][ T7488] Bluetooth: hci2: command 0x0406 tx timeout [ 737.518896][T17564] mkiss: ax0: crc mode is auto. [ 738.481120][T17404] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 738.490990][T17404] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 738.504707][T17404] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 738.512511][T17404] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 738.520318][T17404] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 739.714563][T17737] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 739.756191][T17737] CPU: 0 UID: 0 PID: 17737 Comm: syz.3.2835 Tainted: G U syzkaller #0 PREEMPT(full) [ 739.756220][T17737] Tainted: [U]=USER [ 739.756226][T17737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 739.756237][T17737] Call Trace: [ 739.756244][T17737] [ 739.756251][T17737] dump_stack_lvl+0x16c/0x1f0 [ 739.756276][T17737] sysfs_warn_dup+0x7f/0xa0 [ 739.756298][T17737] sysfs_create_dir_ns+0x24b/0x2b0 [ 739.756324][T17737] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 739.756345][T17737] ? find_held_lock+0x2b/0x80 [ 739.756367][T17737] ? nfs_netns_namespace+0xd/0x40 [ 739.756392][T17737] kobject_add_internal+0x2c4/0x9b0 [ 739.756418][T17737] kobject_init_and_add+0x11b/0x190 [ 739.756441][T17737] ? __pfx_kobject_init_and_add+0x10/0x10 [ 739.756477][T17737] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 739.756502][T17737] nfs_net_init+0x10a/0x340 [ 739.756525][T17737] ? __pfx_nfs_net_init+0x10/0x10 [ 739.756546][T17737] ops_init+0x1e2/0x5f0 [ 739.756567][T17737] setup_net+0x100/0x390 [ 739.756585][T17737] ? __pfx_setup_net+0x10/0x10 [ 739.756604][T17737] ? debug_mutex_init+0x37/0x70 [ 739.756624][T17737] copy_net_ns+0x2f8/0x690 [ 739.756646][T17737] create_new_namespaces+0x3ea/0xa90 [ 739.756671][T17737] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 739.756692][T17737] ksys_unshare+0x45b/0xa40 [ 739.756715][T17737] ? __pfx_ksys_unshare+0x10/0x10 [ 739.756738][T17737] ? xfd_validate_state+0x61/0x180 [ 739.756769][T17737] __x64_sys_unshare+0x31/0x40 [ 739.756791][T17737] do_syscall_64+0xcd/0xfa0 [ 739.756812][T17737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 739.756830][T17737] RIP: 0033:0x7f9d61b8f6c9 [ 739.756844][T17737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 739.756861][T17737] RSP: 002b:00007f9d62959038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 739.756879][T17737] RAX: ffffffffffffffda RBX: 00007f9d61de6180 RCX: 00007f9d61b8f6c9 [ 739.756890][T17737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 739.756900][T17737] RBP: 00007f9d61c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 739.756911][T17737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 739.756921][T17737] R13: 00007f9d61de6218 R14: 00007f9d61de6180 R15: 00007ffd906e92f8 [ 739.756944][T17737] [ 740.572546][T17404] Bluetooth: hci4: command tx timeout [ 740.585429][T17737] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 740.775963][ T8608] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 740.960683][ T8608] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.049060][T17721] chnl_net:caif_netlink_parms(): no params data found [ 741.184291][T17756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2840'. [ 741.196105][ T8608] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 741.353166][T17754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2839'. [ 741.489788][ T8608] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.086285][T17721] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.106126][T17721] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.123797][T17721] bridge_slave_0: entered allmulticast mode [ 742.140358][T17721] bridge_slave_0: entered promiscuous mode [ 742.156211][T17721] bridge0: port 2(bridge_slave_1) entered blocking state [ 742.172225][T17721] bridge0: port 2(bridge_slave_1) entered disabled state [ 742.187762][T17721] bridge_slave_1: entered allmulticast mode [ 742.205174][T17721] bridge_slave_1: entered promiscuous mode [ 742.362448][T17771] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2842'. [ 742.548054][T17773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2843'. [ 742.641862][T17404] Bluetooth: hci4: command tx timeout [ 742.673383][T17721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 742.772433][T17721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 742.817739][ T8608] bridge_slave_1: left allmulticast mode [ 742.867671][ T8608] bridge_slave_1: left promiscuous mode [ 742.929828][ T8608] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.069072][ T8608] bridge_slave_0: left allmulticast mode [ 743.141254][ T8608] bridge_slave_0: left promiscuous mode [ 743.216161][ T8608] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.613117][ T8608] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 744.624030][ T8608] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 744.639908][ T8608] bond0 (unregistering): Released all slaves [ 744.710901][T17404] Bluetooth: hci4: command tx timeout [ 744.743509][ T8608] .^: left promiscuous mode [ 744.808619][T17721] team0: Port device team_slave_0 added [ 744.848794][T17721] team0: Port device team_slave_1 added [ 745.194220][T17721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 745.211641][T17721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 745.383054][T17721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 745.686743][T17721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 745.749081][T17721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 745.994148][T17721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 746.346225][T17836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2856'. [ 746.761255][T17721] hsr_slave_0: entered promiscuous mode [ 746.781589][T17404] Bluetooth: hci4: command tx timeout [ 746.798208][T17721] hsr_slave_1: entered promiscuous mode [ 746.830426][T17721] debugfs: 'hsr0' already exists in 'hsr' [ 746.863650][T17721] Cannot create hsr debugfs directory [ 747.132083][ T8608] hsr_slave_0: left promiscuous mode [ 747.166478][ T8608] hsr_slave_1: left promiscuous mode [ 747.458526][ T8608] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 747.491546][ T8608] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.527876][ T8608] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 747.561121][T17855] ======================================================= [ 747.561121][T17855] WARNING: The mand mount option has been deprecated and [ 747.561121][T17855] and is ignored by this kernel. Remove the mand [ 747.561121][T17855] option from the mount to silence this warning. [ 747.561121][T17855] ======================================================= [ 747.599800][ T8608] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.656593][ T8608] veth1_macvtap: left promiscuous mode [ 747.672777][ T8608] veth0_macvtap: left promiscuous mode [ 747.685789][ T8608] veth1_vlan: left promiscuous mode [ 747.706053][ T8608] veth0_vlan: left promiscuous mode [ 747.738153][T17861] blktrace: Concurrent blktraces are not allowed on sg0 [ 748.305613][ T8608] pim6reg (unregistering): left allmulticast mode [ 748.728455][T17874] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 748.769331][T17874] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 749.174281][T17885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2867'. [ 749.861943][ T8608] team0 (unregistering): Port device team_slave_1 removed [ 749.957025][ T8608] team0 (unregistering): Port device team_slave_0 removed [ 750.369545][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 750.381540][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.620038][T17724] mkiss: ax0: crc mode is auto. [ 751.188962][T17912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2872'. [ 751.246768][T17914] ubi: mtd0 is already attached to ubi0 [ 751.270463][T17915] ubi: mtd0 is already attached to ubi0 [ 752.700199][T17939] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 752.738571][T17939] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 752.759870][T17721] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 752.808613][T17721] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 752.822338][T17939] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 752.887720][T17721] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 752.945629][T17939] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.050353][T17939] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 753.100095][T17721] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 753.253750][T17959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2881'. [ 753.362131][T17939] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 753.746012][T17721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 753.842216][T17721] 8021q: adding VLAN 0 to HW filter on device team0 [ 753.967307][ T8608] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.974486][ T8608] bridge0: port 1(bridge_slave_0) entered forwarding state [ 754.060582][ T8608] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.067956][ T8608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 754.579899][T17991] netlink: 'syz.3.2884': attribute type 11 has an invalid length. [ 754.594548][T17991] netlink: 'syz.3.2884': attribute type 11 has an invalid length. [ 754.609464][T17991] netlink: 'syz.3.2884': attribute type 11 has an invalid length. [ 754.739183][T17404] Bluetooth: hci1: command 0x0406 tx timeout [ 754.746527][ T7488] Bluetooth: hci0: command 0x0406 tx timeout [ 754.901611][ T7488] Bluetooth: hci2: command 0x0406 tx timeout [ 754.978616][ T7488] Bluetooth: hci4: command 0x0c1a tx timeout [ 755.178026][T17721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 755.899719][T18006] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2886'. [ 756.751507][T17721] veth0_vlan: entered promiscuous mode [ 756.890151][T17721] veth1_vlan: entered promiscuous mode [ 757.046862][ T7488] Bluetooth: hci4: command 0x0c1a tx timeout [ 757.134681][T17721] veth0_macvtap: entered promiscuous mode [ 757.268538][T17721] veth1_macvtap: entered promiscuous mode [ 757.363439][T17721] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 757.424888][T17721] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 757.494359][ T8614] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.559708][ T8614] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.596818][ T8614] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.687640][ T8614] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 757.828853][T18040] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2893'. [ 757.848459][T18040] bridge_slave_1: left allmulticast mode [ 757.855382][T18040] bridge_slave_1: left promiscuous mode [ 757.867500][T18040] bridge0: port 2(bridge_slave_1) entered disabled state [ 757.880114][T18040] bridge_slave_0: left allmulticast mode [ 757.887311][T18040] bridge_slave_0: left promiscuous mode [ 757.898556][T18040] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.091633][ T8614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 758.099659][ T8614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 758.227547][ T7488] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 758.481430][ T8614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 758.673802][ T8614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 758.761505][T18057] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 758.802240][T18057] CPU: 0 UID: 0 PID: 18057 Comm: syz.2.2897 Tainted: G U syzkaller #0 PREEMPT(full) [ 758.802271][T18057] Tainted: [U]=USER [ 758.802277][T18057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 758.802288][T18057] Call Trace: [ 758.802294][T18057] [ 758.802301][T18057] dump_stack_lvl+0x16c/0x1f0 [ 758.802327][T18057] sysfs_warn_dup+0x7f/0xa0 [ 758.802350][T18057] sysfs_create_dir_ns+0x24b/0x2b0 [ 758.802372][T18057] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 758.802392][T18057] ? find_held_lock+0x2b/0x80 [ 758.802415][T18057] ? nfs_netns_namespace+0xd/0x40 [ 758.802440][T18057] kobject_add_internal+0x2c4/0x9b0 [ 758.802466][T18057] kobject_init_and_add+0x11b/0x190 [ 758.802490][T18057] ? __pfx_kobject_init_and_add+0x10/0x10 [ 758.802525][T18057] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 758.802550][T18057] nfs_net_init+0x10a/0x340 [ 758.802574][T18057] ? __pfx_nfs_net_init+0x10/0x10 [ 758.802595][T18057] ops_init+0x1e2/0x5f0 [ 758.802615][T18057] setup_net+0x100/0x390 [ 758.802633][T18057] ? __pfx_setup_net+0x10/0x10 [ 758.802652][T18057] ? debug_mutex_init+0x37/0x70 [ 758.802672][T18057] copy_net_ns+0x2f8/0x690 [ 758.802694][T18057] create_new_namespaces+0x3ea/0xa90 [ 758.802718][T18057] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 758.802740][T18057] ksys_unshare+0x45b/0xa40 [ 758.802763][T18057] ? __pfx_ksys_unshare+0x10/0x10 [ 758.802787][T18057] ? xfd_validate_state+0x61/0x180 [ 758.802817][T18057] __x64_sys_unshare+0x31/0x40 [ 758.802839][T18057] do_syscall_64+0xcd/0xfa0 [ 758.802860][T18057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.802877][T18057] RIP: 0033:0x7f0a6158f6c9 [ 758.802893][T18057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 758.802910][T18057] RSP: 002b:00007f0a623fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 758.802950][T18057] RAX: ffffffffffffffda RBX: 00007f0a617e6180 RCX: 00007f0a6158f6c9 [ 758.802962][T18057] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 758.802973][T18057] RBP: 00007f0a61611f91 R08: 0000000000000000 R09: 0000000000000000 [ 758.802984][T18057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.802994][T18057] R13: 00007f0a617e6218 R14: 00007f0a617e6180 R15: 00007ffc85a6fa08 [ 758.803016][T18057] [ 758.803036][T18057] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 759.215441][ T7488] Bluetooth: hci4: command 0x0c1a tx timeout [ 759.750097][ T7488] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 762.604180][T17928] mkiss: ax0: crc mode is auto. [ 763.692642][T18141] netlink: 186 bytes leftover after parsing attributes in process `syz.4.2911'. [ 764.440202][T18155] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2917'. [ 765.169083][ T7488] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 765.241851][T18186] netlink: 252 bytes leftover after parsing attributes in process `syz.4.2926'. [ 765.295326][T18186] netlink: 252 bytes leftover after parsing attributes in process `syz.4.2926'. [ 766.602730][T18209] blktrace: Concurrent blktraces are not allowed on sg0 [ 767.182360][T18221] blktrace: Concurrent blktraces are not allowed on sg0 [ 768.924122][T18257] netlink: 268 bytes leftover after parsing attributes in process `syz.3.2943'. [ 769.037816][ T7488] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 770.154441][T18291] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2953'. [ 770.718440][T18300] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2956'. [ 771.684535][T18300] team0 (unregistering): Port device team_slave_0 removed [ 771.734575][T18300] team0 (unregistering): Port device team_slave_1 removed [ 771.789237][T18309] Falling back ldisc for pty53. [ 774.615246][T18148] mkiss: ax0: crc mode is auto. [ 776.078236][T10607] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.837905][T17404] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 776.849301][T17404] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 776.857726][T17404] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 776.868938][T17404] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 776.890188][T17404] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 776.917142][T10607] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 777.284477][T18389] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 777.420791][T18389] CPU: 0 UID: 0 PID: 18389 Comm: syz-executor Tainted: G U syzkaller #0 PREEMPT(full) [ 777.420829][T18389] Tainted: [U]=USER [ 777.420835][T18389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 777.420845][T18389] Call Trace: [ 777.420858][T18389] [ 777.420865][T18389] dump_stack_lvl+0x16c/0x1f0 [ 777.420890][T18389] sysfs_warn_dup+0x7f/0xa0 [ 777.420913][T18389] sysfs_create_dir_ns+0x24b/0x2b0 [ 777.420934][T18389] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 777.420955][T18389] ? find_held_lock+0x2b/0x80 [ 777.420977][T18389] ? nfs_netns_namespace+0xd/0x40 [ 777.421002][T18389] kobject_add_internal+0x2c4/0x9b0 [ 777.421028][T18389] kobject_init_and_add+0x11b/0x190 [ 777.421053][T18389] ? __pfx_kobject_init_and_add+0x10/0x10 [ 777.421088][T18389] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 777.421114][T18389] nfs_net_init+0x10a/0x340 [ 777.421140][T18389] ? __pfx_nfs_net_init+0x10/0x10 [ 777.421164][T18389] ops_init+0x1e2/0x5f0 [ 777.421185][T18389] setup_net+0x100/0x390 [ 777.421203][T18389] ? __pfx_setup_net+0x10/0x10 [ 777.421222][T18389] ? debug_mutex_init+0x37/0x70 [ 777.421242][T18389] copy_net_ns+0x2f8/0x690 [ 777.421264][T18389] create_new_namespaces+0x3ea/0xa90 [ 777.421291][T18389] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 777.421313][T18389] ksys_unshare+0x45b/0xa40 [ 777.421337][T18389] ? __pfx_ksys_unshare+0x10/0x10 [ 777.421364][T18389] ? __pfx_fput_close_sync+0x10/0x10 [ 777.421391][T18389] ? dnotify_flush+0x79/0x4c0 [ 777.421419][T18389] __x64_sys_unshare+0x31/0x40 [ 777.421442][T18389] do_syscall_64+0xcd/0xfa0 [ 777.421464][T18389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.421481][T18389] RIP: 0033:0x7f76edf90ec7 [ 777.421496][T18389] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 777.421513][T18389] RSP: 002b:00007ffc45bcc6f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 777.421531][T18389] RAX: ffffffffffffffda RBX: 00007f76ee1e5f40 RCX: 00007f76edf90ec7 [ 777.421542][T18389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 777.421552][T18389] RBP: 00007f76ee1e67b8 R08: 0000000000000000 R09: 0000000000000000 [ 777.421563][T18389] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 777.421573][T18389] R13: 0000000000000003 R14: 00007ffc45bcc9c8 R15: 0000000000000000 [ 777.421595][T18389] [ 777.421619][T18389] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 778.511447][T10607] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 778.853846][T18406] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 778.918216][T18406] CPU: 0 UID: 0 PID: 18406 Comm: syz.2.2984 Tainted: G U syzkaller #0 PREEMPT(full) [ 778.918248][T18406] Tainted: [U]=USER [ 778.918254][T18406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 778.918264][T18406] Call Trace: [ 778.918271][T18406] [ 778.918278][T18406] dump_stack_lvl+0x16c/0x1f0 [ 778.918303][T18406] sysfs_warn_dup+0x7f/0xa0 [ 778.918325][T18406] sysfs_create_dir_ns+0x24b/0x2b0 [ 778.918347][T18406] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 778.918367][T18406] ? find_held_lock+0x2b/0x80 [ 778.918390][T18406] ? nfs_netns_namespace+0xd/0x40 [ 778.918413][T18406] kobject_add_internal+0x2c4/0x9b0 [ 778.918440][T18406] kobject_init_and_add+0x11b/0x190 [ 778.918464][T18406] ? __pfx_kobject_init_and_add+0x10/0x10 [ 778.918498][T18406] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 778.918523][T18406] nfs_net_init+0x10a/0x340 [ 778.918547][T18406] ? __pfx_nfs_net_init+0x10/0x10 [ 778.918568][T18406] ops_init+0x1e2/0x5f0 [ 778.918589][T18406] setup_net+0x100/0x390 [ 778.918606][T18406] ? __pfx_setup_net+0x10/0x10 [ 778.918625][T18406] ? debug_mutex_init+0x37/0x70 [ 778.918645][T18406] copy_net_ns+0x2f8/0x690 [ 778.918666][T18406] create_new_namespaces+0x3ea/0xa90 [ 778.918692][T18406] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 778.918715][T18406] ksys_unshare+0x45b/0xa40 [ 778.918738][T18406] ? __pfx_ksys_unshare+0x10/0x10 [ 778.918762][T18406] ? xfd_validate_state+0x61/0x180 [ 778.918793][T18406] __x64_sys_unshare+0x31/0x40 [ 778.918815][T18406] do_syscall_64+0xcd/0xfa0 [ 778.918844][T18406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.918862][T18406] RIP: 0033:0x7f0a6158f6c9 [ 778.918877][T18406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.918895][T18406] RSP: 002b:00007f0a6243d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 778.918914][T18406] RAX: ffffffffffffffda RBX: 00007f0a617e5fa0 RCX: 00007f0a6158f6c9 [ 778.918925][T18406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 778.918936][T18406] RBP: 00007f0a61611f91 R08: 0000000000000000 R09: 0000000000000000 [ 778.918947][T18406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 778.918957][T18406] R13: 00007f0a617e6038 R14: 00007f0a617e5fa0 R15: 00007ffc85a6fa08 [ 778.918980][T18406] [ 778.919002][T18406] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 779.235283][ T7488] Bluetooth: hci0: command tx timeout [ 779.370942][T10607] bridge_slave_1: left allmulticast mode [ 779.485567][T10607] bridge_slave_1: left promiscuous mode [ 779.599472][T10607] bridge0: port 2(bridge_slave_1) entered disabled state [ 779.815641][T10607] bridge_slave_0: left allmulticast mode [ 779.917078][T10607] bridge_slave_0: left promiscuous mode [ 780.017269][T10607] bridge0: port 1(bridge_slave_0) entered disabled state [ 780.252065][T18450] nfs4: Unknown parameter 'nfsd' [ 781.241018][T17404] Bluetooth: hci0: command tx timeout [ 782.716161][T18483] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2999'. [ 783.310225][T17404] Bluetooth: hci0: command tx timeout [ 784.584591][T10607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 784.663611][T10607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 784.733720][T10607] bond0 (unregistering): Released all slaves [ 785.084594][T18483] macvlan0: entered allmulticast mode [ 785.111886][T18483] veth1_vlan: entered allmulticast mode [ 785.220447][T10607] .^: left promiscuous mode [ 785.382098][T17404] Bluetooth: hci0: command tx timeout [ 786.332778][T18507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3003'. [ 786.377779][T18510] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3005'. [ 786.395229][T18372] mkiss: ax0: crc mode is auto. [ 787.876593][T18389] chnl_net:caif_netlink_parms(): no params data found [ 788.223602][T18549] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3007'. [ 788.346047][T18549] netlink: 186 bytes leftover after parsing attributes in process `syz.4.3007'. [ 789.069206][T18563] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3014'. [ 789.412210][T10607] hsr_slave_0: left promiscuous mode [ 789.475282][T10607] hsr_slave_1: left promiscuous mode [ 789.573620][T10607] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 789.654311][T10607] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 789.733396][T10607] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 789.813140][T10607] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 789.827359][T18583] netlink: 268 bytes leftover after parsing attributes in process `syz.3.3019'. [ 789.848147][T10607] veth1_macvtap: left promiscuous mode [ 789.853819][T10607] veth0_macvtap: left promiscuous mode [ 789.871714][T10607] veth1_vlan: left promiscuous mode [ 789.939135][T10607] veth0_vlan: left promiscuous mode [ 791.204310][T10607] team0 (unregistering): Port device team_slave_1 removed [ 791.273867][T10607] team0 (unregistering): Port device team_slave_0 removed [ 791.798689][T18583] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 791.819212][T18583] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 791.853122][T18583] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 791.969467][T18605] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3025'. [ 792.147440][T18389] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.187653][T18389] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.197860][T17404] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 792.252819][T18389] bridge_slave_0: entered allmulticast mode [ 792.359104][T18389] bridge_slave_0: entered promiscuous mode [ 792.476442][T18620] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3030'. [ 792.498188][T18389] bridge0: port 2(bridge_slave_1) entered blocking state [ 792.535151][T18389] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.585422][T18389] bridge_slave_1: entered allmulticast mode [ 792.611335][T18389] bridge_slave_1: entered promiscuous mode [ 793.093187][T18628] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3032'. [ 793.164524][T18389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 793.382519][T18389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 793.997469][T18389] team0: Port device team_slave_0 added [ 794.058580][T18389] team0: Port device team_slave_1 added [ 794.192629][T18655] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3036'. [ 794.447142][T18389] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 794.528650][T18389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 794.818502][T18389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 795.050178][T18389] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 795.129097][T18389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 795.244203][T18389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 795.509130][T18679] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3042'. [ 