last executing test programs: 32.852921355s ago: executing program 2 (id=191): close_range$auto(0x0, 0xffffffffffffffff, 0x2) r0 = fanotify_init$auto(0x1f53, 0x2000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xfffe, 0x3, 0x3) r1 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r1, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0x9b72, 0x2, 0x8000) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), r0) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r2, 0x200, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x85, 0x0, 0x0, @str=')\x00'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x810}, 0x4000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_total_time_ms\x00', 0x0, 0x0) 31.702152012s ago: executing program 2 (id=193): mmap$auto(0x0, 0x20009, 0xdf, 0xeb4, 0xffffffffffffffff, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x90080, 0x0) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_IMADDTIMER(r1, 0x80044940, &(0x7f0000000140)) bpf$auto(0x8, &(0x7f00000001c0)=@bpf_attr_0={0x7, 0xb5, 0x10, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0x42a8a0, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r2, 0x802c550a, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2b, 0x1, 0x1) ioctl$auto_SNAPSHOT_UNFREEZE(r4, 0x3302, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x10, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x200, 0x3, 0x4, 0x4080000016, 0x3, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) read$auto(r0, 0x0, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/mode\x00', 0x121102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x12) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r5, 0x541c, r6) 30.706354856s ago: executing program 2 (id=196): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f000000a500), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000000), r0) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f000000a580)={&(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYRES16=r1, @ANYBLOB="01002abd7000fddbdf251b00000008009a0002000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008080) 30.416394983s ago: executing program 2 (id=198): mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0xec00, 0x0) mmap$auto(0xb, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) (fail_nth: 7) 29.556851964s ago: executing program 2 (id=200): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, 0x0, 0x1ff) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) set_mempolicy$auto(0x1, 0x0, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x4) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) ioperm$auto(0xd44, 0x6, 0x8) tkill$auto(0x80000000000001, 0x7) close_range$auto(0x2, 0x8, 0x0) r2 = ioctl$auto_TUNSETDEBUG(r1, 0x400454c9, &(0x7f0000000000)) ioctl$auto(r2, 0x1, r1) socket(0xa, 0x801, 0x84) r3 = io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(r3, 0x11, 0x7, 0x7, 0x0, 0x3) fsopen$auto(0x0, 0x1) 27.966611672s ago: executing program 2 (id=204): set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) io_uring_setup$auto(0x6, 0x0) futex_requeue$auto(0x0, 0x80, 0x2, 0x101) r0 = socket(0x1d, 0x2, 0x6) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000) writev$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x0, 0x400400009, 0x5, 0x9b72, r0, 0x8002) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) mmap$auto(0x0, 0x42021009, 0x3, 0x8000000000000011, 0xfffffffffffffffa, 0x8004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x6, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 27.374956689s ago: executing program 32 (id=204): set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) io_uring_setup$auto(0x6, 0x0) futex_requeue$auto(0x0, 0x80, 0x2, 0x101) r0 = socket(0x1d, 0x2, 0x6) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000) writev$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x0, 0x400400009, 0x5, 0x9b72, r0, 0x8002) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) mmap$auto(0x0, 0x42021009, 0x3, 0x8000000000000011, 0xfffffffffffffffa, 0x8004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x6, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 7.709784052s ago: executing program 0 (id=242): mmap$auto(0xfffffffffffffffc, 0x100000002020009, 0x1, 0x200000000eb1, 0xffffffffffffffff, 0x3) socket(0x1d, 0x2, 0x6) r0 = socket(0x2, 0x1, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x7fff}, 0x9) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20044850}, 0x20004000) sendmsg$auto_ETHTOOL_MSG_MM_SET(0xffffffffffffffff, 0x0, 0x20008040) write$auto_vcs_fops_vc_screen(0xffffffffffffffff, 0x0, 0x0) capget$auto(&(0x7f00000000c0)={0x20071026, 0xffffffffffffffff}, 0x0) unshare$auto(0x40000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x400c000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c07, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f000000a500), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r4 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket(0xa, 0x801, 0x84) socket(0x18, 0x5, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r6, r5, 0x4, 0x1ff, r4, @relative_id=0x13, 0xe600}, 0xf) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f0000000480)=@raw_tracepoint={0x5, r7, 0x0, 0x4}, 0xc) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$auto(0x1, 0x7, 0x80000000) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r2, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f000000a580)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000100", @ANYRES16=r3, @ANYBLOB="01002abd7000fddbdf251b00000008009a0002000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008080) 6.305508581s ago: executing program 0 (id=247): mmap$auto(0x0, 0x9, 0x3, 0xeb4, 0xfffffffffffffffe, 0x8002) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x0, 0x0) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x6) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/03.0\x00', 0x181000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x82982, 0x0) socket(0xb, 0x2, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x193941, 0x0) select$auto(0x4, &(0x7f0000000200)={[0x4, 0x3, 0x4, 0xd1, 0x200b, 0x1001ff, 0x500000, 0x10000, 0x7fffffffffffffff, 0x6, 0x105, 0x10001, 0x1, 0x57, 0x2, 0x7]}, 0x0, 0x0, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0xca406, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vidtv.0/i2c-0/new_device\x00', 0x4a001, 0x0) socket(0x11, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) pwritev2$auto(r3, &(0x7f00000003c0)={0x0, 0x200}, 0x8000000000000004, 0xffffffffffffffff, 0x4, 0x8) read$auto_short_retry_limit_ops_(r2, &(0x7f0000000040)=""/4096, 0x1000) socket(0x9, 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'wg0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(&(0x7f0000000000)={0x0, @inferred=r2, 0x9, 0x0, 0x4}, 0x0, 0x7ffffffff000, 0x401fffe) ioctl$auto_FICLONERANGE(r1, 0x4020940d, 0x6) r5 = socket(0x2a, 0x6, 0x103) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r4], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_1={r5, 0xfffffffffffffffc, @value=0x5, 0x5}, 0xf) 6.207785755s ago: executing program 4 (id=248): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2b, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6a) unshare$auto(0x20000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x100) iopl$auto(0x3) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd6/queue/iosched/writes_starved\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000100)='%\x00', 0x38f) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x400000000000003, 0x29, 0x13, 0x0, 0x3) io_uring_setup$auto(0x4c2, 0x0) iopl$auto(0xff) munmap$auto(0x20001000, 0x7fb3) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) syz_clone3(&(0x7f0000000300)={0x28020000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) 5.389158901s ago: executing program 1 (id=253): r0 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_DISASSOCIATE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\b\x00\x00', @ANYRES16=r1, @ANYBLOB="00012bbd7000fddbdf252800000005003e000800000031004801a289c1c1f3026f75a4d3a66a76f9f65578159c8a96f55e156e69b5114d651d9ec494a3d7791ee432bb9c"], 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x1) mmap$auto(0x41000, 0x4000b, 0x7, 0x9b72, r0, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) connect$auto(0x3, 0x0, 0x55) ioperm$auto(0x3, 0x5, 0x149) sendmsg$auto_BATADV_CMD_GET_HARDIF(0xffffffffffffffff, 0x0, 0x4) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0xec00, 0x0) mmap$auto(0xb, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/exec\x00', 0x101002, 0x0) r4 = epoll_create$auto(0x4) r5 = syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r5, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@GTPA_TID={0xc, 0x3, 0xfffffffffffffffb}, @GTPA_MS_ADDR6={0x14, 0xc, @local}, @GTPA_MS_ADDRESS={0x8, 0x5, @broadcast}, @GTPA_VERSION={0x8, 0x2, 0x7}, @GTPA_MS_ADDR6={0x14, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}}, @GTPA_PEER_ADDRESS={0x8, 0x4, @empty}]}, 0x60}, 0x1, 0x0, 0x0, 0x4044800}, 0x4) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r5, 0x4, 0x70bd2b, 0x25dfdbff, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008893}, 0x4) write$auto_proc_pid_attr_operations_base(r3, &(0x7f0000000300)="a597d9ce426d9f3d5911558f18cc57fdb0787a9e2a8072d5d8d0e5d021959144b43a2374bc04cd3fe05d66ba4377aa052852e96cf2a47eaa927ee063c1cb84f0ffffffffffff4feb3f98bd42a37b9f6a5c881e73e31dc794417247b8060be61a1e5ba5a26254c5a4d43315318f75db71e54c8170e6863791ef0e9b865d9e3c71e956e6a09b01cf3e38d9f46fe5804d6527ba35db61bb0ceded0227b0bbfcec8677e5861140e152e7c287ce00796f618cf77d3eb3376e524b5cd11bf800f5cc34e82b8f5168d9846f097649100f821218965cb095a3de26030b362a731aa98baf880371440450bcbe3bbf6f888c96", 0xee) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) ioctl$auto_TIOCSBRK2(0xffffffffffffffff, 0x5427, &(0x7f0000000000)="c5d4706e2918db40ec81c06d63418856988dcc45549d35bcec9492f1e5ecca074e4e372cca4948b9ce08591237af6092da4ac5fe41f98a4e97588a8ae40931af95f7b728f396026555a45d") 5.217222271s ago: executing program 4 (id=254): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000500)='/proc/lockdep_stats\x00', 0x400, 0x0) socket(0xa, 0x2, 0x3a) r0 = socket(0x25, 0x2, 0x0) r1 = prctl$auto_PR_SET_MM_ARG_START(0x9f, 0x8, 0xffffffffffffffff, 0x400, 0x53b) ioctl$auto_FBIOBLANK(r1, 0x4611, &(0x7f0000000000)="6c53bd41b9f9c554fe5f5e25629ba0fb24867774462ac52588615581c090ed1dd144b8a3c4048671ef021f09de4e228ab4b560dbc3656dbe20b83f027fd20d3ed658e836333de77ff330df89c9d13e8deaeaa5090f56ac374c7b283b") sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r0, &(0x7f0000000100)='MAC80\x03\x00\x00\x00\x00\x00\x00\x00IM\x00\xda?\x1c\x9d\xaaQ9\xfd\x8d\xdb\aQ@\xe1\xc3,\xc6\x97E\x17S\x9eK*\x86\xa63m\x94F\x80\xe8~\xe2<\xbe\b\x1e\x97\xdd\xdf\xa5o', 0x3) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x22000, 0x0) openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000180)={0x7f, 0x3b, 0x9, 0x2, 0x736, 0x8001, 0x7d6, 0x9a, 0x1, 0xbfaf, 0x7, 0x1, 0x10d9b, 0x8000000000, 0x2}) sysfs$auto(0x2, 0x49, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) 4.969451063s ago: executing program 0 (id=255): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x5, 0x0, 0x8004) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) sendfile$auto(r1, r1, 0x0, 0x5) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x408440, 0x0) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, r2, 0xd35, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x61cf770a5abe6d4a}, 0x8010) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x8900, 0x0) write$auto(0x3, 0x0, 0x7ffffffa) write$auto(0x3, 0x0, 0x5c8) 4.76207029s ago: executing program 4 (id=256): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xc) socket(0x2, 0x1, 0x0) setsockopt$auto(0x6, 0x6, 0x14, &(0x7f0000000240)='ns/cgroup\x00', 0xc) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20440, 0x0) ioctl$auto(0x3, 0x40045436, 0x2) mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000) move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/loop4/size\x00', 0x80, 0x0) fcntl$auto(r0, 0x7, 0x0) 4.532879312s ago: executing program 3 (id=257): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x5, 0x0, 0x8004) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) sendfile$auto(r1, r1, 0x0, 0x5) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/cpuidle/current_driver\x00', 0x408440, 0x0) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, r2, 0xd35, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x61cf770a5abe6d4a}, 0x8010) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pts/ptmx\x00', 0x8900, 0x0) write$auto(0x3, 0x0, 0x7ffffffa) write$auto(0x3, 0x0, 0x5c8) (fail_nth: 1) 4.275085489s ago: executing program 4 (id=258): msgctl$auto_MSG_STAT_ANY(0x2, 0xd, 0x0) mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x84000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0x20000000000003, 0x8905, 0x2) 4.2088325s ago: executing program 1 (id=259): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x102880, 0x1fd) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x54) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)=""/17, 0x11) socket(0x2, 0x802, 0x1) setsockopt$auto_SO_WIFI_STATUS(r0, 0x0, 0x29, &(0x7f0000000080)='\xef', 0x8000) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x102880, 0x1fd) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x54) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) (async) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)=""/17, 0x11) (async) socket(0x2, 0x802, 0x1) (async) setsockopt$auto_SO_WIFI_STATUS(r0, 0x0, 0x29, &(0x7f0000000080)='\xef', 0x8000) (async) 3.853976586s ago: executing program 4 (id=260): mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0xec00, 0x0) mmap$auto(0xb, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) (fail_nth: 14) 3.696829455s ago: executing program 1 (id=261): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="1f91f2c388274610e18d5fc5e5bfd9800e9b58", 0x13) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) mmap$auto(0xd, 0x2020009, 0x1, 0xeb1, 0xffffffffffffffff, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40300, 0x0) mmap$auto(0x0, 0x4020009, 0x0, 0xeb1, 0x401, 0x8000) socket(0x23, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyxb\x00', 0x8dd7526b021612b6, 0x0) mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f00000000c0)={0xfffffffeffffffff, 0x5}) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x10000948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0xfffffffffffffffb, 0x80000005, 0x0, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x81, 0x9488, 0x4000009, 0x15f4da0a, 0x3, 0x3, 0x8000080, 0x1, 0x7, 0x100000006d3e, 0x0, 0x2, 0x6]}, 0x0) unshare$auto(0x4000007d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/1:12/power/runtime_suspended_time\x00', 0x200, 0x0) r3 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe\x00', 0x68200, 0x0) read$auto(r3, 0x0, 0x67) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000005540)='/dev/input/event2\x00', 0xa481, 0x0) ioctl$auto_EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) socket(0x2, 0x5, 0x0) 2.656110317s ago: executing program 4 (id=262): mmap$auto(0x0, 