795.595608][T18681] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3043'. [ 795.667265][T18684] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3044'. [ 795.686304][T18684] IPv6: NLM_F_CREATE should be specified when creating new route [ 795.822407][T18389] hsr_slave_0: entered promiscuous mode [ 795.921906][T18389] hsr_slave_1: entered promiscuous mode [ 797.064569][T18706] netlink: 268 bytes leftover after parsing attributes in process `syz.3.3049'. [ 798.047888][T18536] mkiss: ax0: crc mode is auto. [ 798.390621][T18729] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3057'. [ 798.748620][T18734] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3059'. [ 801.333883][T18389] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 801.496493][T18389] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 801.623160][T17404] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 801.635089][T18777] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3071'. [ 801.794080][T18389] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 802.072867][T18783] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3073'. [ 802.119593][T18784] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3073'. [ 802.146365][T18389] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 802.857179][T18814] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3080'. [ 803.307878][T18389] 8021q: adding VLAN 0 to HW filter on device bond0 [ 803.552899][T18389] 8021q: adding VLAN 0 to HW filter on device team0 [ 803.729522][T10609] bridge0: port 1(bridge_slave_0) entered blocking state [ 803.736688][T10609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 803.860341][ T8608] bridge0: port 2(bridge_slave_1) entered blocking state [ 803.867698][ T8608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 804.379210][T18389] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 804.416473][T18844] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3088'. [ 804.451332][T18840] blktrace: Concurrent blktraces are not allowed on sg0 [ 804.479170][T18389] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 806.920073][T18389] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 807.596802][T18389] veth0_vlan: entered promiscuous mode [ 807.755211][T18389] veth1_vlan: entered promiscuous mode [ 807.792766][T18894] zswap: compressor not available [ 808.575908][T18389] veth0_macvtap: entered promiscuous mode [ 808.833846][T18389] veth1_macvtap: entered promiscuous mode [ 809.207816][T18389] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 809.388392][T18389] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 809.555142][ T8608] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.782360][ T8608] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.902861][ T8608] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.131657][T18739] mkiss: ax0: crc mode is auto. [ 810.233008][ T8608] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.191634][ T8608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.304434][ T8608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.489884][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 811.499545][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.741283][T10608] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.855826][T10608] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.228542][T18968] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 812.238464][T18968] CPU: 0 UID: 0 PID: 18968 Comm: syz.0.2964 Tainted: G U syzkaller #0 PREEMPT(full) [ 812.238494][T18968] Tainted: [U]=USER [ 812.238502][T18968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 812.238511][T18968] Call Trace: [ 812.238518][T18968] [ 812.238526][T18968] dump_stack_lvl+0x16c/0x1f0 [ 812.238553][T18968] sysfs_warn_dup+0x7f/0xa0 [ 812.238576][T18968] sysfs_create_dir_ns+0x24b/0x2b0 [ 812.238597][T18968] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 812.238617][T18968] ? find_held_lock+0x2b/0x80 [ 812.238648][T18968] ? nfs_netns_namespace+0xd/0x40 [ 812.238673][T18968] kobject_add_internal+0x2c4/0x9b0 [ 812.238701][T18968] kobject_init_and_add+0x11b/0x190 [ 812.238724][T18968] ? __pfx_kobject_init_and_add+0x10/0x10 [ 812.238760][T18968] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 812.238786][T18968] nfs_net_init+0x10a/0x340 [ 812.238810][T18968] ? __pfx_nfs_net_init+0x10/0x10 [ 812.238831][T18968] ops_init+0x1e2/0x5f0 [ 812.238851][T18968] setup_net+0x100/0x390 [ 812.238868][T18968] ? __pfx_setup_net+0x10/0x10 [ 812.238887][T18968] ? debug_mutex_init+0x37/0x70 [ 812.238907][T18968] copy_net_ns+0x2f8/0x690 [ 812.238930][T18968] create_new_namespaces+0x3ea/0xa90 [ 812.238954][T18968] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 812.238976][T18968] ksys_unshare+0x45b/0xa40 [ 812.238999][T18968] ? __pfx_ksys_unshare+0x10/0x10 [ 812.239022][T18968] ? xfd_validate_state+0x61/0x180 [ 812.239052][T18968] __x64_sys_unshare+0x31/0x40 [ 812.239075][T18968] do_syscall_64+0xcd/0xfa0 [ 812.239095][T18968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.239112][T18968] RIP: 0033:0x7f76edf8f6c9 [ 812.239128][T18968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.239154][T18968] RSP: 002b:00007f76eeee9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 812.239172][T18968] RAX: ffffffffffffffda RBX: 00007f76ee1e5fa0 RCX: 00007f76edf8f6c9 [ 812.239184][T18968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 812.239194][T18968] RBP: 00007f76ee011f91 R08: 0000000000000000 R09: 0000000000000000 [ 812.239205][T18968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.239215][T18968] R13: 00007f76ee1e6038 R14: 00007f76ee1e5fa0 R15: 00007ffc45bcc178 [ 812.239239][T18968] [ 812.239332][T18968] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 814.159828][T18989] netlink: 'syz.4.3118': attribute type 2 has an invalid length. [ 814.775106][T18998] FAULT_INJECTION: forcing a failure. [ 814.775106][T18998] name failslab, interval 1, probability 0, space 0, times 0 [ 815.077634][T18998] CPU: 0 UID: 0 PID: 18998 Comm: syz.4.3121 Tainted: G U syzkaller #0 PREEMPT(full) [ 815.077664][T18998] Tainted: [U]=USER [ 815.077670][T18998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 815.077681][T18998] Call Trace: [ 815.077688][T18998] [ 815.077695][T18998] dump_stack_lvl+0x16c/0x1f0 [ 815.077719][T18998] should_fail_ex+0x512/0x640 [ 815.077753][T18998] ? fs_reclaim_acquire+0xae/0x150 [ 815.077783][T18998] should_failslab+0xc2/0x120 [ 815.077809][T18998] __kmalloc_noprof+0xdd/0x880 [ 815.077837][T18998] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 815.077862][T18998] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 815.077881][T18998] tomoyo_realpath_from_path+0xc2/0x6e0 [ 815.077904][T18998] ? tomoyo_profile+0x47/0x60 [ 815.077929][T18998] tomoyo_path_number_perm+0x245/0x580 [ 815.077957][T18998] ? tomoyo_path_number_perm+0x237/0x580 [ 815.077987][T18998] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 815.078017][T18998] ? find_held_lock+0x2b/0x80 [ 815.078054][T18998] ? find_held_lock+0x2b/0x80 [ 815.078071][T18998] ? hook_file_ioctl_common+0x145/0x410 [ 815.078094][T18998] ? __fget_files+0x20e/0x3c0 [ 815.078116][T18998] security_file_ioctl+0x9b/0x240 [ 815.078135][T18998] __x64_sys_ioctl+0xb7/0x210 [ 815.078163][T18998] do_syscall_64+0xcd/0xfa0 [ 815.078186][T18998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 815.078205][T18998] RIP: 0033:0x7f3d1138f6c9 [ 815.078220][T18998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 815.078238][T18998] RSP: 002b:00007f3d122be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 815.078260][T18998] RAX: ffffffffffffffda RBX: 00007f3d115e5fa0 RCX: 00007f3d1138f6c9 [ 815.078272][T18998] RDX: 0000000000000000 RSI: 00000000c018620c RDI: 0000000000000006 [ 815.078283][T18998] RBP: 00007f3d122be090 R08: 0000000000000000 R09: 0000000000000000 [ 815.078293][T18998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 815.078304][T18998] R13: 00007f3d115e6038 R14: 00007f3d115e5fa0 R15: 00007ffebedf84d8 [ 815.078327][T18998] [ 815.078335][T18998] ERROR: Out of memory at tomoyo_realpath_from_path. [ 815.658733][ T7505] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 815.713339][ T7488] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 815.722743][ T7505] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 815.789289][ T7488] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 815.906247][ T7488] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 815.975112][ T7488] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 816.047627][T10608] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.153109][T10608] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.233336][T10608] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.408757][T10608] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.468058][T19031] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 816.490063][T19004] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3121'. [ 816.619483][T18998] binder: 18997:18998 ioctl c018620c 0 returned -1 [ 818.089414][ T7488] Bluetooth: hci2: command tx timeout [ 818.672407][T10608] bridge_slave_1: left allmulticast mode [ 818.782882][T10608] bridge_slave_1: left promiscuous mode [ 818.865510][T10608] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.968384][T10608] bridge_slave_0: left promiscuous mode [ 818.978826][T10608] bridge0: port 1(bridge_slave_0) entered disabled state [ 819.617588][ T7488] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 819.695098][T19100] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3142'. [ 819.742562][T19100] netlink: 93 bytes leftover after parsing attributes in process `syz.2.3142'. [ 819.873643][T19103] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3143'. [ 820.159596][ T7488] Bluetooth: hci2: command tx timeout [ 820.390205][T19113] ecryptfs_parse_packet_length: Error parsing packet length [ 820.407396][T19113] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 821.631350][T10608] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 821.642850][T10608] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 821.654538][T10608] bond0 (unregistering): Released all slaves [ 821.770655][T19009] chnl_net:caif_netlink_parms(): no params data found [ 821.962897][T10608] .^: left promiscuous mode [ 821.979812][T18950] mkiss: ax0: crc mode is auto. [ 822.094391][T19135] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3150'. [ 822.228502][ T7488] Bluetooth: hci2: command tx timeout [ 823.195133][T19009] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.316371][T19009] bridge0: port 1(bridge_slave_0) entered disabled state [ 823.410468][T19009] bridge_slave_0: entered allmulticast mode [ 823.518244][T19009] bridge_slave_0: entered promiscuous mode [ 823.576169][T19009] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.648414][T19009] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.657077][T19009] bridge_slave_1: entered allmulticast mode [ 823.664842][T19009] bridge_slave_1: entered promiscuous mode [ 823.905566][T19009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 823.968633][T19009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 824.231183][T19171] Invalid ELF header magic: != ELF [ 824.297212][ T7488] Bluetooth: hci2: command tx timeout [ 824.688283][T19009] team0: Port device team_slave_0 added [ 824.867070][T19009] team0: Port device team_slave_1 added [ 825.611934][T19009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 825.669931][T19009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 825.814333][T19009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 825.947020][T19009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 825.982336][T19009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.141129][T19009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 826.720529][T19238] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3172'. [ 826.880865][T19224] mkiss: ax1: crc mode is auto. [ 826.901888][T19009] hsr_slave_0: entered promiscuous mode [ 827.043347][T19009] hsr_slave_1: entered promiscuous mode [ 827.074720][T19009] debugfs: 'hsr0' already exists in 'hsr' [ 827.133681][T19009] Cannot create hsr debugfs directory [ 827.349959][T19247] netlink: 268 bytes leftover after parsing attributes in process `syz.0.3174'. [ 829.903836][T19279] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3185'. [ 831.646508][T10608] hsr_slave_0: left promiscuous mode [ 831.761968][T10608] hsr_slave_1: left promiscuous mode [ 832.035430][T10608] veth1_macvtap: left promiscuous mode [ 832.070509][T10608] veth0_macvtap: left promiscuous mode [ 832.093159][T10608] veth1_vlan: left promiscuous mode [ 832.123324][T10608] veth0_vlan: left promiscuous mode [ 833.130026][T10608] team0 (unregistering): Port device team_slave_1 removed [ 833.175979][T10608] team0 (unregistering): Port device team_slave_0 removed [ 834.058027][T19149] mkiss: ax0: crc mode is auto. [ 834.364194][ T7488] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 834.615771][ T30] audit: type=1800 audit(4294967501.974:19): pid=19347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3199" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 835.090140][T19357] random: crng reseeded on system resumption [ 835.743460][ T7488] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 835.880715][ T7488] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 836.100207][T19009] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 836.332884][T19009] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 836.467005][T19009] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 836.662656][T19009] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 837.451896][T19409] FAULT_INJECTION: forcing a failure. [ 837.451896][T19409] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 837.489984][T19409] CPU: 0 UID: 0 PID: 19409 Comm: syz.0.3209 Tainted: G U syzkaller #0 PREEMPT(full) [ 837.490016][T19409] Tainted: [U]=USER [ 837.490022][T19409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 837.490033][T19409] Call Trace: [ 837.490039][T19409] [ 837.490046][T19409] dump_stack_lvl+0x16c/0x1f0 [ 837.490071][T19409] should_fail_ex+0x512/0x640 [ 837.490101][T19409] should_fail_alloc_page+0xe7/0x130 [ 837.490127][T19409] prepare_alloc_pages+0x3c2/0x610 [ 837.490153][T19409] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 837.490183][T19409] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 837.490205][T19409] ? validate_mm+0x403/0x560 [ 837.490234][T19409] ? __pfx_validate_mm+0x10/0x10 [ 837.490258][T19409] ? __vma_enter_locked+0x163/0x3f0 [ 837.490289][T19409] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 837.490320][T19409] ? policy_nodemask+0xea/0x4e0 [ 837.490344][T19409] alloc_pages_mpol+0x1fb/0x550 [ 837.490368][T19409] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 837.490397][T19409] alloc_pages_noprof+0x131/0x390 [ 837.490428][T19409] __pmd_alloc+0x3b/0x8b0 [ 837.490454][T19409] move_page_tables+0x30b7/0x4230 [ 837.490476][T19409] ? __pfx_copy_vma+0x10/0x10 [ 837.490497][T19409] ? __pfx_move_page_tables+0x10/0x10 [ 837.490524][T19409] ? rcu_is_watching+0x12/0xc0 [ 837.490543][T19409] ? finish_task_switch.isra.0+0x221/0xc10 [ 837.490561][T19409] ? lockdep_hardirqs_on+0x7c/0x110 [ 837.490585][T19409] copy_vma_and_data+0x24e/0x790 [ 837.490604][T19409] ? __pfx_copy_vma_and_data+0x10/0x10 [ 837.490627][T19409] ? __vma_enter_locked+0x163/0x3f0 [ 837.490654][T19409] ? find_held_lock+0x2b/0x80 [ 837.490673][T19409] ? move_vma+0x52e/0x1770 [ 837.490688][T19409] ? __vm_enough_memory+0x184/0x3f0 [ 837.490715][T19409] move_vma+0x540/0x1770 [ 837.490734][T19409] ? __pfx_move_vma+0x10/0x10 [ 837.490754][T19409] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 837.490777][T19409] ? cap_mmap_addr+0x4b/0x120 [ 837.490800][T19409] ? bpf_lsm_mmap_addr+0x9/0x10 [ 837.490820][T19409] ? security_mmap_addr+0x6c/0x1e0 [ 837.490838][T19409] ? __get_unmapped_area+0x267/0x440 [ 837.490862][T19409] ? vrm_set_new_addr+0x208/0x290 [ 837.490881][T19409] mremap_to+0x1b7/0x450 [ 837.490898][T19409] do_mremap+0x13a8/0x2020 [ 837.490916][T19409] ? futex_private_hash_put+0x130/0x300 [ 837.490944][T19409] ? __pfx_do_mremap+0x10/0x10 [ 837.490966][T19409] ? ksys_write+0x190/0x250 [ 837.490989][T19409] __do_sys_mremap+0x119/0x170 [ 837.491006][T19409] ? __pfx___do_sys_mremap+0x10/0x10 [ 837.491029][T19409] ? __x64_sys_futex+0x1e0/0x4c0 [ 837.491066][T19409] do_syscall_64+0xcd/0xfa0 [ 837.491086][T19409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.491104][T19409] RIP: 0033:0x7f76edf8f6c9 [ 837.491119][T19409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 837.491136][T19409] RSP: 002b:00007f76eee65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 837.491154][T19409] RAX: ffffffffffffffda RBX: 00007f76ee1e6360 RCX: 00007f76edf8f6c9 [ 837.491165][T19409] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 837.491175][T19409] RBP: 00007f76ee011f91 R08: 0000000100000000 R09: 0000000000000000 [ 837.491185][T19409] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 837.491195][T19409] R13: 00007f76ee1e63f8 R14: 00007f76ee1e6360 R15: 00007ffc45bcc178 [ 837.491217][T19409] [ 837.982953][T19404] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 837.990116][T19404] CPU: 0 UID: 0 PID: 19404 Comm: syz.0.3209 Tainted: G U syzkaller #0 PREEMPT(full) [ 837.990145][T19404] Tainted: [U]=USER [ 837.990151][T19404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 837.990161][T19404] Call Trace: [ 837.990168][T19404] [ 837.990175][T19404] dump_stack_lvl+0x16c/0x1f0 [ 837.990200][T19404] sysfs_warn_dup+0x7f/0xa0 [ 837.990222][T19404] sysfs_create_dir_ns+0x24b/0x2b0 [ 837.990243][T19404] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 837.990264][T19404] ? find_held_lock+0x2b/0x80 [ 837.990287][T19404] ? nfs_netns_namespace+0xd/0x40 [ 837.990312][T19404] kobject_add_internal+0x2c4/0x9b0 [ 837.990338][T19404] kobject_init_and_add+0x11b/0x190 [ 837.990369][T19404] ? __pfx_kobject_init_and_add+0x10/0x10 [ 837.990404][T19404] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 837.990429][T19404] nfs_net_init+0x10a/0x340 [ 837.990452][T19404] ? __pfx_nfs_net_init+0x10/0x10 [ 837.990473][T19404] ops_init+0x1e2/0x5f0 [ 837.990494][T19404] setup_net+0x100/0x390 [ 837.990513][T19404] ? __pfx_setup_net+0x10/0x10 [ 837.990533][T19404] ? debug_mutex_init+0x37/0x70 [ 837.990553][T19404] copy_net_ns+0x2f8/0x690 [ 837.990575][T19404] create_new_namespaces+0x3ea/0xa90 [ 837.990601][T19404] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 837.990622][T19404] ksys_unshare+0x45b/0xa40 [ 837.990646][T19404] ? __pfx_ksys_unshare+0x10/0x10 [ 837.990669][T19404] ? xfd_validate_state+0x61/0x180 [ 837.990701][T19404] __x64_sys_unshare+0x31/0x40 [ 837.990723][T19404] do_syscall_64+0xcd/0xfa0 [ 837.990745][T19404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.990763][T19404] RIP: 0033:0x7f76edf8f6c9 [ 837.990778][T19404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 837.990794][T19404] RSP: 002b:00007f76eeea7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 837.990811][T19404] RAX: ffffffffffffffda RBX: 00007f76ee1e6180 RCX: 00007f76edf8f6c9 [ 837.990822][T19404] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 837.990832][T19404] RBP: 00007f76ee011f91 R08: 0000000000000000 R09: 0000000000000000 [ 837.990842][T19404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.990852][T19404] R13: 00007f76ee1e6218 R14: 00007f76ee1e6180 R15: 00007ffc45bcc178 [ 837.990874][T19404] [ 837.990897][T19404] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 838.296014][T19416] mkiss: ax1: crc mode is auto. [ 838.657703][T19422] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3211'. [ 839.112226][T19009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 839.514039][T19009] 8021q: adding VLAN 0 to HW filter on device team0 [ 839.709080][ T8614] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.716444][ T8614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 840.282796][T10612] bridge0: port 2(bridge_slave_1) entered blocking state [ 840.289987][T10612] bridge0: port 2(bridge_slave_1) entered forwarding state [ 842.619370][T19489] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3224'. [ 842.699778][T19489] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 842.748537][T19489] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 842.973846][T19489] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 843.029511][T19489] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 843.553708][T19009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 843.961486][T19009] veth0_vlan: entered promiscuous mode [ 844.091525][T19009] veth1_vlan: entered promiscuous mode [ 844.497016][T19009] veth0_macvtap: entered promiscuous mode [ 844.574801][T19009] veth1_macvtap: entered promiscuous mode [ 844.710324][T19009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 844.848296][T19009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 844.960546][ T8620] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.039047][ T8620] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.111608][ T8620] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.144149][ T8620] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.430981][T19355] mkiss: ax0: crc mode is auto. [ 845.634923][ T8608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 845.678225][ T8608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 845.759353][ T8608] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 845.790203][ T8608] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 846.321964][T19544] zswap: compressor not available [ 846.524151][T19559] mkiss: ax1: crc mode is auto. [ 847.699279][T19577] blktrace: Concurrent blktraces are not allowed on sg0 [ 848.223870][T19588] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3237'. [ 850.070392][ T8608] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 850.509206][T17404] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 850.550623][T17404] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 850.559958][T17404] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 850.573095][T17404] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 850.584782][T17404] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 851.114930][ T8608] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.653193][ T8608] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.155326][ T8608] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 852.629842][T17404] Bluetooth: hci1: command tx timeout [ 852.950435][T19672] mkiss: ax1: crc mode is auto. [ 854.445414][T19700] FAULT_INJECTION: forcing a failure. [ 854.445414][T19700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 854.470620][T19700] CPU: 0 UID: 0 PID: 19700 Comm: syz.3.3260 Tainted: G U syzkaller #0 PREEMPT(full) [ 854.470651][T19700] Tainted: [U]=USER [ 854.470657][T19700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 854.470668][T19700] Call Trace: [ 854.470674][T19700] [ 854.470682][T19700] dump_stack_lvl+0x16c/0x1f0 [ 854.470707][T19700] should_fail_ex+0x512/0x640 [ 854.470737][T19700] _copy_to_user+0x32/0xd0 [ 854.470767][T19700] simple_read_from_buffer+0xcb/0x170 [ 854.470797][T19700] proc_fail_nth_read+0x197/0x240 [ 854.470817][T19700] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 854.470837][T19700] ? rw_verify_area+0xcf/0x6c0 [ 854.470853][T19700] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 854.470872][T19700] vfs_read+0x1e4/0xcf0 [ 854.470893][T19700] ? __pfx___mutex_lock+0x10/0x10 [ 854.470915][T19700] ? __pfx_vfs_read+0x10/0x10 [ 854.470939][T19700] ? __fget_files+0x20e/0x3c0 [ 854.470955][T19700] ? fput+0x50/0xd0 [ 854.470983][T19700] ksys_read+0x12a/0x250 [ 854.471001][T19700] ? __pfx_ksys_read+0x10/0x10 [ 854.471026][T19700] do_syscall_64+0xcd/0xfa0 [ 854.471056][T19700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.471074][T19700] RIP: 0033:0x7fd40638e0dc [ 854.471089][T19700] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 854.471106][T19700] RSP: 002b:00007fd407266030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 854.471124][T19700] RAX: ffffffffffffffda RBX: 00007fd4065e5fa0 RCX: 00007fd40638e0dc [ 854.471135][T19700] RDX: 000000000000000f RSI: 00007fd4072660a0 RDI: 0000000000000005 [ 854.471146][T19700] RBP: 00007fd407266090 R08: 0000000000000000 R09: 0000000000000000 [ 854.471156][T19700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 854.471166][T19700] R13: 00007fd4065e6038 R14: 00007fd4065e5fa0 R15: 00007ffd8e04d498 [ 854.471189][T19700] [ 854.899021][T17404] Bluetooth: hci1: command tx timeout [ 855.065482][T19709] FAULT_INJECTION: forcing a failure. [ 855.065482][T19709] name failslab, interval 1, probability 0, space 0, times 0 [ 855.083059][T19709] CPU: 0 UID: 0 PID: 19709 Comm: syz.3.3264 Tainted: G U syzkaller #0 PREEMPT(full) [ 855.083093][T19709] Tainted: [U]=USER [ 855.083099][T19709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 855.083110][T19709] Call Trace: [ 855.083117][T19709] [ 855.083124][T19709] dump_stack_lvl+0x16c/0x1f0 [ 