0x20009, 0xdf, 0xeb4, 0xffffffffffffffff, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x90080, 0x0) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_IMADDTIMER(r1, 0x80044940, &(0x7f0000000140)) bpf$auto(0x8, &(0x7f00000001c0)=@bpf_attr_0={0x7, 0xb5, 0x10, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) ioctl$auto_USBDEVFS_SUBMITURB32(0xffffffffffffffff, 0x802c550a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2b, 0x1, 0x1) ioctl$auto_SNAPSHOT_UNFREEZE(r3, 0x3302, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x10, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x200, 0x3, 0x4, 0x4080000016, 0x3, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) read$auto(r0, 0x0, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/mode\x00', 0x121102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x12) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x541c, r5) 2.443426425s ago: executing program 3 (id=263): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x80040, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0) ioctl$auto(r2, 0x4b45, r1) recvmsg$auto(0xffffffffffffffff, 0x0, 0x7) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x2b, 0xfffffffffffffffe, 0x0) ioctl$auto(r3, 0xab07, r3) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r4) sendmsg$auto_NL80211_CMD_DISCONNECT(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x16c, r5, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0xeb, 0xbe, "f241d583600227418ca84f757797e794ec76b6d8f8ac233bd303a788e39f75e43e4077c937266bbdfc69d211abce0fd3ab9b4c4a351efca25127c186c86c3ed8665c997d96f13bf4818503dcd3948c13c9500208a46b9ed57087c4704849e44a1444ad0e74b0d795801e4b49bbea6e88cb500d0eda5fc7468b543ce88450a63d4f1a78996cd503f27596aa55c80a53b0c7c515e55b4721e043dc8fb150a35482fa33cc392f285312413e209de74ee967a3a29680def0aea65f3ce5de9fce3663ab6505ee73f8332a3a392079ae339904ea022ca1df74b4c8ca55e93ca84509d10208de23ea4873"}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8}, @NL80211_ATTR_MLD_ADDR={0x5e, 0x13a, "673c8d8804c0911b9374087a9b2ccb1c5c103b3ff598e6f9374a63628b1477e5fff7ae6e2a978c57e32de42d9504733898cfcfb6948ee1eb0c186a4c6c8d907a4211a88c0c888aeb4db7a94c619cfc5cb8b6c061920da42d6b69"}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000080}, 0x40) close_range$auto(0x2, 0x8, 0x0) 2.194668652s ago: executing program 1 (id=264): r0 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffb, 0x8000) setsockopt$auto(r0, 0x10000000084, 0x0, 0x0, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyv4\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) setresuid$auto(0x0, 0x0, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0) ioctl$auto(r3, 0x64cb, 0xffffffffffffffff) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000300)={{0x5, 0xffffffffffffffff, 0x0, 0x81, 0xa0, 0x101, 0x7}, 0xc, 0x8, 0x8fad, 0xfb, @raw=0x81, @inferred=0xffffffffffffffff, 0x6, 0x0, &(0x7f00000001c0)="fe83b7195c4208038435859c17c439582d6d02a275a681b20d", &(0x7f0000000240)="e7799d343ce9200bbdc7dbe0830bd6d792ca0e09ef7045ef9b5029d55849d21f43624efa5939b16128ecf139840cc0a75c271b623e1c7421fa45f47d1a847ff6738639c43fb168872d979466fb12f4661501b7e49d7b89e3db3e489717866df3561b5ab0165ae7f5c191307559fe4ab9721a1a14375f2cfe747fe38de7e437315b74c2c40f27"}) r5 = getegid() fchown$auto(r3, r4, r5) r6 = set_tid_address$auto(&(0x7f0000000080)=0xfffffff8) shmctl$auto_SHM_LOCK(0xeb1, 0xb, &(0x7f0000000200)={{0x0, 0x0, r5, 0x8, 0x8da8, 0x7, 0x1}, 0x5, 0x9, 0x2, 0x100000001, @inferred=r6, @raw=0x800, 0x40, 0x0, &(0x7f00000000c0)="0b24802c62073ad79819f75ba2f83587de1938968e354afd86c20af6a4d79495a1ce56374480bc3be0f1eb10d6a5d28363bde78759d5be75b58a07ed3876b905f5de8cdedc29079eacec9550e5054c920abd7b179743496a7b6d772fd4a8a43f21ff54b39187f31a36ba7600ab669d5c40714b52ae755d40317aa7fc8975d0014ee478e8c6c9af5dde895a665c3edcb547ae5a0ba43c62c118205df6bb968d9b734b7b", &(0x7f0000000180)="0b25ad65b38f4f6f037b894bc95e68124beaa677aa05e7c088029057541a41cc3ddc9f19a4fc9d27cbcfc266ec991b2cdc3740b9c0c68fd4719461ba689ea8cc6afb01bcf28d975d89e32dddfcca6871b0aedfe6d955b7608506b0"}) r7 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/setgroups\x00', 0x183200, 0x0) ioctl$auto_IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, 0x0) pread64$auto(r7, &(0x7f0000000400)=']}%\x00', 0x4, 0x5) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r8, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)={0x24, r9, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@CTRL_ATTR_FAMILY_NAME={0xf, 0x2, 'veth0_vlan\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r10, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x14, r11, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) sendmsg$auto_NL80211_CMD_VENDOR(r8, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto(0x3, 0x5404, 0x38) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) 1.623617157s ago: executing program 0 (id=265): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000500)='/proc/lockdep_stats\x00', 0x400, 0x0) socket(0xa, 0x2, 0x3a) r0 = socket(0x25, 0x2, 0x0) r1 = prctl$auto_PR_SET_MM_ARG_START(0x9f, 0x8, 0xffffffffffffffff, 0x400, 0x53b) ioctl$auto_FBIOBLANK(r1, 0x4611, &(0x7f0000000000)="6c53bd41b9f9c554fe5f5e25629ba0fb24867774462ac52588615581c090ed1dd144b8a3c4048671ef021f09de4e228ab4b560dbc3656dbe20b83f027fd20d3ed658e836333de77ff330df89c9d13e8deaeaa5090f56ac374c7b283b") sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r0, &(0x7f0000000100)='MAC80\x03\x00\x00\x00\x00\x00\x00\x00IM\x00\xda?\x1c\x9d\xaaQ9\xfd\x8d\xdb\aQ@\xe1\xc3,\xc6\x97E\x17S\x9eK*\x86\xa63m\x94F\x80\xe8~\xe2<\xbe\b\x1e\x97\xdd\xdf\xa5o', 0x3) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x22000, 0x0) openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000180)={0x7f, 0x3b, 0x9, 0x2, 0x736, 0x8001, 0x7d6, 0x9a, 0x1, 0xbfaf, 0x7, 0x1, 0x10d9b, 0x8000000000, 0x2}) sysfs$auto(0x2, 0x49, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) 1.343643941s ago: executing program 3 (id=266): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x3, 0x8000003, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x1, 0x3, 0x5, 0x7, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd7c4]}, 0x7, 0x10000281) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x14, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) getcpu$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) socket(0x25, 0x801, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x807d) r0 = accept$auto(0x3, 0x0, 0x0) socket(0xa, 0x2, 0x73) socket(0x23, 0x2, 0x0) sendto$auto(0x4, 0x0, 0x8000, 0x0, &(0x7f0000000100)=@in={0x23}, 0x80) read$auto_fault_around_bytes_fops_(r0, &(0x7f0000000100)=""/4, 0x4) getpriority$auto(0x2, 0x9) socket(0x1, 0x1, 0x1) socket(0x2c, 0x80003, 0x0) mmap$auto(0x8, 0x8f, 0x7, 0x12, 0x5, 0x22000008000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000940)='/sys/devices/platform/Fixed MDIO bus.0/mdio_bus/fixed-0/statistics/errors\x00', 0x490606, 0x0) read$auto(r1, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.8/usb26/descriptors\x00', 0x9) 1.098082962s ago: executing program 0 (id=267): r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000c40), 0xffffffffffffffff) bpf$auto(0x10, &(0x7f0000000780)=@bpf_attr_0={0x200, 0x7, 0x7ff, 0x80, 0x7, 0xffffffffffffffff, 0x7, "0000000100", 0x0, 0xffffffffffffffff, 0x80000000, 0x4, 0x3, 0x5, 0xffffffffffffffff, 0xffffffffffffffff}, 0x401) sendmsg$auto_ILA_CMD_DEL(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000004d9778be2f7bc93b73401a77862b0b2b6fd3fb4dca9085820ad760b35f67a190859276dc20f29ba12b8c624422f0da8ac226efd1c3e621d813fc1be92ad7020b505e4bc29a8c415654296d50969db34d642753a0e6e92a42a51f5299e8c77ed844cfe7422ec4147dfbe49693c0a00cbee79886fcedb7f7532fe0785b255f652cd895d02ebfd785d49c4634e4230a6fb42c5882e79947bb71e0f7c1a0871c58123d6447", @ANYRES16=r1, @ANYBLOB="010029bd7000fbdbdf25020000000c0003000104000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000084}, 0x0) sendmsg$auto_ILA_CMD_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x40) (async) sendmsg$auto_ILA_CMD_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x40) mmap$auto(0x0, 0x20009, 0xe2, 0x200000000000eb1, r2, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x1e, 0x2, 0x0) move_pages$auto(0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x8000000000000000) getsockopt$auto(r6, 0x10, 0x7f, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYRES32=r5, @ANYRES16=r6, @ANYBLOB="00020000000000000000fa06fb875982cbed4a6a8c882e3bc7e1f2a36c0d3b56ed4c6229d2e8e9ae587740de451de9d9f32e5cc9d28184cd139e777cf58ea1e0a47930b46144649498f660098dc05ff9b1344baec693c0e4d29ba8daaeba92f3d8", @ANYRESOCT=r2, @ANYRES32, @ANYRES8=r0, @ANYRESOCT=r3], 0x68}, 0x1, 0x0, 0x0, 0x48805}, 0x6004000) mmap$auto(0x80000000000000, 0x400, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x80000000000000, 0x400, 0xdf, 0x9b72, 0x2, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x2000, 0x0) read$auto(r7, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r8, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) writev$auto(r8, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x171e02, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x171e02, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x8000000000eb1, r4, 0x8000) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) sysfs$auto(0x2, 0x11, 0x0) r9 = fsopen$auto(0x0, 0x1) fsconfig$auto(r9, 0x8, 0x0, 0x0, 0x0) (async) fsconfig$auto(r9, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) (async) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="726c1344", @ANYBLOB="13", @ANYRES32, @ANYRES64], 0x1ac}}, 0x4004) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="726c1344", @ANYBLOB="13", @ANYRES32, @ANYRES64], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x7, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.095907752s ago: executing program 3 (id=268): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r0) sendmsg$auto_TASKSTATS_CMD_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050a2bbd7000fbdbdf2501000000120003002c4e2b262c252e295e343a2d2d7d00003f34a5593262ee25b4bc922d4c4b48e315e7608cd51e10b3b178dea3c54c3ef9d13d79b381019baf33ca919cda14565c29b0c4d61e493aa695f1e31495d7c5fd1ab43384b2f71cab9dcddbe0d5dad1cc52c5567c1a08094c8dc000a3916775f4a90f804bba1a94d7fff8bd17ddc0b04983a380caf49977a76f2d8ebfd15bf716950ffddfb264c0408ba7b2b61066f7008237e642b90ab0fc72051888d5fa5df46294d0edeb5719242ceb28ddd43554a325675916e797af26cc4805d52c7bfff518dc53cc79d45941fea331e656f495b1adde4522d6634041a10529a1d08298cf2da46bcc5ce843057aaee09ba9e8"], 0x28}, 0x1, 0x0, 0x0, 0x44000}, 0x20000000) close_range$auto(0x2, 0xa, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x2, 0x0) socket(0x11, 0xa, 0x1) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x26) mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0xec00, 0x0) mmap$auto(0xb, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x1, 0x80003, 0x9) ioctl$auto_EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000000)=0xf6) bpf$auto(0x40000000, &(0x7f00000001c0)=@bpf_attr_11={0x9, 0x0, 0x2e0, 0xffffffff, 0x2, 0x480000, 0x4, r2}, 0x191) setrlimit$auto(0x6, &(0x7f0000000040)={0x29b, 0xffffffffffffffff}) 895.566333ms ago: executing program 1 (id=269): msgctl$auto_MSG_STAT_ANY(0x2, 0xd, 0x0) mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(0x20000000000003, 0x8905, 0x2) 791.918163ms ago: executing program 3 (id=270): mmap$auto(0x2, 0x2020009, 0xb, 0xeb2, 0xfffffffffffffffb, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0xec00, 0x0) mmap$auto(0xb, 0xe980, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x1ff, 0x7fa, 0x22104, 0x9, 0x7, 0x7ff, 0x20010180, 0x4000000f}, 0x198) (fail_nth: 15) 113.43162ms ago: executing program 1 (id=271): r0 = prctl$auto_PR_SET_VMA_ANON_NAME(0x8, 0x0, 0xffffffffffffffff, 0xffffffffffffa2a6, 0x0) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000011c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001200)={'vxcan1\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r0, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x3c, r1, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x3}, @NETDEV_A_QSTATS_IFINDEX={0x8}, @NETDEV_A_QSTATS_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4880) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyc4\x00', 0x40000, 0x0) ioctl$auto_TIOCSWINSZ2(r3, 0x5414, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) ioctl$auto_MON_IOCQ_URB_LEN(0xffffffffffffffff, 0x9201, 0x0) mmap$auto(0x0, 0xb991, 0x5, 0x19, 0xffffffffffffffff, 0x2) clock_adjtime$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) execve$auto(&(0x7f0000001040)='./file0\x00', &(0x7f00000010c0)=&(0x7f0000001080)='/dev/hwrng\x00', &(0x7f0000001140)=&(0x7f0000001180)='-{\\\x00') read$auto_rng_chrdev_ops_core(r4, &(0x7f0000000040)=""/4096, 0xfffffe82) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0xaa102, 0x0) write$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000000)="47f0c01a8364e3173f3c11b1022ae7e7f23bd8b6f02125e0efc3534efe780a", 0x1f) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 618.456µs ago: executing program 0 (id=272): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001340)={'veth1_to_team\x00', 0x0}) r5 = bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r4, r3, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r6, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r7 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x44041, 0x0) ioctl$auto(r0, 0x2, r7) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r5) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x103c, r9, 0x10, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xbc74}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x5e}, @NL80211_ATTR_BSSID={0x1004, 