855.083151][T19709] should_fail_ex+0x512/0x640 [ 855.083177][T19709] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 855.083198][T19709] should_failslab+0xc2/0x120 [ 855.083221][T19709] kmem_cache_alloc_noprof+0x75/0x6e0 [ 855.083238][T19709] ? security_file_alloc+0x34/0x2b0 [ 855.083269][T19709] ? security_file_alloc+0x34/0x2b0 [ 855.083286][T19709] security_file_alloc+0x34/0x2b0 [ 855.083309][T19709] init_file+0x93/0x4c0 [ 855.083332][T19709] alloc_empty_file+0x73/0x1e0 [ 855.083356][T19709] path_openat+0xda/0x2cb0 [ 855.083382][T19709] ? __pfx_path_openat+0x10/0x10 [ 855.083402][T19709] ? __lock_acquire+0xb8a/0x1c90 [ 855.083428][T19709] do_filp_open+0x20b/0x470 [ 855.083446][T19709] ? __pfx_do_filp_open+0x10/0x10 [ 855.083480][T19709] ? alloc_fd+0x471/0x7d0 [ 855.083502][T19709] do_sys_openat2+0x11b/0x1d0 [ 855.083527][T19709] ? __pfx_do_sys_openat2+0x10/0x10 [ 855.083552][T19709] ? __fget_files+0x204/0x3c0 [ 855.083574][T19709] __x64_sys_openat+0x174/0x210 [ 855.083600][T19709] ? __pfx___x64_sys_openat+0x10/0x10 [ 855.083633][T19709] do_syscall_64+0xcd/0xfa0 [ 855.083654][T19709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.083672][T19709] RIP: 0033:0x7fd40638f6c9 [ 855.083692][T19709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 855.083708][T19709] RSP: 002b:00007fd407245038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 855.083726][T19709] RAX: ffffffffffffffda RBX: 00007fd4065e6090 RCX: 00007fd40638f6c9 [ 855.083737][T19709] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 855.083748][T19709] RBP: 00007fd406411f91 R08: 0000000000000000 R09: 0000000000000000 [ 855.083758][T19709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 855.083769][T19709] R13: 00007fd4065e6128 R14: 00007fd4065e6090 R15: 00007ffd8e04d498 [ 855.083790][T19709] [ 855.608143][ T8608] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 855.619464][ T8608] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 855.629906][ T8608] bond0 (unregistering): Released all slaves [ 855.645924][T19680] FAULT_INJECTION: forcing a failure. [ 855.645924][T19680] name failslab, interval 1, probability 0, space 0, times 0 [ 855.665906][T19680] CPU: 0 UID: 0 PID: 19680 Comm: syz.0.3256 Tainted: G U syzkaller #0 PREEMPT(full) [ 855.665936][T19680] Tainted: [U]=USER [ 855.665942][T19680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 855.665953][T19680] Call Trace: [ 855.665959][T19680] [ 855.665967][T19680] dump_stack_lvl+0x16c/0x1f0 [ 855.665992][T19680] should_fail_ex+0x512/0x640 [ 855.666019][T19680] ? __kmalloc_noprof+0xca/0x880 [ 855.666049][T19680] should_failslab+0xc2/0x120 [ 855.666072][T19680] __kmalloc_noprof+0xdd/0x880 [ 855.666099][T19680] ? __register_sysctl_table+0xb3/0x1900 [ 855.666129][T19680] ? __register_sysctl_table+0xb3/0x1900 [ 855.666154][T19680] __register_sysctl_table+0xb3/0x1900 [ 855.666180][T19680] ? is_module_address+0x5f/0xf0 [ 855.666208][T19680] ? __pfx___register_sysctl_table+0x10/0x10 [ 855.666232][T19680] ? is_module_address+0x69/0xf0 [ 855.666256][T19680] ? register_net_sysctl_sz+0x228/0x3e0 [ 855.666281][T19680] ? __asan_memcpy+0x3c/0x60 [ 855.666314][T19680] xfrm4_net_init+0xf0/0x1c0 [ 855.666342][T19680] ? __pfx_xfrm4_net_init+0x10/0x10 [ 855.666365][T19680] ops_init+0x1e2/0x5f0 [ 855.666386][T19680] setup_net+0x100/0x390 [ 855.666405][T19680] ? __pfx_setup_net+0x10/0x10 [ 855.666424][T19680] ? debug_mutex_init+0x37/0x70 [ 855.666446][T19680] copy_net_ns+0x2f8/0x690 [ 855.666468][T19680] create_new_namespaces+0x3ea/0xa90 [ 855.666493][T19680] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 855.666514][T19680] ksys_unshare+0x45b/0xa40 [ 855.666537][T19680] ? __pfx_ksys_unshare+0x10/0x10 [ 855.666560][T19680] ? xfd_validate_state+0x61/0x180 [ 855.666591][T19680] __x64_sys_unshare+0x31/0x40 [ 855.666613][T19680] do_syscall_64+0xcd/0xfa0 [ 855.666634][T19680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.666651][T19680] RIP: 0033:0x7f76edf8f6c9 [ 855.666666][T19680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 855.666682][T19680] RSP: 002b:00007f76eeee9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 855.666700][T19680] RAX: ffffffffffffffda RBX: 00007f76ee1e5fa0 RCX: 00007f76edf8f6c9 [ 855.666712][T19680] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 855.666722][T19680] RBP: 00007f76ee011f91 R08: 0000000000000000 R09: 0000000000000000 [ 855.666732][T19680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 855.666742][T19680] R13: 00007f76ee1e6038 R14: 00007f76ee1e5fa0 R15: 00007ffc45bcc178 [ 855.666764][T19680] [ 856.167563][T19631] chnl_net:caif_netlink_parms(): no params data found [ 856.210383][ T8608] tipc: Left network mode [ 856.219693][T19717] mkiss: ax1: crc mode is auto. [ 856.295588][T19709] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 856.305774][T19709] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 856.313998][T19709] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 856.374582][T19709] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 856.415681][T19709] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 856.424247][T19709] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 856.455824][T19709] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 856.464257][T19709] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 856.474280][T19709] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 856.535301][T19709] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 856.904225][T19631] bridge0: port 1(bridge_slave_0) entered blocking state [ 856.971366][T19734] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 856.985770][T19631] bridge0: port 1(bridge_slave_0) entered disabled state [ 857.020684][T19631] bridge_slave_0: entered allmulticast mode [ 857.045622][T19631] bridge_slave_0: entered promiscuous mode [ 857.118010][T19557] mkiss: ax0: crc mode is auto. [ 857.157832][T19631] bridge0: port 2(bridge_slave_1) entered blocking state [ 857.201026][T19631] bridge0: port 2(bridge_slave_1) entered disabled state [ 857.257865][T19631] bridge_slave_1: entered allmulticast mode [ 857.337812][ T30] audit: type=1800 audit(4294975144.823:20): pid=19742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3269" name="lu_gp_id" dev="configfs" ino=81831 res=0 errno=0 [ 857.368640][T19631] bridge_slave_1: entered promiscuous mode [ 857.749661][T19631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 857.787850][ T8614] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 857.835809][T19631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 858.311222][T19631] team0: Port device team_slave_0 added [ 858.349568][T19631] team0: Port device team_slave_1 added [ 858.360083][T17404] Bluetooth: hci0: command 0x0c1a tx timeout [ 858.366373][ T7488] Bluetooth: hci4: command 0x0c1a tx timeout [ 858.449065][T17404] Bluetooth: hci2: command 0x0c1a tx timeout [ 858.520751][T17404] Bluetooth: hci1: command 0x0419 tx timeout [ 858.567776][T19631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 858.639953][T19631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 858.723146][T19768] blktrace: Concurrent blktraces are not allowed on sg0 [ 859.014939][T19631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 859.093840][T19775] netlink: 268 bytes leftover after parsing attributes in process `syz.3.3275'. [ 859.139064][T19631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 859.220622][T19631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 859.448587][T19631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 860.436280][T17404] Bluetooth: hci0: command 0x0c1a tx timeout [ 860.511873][T17404] Bluetooth: hci2: command 0x0c1a tx timeout [ 860.588190][T17404] Bluetooth: hci1: command 0x0419 tx timeout [ 860.758288][T19631] hsr_slave_0: entered promiscuous mode [ 860.816585][T19631] hsr_slave_1: entered promiscuous mode [ 860.866175][T19631] debugfs: 'hsr0' already exists in 'hsr' [ 860.927091][T19631] Cannot create hsr debugfs directory [ 861.226872][ T8608] hsr_slave_0: left promiscuous mode [ 861.343266][ T8608] hsr_slave_1: left promiscuous mode [ 861.484766][ T8608] veth1_macvtap: left promiscuous mode [ 861.520153][ T8608] veth0_macvtap: left promiscuous mode [ 861.561504][ T8608] veth1_vlan: left promiscuous mode [ 861.596505][ T8608] veth0_vlan: left promiscuous mode [ 862.065691][T19828] blktrace: Concurrent blktraces are not allowed on sg0 [ 862.270035][T19812] kexec: Could not allocate control_code_buffer [ 862.502004][T17404] Bluetooth: hci0: command 0x0c1a tx timeout [ 862.587120][T17404] Bluetooth: hci2: command 0x0c1a tx timeout [ 862.658197][T17404] Bluetooth: hci1: command 0x0419 tx timeout [ 863.036726][T19835] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3287'. [ 864.727174][T17404] Bluetooth: hci1: command 0x0419 tx timeout [ 865.509719][T19873] blktrace: Concurrent blktraces are not allowed on sg0 [ 866.505542][T19889] FAULT_INJECTION: forcing a failure. [ 866.505542][T19889] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 866.521844][T19889] CPU: 0 UID: 0 PID: 19889 Comm: syz.3.3297 Tainted: G U syzkaller #0 PREEMPT(full) [ 866.521874][T19889] Tainted: [U]=USER [ 866.521880][T19889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 866.521891][T19889] Call Trace: [ 866.521898][T19889] [ 866.521905][T19889] dump_stack_lvl+0x16c/0x1f0 [ 866.521931][T19889] should_fail_ex+0x512/0x640 [ 866.521961][T19889] should_fail_alloc_page+0xe7/0x130 [ 866.521987][T19889] prepare_alloc_pages+0x3c2/0x610 [ 866.522009][T19889] ? kmem_cache_alloc_lru_noprof+0x2a5/0x6e0 [ 866.522026][T19889] ? rcu_is_watching+0x12/0xc0 [ 866.522047][T19889] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 866.522070][T19889] ? __lock_acquire+0x622/0x1c90 [ 866.522094][T19889] ? css_rstat_updated+0x1c2/0x510 [ 866.522116][T19889] ? __pfx_css_rstat_updated+0x10/0x10 [ 866.522135][T19889] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 866.522178][T19889] ? rcu_is_watching+0x12/0xc0 [ 866.522204][T19889] ? __lock_acquire+0x622/0x1c90 [ 866.522227][T19889] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 866.522256][T19889] ? policy_nodemask+0xea/0x4e0 [ 866.522282][T19889] alloc_pages_mpol+0x1fb/0x550 [ 866.522306][T19889] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 866.522331][T19889] ? filemap_get_entry+0x1a7/0x3b0 [ 866.522354][T19889] folio_alloc_noprof+0x20/0x2d0 [ 866.522380][T19889] filemap_alloc_folio_noprof+0x3a1/0x470 [ 866.522402][T19889] ? filemap_add_folio+0x110/0x610 [ 866.522421][T19889] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 866.522451][T19889] __filemap_get_folio+0x5e1/0xc30 [ 866.522475][T19889] ioctx_alloc+0x761/0x2120 [ 866.522513][T19889] ? __pfx_ioctx_alloc+0x10/0x10 [ 866.522531][T19889] ? __might_fault+0x13b/0x190 [ 866.522553][T19889] __x64_sys_io_setup+0xc9/0x210 [ 866.522577][T19889] do_syscall_64+0xcd/0xfa0 [ 866.522599][T19889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.522617][T19889] RIP: 0033:0x7fd40638f6c9 [ 866.522633][T19889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 866.522650][T19889] RSP: 002b:00007fd407266038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 866.522667][T19889] RAX: ffffffffffffffda RBX: 00007fd4065e5fa0 RCX: 00007fd40638f6c9 [ 866.522679][T19889] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000fff4 [ 866.522689][T19889] RBP: 00007fd406411f91 R08: 0000000000000000 R09: 0000000000000000 [ 866.522699][T19889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 866.522710][T19889] R13: 00007fd4065e6038 R14: 00007fd4065e5fa0 R15: 00007ffd8e04d498 [ 866.522732][T19889] [ 867.454750][T19905] mkiss: ax1: crc mode is auto. [ 867.938170][T19908] FAULT_INJECTION: forcing a failure. [ 867.938170][T19908] name fail_futex, interval 1, probability 0, space 0, times 0 [ 868.211120][T19908] CPU: 0 UID: 0 PID: 19908 Comm: syz.4.3302 Tainted: G U syzkaller #0 PREEMPT(full) [ 868.211159][T19908] Tainted: [U]=USER [ 868.211165][T19908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 868.211175][T19908] Call Trace: [ 868.211182][T19908] [ 868.211189][T19908] dump_stack_lvl+0x16c/0x1f0 [ 868.211214][T19908] should_fail_ex+0x512/0x640 [ 868.211244][T19908] get_futex_key+0x1d0/0x1560 [ 868.211271][T19908] ? __pfx_get_futex_key+0x10/0x10 [ 868.211296][T19908] ? find_held_lock+0x2b/0x80 [ 868.211316][T19908] futex_wake+0xea/0x530 [ 868.211345][T19908] ? __pfx_futex_wake+0x10/0x10 [ 868.211381][T19908] do_futex+0x1e3/0x350 [ 868.211405][T19908] ? __pfx_do_futex+0x10/0x10 [ 868.211428][T19908] ? find_held_lock+0x2b/0x80 [ 868.211449][T19908] __x64_sys_futex+0x1e0/0x4c0 [ 868.211474][T19908] ? __do_sys_close_range+0x278/0x730 [ 868.211494][T19908] ? __pfx___x64_sys_futex+0x10/0x10 [ 868.211518][T19908] ? __pfx___do_sys_close_range+0x10/0x10 [ 868.211543][T19908] do_syscall_64+0xcd/0xfa0 [ 868.211564][T19908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.211582][T19908] RIP: 0033:0x7f3d1138f6c9 [ 868.211596][T19908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 868.211613][T19908] RSP: 002b:00007f3d122be0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 868.211630][T19908] RAX: ffffffffffffffda RBX: 00007f3d115e5fa8 RCX: 00007f3d1138f6c9 [ 868.211641][T19908] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3d115e5fac [ 868.211652][T19908] RBP: 00007f3d115e5fa0 R08: 00007f3d122bf000 R09: 0000000000000000 [ 868.211662][T19908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 868.211673][T19908] R13: 00007f3d115e6038 R14: 00007ffebedf83f0 R15: 00007ffebedf84d8 [ 868.211694][T19908] [ 869.120852][T19931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3306'. [ 869.441317][T19760] mkiss: ax0: crc mode is auto. [ 869.722882][T19940] blktrace: Concurrent blktraces are not allowed on sg0 [ 869.792303][T19631] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 870.067254][T19631] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 870.174855][T19631] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 870.228815][T19631] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 870.900618][T19631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 871.304708][T19631] 8021q: adding VLAN 0 to HW filter on device team0 [ 871.432662][ T8614] bridge0: port 1(bridge_slave_0) entered blocking state [ 871.432767][ T8614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 871.434327][ T8614] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.434395][ T8614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 871.513443][T19978] zswap: compressor not available [ 871.921765][T19991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3314'. [ 872.611583][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 872.611657][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.912950][T20017] blktrace: Concurrent blktraces are not allowed on sg0 [ 873.358003][T19631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 873.654064][T19631] veth0_vlan: entered promiscuous mode [ 873.730206][T19631] veth1_vlan: entered promiscuous mode [ 873.843080][T19631] veth0_macvtap: entered promiscuous mode [ 873.855692][T20028] FAULT_INJECTION: forcing a failure. [ 873.855692][T20028] name failslab, interval 1, probability 0, space 0, times 0 [ 873.855736][T20028] CPU: 0 UID: 0 PID: 20028 Comm: syz.3.3318 Tainted: G U syzkaller #0 PREEMPT(full) [ 873.855761][T20028] Tainted: [U]=USER [ 873.855767][T20028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 873.855776][T20028] Call Trace: [ 873.855783][T20028] [ 873.855790][T20028] dump_stack_lvl+0x16c/0x1f0 [ 873.855815][T20028] should_fail_ex+0x512/0x640 [ 873.855842][T20028] ? fs_reclaim_acquire+0xae/0x150 [ 873.855867][T20028] should_failslab+0xc2/0x120 [ 873.855890][T20028] __kmalloc_noprof+0xdd/0x880 [ 873.855917][T20028] ? kfree+0x252/0x6d0 [ 873.855931][T20028] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 873.855955][T20028] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 873.855974][T20028] tomoyo_realpath_from_path+0xc2/0x6e0 [ 873.856000][T20028] tomoyo_check_open_permission+0x2ab/0x3c0 [ 873.856028][T20028] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 873.856077][T20028] ? do_raw_spin_lock+0x12c/0x2b0 [ 873.856110][T20028] tomoyo_file_open+0x6b/0x90 [ 873.856134][T20028] security_file_open+0x84/0x1e0 [ 873.856152][T20028] do_dentry_open+0x596/0x1530 [ 873.856188][T20028] vfs_open+0x82/0x3f0 [ 873.856215][T20028] path_openat+0x1de4/0x2cb0 [ 873.856241][T20028] ? __pfx_path_openat+0x10/0x10 [ 873.856262][T20028] ? __lock_acquire+0xb8a/0x1c90 [ 873.856288][T20028] do_filp_open+0x20b/0x470 [ 873.856307][T20028] ? __pfx_do_filp_open+0x10/0x10 [ 873.856349][T20028] ? alloc_fd+0x471/0x7d0 [ 873.856373][T20028] do_sys_openat2+0x11b/0x1d0 [ 873.856397][T20028] ? __pfx_do_sys_openat2+0x10/0x10 [ 873.856431][T20028] __x64_sys_openat+0x174/0x210 [ 873.856456][T20028] ? __pfx___x64_sys_openat+0x10/0x10 [ 873.856490][T20028] do_syscall_64+0xcd/0xfa0 [ 873.856512][T20028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.856529][T20028] RIP: 0033:0x7fd40638f6c9 [ 873.856544][T20028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 873.856561][T20028] RSP: 002b:00007fd407245038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 873.856578][T20028] RAX: ffffffffffffffda RBX: 00007fd4065e6090 RCX: 00007fd40638f6c9 [ 873.856589][T20028] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 873.856599][T20028] RBP: 00007fd406411f91 R08: 0000000000000000 R09: 0000000000000000 [ 873.856609][T20028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 873.856620][T20028] R13: 00007fd4065e6128 R14: 00007fd4065e6090 R15: 00007ffd8e04d498 [ 873.856642][T20028] [ 873.856649][T20028] ERROR: Out of memory at tomoyo_realpath_from_path. [ 873.877629][T19631] veth1_macvtap: entered promiscuous mode [ 873.958040][T19631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 873.993777][T19631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 874.005512][ T8620] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.005646][ T8620] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.005758][ T8620] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.005868][ T8620] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.868972][ T8614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 874.869014][ T8614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 875.010926][ T8620] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 875.010948][ T8620] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 875.202970][T20040] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 880.781129][T20107] FAULT_INJECTION: forcing a failure. [ 880.781129][T20107] name failslab, interval 1, probability 0, space 0, times 0 [ 880.845881][T20107] CPU: 0 UID: 0 PID: 20107 Comm: syz.0.3332 Tainted: G U syzkaller #0 PREEMPT(full) [ 880.845913][T20107] Tainted: [U]=USER [ 880.845919][T20107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 880.845929][T20107] Call Trace: [ 880.845936][T20107] [ 880.845944][T20107] dump_stack_lvl+0x16c/0x1f0 [ 880.845970][T20107] should_fail_ex+0x512/0x640 [ 880.845997][T20107] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 880.846018][T20107] should_failslab+0xc2/0x120 [ 880.846043][T20107] kmem_cache_alloc_noprof+0x75/0x6e0 [ 880.846060][T20107] ? security_file_alloc+0x34/0x2b0 [ 880.846082][T20107] ? security_file_alloc+0x34/0x2b0 [ 880.846100][T20107] security_file_alloc+0x34/0x2b0 [ 880.846118][T20107] init_file+0x93/0x4c0 [ 880.846142][T20107] alloc_empty_file+0x73/0x1e0 [ 880.846174][T20107] alloc_file_pseudo+0x13a/0x230 [ 880.846200][T20107] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 880.846224][T20107] ? alloc_fd+0x471/0x7d0 [ 880.846244][T20107] sock_alloc_file+0x50/0x210 [ 880.846264][T20107] __sys_socket+0x1c0/0x260 [ 880.846288][T20107] ? __pfx___sys_socket+0x10/0x10 [ 880.846311][T20107] ? xfd_validate_state+0x61/0x180 [ 880.846336][T20107] ? fdget+0x187/0x210 [ 880.846356][T20107] __x64_sys_socket+0x72/0xb0 [ 880.846378][T20107] ? lockdep_hardirqs_on+0x7c/0x110 [ 880.846397][T20107] do_syscall_64+0xcd/0xfa0 [ 880.846418][T20107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 880.846435][T20107] RIP: 0033:0x7f76edf8f6c9 [ 880.846449][T20107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 880.846466][T20107] RSP: 002b:00007f76eeee9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 880.846483][T20107] RAX: ffffffffffffffda RBX: 00007f76ee1e5fa0 RCX: 00007f76edf8f6c9 [ 880.846494][T20107] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 880.846505][T20107] RBP: 00007f76ee011f91 R08: 0000000000000000 R09: 0000000000000000 [ 880.846515][T20107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 880.846525][T20107] R13: 00007f76ee1e6038 R14: 00007f76ee1e5fa0 R15: 00007ffc45bcc178 [ 880.846546][T20107] [ 881.518973][T19963] mkiss: ax0: crc mode is auto. [ 882.446669][T20131] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 882.463620][T20131] CPU: 0 UID: 0 PID: 20131 Comm: syz.0.3338 Tainted: G U syzkaller #0 PREEMPT(full) [ 882.463651][T20131] Tainted: [U]=USER [ 882.463657][T20131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 882.463668][T20131] Call Trace: [ 882.463675][T20131] [ 882.463682][T20131] dump_stack_lvl+0x16c/0x1f0 [ 882.463711][T20131] sysfs_warn_dup+0x7f/0xa0 [ 882.463735][T20131] sysfs_create_dir_ns+0x24b/0x2b0 [ 882.463757][T20131] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 882.463777][T20131] ? find_held_lock+0x2b/0x80 [ 882.463799][T20131] ? nfs_netns_namespace+0xd/0x40 [ 882.463824][T20131] kobject_add_internal+0x2c4/0x9b0 [ 882.463850][T20131] kobject_init_and_add+0x11b/0x190 [ 882.463875][T20131] ? __pfx_kobject_init_and_add+0x10/0x10 [ 882.463909][T20131] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 882.463941][T20131] nfs_net_init+0x10a/0x340 [ 882.463964][T20131] ? __pfx_nfs_net_init+0x10/0x10 [ 882.463985][T20131] ops_init+0x1e2/0x5f0 [ 882.464007][T20131] setup_net+0x100/0x390 [ 882.464026][T20131] ? __pfx_setup_net+0x10/0x10 [ 882.464045][T20131] ? debug_mutex_init+0x37/0x70 [ 882.464066][T20131] copy_net_ns+0x2f8/0x690 [ 882.464089][T20131] create_new_namespaces+0x3ea/0xa90 [ 882.464123][T20131] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 882.464145][T20131] ksys_unshare+0x45b/0xa40 [ 882.464170][T20131] ? __pfx_ksys_unshare+0x10/0x10 [ 882.464194][T20131] ? xfd_validate_state+0x61/0x180 [ 882.464227][T20131] __x64_sys_unshare+0x31/0x40 [ 882.464249][T20131] do_syscall_64+0xcd/0xfa0 [ 882.464271][T20131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 882.464289][T20131] RIP: 0033:0x7f76edf8f6c9 [ 882.464305][T20131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 882.464321][T20131] RSP: 002b:00007f76eeee9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 882.464338][T20131] RAX: ffffffffffffffda RBX: 00007f76ee1e5fa0 RCX: 00007f76edf8f6c9 [ 882.464350][T20131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 882.464360][T20131] RBP: 00007f76ee011f91 R08: 0000000000000000 R09: 0000000000000000 [ 882.464370][T20131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 882.464380][T20131] R13: 00007f76ee1e6038 R14: 00007f76ee1e5fa0 R15: 00007ffc45bcc178 [ 882.464403][T20131] [ 883.093733][T20131] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 883.112184][T20137] hub 8-0:1.0: USB hub found [ 883.121925][T20137] hub 8-0:1.0: 1 port detected [ 883.146479][T20139] random: crng reseeded on system resumption [ 883.187141][T17404] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 883.194797][T20137] FAULT_INJECTION: forcing a failure. [ 883.194797][T20137] name failslab, interval 1, probability 0, space 0, times 0 [ 883.284170][T20137] CPU: 0 UID: 0 PID: 20137 Comm: syz.2.3339 Tainted: G U syzkaller #0 PREEMPT(full) [ 883.284202][T20137] Tainted: [U]=USER [ 883.284208][T20137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 883.284219][T20137] Call Trace: [ 883.284225][T20137] [ 883.284233][T20137] dump_stack_lvl+0x16c/0x1f0 [ 883.284258][T20137] should_fail_ex+0x512/0x640 [ 883.284285][T20137] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 883.284307][T20137] should_failslab+0xc2/0x120 [ 883.284330][T20137] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 883.284350][T20137] ? __d_alloc+0x32/0xae0 [ 883.284373][T20137] ? __d_alloc+0x32/0xae0 [ 883.284391][T20137] __d_alloc+0x32/0xae0 [ 883.284409][T20137] ? look_up_lock_class+0x59/0x150 [ 883.284431][T20137] d_alloc_pseudo+0x1c/0xc0 [ 883.284456][T20137] alloc_file_pseudo+0xcf/0x230 [ 883.284482][T20137] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 883.284505][T20137] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 883.284528][T20137] create_pipe_files+0x364/0x9a0 [ 883.284552][T20137] do_pipe2+0xaf/0x1c0 [ 883.284571][T20137] ? __pfx_do_pipe2+0x10/0x10 [ 883.284591][T20137] ? xfd_validate_state+0x61/0x180 [ 883.284616][T20137] ? __pfx_ksys_write+0x10/0x10 [ 883.284639][T20137] __x64_sys_pipe+0x33/0x50 [ 883.284659][T20137] do_syscall_64+0xcd/0xfa0 [ 883.284680][T20137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 883.284698][T20137] RIP: 0033:0x7fb98858f6c9 [ 883.284713][T20137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 883.284729][T20137] RSP: 