0xf5, "e8d9b62e2e9d991fc4bab195b2536a959377ffd6f9552305231e5c8a033744701660c312317964984386047551140ee05b11e06e7ee1d237908ef48c1bf7f423d1eaa1cc4a409d8317c2bd6e0f8ae25651dd0bee7dd0208b4e50c3eef20a56a7cde18a545a8175ad8f6a323447aaffb01ff7191fc8fb708463ca34b334b6a7363989b0137e2ffc044a2d78872c501df2dc6294701a4d031314f80903704f610de7731ed4119a873ff62d9a0156f4d3fb1c6e088141e24f9efb18ddc14a84fbf86d60b77a9f81c9500688daf04fd7507e6de677f9516db948b8bcfe53af6ff3340bcc3f3d0733e962eedfbe5fb401f6134f6eb891bde0b4be38e1277b6098dc905825bb5cd8cc2ee725f7273bdbc17652d7cd1794b16878f8dae81479ea70b91a00f761e08c2a5e30e70e2189afb4ac6cbf6b37faf469c01ba6a5239fa61c7d18a7cb7a2cd854ebff728af3838d3a54f3c864da01ec746568d62a1c290a276ed66b63376b6ccc45fd0f5b73b28b2909e8b29ac7e1210d76efcd804fb79fab088eaf2be066996687bcdc1c800877d57b1cf7bef48234ee119252b50a285842d7db172a585795d30bc64621de845ff676a4b454a93da21d9dcf4d5648a5cc4e36fcf886b33d513f2045b6410e0f58d9eb91519084a6d402b546e0fb8d4792f44ca1bb452a4d7605f3ce332abb462e2c5d32762a9a247d67f41eaaaea2acb6ec5d267185677b5ee7308b20c18f33cacb408bbe6dad2c46b53c391fd82f9f502b62c97aac1863144a33cc0a95dfdce25689ef5b6ae6ea53a079d45a94e8d8d972bc3dc8b7c4812a1595d5acec49a70e4bc7085058d30add9b776e2a7124a58d4b733ccd7f92099e8593292287c0ce7c74bc024e6b3a30c190d2681c6ce677e9cf9a204975adf85a86a5ba76d1f6a1ccae8c639f8f9a5f486c9d184bd0a89b006bf84c06988b3ec3d17128550f231ab33a9828b82319d527b65f5a160a0fd08eb69e43863fa903be18ca2d3a7f8b8f50cbfe56f312a67b39c1c48410ebf442c5ff10251b01a403d5d106ff735982ba98b0e7290450b5459b791907c63d2d2c968f3a45a595ffacbe05a6ea4c45b0f9a18ae77a957907a95dad852ca3fe83d9b8c5c3aeeb75e74cad0f0543c2f9c97e77a1aad0aff2a56ad0ce93ec8809e88e4bd68a95bc9aa8ed1e3d0367b318f39ddad0860cab80488262ded3cdb6d368aa3febdb202e0cb4abd70b829c6652adff66039e4a09e5134472177e6e123600ab3f368ebdfaaf4bc75a20c1ba773ef5952b953c598b8170a2621aa24b5f9a709cbe49c6332f1abc72b4336b0fa23e5336d5545fc1b1e19a77b2283a475271392d412211048cf08f85a26cb46eb58abd9bfa989f50de4d20cb11350897ae8a372b3b585aad82d4793fe1c17ea0a090f36c17411b07e30f84d8f1e76358b57e82dafd6f8bff545ca74a19a63f6028a5c18d230c34ee9a4fd2a1c95cd5f34194ea7c47d887e00048b759e87ef23c6db20edbb3a356153f6f1cbc4e6255e63e50415b73c4436515da401c70c39cc717444f16bba90900bf57be2554125cae1656c5aa8a38f6f79213fca669936af48f4606337580769a8edb38fb611445a27595f2fe2bc9cd19f72248288fa6e38803f112e301c926ea27e09a9f68d4f41b4e6017cf08e7d3051050029ab7f7ef4e38a9417ee78552178b0225990d2ba29681c7e3e18248912c4144eb38fc46525ccf1340b5a2fe245f70c620501675d5d0da9b01a66b94b8e8c68b467a51b6ef7e68a42c04d9c8bcfa3d1c34c1ab7fd9c970492bf3d8108e22a06e4e47aa630fb968d8983515969844226d32cf017800566a38764f43c150ba2e445391b9948a0f73cc233b48452f7bf2a7c3f01bac03022862f4d3dac3c87216e372f28d5562c93fc10ada0c5bed47b6ca20db968aca63044470e6a6f5efaf95be037c2afbfda8f3c64f673571b38b7199bc5954efbf0ef3121fbff8392e620f7528e50b6657089b3e14699fd5997c0b9d8d18f622936b92eb805eba8c5ee284cfcdb8dd6b3ca83442fdf19f8ff37e8658d265798ac5a621a153816ac3a6802340aefca590c809e92ec64ae520939a1154885d4f7ab46493d0be80ec31bb1e0fbb8d7b71d72f4c0ed0312c3ca7ed446a362ea895f3014f19d940ea4da0fbeb14f98fe8f5178f7c08c480014837d13f043ae50170e4ab622ba106da58279a2434b1f3d43cb5e6b6e127d470e7e3122e084e0f64c7c12c389aabf85f93a2f3b1506ce6a5b2994da3921bce0c15f6cbac819abb64d9f1ae1748c19c0849975a41a35d153982d5eaf308c5d294f3dbe489fe6860cdd9ffef3f3cde439640bc52b3d428f2a5d8462c2dc001edd2624f4f6dd22c327748614c9659dd9a882de23baf574cb9fddc92e9aab0e2023c08c48c1e3942f522cb3a1952fefaec872a9686859182ff3cf8e37e54ec28d4c902e05d345c5b3c0f10eb323d9fdb2cf113b2398abd5a7d18043303b856a6b4c049131be3fea95bf65065f37dac259f3a1410acfe946dd1e59f84423af95b5828709fb787ee3a939d1497ae1043eca5024ad9641283ef73e247c3417b756b57a8d87c870aea5501094a1185c152e2ce3f05a0cbd8ba4ec9601ab74095dcc7b0d127509d30ce842d92258b63bdedbe0fa61da3196c1ad0e265c8e9ab16f0e1f7b19ee2dc7caed52c17b1832c542c7e151655449512cd51f91a61630f630c60198bdc6f38455b98190d51db49548fb5d5c8962bc16550441ec0ccab2b8c5864b7a6e31b29f17977274f87a6f6edef21c8a831f77322dd3dbf201dc8e30d194e6222f9dd22f81f4edb532bb8f271670be7cc0330436daa8441477668f4ce7cb345cbc6ad2e45284b72743a979e96a4d7046f4ca8f69fb3cc6139618c0d28bfaa173ec9088e335766d24b6f652b63db4dddc2eb1720dbc89c36392ddca1973f09368a23de7476670c4dc35dfc27d44c34ec44da949b96c678d173e1795e9392830f0be7f3e4350fe8f65e541c065a6e1db1fd72233cb22a5d6d22a9b4086c826dc057deefe21da600d15349734bd6b8f6bb4fd93806102da2aa68cc98390d7c00effdf967729d60dcb5c0dc8e9caa0f04c0ad2ecf2188b1413dcba79e7fdc6f5dc1eabf62d743000ca9f7b27ac2734df46c013e3d5dcd4f8fb0aa25729afeb3c1b5bc831580718a3d0a981f0c081feb5ce4a2df4c91f62012f3b39a57e5b27355de4a1c529e1599ddfb8aa8c3ff4dab173c72ae025c8691e1484e0723414f78a6130d33d9c630e2a8ee2c737bdf0c22ac3241d5508e20b556a2ca2feeba178caf17dfa3494c7c3604ac4725601a40736bfb4a3c5d6931d0e52451f661b47e7a00f53557f5779a3f226e21d8d4f70bb931be241b94f278a3e1ce96e3965600b6c645229c29aa2aecbefa81ba58c54b5827700a304202660c1ae318168beec142109f94cc6043f1662fabf47a525a8cf04a40f59dc5402dec2a3dd0771c237871bfd6e8fdcbffef0cdfd463570b5c6c9a7f04de8dd8cef113e37171e05d91b35445a60ae31aba0ba37ba6622d51c6c77cc9d70a0019284ec384576cfc2f6f148005e8c0111792ec8f3a20458fe3ab7467481d7575deb8ef5ab79ec835d44f57b163be1f8ed8f3d6fdb931d0f5fd113170414e4404a6fca46da1c80cf55689f95a84ce2c1ff748ad6e91a9ce8321602123747c1a10e6b6f601784c22af192f96f4b837c2f76ba2917c43595ee895f758557f7041de4e952b66a15cd0aee6fdb6b6d070872caac749df752c3dfc0efa324d93883139bd0473c723f7285e5bf004558fb293e9a4b8697259dd41153e5f3af52f547a2967f70a6a37a28d6ed9e6ec10005528e882fb5015e38891ec7e77919523bc480b397d2a4c7a017e175f77dfda5bd6e2cd70f675f2e536bbe52c3449aa10947f43e92be7ad4ee472fa675f43c86cc7d07273b7882a784434fa98da7f1840b21690339f432ecc05c7e40ebf1bd22932ddd74c22b9fb03af5042f8479c4b1d64fc5deba64265ae63564290fbc5f225fdd25a841887e2783ae818fd7674563f26ad79b1ee69c06245442668d4d37602be996daefb50d4fd03f5e6af66dbae302be5c453f23472c59260822ae470ff698ca31ba57e77d355cdcf4c8df31f63e91246d7baca7c9f82405b2cb62586e264722b7b85393b78736a1d89789b637050d9eff152d6894f96aad3a2cabcda3bea64ac6fa101372dd9597b6265e59f1ece2471bcdafa9e31e3796b27437e2d58db455972b66469e847fbbbd6ddaad0064a660624cfd6038fd5fd4c46d3ed775949a461e087db921759435fc554f3508d08616495b3a0a3b36849bc501d114b3eee28afe18f22ac22032f5dd3407a5a9ad608c0b6a63e369c6d7590aed3ac9ce2f127471717f749be0c1091a80957788fca30fdeb82d3db0b3ae436188811f77a3e0038c50b9e7da3e0a7d427d1dc3b1b94773477259d550772c539c93506173e6c50b9beb72aefeea396885e945b54b14dae904a1749eb189c61c226d5874da43216323d2068390d4950c37d8dd749fa5e7f8211317c3bb4c4961a36b80f901ba712d15a94e353cca8f593689a23125aab2c43fa04cc68d889aa07615f1c9c708e55511b8423da135d2175792176ccc0e00d7f1677292b8ce06f5916c6e1ff5fb9de4fabdd39495c6c16128ba60ee3a6aec4cec9d79245cabae6b138ab400350e3314ae79003b6863bf9363ac8afa76ffa3734e95fba6e26248147bc4b1f55b570b8d630ac1b301bd2285abce31d56ac77716b3143fea598a27e0bf8084c1fe4569ba370a30bfe544f6edfcff2082a382c55906b644fcc4aa9a88be2e7edaf654e714f8199de9959b7c3083211d25235a268ada464f98f9e51fad918595a4e7aae200815629e2b6453857abf9d4add8ccae08fe32b89299b538d762b51604e4bb9f7ec310d825138b8ba7cc99c93bdc1468dd6244cc856195f0978be4d0a227be64f47e8787ca0bea559f695547e7f8582d42d0ce601c35c53b94e2c9fa85831330c880550b3a19ff7fdf9d2b229515039a8d0a1826788e00740b9dd47804ace0b5a336fcb0ebf1f233548161e4a5ed27554ee25e12f359a00a7207ab9f50783b554a9ea4dc8a2b621df5824671b26a01c77dda607afaa06181f6f2eaa5b77a051d851f20cd516fedb01445fec58da2845bb30571147be669d0cbffde03e461960dc37208e1072d07a067ccc5d4188856d0e28f5bfcf7a06ce4871dbdeadb4445dea80c49baeb89baee2a2e370d2e918aaac0c8be93ea965498a9d03d194c41b8c03a59a81a92c0a4327b448088d7ce2c2ed6f12ce628ac3fdf183b1d0b4d22911ff4b8e4f3cb7fab0e7670c19a1bb7029779a5f3164943c206880cc1ca223b29bb4124d751f0f0cad1636db03e8a2b7b1b61eba828b6766351133b2e14345f9630a036484d53331d69ba853005adaf6fa4e54383b33e749c92b97a833babaed28c66f7249bc4293bc762042f086b6e890346b2014795582267bf61f06667adf7f6b23bbe0500c161d2baa163d8d0125641fa12984529fd0e58c3aefa0efa9bd5990a2c15ac7cdfa5fd34687ac88ad415095c596dafc379651c1c2c7ebb2f7f93e443fd410f0eb4d2f280455f9345a2bb5c81cc4c341465a1abadbaa308fb73fb34e1daf97e792f9d328598f0bfcccf1711d6f09ea4ef3d6b2ce099b36b7f2cb54126f09f067bb41860623948322ea7592bea4b088dedb08f489ffc166681b6a90328dfcfe5cc8e8c29a271d17f92fed922b983ed79ebb"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x1}]}, 0x103c}, 0x1, 0x0, 0x0, 0x800}, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x401, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r8, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) 0s ago: executing program 3 (id=273): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2b, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6a) unshare$auto(0x20000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x100) iopl$auto(0x3) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd6/queue/iosched/writes_starved\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000100)='%\x00', 0x38f) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x400000000000003, 0x29, 0x13, 0x0, 0x3) io_uring_setup$auto(0x4c2, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x20001000, 0x7fb3) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) syz_clone3(&(0x7f0000000300)={0x28020000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.4' (ED25519) to the list of known hosts. [ 354.270461][ T5845] cgroup: Unknown subsys name 'net' [ 354.404053][ T5845] cgroup: Unknown subsys name 'cpuset' [ 354.414553][ T5845] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 356.231050][ T5845] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 358.434097][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 358.444493][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 358.452908][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 358.462161][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 358.489420][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 358.550227][ T5145] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 358.559459][ T5145] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 358.569685][ T5145] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 358.580406][ T5145] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 358.606394][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 358.615864][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 358.673505][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 358.686504][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 358.700456][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 358.709982][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 358.749320][ T5145] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 358.758698][ T5145] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 358.769317][ T5145] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 358.786403][ T5145] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 358.795059][ T5145] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 359.033287][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 359.357413][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.367875][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.376414][ T5854] bridge_slave_0: entered allmulticast mode [ 359.384277][ T5854] bridge_slave_0: entered promiscuous mode [ 359.398578][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 359.417457][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.426129][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.433547][ T5854] bridge_slave_1: entered allmulticast mode [ 359.441807][ T5854] bridge_slave_1: entered promiscuous mode [ 359.510705][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 359.520310][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 359.557164][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 359.671268][ T5854] team0: Port device team_slave_0 added [ 359.685667][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.693303][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.700667][ T5859] bridge_slave_0: entered allmulticast mode [ 359.708089][ T5859] bridge_slave_0: entered promiscuous mode [ 359.726567][ T5854] team0: Port device team_slave_1 added [ 359.756258][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.764313][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.771908][ T5859] bridge_slave_1: entered allmulticast mode [ 359.779624][ T5859] bridge_slave_1: entered promiscuous mode [ 359.896258][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.903963][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.911896][ T5858] bridge_slave_0: entered allmulticast mode [ 359.919715][ T5858] bridge_slave_0: entered promiscuous mode [ 359.931655][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 359.958012][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 359.965467][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.992439][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.004791][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.012371][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.019710][ T5858] bridge_slave_1: entered allmulticast mode [ 360.027126][ T5858] bridge_slave_1: entered promiscuous mode [ 360.036584][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.059273][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.066313][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.092438][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.184363][ T5859] team0: Port device team_slave_0 added [ 360.194183][ T5859] team0: Port device team_slave_1 added [ 360.201947][ T5866] chnl_net:caif_netlink_parms(): no params data found [ 360.221277][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.267291][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.325107][ T5854] hsr_slave_0: entered promiscuous mode [ 360.332090][ T5854] hsr_slave_1: entered promiscuous mode [ 360.355753][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.362955][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.389152][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.402450][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.409854][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.436089][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.514580][ T5858] team0: Port device team_slave_0 added [ 360.524188][ T5858] team0: Port device team_slave_1 added [ 360.540190][ T5145] Bluetooth: hci0: command tx timeout [ 360.661798][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.668830][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.695457][ T5145] Bluetooth: hci1: command tx timeout [ 360.698727][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.741508][ T5859] hsr_slave_0: entered promiscuous mode [ 360.748076][ T5859] hsr_slave_1: entered promiscuous mode [ 360.754599][ T5859] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 360.762945][ T5859] Cannot create hsr debugfs directory [ 360.768853][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.777430][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.784873][ T5145] Bluetooth: hci2: command tx timeout [ 360.791196][ T5866] bridge_slave_0: entered allmulticast mode [ 360.798592][ T5866] bridge_slave_0: entered promiscuous mode [ 360.808467][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.815565][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.844255][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.854971][ T5145] Bluetooth: hci3: command tx timeout [ 360.885158][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.892745][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.900822][ T5866] bridge_slave_1: entered allmulticast mode [ 360.908192][ T5866] bridge_slave_1: entered promiscuous mode [ 361.004499][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 361.051520][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.114177][ T5858] hsr_slave_0: entered promiscuous mode [ 361.122566][ T5858] hsr_slave_1: entered promiscuous mode [ 361.128837][ T5858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 361.137284][ T5858] Cannot create hsr debugfs directory [ 361.172057][ T5866] team0: Port device team_slave_0 added [ 361.204754][ T5866] team0: Port device team_slave_1 added [ 361.332367][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 361.340020][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.367055][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 361.418590][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 361.425921][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.452283][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 361.544896][ T5854] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 361.602410][ T5854] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 361.645407][ T5866] hsr_slave_0: entered promiscuous mode [ 361.652881][ T5866] hsr_slave_1: entered promiscuous mode [ 361.659845][ T5866] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 361.667442][ T5866] Cannot create hsr debugfs directory [ 361.673507][ T5854] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 361.716887][ T5854] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 361.816408][ T5859] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 361.827629][ T5859] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 361.862450][ T5859] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 361.905766][ T5859] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 362.038444][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 362.051425][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 362.082304][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 362.127292][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 362.196370][ T5866] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 362.207639][ T5866] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 362.242126][ T5866] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 362.271253][ T5866] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 362.398675][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.410294][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.505126][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.523033][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.536325][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.558102][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.565538][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.611163][ T5145] Bluetooth: hci0: command tx timeout [ 362.620983][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.628134][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.642718][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.649992][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.672197][ T5892] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.679435][ T5892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.718307][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.769760][ T5145] Bluetooth: hci1: command tx timeout [ 362.781783][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.837785][ T2959] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.845082][ T2959] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.854190][ T5145] Bluetooth: hci2: command tx timeout [ 362.896213][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.903515][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.930190][ T5145] Bluetooth: hci3: command tx timeout [ 362.953129][ T5866] 8021q: adding VLAN 0 to HW filter on device team0 [ 363.002927][ T5892] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.010201][ T5892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 363.032379][ T5892] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.039674][ T5892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 363.227661][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.371966][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.454766][ T5859] veth0_vlan: entered promiscuous mode [ 363.553378][ T5859] veth1_vlan: entered promiscuous mode [ 363.601080][ T5854] veth0_vlan: entered promiscuous mode [ 363.620291][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.668802][ T5854] veth1_vlan: entered promiscuous mode [ 363.757453][ T5859] veth0_macvtap: entered promiscuous mode [ 363.793383][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.810253][ T5859] veth1_macvtap: entered promiscuous mode [ 363.828756][ T5854] veth0_macvtap: entered promiscuous mode [ 363.845010][ T5858] veth0_vlan: entered promiscuous mode [ 363.877736][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 363.887920][ T5854] veth1_macvtap: entered promiscuous mode [ 363.903679][ T5858] veth1_vlan: entered promiscuous mode [ 363.921975][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 363.961775][ T5859] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.972827][ T5859] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.983593][ T5859] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.992769][ T5859] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.061183][ T5858] veth0_macvtap: entered promiscuous mode [ 364.068924][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.081490][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.093887][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.115209][ T5858] veth1_macvtap: entered promiscuous mode [ 364.132133][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.144668][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.157452][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.178531][ T5866] veth0_vlan: entered promiscuous mode [ 364.234390][ T5854] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.245253][ T5854] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.255857][ T5854] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.265813][ T5854] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.282100][ T5866] veth1_vlan: entered promiscuous mode [ 364.294975][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.305806][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.316364][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.328279][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.345043][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.385537][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.396524][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.407095][ T5858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.417916][ T5858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.431144][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.477571][ T5858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.487204][ T5858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.496654][ T5858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.508341][ T5858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.551419][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.568257][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.596358][ T5866] veth0_macvtap: entered promiscuous mode [ 364.642732][ T5866] veth1_macvtap: entered promiscuous mode [ 364.663693][ T5892] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.674894][ T5892] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.689637][ T5145] Bluetooth: hci0: command tx timeout [ 364.810763][ T5903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.822199][ T5903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.825032][ T5866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.842344][ T5866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.850079][ T5145] Bluetooth: hci1: command tx timeout [ 364.857995][ T5866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.869306][ T5866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.879217][ T5866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.889728][ T5866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.903265][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.929239][ T5145] Bluetooth: hci2: command tx timeout [ 364.937205][ T5903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.950907][ T5866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.962158][ T5903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.969147][ T5866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.981214][ T5866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.993323][ T5866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.003692][ T5866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.009513][ T5145] Bluetooth: hci3: command tx timeout [ 365.020504][ T5866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.032711][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 365.063141][ T5866] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.078645][ T5866] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.090657][ T5866] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.103655][ T5866] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.133336][ T5903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.141793][ T5903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.185745][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 365.285592][ T5896] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.310554][ T5896] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.397262][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.431671][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.500996][ T5917] process 'syz.2.3' launched './file0' with NULL argv: empty string added [ 365.514193][ T5896] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.539557][ T5896] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.965194][ T5928] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 366.362063][ T5937] syz.0.6 uses obsolete (PF_INET,SOCK_PACKET) [ 366.769468][ T5145] Bluetooth: hci0: command tx timeout [ 366.931077][ T5145] Bluetooth: hci1: command tx timeout [ 367.009667][ T5145] Bluetooth: hci2: command tx timeout [ 367.021290][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8'. [ 367.048465][ T5945] netlink: 354 bytes leftover after parsing attributes in process `syz.0.8'. [ 367.082332][ T5945] Zero length message leads to an empty skb [ 367.089831][ T5145] Bluetooth: hci3: command tx timeout [ 367.717506][ T5950] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 368.210542][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 368.220369][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 368.226722][ T5958] FAULT_INJECTION: forcing a failure. [ 368.226722][ T5958] name failslab, interval 1, probability 0, space 0, times 1 [ 368.230303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 368.296392][ T5958] CPU: 1 UID: 0 PID: 5958 Comm: syz.0.11 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 368.296439][ T5958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 368.296462][ T5958] Call Trace: [ 368.296472][ T5958] [ 368.296488][ T5958] dump_stack_lvl+0x16c/0x1f0 [ 368.296533][ T5958] should_fail_ex+0x512/0x640 [ 368.296578][ T5958] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 368.296619][ T5958] should_failslab+0xc2/0x120 [ 368.296658][ T5958] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 368.296696][ T5958] ? sk_prot_alloc+0x60/0x2a0 [ 368.296740][ T5958] sk_prot_alloc+0x60/0x2a0 [ 368.296781][ T5958] sk_alloc+0x36/0xc20 [ 368.296831][ T5958] kcm_create+0xfc/0x690 [ 368.296869][ T5958] __sock_create+0x335/0x8d0 [ 368.296919][ T5958] __sys_socket+0x14d/0x260 [ 368.296962][ T5958] ? __pfx___sys_socket+0x10/0x10 [ 368.297005][ T5958] ? rcu_is_watching+0x12/0xc0 [ 368.297042][ T5958] __x64_sys_socket+0x72/0xb0 [ 368.297081][ T5958] ? lockdep_hardirqs_on+0x7c/0x110 [ 368.297118][ T5958] do_syscall_64+0xcd/0x230 [ 368.297161][ T5958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.297194][ T5958] RIP: 0033:0x7f184398e969 [ 368.297224][ T5958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.297260][ T5958] RSP: 002b:00007f18447f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 368.297295][ T5958] RAX: ffffffffffffffda RBX: 00007f1843bb6080 RCX: 00007f184398e969 [ 368.297317][ T5958] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 368.297342][ T5958] RBP: 00007f1843a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 368.297362][ T5958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.297381][ T5958] R13: 0000000000000000 R14: 00007f1843bb6080 R15: 00007ffeced8a748 [ 368.297423][ T5958] [ 368.500747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 368.651074][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 368.660083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 368.668946][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 368.680020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 368.688427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 368.697060][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! syzkaller syzkaller login: syzkaller syzkaller login: [ 373.080662][ T6022] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[6022] [ 374.604666][ T6034] mmap: syz.3.27 (6034) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 375.960827][ T5145] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 375.983552][ T30] audit: type=1800 audit(6040709349.775:2): pid=6047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.30" name="dbroot" dev="configfs" ino=7160 res=0 errno=0 [ 378.217340][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.33'. [ 379.142827][ T6069] Invalid ELF header magic: != ELF [ 379.743611][ T6084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.39'. syzkaller syzkaller login: [ 380.958937][ T5145] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 syzkaller syzkaller login: [ 383.874426][ T6121] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 383.913898][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.920621][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.974358][ T6121] CIFS mount error: No usable UNC path provided in device string! [ 383.974358][ T6121] [ 384.012413][ T6121] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 385.600553][ T6126] QAT: Device 0 not found [ 391.482315][ T6205] random: crng reseeded on system resumption [ 393.671566][ T6239] netlink: 28 bytes leftover after parsing attributes in process `syz.0.69'. syzkaller syzkaller login: [ 402.949563][ T6344] netlink: 28 bytes leftover after parsing attributes in process `syz.3.95'. [ 403.598877][ T6335] ptrace attach of "./syz-executor exec"[5859] was attempted by "./syz-executor exec"[6335] [ 404.047979][ T6359] FAULT_INJECTION: forcing a failure. [ 404.047979][ T6359] name failslab, interval 1, probability 0, space 0, times 0 [ 404.061925][ T6359] CPU: 1 UID: 0 PID: 6359 Comm: syz.2.100 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 404.061964][ T6359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 404.061981][ T6359] Call Trace: [ 404.061991][ T6359] [ 404.062002][ T6359] dump_stack_lvl+0x16c/0x1f0 [ 404.062045][ T6359] should_fail_ex+0x512/0x640 [ 404.062087][ T6359] ? __kvmalloc_node_noprof+0x122/0x600 [ 404.062124][ T6359] should_failslab+0xc2/0x120 [ 404.062161][ T6359] __kvmalloc_node_noprof+0x135/0x600 [ 404.062195][ T6359] ? seq_read_iter+0x826/0x12c0 [ 404.062247][ T6359] ? seq_read_iter+0x826/0x12c0 [ 404.062288][ T6359] seq_read_iter+0x826/0x12c0 [ 404.062334][ T6359] ? __mutex_trylock_common+0xe9/0x250 [ 404.062389][ T6359] kernfs_fop_read_iter+0x40f/0x5a0 [ 404.062427][ T6359] ? rw_verify_area+0xcf/0x680 [ 404.062477][ T6359] vfs_read+0x8c8/0xc70 [ 404.062511][ T6359] ? __pfx___mutex_lock+0x10/0x10 [ 404.062549][ T6359] ? __pfx_vfs_read+0x10/0x10 [ 404.062605][ T6359] ksys_read+0x12a/0x240 [ 404.062633][ T6359] ? __pfx_ksys_read+0x10/0x10 [ 404.062694][ T6359] ? rcu_is_watching+0x12/0xc0 [ 404.062733][ T6359] do_syscall_64+0xcd/0x230 [ 404.062776][ T6359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.062806][ T6359] RIP: 0033:0x7f9c5898e969 [ 404.062830][ T6359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.062859][ T6359] RSP: 002b:00007f9c59830038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 