002b:00007fb9894ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 883.284746][T20137] RAX: ffffffffffffffda RBX: 00007fb9887e5fa0 RCX: 00007fb98858f6c9 [ 883.284758][T20137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 883.284768][T20137] RBP: 00007fb988611f91 R08: 0000000000000000 R09: 0000000000000000 [ 883.284778][T20137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.284788][T20137] R13: 00007fb9887e6038 R14: 00007fb9887e5fa0 R15: 00007ffc864b02a8 [ 883.284809][T20137] [ 884.271441][T20157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3342'. [ 884.345967][T20161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3343'. [ 886.604696][T20198] mkiss: ax1: crc mode is auto. [ 886.703440][T17404] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 888.324640][T17404] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 889.492516][T17404] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 890.856667][T20252] zswap: compressor not available [ 891.658141][T20283] netlink: 268 bytes leftover after parsing attributes in process `syz.3.3369'. [ 891.800218][T17404] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 892.080235][T20292] netlink: 'syz.3.3373': attribute type 1 has an invalid length. [ 892.402150][T20306] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 892.414017][T20305] mkiss: ax1: crc mode is auto. [ 892.734048][T20308] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 893.995637][T20331] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3379'. [ 894.153108][T20333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3380'. [ 894.198493][T20134] mkiss: ax0: crc mode is auto. [ 894.773689][T20341] blktrace: Concurrent blktraces are not allowed on sg0 [ 894.965533][T20348] nfs: Unknown parameter 'w`_I+; HY Lu>>uh*C<+ ' [ 895.273278][T17404] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 897.753227][T20393] mkiss: ax1: crc mode is auto. [ 897.823108][T20395] GUP no longer grows the stack in syz.0.3394 (20395): 14000-41000 (4000) [ 897.856394][T20395] CPU: 0 UID: 0 PID: 20395 Comm: syz.0.3394 Tainted: G U syzkaller #0 PREEMPT(full) [ 897.856424][T20395] Tainted: [U]=USER [ 897.856430][T20395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 897.856440][T20395] Call Trace: [ 897.856447][T20395] [ 897.856454][T20395] dump_stack_lvl+0x16c/0x1f0 [ 897.856479][T20395] gup_vma_lookup+0x1d2/0x220 [ 897.856503][T20395] __get_user_pages+0x241/0x3530 [ 897.856534][T20395] ? down_read_killable+0x220/0x4b0 [ 897.856558][T20395] ? __lock_acquire+0x622/0x1c90 [ 897.856583][T20395] ? __pfx___get_user_pages+0x10/0x10 [ 897.856608][T20395] ? __lock_acquire+0x622/0x1c90 [ 897.856633][T20395] __gup_longterm_locked+0xa92/0x17e0 [ 897.856663][T20395] ? __pfx___gup_longterm_locked+0x10/0x10 [ 897.856690][T20395] ? try_get_folio+0x255/0x730 [ 897.856710][T20395] ? find_held_lock+0x2b/0x80 [ 897.856734][T20395] gup_fast_fallback+0xee2/0x22a0 [ 897.856773][T20395] ? __pfx_gup_fast_fallback+0x10/0x10 [ 897.856797][T20395] ? rcu_is_watching+0x12/0xc0 [ 897.856818][T20395] ? __lock_acquire+0xb8a/0x1c90 [ 897.856845][T20395] get_user_pages_fast+0xa7/0xf0 [ 897.856868][T20395] ? __pfx_get_user_pages_fast+0x10/0x10 [ 897.856892][T20395] ? __mutex_trylock_common+0xe9/0x250 [ 897.856916][T20395] ? __pfx___mutex_trylock_common+0x10/0x10 [ 897.856942][T20395] __iov_iter_get_pages_alloc+0x818/0x20a0 [ 897.856973][T20395] ? trace_contention_end+0xdd/0x130 [ 897.856997][T20395] ? __mutex_lock+0x1c5/0x1060 [ 897.857016][T20395] ? trace_sched_set_need_resched_tp+0xf3/0x150 [ 897.857042][T20395] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 897.857070][T20395] ? copy_iovec_from_user+0x131/0x170 [ 897.857097][T20395] ? __pfx___mutex_lock+0x10/0x10 [ 897.857117][T20395] ? iovec_from_user+0xbb/0x140 [ 897.857137][T20395] iov_iter_get_pages2+0xa3/0x100 [ 897.857164][T20395] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 897.857191][T20395] ? wait_for_space+0x231/0x2e0 [ 897.857212][T20395] __do_sys_vmsplice+0xa47/0x11a0 [ 897.857236][T20395] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 897.857254][T20395] ? futex_private_hash_put+0x18a/0x300 [ 897.857277][T20395] ? futex_hash_put+0x3e/0x50 [ 897.857307][T20395] ? task_mm_cid_work+0x37b/0x900 [ 897.857352][T20395] ? do_syscall_64+0xcd/0xfa0 [ 897.857370][T20395] do_syscall_64+0xcd/0xfa0 [ 897.857395][T20395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.857413][T20395] RIP: 0033:0x7f76edf8f6c9 [ 897.857428][T20395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 897.857445][T20395] RSP: 002b:00007f76eeee9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 897.857462][T20395] RAX: ffffffffffffffda RBX: 00007f76ee1e5fa0 RCX: 00007f76edf8f6c9 [ 897.857474][T20395] RDX: 0000000000000003 RSI: 0000200000000040 RDI: 0000000000000004 [ 897.857484][T20395] RBP: 00007f76ee011f91 R08: 0000000000000000 R09: 0000000000000000 [ 897.857494][T20395] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 897.857504][T20395] R13: 00007f76ee1e6038 R14: 00007f76ee1e5fa0 R15: 00007ffc45bcc178 [ 897.857528][T20395] [ 899.671380][T20425] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3403'. [ 899.704890][T20425] netlink: 29 bytes leftover after parsing attributes in process `syz.3.3403'. [ 900.219224][ T30] audit: type=1800 audit(4294976210.901:21): pid=20440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3402" name="lu_gp_id" dev="configfs" ino=85376 res=0 errno=0 [ 900.967303][T20453] Console: switching to colour VGA+ 80x25 [ 901.422779][T20451] Console: switching to colour frame buffer device 128x48 [ 902.036258][T20470] blktrace: Concurrent blktraces are not allowed on sg0 [ 902.671715][T20480] random: crng reseeded on system resumption [ 902.862323][T20481] netlink: 'syz.0.3413': attribute type 1 has an invalid length. [ 903.582260][T20492] [U]  [ 903.585084][T20492] [U] [ 903.587775][T20492] [U] [ 903.590459][T20492] [U] [ 903.623750][T20492] [U] [ 903.626511][T20492] [U] [ 903.629215][T20492] [U] [ 903.632073][T20492] [U] [ 903.671492][T20492] [U] [ 903.674241][T20492] [U] [ 903.677031][T20492] [U] [ 903.679722][T20492] [U] [ 903.715180][T20492] [U] [ 903.717905][T20492] [U] [ 903.720595][T20492] [U] [ 903.723281][T20492] [U] [ 903.743397][T20492] [U] [ 903.746148][T20492] [U] [ 903.748849][T20492] [U] [ 903.751543][T20492] [U] [ 903.777484][T20497] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 2982842557 out of range (51000000..2150000000) [ 903.822309][T20492] [U] [ 903.825136][T20492] [U] [ 903.827850][T20492] [U] [ 903.830646][T20492] [U] [ 903.894996][T20492] [U] [ 903.897811][T20492] [U] [ 903.900543][T20492] [U] [ 903.903232][T20492] [U] [ 903.996026][T20492] [U] [ 903.998844][T20492] [U] [ 904.001533][T20492] [U] [ 904.004223][T20492] [U] [ 904.052657][T20492] [U] [ 904.055393][T20492] [U] [ 904.058091][T20492] [U] [ 904.060783][T20492] [U] [ 904.099880][T20492] [U] [ 904.102700][T20492] [U] [ 904.105389][T20492] [U] [ 904.108079][T20492] [U] [ 904.148449][T20492] [U] [ 904.151178][T20492] [U] [ 904.153882][T20492] [U] [ 904.156570][T20492] [U] [ 904.199824][T20492] [U] [ 904.202552][T20492] [U] [ 904.205239][T20492] [U] [ 904.208013][T20492] [U] [ 904.227026][T20492] [U] [ 904.229883][T20492] [U] [ 904.232731][T20492] [U] [ 904.235439][T20492] [U] [ 904.291659][T20492] [U] [ 904.294425][T20492] [U] [ 904.297206][T20492] [U] [ 904.299906][T20492] [U] [ 904.310303][T20492] [U] [ 904.313150][T20492] [U] [ 904.315847][T20492] [U] [ 904.318535][T20492] [U] [ 904.352664][T20492] [U] [ 904.758691][T20524] blktrace: Concurrent blktraces are not allowed on sg0 [ 905.333762][T20529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3427'. [ 905.800766][T20354] mkiss: ax0: crc mode is auto. [ 906.473880][T17404] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 907.590474][T20548] random: crng reseeded on system resumption [ 907.685217][T20549] zswap: compressor not available [ 908.641428][T20581] mkiss: ax1: crc mode is auto. [ 911.067647][T20627] Console: switching to colour VGA+ 80x25 [ 911.104526][T20627] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 911.163197][T20627] CPU: 0 UID: 0 PID: 20627 Comm: syz.2.3445 Tainted: G U syzkaller #0 PREEMPT(full) [ 911.163228][T20627] Tainted: [U]=USER [ 911.163234][T20627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 911.163244][T20627] Call Trace: [ 911.163252][T20627] [ 911.163259][T20627] dump_stack_lvl+0x16c/0x1f0 [ 911.163286][T20627] sysfs_warn_dup+0x7f/0xa0 [ 911.163309][T20627] sysfs_create_dir_ns+0x24b/0x2b0 [ 911.163331][T20627] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 911.163352][T20627] ? find_held_lock+0x2b/0x80 [ 911.163375][T20627] ? nfs_netns_namespace+0xd/0x40 [ 911.163400][T20627] kobject_add_internal+0x2c4/0x9b0 [ 911.163427][T20627] kobject_init_and_add+0x11b/0x190 [ 911.163452][T20627] ? __pfx_kobject_init_and_add+0x10/0x10 [ 911.163486][T20627] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 911.163511][T20627] nfs_net_init+0x10a/0x340 [ 911.163535][T20627] ? __pfx_nfs_net_init+0x10/0x10 [ 911.163556][T20627] ops_init+0x1e2/0x5f0 [ 911.163576][T20627] setup_net+0x100/0x390 [ 911.163595][T20627] ? __pfx_setup_net+0x10/0x10 [ 911.163613][T20627] ? debug_mutex_init+0x37/0x70 [ 911.163633][T20627] copy_net_ns+0x2f8/0x690 [ 911.163655][T20627] create_new_namespaces+0x3ea/0xa90 [ 911.163680][T20627] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 911.163702][T20627] ksys_unshare+0x45b/0xa40 [ 911.163725][T20627] ? __pfx_ksys_unshare+0x10/0x10 [ 911.163749][T20627] ? xfd_validate_state+0x61/0x180 [ 911.163780][T20627] __x64_sys_unshare+0x31/0x40 [ 911.163802][T20627] do_syscall_64+0xcd/0xfa0 [ 911.163823][T20627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 911.163841][T20627] RIP: 0033:0x7fb98858f6c9 [ 911.163856][T20627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 911.163873][T20627] RSP: 002b:00007fb9894ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 911.163890][T20627] RAX: ffffffffffffffda RBX: 00007fb9887e5fa0 RCX: 00007fb98858f6c9 [ 911.163901][T20627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 911.163911][T20627] RBP: 00007fb988611f91 R08: 0000000000000000 R09: 0000000000000000 [ 911.163921][T20627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 911.163931][T20627] R13: 00007fb9887e6038 R14: 00007fb9887e5fa0 R15: 00007ffc864b02a8 [ 911.163953][T20627] [ 911.163974][T20627] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 912.114552][T20631] Console: switching to colour frame buffer device 128x48 [ 912.811146][T17404] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 912.812595][T20646] mkiss: ax1: crc mode is auto. [ 913.078001][T20638] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 913.217198][T20651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3449'. [ 915.020345][T20676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3456'. [ 917.810675][T20554] mkiss: ax0: crc mode is auto. [ 919.881275][T20753] mkiss: ax1: crc mode is auto. [ 921.210953][T17404] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 922.183649][T20790] mkiss: ax1: crc mode is auto. [ 923.227713][T20803] FAULT_INJECTION: forcing a failure. [ 923.227713][T20803] name failslab, interval 1, probability 0, space 0, times 0 [ 923.490280][T20803] CPU: 0 UID: 0 PID: 20803 Comm: syz.4.3480 Tainted: G U syzkaller #0 PREEMPT(full) [ 923.490311][T20803] Tainted: [U]=USER [ 923.490318][T20803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 923.490328][T20803] Call Trace: [ 923.490335][T20803] [ 923.490342][T20803] dump_stack_lvl+0x16c/0x1f0 [ 923.490367][T20803] should_fail_ex+0x512/0x640 [ 923.490395][T20803] ? fs_reclaim_acquire+0xae/0x150 [ 923.490420][T20803] should_failslab+0xc2/0x120 [ 923.490444][T20803] __kmalloc_noprof+0xdd/0x880 [ 923.490472][T20803] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 923.490497][T20803] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 923.490516][T20803] tomoyo_realpath_from_path+0xc2/0x6e0 [ 923.490539][T20803] ? tomoyo_profile+0x47/0x60 [ 923.490564][T20803] tomoyo_path_number_perm+0x245/0x580 [ 923.490591][T20803] ? tomoyo_path_number_perm+0x237/0x580 [ 923.490622][T20803] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 923.490651][T20803] ? find_held_lock+0x2b/0x80 [ 923.490688][T20803] ? find_held_lock+0x2b/0x80 [ 923.490705][T20803] ? hook_file_ioctl_common+0x145/0x410 [ 923.490728][T20803] ? __fget_files+0x20e/0x3c0 [ 923.490750][T20803] security_file_ioctl+0x9b/0x240 [ 923.490776][T20803] __x64_sys_ioctl+0xb7/0x210 [ 923.490804][T20803] do_syscall_64+0xcd/0xfa0 [ 923.490826][T20803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.490844][T20803] RIP: 0033:0x7f3d1138f6c9 [ 923.490859][T20803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 923.490876][T20803] RSP: 002b:00007f3d122be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 923.490893][T20803] RAX: ffffffffffffffda RBX: 00007f3d115e5fa0 RCX: 00007f3d1138f6c9 [ 923.490905][T20803] RDX: 0000000000000005 RSI: 0000000000005452 RDI: 0000000000000003 [ 923.490915][T20803] RBP: 00007f3d122be090 R08: 0000000000000000 R09: 0000000000000000 [ 923.490926][T20803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 923.490937][T20803] R13: 00007f3d115e6038 R14: 00007f3d115e5fa0 R15: 00007ffebedf84d8 [ 923.490960][T20803] [ 923.490967][T20803] ERROR: Out of memory at tomoyo_realpath_from_path. [ 927.017629][T20860] Console: switching to colour VGA+ 80x25 [ 927.267812][T20861] Console: switching to colour frame buffer device 128x48 [ 927.549920][T20865] netlink: 268 bytes leftover after parsing attributes in process `syz.0.3494'. [ 927.886374][T20871] FAULT_INJECTION: forcing a failure. [ 927.886374][T20871] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 927.920134][T20871] CPU: 0 UID: 0 PID: 20871 Comm: syz.2.3496 Tainted: G U syzkaller #0 PREEMPT(full) [ 927.920166][T20871] Tainted: [U]=USER [ 927.920172][T20871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 927.920183][T20871] Call Trace: [ 927.920190][T20871] [ 927.920197][T20871] dump_stack_lvl+0x16c/0x1f0 [ 927.920222][T20871] should_fail_ex+0x512/0x640 [ 927.920253][T20871] should_fail_alloc_page+0xe7/0x130 [ 927.920278][T20871] prepare_alloc_pages+0x3c2/0x610 [ 927.920302][T20871] ? arch_stack_walk+0xa6/0x100 [ 927.920322][T20871] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 927.920345][T20871] ? stack_trace_save+0x8e/0xc0 [ 927.920366][T20871] ? __pfx_stack_trace_save+0x10/0x10 [ 927.920386][T20871] ? stack_depot_save_flags+0x29/0x9c0 [ 927.920414][T20871] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 927.920433][T20871] ? kasan_save_stack+0x42/0x60 [ 927.920452][T20871] ? kasan_save_stack+0x33/0x60 [ 927.920470][T20871] ? kasan_save_track+0x14/0x30 [ 927.920488][T20871] ? __kasan_slab_alloc+0x89/0x90 [ 927.920508][T20871] ? kmem_cache_alloc_noprof+0x250/0x6e0 [ 927.920525][T20871] ? security_inode_alloc+0x3b/0x2b0 [ 927.920554][T20871] ? inode_init_always_gfp+0xce4/0x1030 [ 927.920573][T20871] ? do_syscall_64+0xcd/0xfa0 [ 927.920591][T20871] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.920614][T20871] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 927.920643][T20871] ? policy_nodemask+0xea/0x4e0 [ 927.920668][T20871] alloc_pages_mpol+0x1fb/0x550 [ 927.920692][T20871] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 927.920729][T20871] ___kmalloc_large_node+0xed/0x160 [ 927.920752][T20871] ? __lock_acquire+0x622/0x1c90 [ 927.920777][T20871] __kmalloc_large_node_noprof+0x1c/0x70 [ 927.920804][T20871] __kmalloc_noprof.cold+0xc/0x62 [ 927.920830][T20871] ? sk_prot_alloc+0x1a8/0x2a0 [ 927.920855][T20871] ? sk_prot_alloc+0x1a8/0x2a0 [ 927.920874][T20871] sk_prot_alloc+0x1a8/0x2a0 [ 927.920896][T20871] sk_alloc+0x36/0xc20 [ 927.920923][T20871] can_create+0x1e5/0x630 [ 927.920947][T20871] __sock_create+0x338/0x8d0 [ 927.920972][T20871] __sys_socket+0x14d/0x260 [ 927.920996][T20871] ? __pfx___sys_socket+0x10/0x10 [ 927.921019][T20871] ? xfd_validate_state+0x61/0x180 [ 927.921042][T20871] ? __pfx_ksys_write+0x10/0x10 [ 927.921065][T20871] __x64_sys_socket+0x72/0xb0 [ 927.921087][T20871] ? lockdep_hardirqs_on+0x7c/0x110 [ 927.921105][T20871] do_syscall_64+0xcd/0xfa0 [ 927.921126][T20871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.921144][T20871] RIP: 0033:0x7fb98858f6c9 [ 927.921159][T20871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 927.921176][T20871] RSP: 002b:00007fb98948d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 927.921193][T20871] RAX: ffffffffffffffda RBX: 00007fb9887e6090 RCX: 00007fb98858f6c9 [ 927.921205][T20871] RDX: 0000000000000006 RSI: 0000000000000002 RDI: 000000000000001d [ 927.921215][T20871] RBP: 00007fb988611f91 R08: 0000000000000000 R09: 0000000000000000 [ 927.921225][T20871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 927.921235][T20871] R13: 00007fb9887e6128 R14: 00007fb9887e6090 R15: 00007ffc864b02a8 [ 927.921258][T20871] [ 928.238915][ C0] vkms_vblank_simulate: vblank timer overrun [ 928.749332][T20865] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 928.760427][T20865] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 928.787469][T20865] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 930.170786][T20746] mkiss: ax0: crc mode is auto. [ 930.348882][T20892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3499'. [ 933.713934][T17404] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 933.754126][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.768624][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.989924][T20939] mkiss: ax1: crc mode is auto. [ 934.609923][T20948] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3513'. [ 934.677615][ T30] audit: type=1800 audit(4294967307.418:22): pid=20952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3514" name="lu_gp_id" dev="configfs" ino=87764 res=0 errno=0 [ 935.048994][T20959] netlink: 268 bytes leftover after parsing attributes in process `syz.0.3516'. [ 935.646524][T20975] netlink: 268 bytes leftover after parsing attributes in process `syz.2.3522'. [ 936.504449][T20978] zswap: compressor not available [ 936.957881][T17404] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 937.515959][T21008] sysfs: cannot create duplicate filename '/fs/nfs/net' [ 937.938610][T21008] CPU: 0 UID: 0 PID: 21008 Comm: syz.4.3528 Tainted: G U syzkaller #0 PREEMPT(full) [ 937.938640][T21008] Tainted: [U]=USER [ 937.938656][T21008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 937.938667][T21008] Call Trace: [ 937.938673][T21008] [ 937.938680][T21008] dump_stack_lvl+0x16c/0x1f0 [ 937.938705][T21008] sysfs_warn_dup+0x7f/0xa0 [ 937.938728][T21008] sysfs_create_dir_ns+0x24b/0x2b0 [ 937.938750][T21008] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 937.938772][T21008] ? find_held_lock+0x2b/0x80 [ 937.938795][T21008] ? nfs_netns_namespace+0xd/0x40 [ 937.938819][T21008] kobject_add_internal+0x2c4/0x9b0 [ 937.938845][T21008] kobject_init_and_add+0x11b/0x190 [ 937.938874][T21008] ? __pfx_kobject_init_and_add+0x10/0x10 [ 937.938909][T21008] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 937.938934][T21008] nfs_net_init+0x10a/0x340 [ 937.938958][T21008] ? __pfx_nfs_net_init+0x10/0x10 [ 937.938979][T21008] ops_init+0x1e2/0x5f0 [ 937.938999][T21008] setup_net+0x100/0x390 [ 937.939017][T21008] ? __pfx_setup_net+0x10/0x10 [ 937.939036][T21008] ? debug_mutex_init+0x37/0x70 [ 937.939056][T21008] copy_net_ns+0x2f8/0x690 [ 937.939082][T21008] create_new_namespaces+0x3ea/0xa90 [ 937.939107][T21008] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 937.939129][T21008] ksys_unshare+0x45b/0xa40 [ 937.939152][T21008] ? __pfx_ksys_unshare+0x10/0x10 [ 937.939176][T21008] ? xfd_validate_state+0x61/0x180 [ 937.939207][T21008] __x64_sys_unshare+0x31/0x40 [ 937.939230][T21008] do_syscall_64+0xcd/0xfa0 [ 937.939251][T21008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.939268][T21008] RIP: 0033:0x7f3d1138f6c9 [ 937.939283][T21008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.939300][T21008] RSP: 002b:00007f3d122be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 937.939318][T21008] RAX: ffffffffffffffda RBX: 00007f3d115e5fa0 RCX: 00007f3d1138f6c9 [ 937.939329][T21008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 937.939339][T21008] RBP: 00007f3d11411f91 R08: 0000000000000000 R09: 0000000000000000 [ 937.939350][T21008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.939360][T21008] R13: 00007f3d115e6038 R14: 00007f3d115e5fa0 R15: 00007ffebedf84d8 [ 937.939383][T21008] [ 938.363697][T21008] kobject: kobject_add_internal failed for net with -EEXIST, don't try to register things with the same name in the same directory. [ 939.919832][T21041] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 939.927755][T21041] #PF: supervisor instruction fetch in kernel mode [ 939.934256][T21041] #PF: error_code(0x0010) - not-present page [ 939.940225][T21041] PGD 8000000033574067 P4D 8000000033574067 PUD 0 [ 939.946787][T21041] Oops: Oops: 0010 [#1] SMP KASAN PTI [ 939.952169][T21041] CPU: 0 UID: 0 PID: 21041 Comm: syz.2.3535 Tainted: G U syzkaller #0 PREEMPT(full) [ 939.963096][T21041] Tainted: [U]=USER [ 939.966890][T21041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 939.976935][T21041] RIP: 0010:0x0 [ 939.980392][T21041] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 939.987753][T21041] RSP: 0018:ffffc9000afd79a0 EFLAGS: 00010283 [ 939.993815][T21041] RAX: 0000000000000973 RBX: 0000000000000000 RCX: ffffc90015291000 [ 940.001792][T21041] RDX: 0000000000080000 RSI: ffffea000267d500 RDI: ffff888032627a40 [ 940.009779][T21041] RBP: ffffea000267d500 R08: 0000000000000007 R09: 0000000000000000 [ 940.017756][T21041] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920015faf35 [ 940.025722][T21041] R13: ffff888032627a40 R14: 0000000000000000 R15: dffffc0000000000 [ 940.033697][T21041] FS: 00007fb98948d6c0(0000) GS:ffff888124a10000(0000) knlGS:0000000000000000 [ 940.042719][T21041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 940.049310][T21041] CR2: ffffffffffffffd6 CR3: 0000000027992000 CR4: 00000000003526f0 [ 940.057281][T21041] Call Trace: [ 940.060611][T21041] [ 940.063575][T21041] filemap_read_folio+0xc8/0x2a0 [ 940.068533][T21041] ? __pfx_filemap_read_folio+0x10/0x10 [ 940.074080][T21041] ? __filemap_get_folio+0x32b/0xc30 [ 940.079439][T21041] ? down_read+0x13d/0x480 [ 940.083967][T21041] do_read_cache_folio+0x263/0x5c0 [ 940.089099][T21041] freader_get_folio+0x337/0x930 [ 940.094041][T21041] freader_fetch+0xc2/0x5e0 [ 940.098545][T21041] ? query_matching_vma+0x345/0x7d0 [ 940.103838][T21041] __build_id_parse.isra.0+0xec/0x7a0 [ 940.109205][T21041] ? query_matching_vma+0x48e/0x7d0 [ 940.114760][T21041] ? __pfx___build_id_parse.isra.0+0x10/0x10 [ 940.120845][T21041] do_procmap_query+0xb0e/0x1080 [ 940.125789][T21041] ? __pfx_do_procmap_query+0x10/0x10 [ 940.131346][T21041] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 940.137274][T21041] ? do_vfs_ioctl+0x128/0x14f0 [ 940.142078][T21041] ? __fget_files+0x20e/0x3c0 [ 940.146837][T21041] procfs_procmap_ioctl+0x9d/0xe0 [ 940.152233][T21041] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 940.157975][T21041] __x64_sys_ioctl+0x18e/0x210 [ 940.162773][T21041] do_syscall_64+0xcd/0xfa0 [ 940.167380][T21041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.173273][T21041] RIP: 0033:0x7fb98858f6c9 [ 940.177690][T21041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 940.197388][T21041] RSP: 002b:00007fb98948d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 940.205892][T21041] RAX: ffffffffffffffda RBX: 00007fb9887e6090 RCX: 00007fb98858f6c9 [ 940.213958][T21041] RDX: 0000200000000080 RSI: 00000000c0686611 RDI: 0000000000000002 [ 940.221997][T21041] RBP: 00007fb988611f91 R08: 0000000000000000 R09: 0000000000000000 [ 940.230009][T21041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.238001][T21041] R13: 00007fb9887e6128 R14: 00007fb9887e6090 R15: 00007ffc864b02a8 [ 940.246013][T21041] [ 940.249027][T21041] Modules linked in: [ 940.252998][T21041] CR2: 0000000000000000 [ 940.257254][T21041] ---[ end trace 0000000000000000 ]--- [ 940.262786][T21041] RIP: 0010:0x0 [ 940.266246][T21041] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 940.273600][T21041] RSP: 0018:ffffc9000afd79a0 EFLAGS: 00010283 [ 940.279660][T21041] RAX: 0000000000000973 RBX: 0000000000000000 RCX: ffffc90015291000 [ 940.287652][T21041] RDX: 0000000000080000 RSI: ffffea000267d500 RDI: ffff888032627a40 [ 940.295725][T21041] RBP: ffffea000267d500 R08: 0000000000000007 R09: 0000000000000000 [ 940.303695][T21041] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff920015faf35 [ 940.311748][T21041] R13: ffff888032627a40 R14: 0000000000000000 R15: dffffc0000000000 [ 940.319800][T21041] FS: 00007fb98948d6c0(0000) GS:ffff888124a10000(0000) knlGS:0000000000000000 [ 940.328812][T21041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 940.335394][T21041] CR2: ffffffffffffffd6 CR3: 0000000027992000 CR4: 00000000003526f0 [ 940.343365][T21041] Kernel panic - not syncing: Fatal exception [ 940.349564][T21041] Kernel Offset: disabled [ 940.353880][T21041] Rebooting in 86400 seconds..