404.062893][ T6359] RAX: ffffffffffffffda RBX: 00007f9c58bb5fa0 RCX: 00007f9c5898e969 [ 404.062913][ T6359] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003 [ 404.062931][ T6359] RBP: 00007f9c59830090 R08: 0000000000000000 R09: 0000000000000000 [ 404.062950][ T6359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.062969][ T6359] R13: 0000000000000000 R14: 00007f9c58bb5fa0 R15: 00007fff06ed29c8 [ 404.063011][ T6359] syzkaller syzkaller login: [ 404.822325][ T6379] netlink: 4 bytes leftover after parsing attributes in process `syz.1.103'. [ 405.053168][ T6397] FAULT_INJECTION: forcing a failure. [ 405.053168][ T6397] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 405.103292][ T6397] CPU: 1 UID: 0 PID: 6397 Comm: syz.3.105 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 405.103337][ T6397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 405.103354][ T6397] Call Trace: [ 405.103365][ T6397] [ 405.103376][ T6397] dump_stack_lvl+0x16c/0x1f0 [ 405.103419][ T6397] should_fail_ex+0x512/0x640 [ 405.103479][ T6397] _copy_from_user+0x2e/0xd0 [ 405.103527][ T6397] __sys_bpf+0x21d/0x4d80 [ 405.103623][ T6397] ? __pfx___sys_bpf+0x10/0x10 [ 405.103666][ T6397] ? ksys_write+0x190/0x240 [ 405.103701][ T6397] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 405.103764][ T6397] ? fput+0x70/0xf0 [ 405.103798][ T6397] ? ksys_write+0x1b9/0x240 [ 405.103826][ T6397] ? __pfx_ksys_write+0x10/0x10 [ 405.103852][ T6397] ? rcu_is_watching+0x12/0xc0 [ 405.103887][ T6397] __x64_sys_bpf+0x78/0xc0 [ 405.103929][ T6397] ? lockdep_hardirqs_on+0x7c/0x110 [ 405.103962][ T6397] do_syscall_64+0xcd/0x230 [ 405.104003][ T6397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.104034][ T6397] RIP: 0033:0x7f224fb8e969 [ 405.104058][ T6397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.104087][ T6397] RSP: 002b:00007f2250962038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 405.104117][ T6397] RAX: ffffffffffffffda RBX: 00007f224fdb5fa0 RCX: 00007f224fb8e969 [ 405.104137][ T6397] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 405.104156][ T6397] RBP: 00007f2250962090 R08: 0000000000000000 R09: 0000000000000000 [ 405.104174][ T6397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 405.104192][ T6397] R13: 0000000000000000 R14: 00007f224fdb5fa0 R15: 00007ffd31bfb098 [ 405.104232][ T6397] [ 406.617834][ T6422] ptrace attach of "./syz-executor exec"[5858] was attempted by "./syz-executor exec"[6422] [ 407.280111][ T6432] FAULT_INJECTION: forcing a failure. [ 407.280111][ T6432] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 407.323710][ T6432] CPU: 1 UID: 0 PID: 6432 Comm: syz.2.114 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 407.323757][ T6432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 407.323774][ T6432] Call Trace: [ 407.323785][ T6432] [ 407.323796][ T6432] dump_stack_lvl+0x16c/0x1f0 [ 407.323840][ T6432] should_fail_ex+0x512/0x640 [ 407.323889][ T6432] _copy_to_iter+0x2a4/0x15a0 [ 407.323935][ T6432] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 407.323977][ T6432] ? __pfx__copy_to_iter+0x10/0x10 [ 407.324021][ T6432] ? kernfs_seq_stop+0xcd/0x120 [ 407.324066][ T6432] ? kernfs_put_active+0x86/0xe0 [ 407.324103][ T6432] seq_read_iter+0xcf8/0x12c0 [ 407.324165][ T6432] kernfs_fop_read_iter+0x40f/0x5a0 [ 407.324203][ T6432] ? rw_verify_area+0xcf/0x680 [ 407.324255][ T6432] vfs_read+0x8c8/0xc70 [ 407.324289][ T6432] ? __pfx___mutex_lock+0x10/0x10 [ 407.324325][ T6432] ? __pfx_vfs_read+0x10/0x10 [ 407.324382][ T6432] ksys_read+0x12a/0x240 [ 407.324411][ T6432] ? __pfx_ksys_read+0x10/0x10 [ 407.324436][ T6432] ? rcu_is_watching+0x12/0xc0 [ 407.324477][ T6432] do_syscall_64+0xcd/0x230 [ 407.324520][ T6432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.324550][ T6432] RIP: 0033:0x7f9c5898e969 [ 407.324574][ T6432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.324618][ T6432] RSP: 002b:00007f9c59830038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 407.324648][ T6432] RAX: ffffffffffffffda RBX: 00007f9c58bb5fa0 RCX: 00007f9c5898e969 [ 407.324669][ T6432] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003 [ 407.324687][ T6432] RBP: 00007f9c59830090 R08: 0000000000000000 R09: 0000000000000000 [ 407.324705][ T6432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.324723][ T6432] R13: 0000000000000000 R14: 00007f9c58bb5fa0 R15: 00007fff06ed29c8 [ 407.324765][ T6432] syzkaller syzkaller login: syzkaller syzkaller login: [ 410.307631][ T6483] FAULT_INJECTION: forcing a failure. [ 410.307631][ T6483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.334599][ T6483] CPU: 0 UID: 0 PID: 6483 Comm: syz.0.127 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 410.334644][ T6483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 410.334660][ T6483] Call Trace: [ 410.334671][ T6483] [ 410.334683][ T6483] dump_stack_lvl+0x16c/0x1f0 [ 410.334724][ T6483] should_fail_ex+0x512/0x640 [ 410.334771][ T6483] _copy_to_user+0x32/0xd0 [ 410.334819][ T6483] simple_read_from_buffer+0xcb/0x170 [ 410.334865][ T6483] proc_fail_nth_read+0x197/0x270 [ 410.334924][ T6483] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 410.334968][ T6483] ? rw_verify_area+0xcf/0x680 [ 410.335009][ T6483] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 410.335051][ T6483] vfs_read+0x1de/0xc70 [ 410.335083][ T6483] ? __pfx___mutex_lock+0x10/0x10 [ 410.335118][ T6483] ? __pfx_vfs_read+0x10/0x10 [ 410.335166][ T6483] ? __fget_files+0x20e/0x3c0 [ 410.335221][ T6483] ksys_read+0x12a/0x240 [ 410.335245][ T6483] ? __pfx_ksys_read+0x10/0x10 [ 410.335267][ T6483] ? rcu_is_watching+0x12/0xc0 [ 410.335302][ T6483] do_syscall_64+0xcd/0x230 [ 410.335338][ T6483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.335366][ T6483] RIP: 0033:0x7f184398d37c [ 410.335389][ T6483] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 410.335417][ T6483] RSP: 002b:00007f1844816030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 410.335443][ T6483] RAX: ffffffffffffffda RBX: 00007f1843bb5fa0 RCX: 00007f184398d37c [ 410.335462][ T6483] RDX: 000000000000000f RSI: 00007f18448160a0 RDI: 0000000000000004 [ 410.335479][ T6483] RBP: 00007f1844816090 R08: 0000000000000000 R09: 0000000000000000 [ 410.335495][ T6483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.335512][ T6483] R13: 0000000000000000 R14: 00007f1843bb5fa0 R15: 00007ffeced8a748 [ 410.335549][ T6483] [ 411.127711][ T6494] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 411.576734][ T6498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.130'. [ 411.861983][ T6508] svc: failed to register nfsdv3 RPC service (errno 111). [ 411.877251][ T6508] svc: failed to register nfsaclv3 RPC service (errno 111). [ 412.452662][ T6526] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 412.960542][ T6540] netlink: 138 bytes leftover after parsing attributes in process `syz.1.140'. [ 413.419234][ T6543] tc_dump_action: action bad kind [ 413.504656][ T6546] bond0: no command found in slaves file - use +ifname or -ifname [ 413.643718][ T6551] netlink: zone id is out of range [ 413.649204][ T6551] netlink: zone id is out of range [ 413.654645][ T6551] netlink: zone id is out of range [ 413.674881][ T6551] netlink: zone id is out of range [ 413.687226][ T6551] netlink: zone id is out of range [ 413.720783][ T6551] netlink: zone id is out of range [ 413.763290][ T6551] netlink: zone id is out of range [ 413.828548][ T6551] netlink: zone id is out of range [ 413.850570][ T6551] netlink: zone id is out of range [ 413.856136][ T6551] netlink: zone id is out of range [ 413.927113][ T6555] [U]  [ 413.930166][ T6555] [U] [ 413.932944][ T6555] [U] [ 413.935701][ T6555] [U] [ 413.958289][ T6555] [U] [ 413.961105][ T6555] [U] [ 413.963883][ T6555] [U] [ 413.966652][ T6555] [U] [ 414.001937][ T6555] [U] [ 414.004728][ T6555] [U] [ 414.007488][ T6555] [U] [ 414.010250][ T6555] [U] [ 414.030899][ T6555] [U] [ 414.033680][ T6555] [U] [ 414.036399][ T6555] [U] [ 414.039481][ T6555] [U] [ 414.047319][ T6555] [U] [ 414.050114][ T6555] [U] [ 414.052884][ T6555] [U] [ 414.055642][ T6555] [U] [ 414.062664][ T6555] [U] [ 414.065457][ T6555] [U] [ 414.068224][ T6555] [U] [ 414.070964][ T6555] [U] [ 414.076407][ T6556] [U] syzkaller syzkaller login: syzkaller syzkaller login: [ 419.562744][ T6676] Unable to find swap-space signature syzkaller syzkaller login: [ 420.471212][ T6699] netlink: 12 bytes leftover after parsing attributes in process `syz.3.178'. [ 421.163959][ T6710] netlink: 28 bytes leftover after parsing attributes in process `syz.3.182'. [ 421.210823][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.543091][ T6713] Invalid ELF header magic: != ELF [ 421.774117][ T6710] bridge_slave_1 (unregistering): left allmulticast mode [ 421.896737][ T6710] bridge_slave_1 (unregistering): left promiscuous mode [ 421.914432][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state syzkaller syzkaller login: [ 422.405558][ T6724] netlink: 342 bytes leftover after parsing attributes in process `syz.0.185'. [ 422.561373][ T6731] FAULT_INJECTION: forcing a failure. [ 422.561373][ T6731] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 422.623050][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.3.186 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 422.623092][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 422.623109][ T6731] Call Trace: [ 422.623119][ T6731] [ 422.623130][ T6731] dump_stack_lvl+0x16c/0x1f0 [ 422.623173][ T6731] should_fail_ex+0x512/0x640 [ 422.623221][ T6731] should_fail_alloc_page+0xe7/0x130 [ 422.623259][ T6731] prepare_alloc_pages+0x3c2/0x610 [ 422.623305][ T6731] ? rcu_is_watching+0x12/0xc0 [ 422.623336][ T6731] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 422.623372][ T6731] ? unwind_get_return_address+0x59/0xa0 [ 422.623408][ T6731] ? arch_stack_walk+0xa6/0x100 [ 422.623461][ T6731] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 422.623499][ T6731] ? __pfx_stack_trace_save+0x10/0x10 [ 422.623530][ T6731] ? stack_depot_save_flags+0x28/0xa50 [ 422.623582][ T6731] ? kasan_save_stack+0x42/0x60 [ 422.623617][ T6731] ? __lock_acquire+0xaa4/0x1ba0 [ 422.623652][ T6731] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 422.623693][ T6731] ? policy_nodemask+0xea/0x4e0 [ 422.623731][ T6731] alloc_pages_mpol+0x1fb/0x550 [ 422.623770][ T6731] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 422.623804][ T6731] ? __page_table_check_ptes_set+0x1ae/0x420 [ 422.623839][ T6731] ? find_held_lock+0x2b/0x80 [ 422.623874][ T6731] alloc_pages_noprof+0x131/0x390 [ 422.623910][ T6731] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 422.623939][ T6731] get_free_pages_noprof+0xc/0x40 [ 422.623977][ T6731] kasan_populate_vmalloc_pte+0x2d/0x160 [ 422.624008][ T6731] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 422.624037][ T6731] __apply_to_page_range+0x617/0xd60 [ 422.624093][ T6731] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 422.624128][ T6731] ? __pfx___apply_to_page_range+0x10/0x10 [ 422.624175][ T6731] ? alloc_vmap_area+0x872/0x2970 [ 422.624223][ T6731] alloc_vmap_area+0x919/0x2970 [ 422.624281][ T6731] ? __pfx_alloc_vmap_area+0x10/0x10 [ 422.624336][ T6731] __get_vm_area_node+0x1a7/0x300 [ 422.624388][ T6731] __vmalloc_node_range_noprof+0x277/0x1540 [ 422.624442][ T6731] ? htab_map_alloc+0x456/0x1540 [ 422.624492][ T6731] ? find_held_lock+0x2b/0x80 [ 422.624520][ T6731] ? htab_map_alloc+0x456/0x1540 [ 422.624561][ T6731] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 422.624600][ T6731] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 422.624648][ T6731] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 422.624691][ T6731] ? htab_map_alloc+0x456/0x1540 [ 422.624730][ T6731] __bpf_map_area_alloc+0xeb/0x190 [ 422.624774][ T6731] ? htab_map_alloc+0x456/0x1540 [ 422.624816][ T6731] htab_map_alloc+0x456/0x1540 [ 422.624864][ T6731] ? htab_map_alloc_check+0x2f2/0x430 [ 422.624907][ T6731] map_create+0x58f/0x1db0 [ 422.624957][ T6731] ? __pfx_map_create+0x10/0x10 [ 422.624993][ T6731] ? __might_fault+0xe3/0x190 [ 422.625024][ T6731] ? __might_fault+0xe3/0x190 [ 422.625055][ T6731] ? __might_fault+0x13b/0x190 [ 422.625102][ T6731] __sys_bpf+0x47cc/0x4d80 [ 422.625149][ T6731] ? __pfx___sys_bpf+0x10/0x10 [ 422.625193][ T6731] ? ksys_write+0x190/0x240 [ 422.625226][ T6731] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 422.625288][ T6731] ? fput+0x70/0xf0 [ 422.625321][ T6731] ? ksys_write+0x1b9/0x240 [ 422.625348][ T6731] ? __pfx_ksys_write+0x10/0x10 [ 422.625374][ T6731] ? rcu_is_watching+0x12/0xc0 [ 422.625407][ T6731] __x64_sys_bpf+0x78/0xc0 [ 422.625455][ T6731] ? lockdep_hardirqs_on+0x7c/0x110 [ 422.625488][ T6731] do_syscall_64+0xcd/0x230 [ 422.625529][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.625559][ T6731] RIP: 0033:0x7f224fb8e969 [ 422.625583][ T6731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.625611][ T6731] RSP: 002b:00007f2250962038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 422.625640][ T6731] RAX: ffffffffffffffda RBX: 00007f224fdb5fa0 RCX: 00007f224fb8e969 [ 422.625660][ T6731] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 422.625677][ T6731] RBP: 00007f2250962090 R08: 0000000000000000 R09: 0000000000000000 [ 422.625696][ T6731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.625712][ T6731] R13: 0000000000000000 R14: 00007f224fdb5fa0 R15: 00007ffd31bfb098 [ 422.625752][ T6731] [ 423.560465][ T6735] capability: warning: `syz.0.188' uses 32-bit capabilities (legacy support in use) [ 423.828060][ T6743] FAULT_INJECTION: forcing a failure. [ 423.828060][ T6743] name failslab, interval 1, probability 0, space 0, times 0 [ 424.275493][ T6743] CPU: 1 UID: 0 PID: 6743 Comm: syz.3.189 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 424.275539][ T6743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 424.275558][ T6743] Call Trace: [ 424.275568][ T6743] [ 424.275579][ T6743] dump_stack_lvl+0x16c/0x1f0 [ 424.275623][ T6743] should_fail_ex+0x512/0x640 [ 424.275666][ T6743] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 424.275723][ T6743] should_failslab+0xc2/0x120 [ 424.275762][ T6743] __kmalloc_cache_noprof+0x6a/0x3e0 [ 424.275814][ T6743] ? single_open+0x4d/0x1f0 [ 424.275857][ T6743] ? __pfx_snd_info_seq_show+0x10/0x10 [ 424.275891][ T6743] single_open+0x4d/0x1f0 [ 424.275931][ T6743] snd_info_text_entry_open+0x175/0x2a0 [ 424.275972][ T6743] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 424.276010][ T6743] ? trace_kmem_cache_alloc+0x28/0xc0 [ 424.276052][ T6743] ? __pfx_apparmor_file_open+0x10/0x10 [ 424.276104][ T6743] ? proc_reg_open+0x21d/0x610 [ 424.276135][ T6743] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 424.276174][ T6743] proc_reg_open+0x286/0x610 [ 424.276207][ T6743] do_dentry_open+0x741/0x1c10 [ 424.276239][ T6743] ? __pfx_proc_reg_open+0x10/0x10 [ 424.276276][ T6743] vfs_open+0x82/0x3f0 [ 424.276321][ T6743] path_openat+0x1e5e/0x2d40 [ 424.276367][ T6743] ? __pfx_path_openat+0x10/0x10 [ 424.276408][ T6743] do_filp_open+0x20b/0x470 [ 424.276439][ T6743] ? __pfx_do_filp_open+0x10/0x10 [ 424.276498][ T6743] ? alloc_fd+0x471/0x7d0 [ 424.276557][ T6743] do_sys_openat2+0x11b/0x1d0 [ 424.276599][ T6743] ? __pfx_do_sys_openat2+0x10/0x10 [ 424.276656][ T6743] __x64_sys_openat+0x174/0x210 [ 424.276698][ T6743] ? __pfx___x64_sys_openat+0x10/0x10 [ 424.276742][ T6743] ? rcu_is_watching+0x12/0xc0 [ 424.276783][ T6743] do_syscall_64+0xcd/0x230 [ 424.276826][ T6743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.276858][ T6743] RIP: 0033:0x7f224fb8e969 [ 424.276882][ T6743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.276911][ T6743] RSP: 002b:00007f2250941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 424.276941][ T6743] RAX: ffffffffffffffda RBX: 00007f224fdb6080 RCX: 00007f224fb8e969 [ 424.276960][ T6743] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 424.276980][ T6743] RBP: 00007f224fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 424.276998][ T6743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.277018][ T6743] R13: 0000000000000000 R14: 00007f224fdb6080 R15: 00007ffd31bfb098 [ 424.277058][ T6743] [ 426.688603][ T6762] Process accounting resumed [ 426.837420][ T6773] FAULT_INJECTION: forcing a failure. [ 426.837420][ T6773] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 426.927618][ T6773] CPU: 1 UID: 0 PID: 6773 Comm: syz.2.198 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 426.927663][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 426.927681][ T6773] Call Trace: [ 426.927691][ T6773] [ 426.927702][ T6773] dump_stack_lvl+0x16c/0x1f0 [ 426.927746][ T6773] should_fail_ex+0x512/0x640 [ 426.927795][ T6773] should_fail_alloc_page+0xe7/0x130 [ 426.927834][ T6773] prepare_alloc_pages+0x3c2/0x610 [ 426.927880][ T6773] ? rcu_is_watching+0x12/0xc0 [ 426.927911][ T6773] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 426.927949][ T6773] ? unwind_get_return_address+0x59/0xa0 [ 426.927982][ T6773] ? arch_stack_walk+0xa6/0x100 [ 426.928029][ T6773] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 426.928067][ T6773] ? __pfx_stack_trace_save+0x10/0x10 [ 426.928097][ T6773] ? stack_depot_save_flags+0x28/0xa50 [ 426.928149][ T6773] ? kasan_save_stack+0x42/0x60 [ 426.928190][ T6773] ? __lock_acquire+0xaa4/0x1ba0 [ 426.928245][ T6773] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 426.928287][ T6773] ? policy_nodemask+0xea/0x4e0 [ 426.928326][ T6773] alloc_pages_mpol+0x1fb/0x550 [ 426.928364][ T6773] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 426.928398][ T6773] ? __page_table_check_ptes_set+0x1ae/0x420 [ 426.928434][ T6773] ? find_held_lock+0x2b/0x80 [ 426.928468][ T6773] alloc_pages_noprof+0x131/0x390 [ 426.928504][ T6773] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 426.928532][ T6773] get_free_pages_noprof+0xc/0x40 [ 426.928569][ T6773] kasan_populate_vmalloc_pte+0x2d/0x160 [ 426.928600][ T6773] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 426.928629][ T6773] __apply_to_page_range+0x617/0xd60 [ 426.928679][ T6773] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 426.928715][ T6773] ? __pfx___apply_to_page_range+0x10/0x10 [ 426.928761][ T6773] ? alloc_vmap_area+0x872/0x2970 [ 426.928810][ T6773] alloc_vmap_area+0x919/0x2970 [ 426.928868][ T6773] ? __pfx_alloc_vmap_area+0x10/0x10 [ 426.928920][ T6773] __get_vm_area_node+0x1a7/0x300 [ 426.928975][ T6773] __vmalloc_node_range_noprof+0x277/0x1540 [ 426.929022][ T6773] ? htab_map_alloc+0x456/0x1540 [ 426.929069][ T6773] ? find_held_lock+0x2b/0x80 [ 426.929096][ T6773] ? htab_map_alloc+0x456/0x1540 [ 426.929137][ T6773] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 426.929185][ T6773] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 426.929230][ T6773] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 426.929274][ T6773] ? htab_map_alloc+0x456/0x1540 [ 426.929315][ T6773] __bpf_map_area_alloc+0xeb/0x190 [ 426.929363][ T6773] ? htab_map_alloc+0x456/0x1540 [ 426.929407][ T6773] htab_map_alloc+0x456/0x1540 [ 426.929466][ T6773] ? htab_map_alloc_check+0x2f2/0x430 [ 426.929513][ T6773] map_create+0x58f/0x1db0 [ 426.929567][ T6773] ? __pfx_map_create+0x10/0x10 [ 426.929604][ T6773] ? __might_fault+0xe3/0x190 [ 426.929637][ T6773] ? __might_fault+0xe3/0x190 [ 426.929667][ T6773] ? __might_fault+0x13b/0x190 [ 426.929717][ T6773] __sys_bpf+0x47cc/0x4d80 [ 426.929766][ T6773] ? __pfx___sys_bpf+0x10/0x10 [ 426.929809][ T6773] ? ksys_write+0x190/0x240 [ 426.929841][ T6773] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 426.929904][ T6773] ? fput+0x70/0xf0 [ 426.929937][ T6773] ? ksys_write+0x1b9/0x240 [ 426.929961][ T6773] ? __pfx_ksys_write+0x10/0x10 [ 426.929986][ T6773] ? rcu_is_watching+0x12/0xc0 [ 426.930019][ T6773] __x64_sys_bpf+0x78/0xc0 [ 426.930062][ T6773] ? lockdep_hardirqs_on+0x7c/0x110 [ 426.930096][ T6773] do_syscall_64+0xcd/0x230 [ 426.930137][ T6773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.930166][ T6773] RIP: 0033:0x7f9c5898e969 [ 426.930199][ T6773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.930228][ T6773] RSP: 002b:00007f9c59830038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 426.930257][ T6773] RAX: ffffffffffffffda RBX: 00007f9c58bb5fa0 RCX: 00007f9c5898e969 [ 426.930278][ T6773] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 426.930297][ T6773] RBP: 00007f9c59830090 R08: 0000000000000000 R09: 0000000000000000 [ 426.930315][ T6773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.930333][ T6773] R13: 0000000000000000 R14: 00007f9c58bb5fa0 R15: 00007fff06ed29c8 [ 426.930373][ T6773] syzkaller syzkaller login: [ 428.439328][ T6785] ptrace attach of "./syz-executor exec"[5866] was attempted by "./syz-executor exec"[6785] [ 430.166251][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.513569][ T6802] netlink: 268 bytes leftover after parsing attributes in process `syz.1.206'. [ 430.594225][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 430.607835][ T5862] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 430.619331][ T5862] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 430.645971][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 430.658504][ T5862] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 430.660541][ T6793] rtc_cmos 00:00: Alarms can be up to one day in the future [ 430.679338][ T6802] net_ratelimit: 20 callbacks suppressed [ 430.679364][ T6802] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 431.000499][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.092079][ T5901] rtc_cmos 00:00: Alarms can be up to one day in the future [ 431.119581][ T5901] rtc_cmos 00:00: Alarms can be up to one day in the future [ 431.130355][ T5901] rtc_cmos 00:00: Alarms can be up to one day in the future [ 431.138194][ T5901] rtc_cmos 00:00: Alarms can be up to one day in the future [ 431.189050][ T5901] rtc rtc0: __rtc_set_alarm: err=-22 [ 431.430656][ T30] audit: type=1800 audit(6040709405.245:3): pid=6806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.208" name="dbroot" dev="configfs" ino=10737 res=0 errno=0 [ 431.458203][ T6806] FAULT_INJECTION: forcing a failure. [ 431.458203][ T6806] name failslab, interval 1, probability 0, space 0, times 0 [ 431.486955][ T6806] CPU: 0 UID: 0 PID: 6806 Comm: syz.0.208 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 431.487002][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 431.487022][ T6806] Call Trace: [ 431.487033][ T6806] [ 431.487046][ T6806] dump_stack_lvl+0x16c/0x1f0 [ 431.487090][ T6806] should_fail_ex+0x512/0x640 [ 431.487136][ T6806] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 431.487193][ T6806] should_failslab+0xc2/0x120 [ 431.487234][ T6806] __kmalloc_cache_noprof+0x6a/0x3e0 [ 431.487286][ T6806] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 431.487338][ T6806] snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 431.487384][ T6806] ? preempt_count_sub+0xc5/0x160 [ 431.487424][ T6806] ? trace_contention_end+0xdd/0x130 [ 431.487470][ T6806] ? __mutex_lock+0x1ca/0xb90 [ 431.487525][ T6806] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 431.487573][ T6806] ? __pfx___mutex_lock+0x10/0x10 [ 431.487635][ T6806] ? find_held_lock+0x2b/0x80 [ 431.487672][ T6806] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 431.487724][ T6806] snd_pcm_oss_ioctl+0x31aa/0x37a0 [ 431.487767][ T6806] ? find_held_lock+0x2b/0x80 [ 431.487796][ T6806] ? hook_file_ioctl_common+0x145/0x410 [ 431.487830][ T6806] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 431.487878][ T6806] ? __fget_files+0x20e/0x3c0 [ 431.487936][ T6806] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 431.487980][ T6806] __x64_sys_ioctl+0x190/0x200 [ 431.488028][ T6806] do_syscall_64+0xcd/0x230 [ 431.488072][ T6806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.488105][ T6806] RIP: 0033:0x7f184398e969 [ 431.488131][ T6806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.488161][ T6806] RSP: 002b:00007f1844816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 431.488192][ T6806] RAX: ffffffffffffffda RBX: 00007f1843bb5fa0 RCX: 00007f184398e969 [ 431.488214][ T6806] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000006 [ 431.488233][ T6806] RBP: 00007f1843a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 431.488254][ T6806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.488273][ T6806] R13: 0000000000000000 R14: 00007f1843bb5fa0 R15: 00007ffeced8a748 [ 431.488315][ T6806] [ 431.861451][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.111519][ T6809] netlink: 16 bytes leftover after parsing attributes in process `syz.0.208'. [ 432.146020][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.425717][ T6814] FAULT_INJECTION: forcing a failure. [ 432.425717][ T6814] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 432.514148][ T6814] CPU: 0 UID: 0 PID: 6814 Comm: syz.3.209 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 432.514190][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 432.514207][ T6814] Call Trace: [ 432.514217][ T6814] [ 432.514229][ T6814] dump_stack_lvl+0x16c/0x1f0 [ 432.514269][ T6814] should_fail_ex+0x512/0x640 [ 432.514314][ T6814] should_fail_alloc_page+0xe7/0x130 [ 432.514354][ T6814] prepare_alloc_pages+0x3c2/0x610 [ 432.514400][ T6814] ? rcu_is_watching+0x12/0xc0 [ 432.514432][ T6814] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 432.514470][ T6814] ? unwind_get_return_address+0x59/0xa0 [ 432.514504][ T6814] ? arch_stack_walk+0xa6/0x100 [ 432.514550][ T6814] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 432.514586][ T6814] ? __pfx_stack_trace_save+0x10/0x10 [ 432.514616][ T6814] ? stack_depot_save_flags+0x28/0xa50 [ 432.514668][ T6814] ? kasan_save_stack+0x42/0x60 [ 432.514703][ T6814] ? __lock_acquire+0xaa4/0x1ba0 [ 432.514749][ T6814] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 432.514790][ T6814] ? policy_nodemask+0xea/0x4e0 [ 432.514827][ T6814] alloc_pages_mpol+0x1fb/0x550 [ 432.514864][ T6814] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 432.514898][ T6814] ? __page_table_check_ptes_set+0x1ae/0x420 [ 432.514936][ T6814] ? find_held_lock+0x2b/0x80 [ 432.514970][ T6814] alloc_pages_noprof+0x131/0x390 [ 432.515007][ T6814] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 432.515036][ T6814] get_free_pages_noprof+0xc/0x40 [ 432.515074][ T6814] kasan_populate_vmalloc_pte+0x2d/0x160 [ 432.515105][ T6814] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 432.515132][ T6814] __apply_to_page_range+0x617/0xd60 [ 432.515182][ T6814] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 432.515218][ T6814] ? __pfx___apply_to_page_range+0x10/0x10 [ 432.515266][ T6814] ? alloc_vmap_area+0x872/0x2970 [ 432.515316][ T6814] alloc_vmap_area+0x919/0x2970 [ 432.515374][ T6814] ? __pfx_alloc_vmap_area+0x10/0x10 [ 432.515429][ T6814] __get_vm_area_node+0x1a7/0x300 [ 432.515481][ T6814] __vmalloc_node_range_noprof+0x277/0x1540 [ 432.515532][ T6814] ? htab_map_alloc+0x456/0x1540 [ 432.515583][ T6814] ? find_held_lock+0x2b/0x80 [ 432.515610][ T6814] ? htab_map_alloc+0x456/0x1540 [ 432.515653][ T6814] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 432.515692][ T6814] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 432.515748][ T6814] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 432.515792][ T6814] ? htab_map_alloc+0x456/0x1540 [ 432.515832][ T6814] __bpf_map_area_alloc+0xeb/0x190 [ 432.515878][ T6814] ? htab_map_alloc+0x456/0x1540 [ 432.515920][ T6814] htab_map_alloc+0x456/0x1540 [ 432.515970][ T6814] ? htab_map_alloc_check+0x2f2/0x430 [ 432.516017][ T6814] map_create+0x58f/0x1db0 [ 432.516065][ T6814] ? __pfx_map_create+0x10/0x10 [ 432.516096][ T6814] ? __might_fault+0xe3/0x190 [ 432.516127][ T6814] ? __might_fault+0xe3/0x190 [ 432.516157][ T6814] ? __might_fault+0x13b/0x190 [ 432.516207][ T6814] __sys_bpf+0x47cc/0x4d80 [ 432.516254][ T6814] ? __pfx___sys_bpf+0x10/0x10 [ 432.516297][ T6814] ? ksys_write+0x190/0x240 [ 432.516332][ T6814] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 432.516392][ T6814] ? fput+0x70/0xf0 [ 432.516425][ T6814] ? ksys_write+0x1b9/0x240 [ 432.516452][ T6814] ? __pfx_ksys_write+0x10/0x10 [ 432.516477][ T6814] ? rcu_is_watching+0x12/0xc0 [ 432.516508][ T6814] __x64_sys_bpf+0x78/0xc0 [ 432.516551][ T6814] ? lockdep_hardirqs_on+0x7c/0x110 [ 432.516586][ T6814] do_syscall_64+0xcd/0x230 [ 432.516624][ T6814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.516653][ T6814] RIP: 0033:0x7f224fb8e969 [ 432.516677][ T6814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.516705][ T6814] RSP: 002b:00007f2250962038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 432.516739][ T6814] RAX: ffffffffffffffda RBX: 00007f224fdb5fa0 RCX: 00007f224fb8e969 [ 432.516759][ T6814] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 432.516776][ T6814] RBP: 00007f2250962090 R08: 0000000000000000 R09: 0000000000000000 [ 432.516795][ T6814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.516813][ T6814] R13: 0000000000000000 R14: 00007f224fdb5fa0 R15: 00007ffd31bfb098 [ 432.516853][ T6814] [ 433.119028][ T5145] Bluetooth: hci2: command tx timeout [ 433.668738][ T6803] chnl_net:caif_netlink_parms(): no params data found [ 434.089411][ T13] bridge_slave_1: left allmulticast mode [ 434.105915][ T13] bridge_slave_1: left promiscuous mode [ 434.121088][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.161998][ T6831] netlink: 4 bytes leftover after parsing attributes in process `syz.1.212'. [ 434.195544][ T6831] netlink: 354 bytes leftover after parsing attributes in process `syz.1.212'. [ 434.243261][ T13] bridge_slave_0: left allmulticast mode [ 434.254007][ T13] bridge_slave_0: left promiscuous mode [ 434.279747][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.094966][ T6837] FAULT_INJECTION: forcing a failure. [ 435.094966][ T6837] name failslab, interval 1, probability 0, space 0, times 0 [ 435.144863][ T6837] CPU: 1 UID: 0 PID: 6837 Comm: syz.1.214 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 435.144910][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 435.144929][ T6837] Call Trace: [ 435.144940][ T6837] [ 435.144952][ T6837] dump_stack_lvl+0x16c/0x1f0 [ 435.144999][ T6837] should_fail_ex+0x512/0x640 [ 435.145044][ T6837] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 435.145126][ T6837] should_failslab+0xc2/0x120 [ 435.145166][ T6837] __kmalloc_cache_noprof+0x6a/0x3e0 [ 435.145224][ T6837] ? ptp_open+0xe3/0x520 [ 435.145263][ T6837] ptp_open+0xe3/0x520 [ 435.145299][ T6837] ? __pfx_ptp_open+0x10/0x10 [ 435.145351][ T6837] ? __pfx_ptp_open+0x10/0x10 [ 435.145381][ T6837] posix_clock_open+0x178/0x290 [ 435.145417][ T6837] ? __pfx_posix_clock_open+0x10/0x10 [ 435.145450][ T6837] chrdev_open+0x231/0x6a0 [ 435.145482][ T6837] ? __pfx_apparmor_file_open+0x10/0x10 [ 435.145523][ T6837] ? __pfx_chrdev_open+0x10/0x10 [ 435.145559][ T6837] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 435.145616][ T6837] do_dentry_open+0x741/0x1c10 [ 435.145650][ T6837] ? __pfx_chrdev_open+0x10/0x10 [ 435.145693][ T6837] vfs_open+0x82/0x3f0 [ 435.145739][ T6837] path_openat+0x1e5e/0x2d40 [ 435.145786][ T6837] ? __pfx_path_openat+0x10/0x10 [ 435.145828][ T6837] do_filp_open+0x20b/0x470 [ 435.145859][ T6837] ? __pfx_do_filp_open+0x10/0x10 [ 435.145921][ T6837] ? alloc_fd+0x471/0x7d0 [ 435.145980][ T6837] do_sys_openat2+0x11b/0x1d0 [ 435.146022][ T6837] ? __pfx_do_sys_openat2+0x10/0x10 [ 435.146082][ T6837] __x64_sys_openat+0x174/0x210 [ 435.146125][ T6837] ? __pfx___x64_sys_openat+0x10/0x10 [ 435.146171][ T6837] ? rcu_is_watching+0x12/0xc0 [ 435.146213][ T6837] do_syscall_64+0xcd/0x230 [ 435.146256][ T6837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.146289][ T6837] RIP: 0033:0x7f164998e969 [ 435.146323][ T6837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.146355][ T6837] RSP: 002b:00007f164a7b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 435.146388][ T6837] RAX: ffffffffffffffda RBX: 00007f1649bb6080 RCX: 00007f164998e969 [ 435.146410][ T6837] RDX: 0000000000000440 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 435.146430][ T6837] RBP: 00007f1649a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 435.146450][ T6837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.146469][ T6837] R13: 0000000000000000 R14: 00007f1649bb6080 R15: 00007ffeca3aa0c8 [ 435.146511][ T6837] [ 435.472485][ T5145] Bluetooth: hci2: command tx timeout [ 436.278513][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 436.349648][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 436.382123][ T13] bond0 (unregistering): Released all slaves [ 437.388268][ T6803] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.423216][ T6803] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.444185][ T6803] bridge_slave_0: entered allmulticast mode [ 437.465588][ T6803] bridge_slave_0: entered promiscuous mode [ 437.489375][ T5145] Bluetooth: hci2: command tx timeout [ 437.513027][ T6803] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.521535][ T6803] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.528837][ T6803] bridge_slave_1: entered allmulticast mode [ 437.537403][ T6803] bridge_slave_1: entered promiscuous mode [ 437.878811][ T6803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 438.004962][ T6803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 438.288089][ T13] hsr_slave_0: left promiscuous mode [ 438.297971][ T13] hsr_slave_1: left promiscuous mode [ 438.318529][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.326495][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.337024][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 438.344485][ T6873] FAULT_INJECTION: forcing a failure. [ 438.344485][ T6873] name failslab, interval 1, probability 0, space 0, times 0 [ 438.344530][ T6873] CPU: 1 UID: 0 PID: 6873 Comm: syz.3.218 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 438.344571][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 438.344589][ T6873] Call Trace: [ 438.344599][ T6873] [ 438.344609][ T6873] dump_stack_lvl+0x16c/0x1f0 [ 438.344654][ T6873] should_fail_ex+0x512/0x640 [ 438.344703][ T6873] ? fs_reclaim_acquire+0xae/0x150 [ 438.344761][ T6873] should_failslab+0xc2/0x120 [ 438.344804][ T6873] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 438.344869][ T6873] ? security_inode_alloc+0x3b/0x2b0 [ 438.344915][ T6873] security_inode_alloc+0x3b/0x2b0 [ 438.344954][ T6873] inode_init_always_gfp+0xce4/0x1030 [ 438.345017][ T6873] alloc_inode+0x86/0x240 [ 438.345059][ T6873] path_from_stashed+0x2be/0xb00 [ 438.345109][ T6873] ? __pfx_path_from_stashed+0x10/0x10 [ 438.345144][ T6873] ? userns_get+0x16b/0x420 [ 438.345202][ T6873] ns_get_path+0x5f/0x80 [ 438.345254][ T6873] proc_ns_get_link+0x121/0x260 [ 438.345308][ T6873] ? __pfx_proc_ns_get_link+0x10/0x10 [ 438.345362][ T6873] ? __pfx___might_resched+0x10/0x10 [ 438.345406][ T6873] ? __pfx_proc_ns_get_link+0x10/0x10 [ 438.345459][ T6873] step_into+0x1b22/0x2270 [ 438.345519][ T6873] ? __pfx_step_into+0x10/0x10 [ 438.345567][ T6873] ? find_held_lock+0x2b/0x80 [ 438.345612][ T6873] path_openat+0x749/0x2d40 [ 438.345659][ T6873] ? __pfx_path_openat+0x10/0x10 [ 438.345703][ T6873] do_filp_open+0x20b/0x470 [ 438.345736][ T6873] ? __pfx_do_filp_open+0x10/0x10 [ 438.345798][ T6873] ? alloc_fd+0x471/0x7d0 [ 438.345861][ T6873] do_sys_openat2+0x11b/0x1d0 [ 438.345906][ T6873] ? __pfx_do_sys_openat2+0x10/0x10 [ 438.345967][ T6873] __x64_sys_openat+0x174/0x210 [ 438.346014][ T6873] ? __pfx___x64_sys_openat+0x10/0x10 [ 438.346062][ T6873] ? rcu_is_watching+0x12/0xc0 [ 438.346113][ T6873] do_syscall_64+0xcd/0x230 [ 438.346161][ T6873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.346198][ T6873] RIP: 0033:0x7f224fb8d2d0 [ 438.346228][ T6873] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 438.346260][ T6873] RSP: 002b:00007f2250961f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 438.346292][ T6873] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f224fb8d2d0 [ 438.346314][ T6873] RDX: 0000000000000002 RSI: 00007f2250961fa0 RDI: 00000000ffffff9c [ 438.346334][ T6873] RBP: 00007f2250961fa0 R08: 0000000000000000 R09: 0000000000000000 [ 438.346354][ T6873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 438.346374][ T6873] R13: 0000000000000000 R14: 00007f224fdb5fa0 R15: 00007ffd31bfb098 [ 438.346417][ T6873] [ 438.638302][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 438.694438][ T13] veth1_macvtap: left promiscuous mode [ 438.701021][ T13] veth0_macvtap: left promiscuous mode [ 438.707083][ T13] veth1_vlan: left promiscuous mode [ 438.714516][ T13] veth0_vlan: left promiscuous mode [ 439.017410][ T6880] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[6880] [ 439.387190][ T13] team0 (unregistering): Port device team_slave_1 removed [ 439.441818][ T13] team0 (unregistering): Port device team_slave_0 removed [ 439.569972][ T5145] Bluetooth: hci2: command tx timeout [ 440.064096][ T6803] team0: Port device team_slave_0 added [ 440.091515][ T6803] team0: Port device team_slave_1 added [ 440.230878][ T6803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 440.237916][ T6803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.266487][ T6803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.282825][ T6803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.296447][ T6803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.329598][ T6803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 440.561688][ T6803] hsr_slave_0: entered promiscuous mode [ 440.568561][ T6803] hsr_slave_1: entered promiscuous mode [ 440.590058][ T6803] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 440.609385][ T6803] Cannot create hsr debugfs directory [ 442.067105][ T6803] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 442.115985][ T6803] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 442.921045][ T6803] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 442.946364][ T6803] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 443.834913][ T6803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.891110][ T6803] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.994017][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.002080][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.048906][ T6932] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 444.052155][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.066203][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.308913][ T6803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 444.923208][ T6803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.337180][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.343827][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.886226][ T6803] veth0_vlan: entered promiscuous mode [ 446.246557][ T6803] veth1_vlan: entered promiscuous mode [ 446.325783][ T6982] netlink: 20 bytes leftover after parsing attributes in process `syz.1.233'. [ 447.084493][ T6803] veth0_macvtap: entered promiscuous mode [ 447.239722][ T6803] veth1_macvtap: entered promiscuous mode [ 447.313953][ T6803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 447.347382][ T6803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.392106][ T6803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 447.429267][ T6803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.447215][ T6803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 447.592873][ T6803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.641945][ T6803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 447.714268][ T6803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 447.772725][ T6803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.864217][ T6803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 447.882069][ T6803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.899358][ T6803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 447.910026][ T6803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 447.930907][ T6803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 448.381128][ T6803] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.409164][ T6803] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.447055][ T6803] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.489165][ T6803] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.545832][ T7016] sd 0:0:1:0: PR command failed: 1026 [ 448.582557][ T7016] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 448.615830][ T7016] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 449.093410][ T5896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 449.154538][ T5896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 449.319898][ T5984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 449.351739][ T5984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 449.633303][ T7038] capability: warning: `syz.0.242' uses deprecated v2 capabilities in a way that may be insecure [ 451.443692][ T7078] ptrace attach of "./syz-executor exec"[6803] was attempted by "./syz-executor exec"[7078] [ 453.177662][ T7140] zswap: compressor not available [ 453.462488][ T7145] FAULT_INJECTION: forcing a failure. [ 453.462488][ T7145] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 453.504310][ T7151] FAULT_INJECTION: forcing a failure. [ 453.504310][ T7151] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 453.535685][ T7145] CPU: 0 UID: 0 PID: 7145 Comm: syz.3.257 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 453.535729][ T7145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 453.535747][ T7145] Call Trace: [ 453.535756][ T7145] [ 453.535768][ T7145] dump_stack_lvl+0x16c/0x1f0 [ 453.535809][ T7145] should_fail_ex+0x512/0x640 [ 453.535858][ T7145] _copy_from_user+0x2e/0xd0 [ 453.535913][ T7145] snd_pcm_oss_write+0x2e8/0xa10 [ 453.535972][ T7145] vfs_write+0x25c/0x1180 [ 453.535998][ T7145] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 453.536046][ T7145] ? __pfx_vfs_write+0x10/0x10 [ 453.536071][ T7145] ? find_held_lock+0x2b/0x80 [ 453.536102][ T7145] ? __fget_files+0x204/0x3c0 [ 453.536158][ T7145] ? __fget_files+0x20e/0x3c0 [ 453.536217][ T7145] ksys_write+0x12a/0x240 [ 453.536246][ T7145] ? __pfx_ksys_write+0x10/0x10 [ 453.536273][ T7145] ? rcu_is_watching+0x12/0xc0 [ 453.536314][ T7145] do_syscall_64+0xcd/0x230 [ 453.536357][ T7145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.536389][ T7145] RIP: 0033:0x7f224fb8e969 [ 453.536413][ T7145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.536443][ T7145] RSP: 002b:00007f224d9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 453.536472][ T7145] RAX: ffffffffffffffda RBX: 00007f224fdb6240 RCX: 00007f224fb8e969 [ 453.536492][ T7145] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 453.536510][ T7145] RBP: 00007f224d9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 453.536529][ T7145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.536547][ T7145] R13: 0000000000000000 R14: 00007f224fdb6240 R15: 00007ffd31bfb098 [ 453.536586][ T7145] [ 453.779339][ T7151] CPU: 1 UID: 0 PID: 7151 Comm: syz.4.260 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 453.779383][ T7151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 453.779401][ T7151] Call Trace: [ 453.779411][ T7151] [ 453.779422][ T7151] dump_stack_lvl+0x16c/0x1f0 [ 453.779464][ T7151] should_fail_ex+0x512/0x640 [ 453.779514][ T7151] should_fail_alloc_page+0xe7/0x130 [ 453.779555][ T7151] prepare_alloc_pages+0x3c2/0x610 [ 453.779602][ T7151] ? rcu_is_watching+0x12/0xc0 [ 453.779634][ T7151] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 453.779672][ T7151] ? unwind_get_return_address+0x59/0xa0 [ 453.779707][ T7151] ? arch_stack_walk+0xa6/0x100 [ 453.779755][ T7151] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 453.779795][ T7151] ? __pfx_stack_trace_save+0x10/0x10 [ 453.779825][ T7151] ? stack_depot_save_flags+0x28/0xa50 [ 453.779879][ T7151] ? kasan_save_stack+0x42/0x60 [ 453.779915][ T7151] ? __lock_acquire+0xaa4/0x1ba0 [ 453.779952][ T7151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 453.779996][ T7151] ? policy_nodemask+0xea/0x4e0 [ 453.780036][ T7151] alloc_pages_mpol+0x1fb/0x550 [ 453.780075][ T7151] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 453.780120][ T7151] ? __page_table_check_ptes_set+0x1ae/0x420 [ 453.780158][ T7151] ? find_held_lock+0x2b/0x80 [ 453.780192][ T7151] alloc_pages_noprof+0x131/0x390 [ 453.780229][ T7151] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 453.780259][ T7151] get_free_pages_noprof+0xc/0x40 [ 453.780297][ T7151] kasan_populate_vmalloc_pte+0x2d/0x160 [ 453.780329][ T7151] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 453.780365][ T7151] __apply_to_page_range+0x617/0xd60 [ 453.780415][ T7151] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 453.780453][ T7151] ? __pfx___apply_to_page_range+0x10/0x10 [ 453.780500][ T7151] ? alloc_vmap_area+0x872/0x2970 [ 453.780549][ T7151] alloc_vmap_area+0x919/0x2970 [ 453.780610][ T7151] ? __pfx_alloc_vmap_area+0x10/0x10 [ 453.780663][ T7151] __get_vm_area_node+0x1a7/0x300 [ 453.780715][ T7151] __vmalloc_node_range_noprof+0x277/0x1540 [ 453.780766][ T7151] ? htab_map_alloc+0x456/0x1540 [ 453.780815][ T7151] ? find_held_lock+0x2b/0x80 [ 453.780844][ T7151] ? htab_map_alloc+0x456/0x1540 [ 453.780886][ T7151] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 453.780925][ T7151] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 453.780973][ T7151] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 453.781016][ T7151] ? htab_map_alloc+0x456/0x1540 [ 453.781056][ T7151] __bpf_map_area_alloc+0xeb/0x190 [ 453.781108][ T7151] ? htab_map_alloc+0x456/0x1540 [ 453.781152][ T7151] htab_map_alloc+0x456/0x1540 [ 453.781202][ T7151] ? htab_map_alloc_check+0x2f2/0x430 [ 453.781248][ T7151] map_create+0x58f/0x1db0 [ 453.781301][ T7151] ? __pfx_map_create+0x10/0x10 [ 453.781338][ T7151] ? __might_fault+0xe3/0x190 [ 453.781372][ T7151] ? __might_fault+0xe3/0x190 [ 453.781404][ T7151] ? __might_fault+0x13b/0x190 [ 453.781453][ T7151] __sys_bpf+0x47cc/0x4d80 [ 453.781500][ T7151] ? __pfx___sys_bpf+0x10/0x10 [ 453.781543][ T7151] ? ksys_write+0x190/0x240 [ 453.781577][ T7151] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 453.781641][ T7151] ? fput+0x70/0xf0 [ 453.781676][ T7151] ? ksys_write+0x1b9/0x240 [ 453.781704][ T7151] ? __pfx_ksys_write+0x10/0x10 [ 453.781730][ T7151] ? rcu_is_watching+0x12/0xc0 [ 453.781765][ T7151] __x64_sys_bpf+0x78/0xc0 [ 453.781809][ T7151] ? lockdep_hardirqs_on+0x7c/0x110 [ 453.781845][ T7151] do_syscall_64+0xcd/0x230 [ 453.781887][ T7151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.781919][ T7151] RIP: 0033:0x7f5aa358e969 [ 453.781943][ T7151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.781972][ T7151] RSP: 002b:00007f5aa4354038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 453.782003][ T7151] RAX: ffffffffffffffda RBX: 00007f5aa37b5fa0 RCX: 00007f5aa358e969 [ 453.782023][ T7151] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 453.782041][ T7151] RBP: 00007f5aa4354090 R08: 0000000000000000 R09: 0000000000000000 [ 453.782060][ T7151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 453.782078][ T7151] R13: 0000000000000000 R14: 00007f5aa37b5fa0 R15: 00007fffa29d6298 [ 453.782127][ T7151] [ 456.474165][ T7207] FAULT_INJECTION: forcing a failure. [ 456.474165][ T7207] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 456.571065][ T7207] CPU: 0 UID: 0 PID: 7207 Comm: syz.3.270 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 456.571113][ T7207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 456.571131][ T7207] Call Trace: [ 456.571141][ T7207] [ 456.571152][ T7207] dump_stack_lvl+0x16c/0x1f0 [ 456.571195][ T7207] should_fail_ex+0x512/0x640 [ 456.571244][ T7207] should_fail_alloc_page+0xe7/0x130 [ 456.571283][ T7207] prepare_alloc_pages+0x3c2/0x610 [ 456.571330][ T7207] ? rcu_is_watching+0x12/0xc0 [ 456.571363][ T7207] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 456.571401][ T7207] ? unwind_get_return_address+0x59/0xa0 [ 456.571437][ T7207] ? arch_stack_walk+0xa6/0x100 [ 456.571486][ T7207] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 456.571525][ T7207] ? __pfx_stack_trace_save+0x10/0x10 [ 456.571556][ T7207] ? stack_depot_save_flags+0x28/0xa50 [ 456.571610][ T7207] ? kasan_save_stack+0x42/0x60 [ 456.571644][ T7207] ? __lock_acquire+0xaa4/0x1ba0 [ 456.571690][ T7207] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 456.571736][ T7207] ? policy_nodemask+0xea/0x4e0 [ 456.571776][ T7207] alloc_pages_mpol+0x1fb/0x550 [ 456.571813][ T7207] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 456.571848][ T7207] ? __page_table_check_ptes_set+0x1ae/0x420 [ 456.571885][ T7207] ? find_held_lock+0x2b/0x80 [ 456.571920][ T7207] alloc_pages_noprof+0x131/0x390 [ 456.571957][ T7207] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 456.571987][ T7207] get_free_pages_noprof+0xc/0x40 [ 456.572026][ T7207] kasan_populate_vmalloc_pte+0x2d/0x160 [ 456.572058][ T7207] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 456.572088][ T7207] __apply_to_page_range+0x617/0xd60 [ 456.572141][ T7207] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 456.572178][ T7207] ? __pfx___apply_to_page_range+0x10/0x10 [ 456.572227][ T7207] ? alloc_vmap_area+0x872/0x2970 [ 456.572276][ T7207] alloc_vmap_area+0x919/0x2970 [ 456.572334][ T7207] ? __pfx_alloc_vmap_area+0x10/0x10 [ 456.572388][ T7207] __get_vm_area_node+0x1a7/0x300 [ 456.572443][ T7207] __vmalloc_node_range_noprof+0x277/0x1540 [ 456.572494][ T7207] ? htab_map_alloc+0x456/0x1540 [ 456.572542][ T7207] ? find_held_lock+0x2b/0x80 [ 456.572571][ T7207] ? htab_map_alloc+0x456/0x1540 [ 456.572613][ T7207] ? pcpu_memcg_post_alloc_hook+0x1e/0x740 [ 456.572654][ T7207] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 456.572709][ T7207] ? pcpu_alloc_noprof+0x1f5/0x1470 [ 456.572752][ T7207] ? htab_map_alloc+0x456/0x1540 [ 456.572794][ T7207] __bpf_map_area_alloc+0xeb/0x190 [ 456.572842][ T7207] ? htab_map_alloc+0x456/0x1540 [ 456.572885][ T7207] htab_map_alloc+0x456/0x1540 [ 456.572936][ T7207] ? htab_map_alloc_check+0x2f2/0x430 [ 456.572981][ T7207] map_create+0x58f/0x1db0 [ 456.573035][ T7207] ? __pfx_map_create+0x10/0x10 [ 456.573073][ T7207] ? __might_fault+0xe3/0x190 [ 456.573106][ T7207] ? __might_fault+0xe3/0x190 [ 456.573138][ T7207] ? __might_fault+0x13b/0x190 [ 456.573183][ T7207] __sys_bpf+0x47cc/0x4d80 [ 456.573230][ T7207] ? __pfx___sys_bpf+0x10/0x10 [ 456.573272][ T7207] ? ksys_write+0x190/0x240 [ 456.573306][ T7207] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 456.573371][ T7207] ? fput+0x70/0xf0 [ 456.573405][ T7207] ? ksys_write+0x1b9/0x240 [ 456.573433][ T7207] ? __pfx_ksys_write+0x10/0x10 [ 456.573459][ T7207] ? rcu_is_watching+0x12/0xc0 [ 456.573493][ T7207] __x64_sys_bpf+0x78/0xc0 [ 456.573537][ T7207] ? lockdep_hardirqs_on+0x7c/0x110 [ 456.573571][ T7207] do_syscall_64+0xcd/0x230 [ 456.573613][ T7207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.573644][ T7207] RIP: 0033:0x7f224fb8e969 [ 456.573668][ T7207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.573704][ T7207] RSP: 002b:00007f2250962038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 456.573733][ T7207] RAX: ffffffffffffffda RBX: 00007f224fdb5fa0 RCX: 00007f224fb8e969 [ 456.573754][ T7207] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 456.573773][ T7207] RBP: 00007f2250962090 R08: 0000000000000000 R09: 0000000000000000 [ 456.573791][ T7207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 456.573809][ T7207] R13: 0000000000000000 R14: 00007f224fdb5fa0 R15: 00007ffd31bfb098 [ 456.573849][ T7207] [ 457.415260][ T7211] ================================================================== [ 457.423430][ T7211] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 457.432159][ T7211] Read of size 1 at addr ffff888061f8e1a7 by task syz.0.272/7211 [ 457.439908][ T7211] [ 457.442260][ T7211] CPU: 1 UID: 0 PID: 7211 Comm: syz.0.272 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 457.442297][ T7211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 457.442313][ T7211] Call Trace: [ 457.442323][ T7211] [ 457.442334][ T7211] dump_stack_lvl+0x116/0x1f0 [ 457.442371][ T7211] print_report+0xc3/0x670 [ 457.442401][ T7211] ? __virt_addr_valid+0x5e/0x590 [ 457.442435][ T7211] ? __phys_addr+0xc6/0x150 [ 457.442469][ T7211] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 457.442501][ T7211] kasan_report+0xe0/0x110 [ 457.442531][ T7211] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 457.442567][ T7211] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 457.442606][ T7211] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 457.442641][ T7211] ? find_held_lock+0x2b/0x80 [ 457.442663][ T7211] ? __might_fault+0xe3/0x190 [ 457.442690][ T7211] ? __might_fault+0xe3/0x190 [ 457.442718][ T7211] ? __might_fault+0x13b/0x190 [ 457.442754][ T7211] ? proc_simple_write+0x114/0x1b0 [ 457.442784][ T7211] proc_simple_write+0x114/0x1b0 [ 457.442823][ T7211] ? __pfx_proc_simple_write+0x10/0x10 [ 457.442855][ T7211] proc_reg_write+0x23d/0x330 [ 457.442881][ T7211] ? __pfx_proc_reg_write+0x10/0x10 [ 457.442908][ T7211] vfs_writev+0x6c4/0xdc0 [ 457.442949][ T7211] ? futex_wait+0x120/0x380 [ 457.442985][ T7211] ? __pfx_vfs_writev+0x10/0x10 [ 457.443025][ T7211] ? kmem_cache_free+0x2d4/0x4d0 [ 457.443050][ T7211] ? fd_install+0x225/0x750 [ 457.443103][ T7211] ? do_writev+0x132/0x330 [ 457.443141][ T7211] do_writev+0x132/0x330 [ 457.443180][ T7211] ? __pfx_do_writev+0x10/0x10 [ 457.443218][ T7211] ? rcu_is_watching+0x12/0xc0 [ 457.443254][ T7211] do_syscall_64+0xcd/0x230 [ 457.443289][ T7211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.443316][ T7211] RIP: 0033:0x7f184398e969 [ 457.443338][ T7211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.443363][ T7211] RSP: 002b:00007f1844816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 457.443390][ T7211] RAX: ffffffffffffffda RBX: 00007f1843bb5fa0 RCX: 00007f184398e969 [ 457.443423][ T7211] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000007 [ 457.443441][ T7211] RBP: 00007f1843a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 457.443456][ T7211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.443472][ T7211] R13: 0000000000000000 R14: 00007f1843bb5fa0 R15: 00007ffeced8a748 [ 457.443498][ T7211] [ 457.443506][ T7211] [ 457.693001][ T7211] Allocated by task 7211: [ 457.697352][ T7211] kasan_save_stack+0x33/0x60 [ 457.702058][ T7211] kasan_save_track+0x14/0x30 [ 457.706784][ T7211] __kasan_kmalloc+0xaa/0xb0 [ 457.711427][ T7211] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 457.717882][ T7211] memdup_user_nul+0x2b/0x120 [ 457.722597][ T7211] proc_simple_write+0xc7/0x1b0 [ 457.727486][ T7211] proc_reg_write+0x23d/0x330 [ 457.732190][ T7211] vfs_writev+0x6c4/0xdc0 [ 457.736567][ T7211] do_writev+0x132/0x330 [ 457.740856][ T7211] do_syscall_64+0xcd/0x230 [ 457.745395][ T7211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.751405][ T7211] [ 457.753745][ T7211] The buggy address belongs to the object at ffff888061f8e1a0 [ 457.753745][ T7211] which belongs to the cache kmalloc-8 of size 8 [ 457.767481][ T7211] The buggy address is located 0 bytes to the right of [ 457.767481][ T7211] allocated 7-byte region [ffff888061f8e1a0, ffff888061f8e1a7) [ 457.781847][ T7211] [ 457.784191][ T7211] The buggy address belongs to the physical page: [ 457.790630][ T7211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f8e [ 457.799431][ T7211] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 457.806658][ T7211] page_type: f5(slab) [ 457.810672][ T7211] raw: 00fff00000000000 ffff88801b441500 ffffea0001830d40 dead000000000002 [ 457.819287][ T7211] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 457.827888][ T7211] page dumped because: kasan: bad access detected [ 457.834322][ T7211] page_owner tracks the page as allocated [ 457.840065][ T7211] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5937, tgid 5936 (syz.0.6), ts 366302767866, free_ts 366190188558 [ 457.859131][ T7211] post_alloc_hook+0x181/0x1b0 [ 457.863925][ T7211] get_page_from_freelist+0x135c/0x3920 [ 457.869538][ T7211] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 457.875468][ T7211] alloc_pages_mpol+0x1fb/0x550 [ 457.880354][ T7211] new_slab+0x244/0x340 [ 457.884550][ T7211] ___slab_alloc+0xd9c/0x1940 [ 457.889271][ T7211] __slab_alloc.constprop.0+0x56/0xb0 [ 457.894698][ T7211] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 457.901150][ T7211] kstrdup+0x53/0x100 [ 457.905168][ T7211] kstrdup_const+0x63/0x80 [ 457.909646][ T7211] __kernfs_new_node+0x9b/0x8a0 [ 457.914554][ T7211] kernfs_new_node+0x13c/0x1e0 [ 457.919366][ T7211] kernfs_create_link+0xcc/0x240 [ 457.924458][ T7211] sysfs_do_create_link_sd+0x90/0x140 [ 457.929886][ T7211] sysfs_create_link+0x61/0xc0 [ 457.934697][ T7211] device_add+0x62c/0x1a70 [ 457.939279][ T7211] page last free pid 23 tgid 23 stack trace: [ 457.945326][ T7211] __free_frozen_pages+0x69d/0xff0 [ 457.950498][ T7211] tlb_remove_table_rcu+0x116/0x1a0 [ 457.955725][ T7211] rcu_core+0x799/0x14e0 [ 457.960113][ T7211] handle_softirqs+0x216/0x8e0 [ 457.964917][ T7211] run_ksoftirqd+0x3a/0x60 [ 457.969363][ T7211] smpboot_thread_fn+0x3f4/0xae0 [ 457.974335][ T7211] kthread+0x3c2/0x780 [ 457.978478][ T7211] ret_from_fork+0x45/0x80 [ 457.982945][ T7211] ret_from_fork_asm+0x1a/0x30 [ 457.987759][ T7211] [ 457.990101][ T7211] Memory state around the buggy address: [ 457.995752][ T7211] ffff888061f8e080: 07 fc fc fc 06 fc fc fc fa fc fc fc fa fc fc fc [ 458.003870][ T7211] ffff888061f8e100: fa fc fc fc fa fc fc fc fa fc fc fc 05 fc fc fc [ 458.012056][ T7211] >ffff888061f8e180: fa fc fc fc 07 fc fc fc fa fc fc fc fa fc fc fc [ 458.020189][ T7211] ^ [ 458.025347][ T7211] ffff888061f8e200: 00 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 458.033442][ T7211] ffff888061f8e280: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 458.041527][ T7211] ================================================================== [ 458.049671][ C1] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 458.229506][ T7211] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 458.236798][ T7211] CPU: 1 UID: 0 PID: 7211 Comm: syz.0.272 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) [ 458.248761][ T7211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 458.258874][ T7211] Call Trace: [ 458.262275][ T7211] [ 458.265228][ T7211] dump_stack_lvl+0x3d/0x1f0 [ 458.269863][ T7211] panic+0x71c/0x800 [ 458.273801][ T7211] ? __pfx_panic+0x10/0x10 [ 458.278260][ T7211] ? mark_held_locks+0x49/0x80 [ 458.283082][ T7211] ? preempt_schedule_thunk+0x16/0x30 [ 458.288508][ T7211] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 458.294528][ T7211] ? preempt_schedule_common+0x44/0xc0 [ 458.300076][ T7211] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 458.306103][ T7211] check_panic_on_warn+0xab/0xb0 [ 458.311096][ T7211] end_report+0x107/0x170 [ 458.315469][ T7211] kasan_report+0xee/0x110 [ 458.319945][ T7211] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 458.325978][ T7211] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 458.331840][ T7211] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 458.338062][ T7211] ? find_held_lock+0x2b/0x80 [ 458.342775][ T7211] ? __might_fault+0xe3/0x190 [ 458.347498][ T7211] ? __might_fault+0xe3/0x190 [ 458.352216][ T7211] ? __might_fault+0x13b/0x190 [ 458.357024][ T7211] ? proc_simple_write+0x114/0x1b0 [ 458.362173][ T7211] proc_simple_write+0x114/0x1b0 [ 458.367194][ T7211] ? __pfx_proc_simple_write+0x10/0x10 [ 458.372712][ T7211] proc_reg_write+0x23d/0x330 [ 458.377535][ T7211] ? __pfx_proc_reg_write+0x10/0x10 [ 458.382779][ T7211] vfs_writev+0x6c4/0xdc0 [ 458.387255][ T7211] ? futex_wait+0x120/0x380 [ 458.391809][ T7211] ? __pfx_vfs_writev+0x10/0x10 [ 458.396722][ T7211] ? kmem_cache_free+0x2d4/0x4d0 [ 458.401696][ T7211] ? fd_install+0x225/0x750 [ 458.406262][ T7211] ? do_writev+0x132/0x330 [ 458.410732][ T7211] do_writev+0x132/0x330 [ 458.415032][ T7211] ? __pfx_do_writev+0x10/0x10 [ 458.419883][ T7211] ? rcu_is_watching+0x12/0xc0 [ 458.424693][ T7211] do_syscall_64+0xcd/0x230 [ 458.429244][ T7211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.435175][ T7211] RIP: 0033:0x7f184398e969 [ 458.439632][ T7211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.459282][ T7211] RSP: 002b:00007f1844816038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 458.467736][ T7211] RAX: ffffffffffffffda RBX: 00007f1843bb5fa0 RCX: 00007f184398e969 [ 458.475822][ T7211] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000007 [ 458.483841][ T7211] RBP: 00007f1843a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 458.492972][ T7211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.501102][ T7211] R13: 0000000000000000 R14: 00007f1843bb5fa0 R15: 00007ffeced8a748 [ 458.509118][ T7211] [ 458.512490][ T7211] Kernel Offset: disabled [ 458.516871][ T7211] Rebooting in 86400 seconds..