last executing test programs: 9m36.700157779s ago: executing program 2 (id=2665): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) mmap$auto(0x0, 0x400005, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mlockall$auto(0x7) set_mempolicy$auto(0x7ff, &(0x7f0000000040)=0x87e, 0x8) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f00000000c0)) read$auto(0x3, 0x0, 0x7) keyctl$auto(0xb, 0x0, 0x6, 0x0, 0xa) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) unshare$auto(0x40000080) msgrcv$auto(0x9, 0x0, 0xffc, 0xfffffffffefffffd, 0xb3) msgrcv$auto(0x0, 0x0, 0xffc, 0xffffffffffffffff, 0xb1) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x121841, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x402802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00000069e03d6078756c1d3c97a3c485355ea75d5ab0ba659d181906be0a8814d9f902d9207fb6d5a9148b9e7cf8997d486d34e818d8d6dbc32d72a9034f6f4dca812e17a99bd9f1e793fcdca490563f8b622ea06977aae7cfb1634ad07cafd8d951d4500e7c9dff9bf410ad7bcb8605a01cd5cfc1d11555ab9f38a86c77105e16d8e98c9d6617453b367b0ecdfa755d1701a5756bcf10f1b0853093656ba9befd137e5bb6dd28348c13ea07255895cc8458fe9dbf8044474b68e4e59b548f30633149a742f3e4a6e51e0337eb85f2f96704300c262750a2c50f07c398df3b1300fc", @ANYRESDEC=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) sendmsg$auto_NET_SHAPER_CMD_GET2(r1, 0x0, 0x40800) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) arch_prctl$auto(0x1025, 0x10005) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) rseq$auto(&(0x7f0000000440)={0x6, 0x7, 0x1000000000, 0x6, 0x1, 0x8001, "3f386243c4371c2fb2f31b498e5f9f6bb39a76f1ba3adcab6b171b2ea042f7507a7ae3fffc897dd0b3da5f45a189ecd51520ed8465b20464a5a28059353c39b31a331f6d76d47e51a7da6f7e3164fbf757b1b5e132c17c4d98fc7f4bcef614ea9000af9df78f5e41cb8d89ce292b2c92ec67ecbdd7f8abc5b110504a23b9915527a9d390753480ae69a257b48e79170cd57fa3b49e97bfeb128075bc7424cb552330d144d74cdd196b6a8786a9f0e65cbb562575c9"}, 0x8000, 0xe, 0xc4f) 9m36.09105438s ago: executing program 2 (id=2669): r0 = socket(0x1d, 0x4, 0x20000006) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000002c40)=0xd0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="34000000545f89da63791d3a4c9d77716733b008152061e79dcab69e437427466914bae562d2ae5a2ae10735bbffa36445397eab27663a9e058a733dcd33383eceb0b5a017dedeaa10d8c3875d4bb6c48f0f68e5e1dbaaea97811cef24f8c5c34cfbdb", @ANYRES16=r4, @ANYBLOB, @ANYRES32=r5, @ANYBLOB="080003"], 0x34}, 0x1, 0x0, 0x0, 0x44000}, 0x14) r6 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r6, 0x40046109, &(0x7f0000002c40)=0x10) close_range$auto(r1, r6, 0x0) io_uring_setup$auto(0x40005, 0x0) madvise$auto(0x108000, 0x800034, 0x9) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syzkaller1\x00'}) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2711, @my=0x0}, 0x69) unshare$auto(0x40000080) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r8, 0x301, 0x70bd26, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x8810}, 0x0) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040), 0x404100, 0x0) 9m32.957654382s ago: executing program 2 (id=2681): socket(0x10, 0x2, 0x14) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0x2a, 0x1, 0xfffffffc) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) ppoll$auto(&(0x7f0000000040)={r0, 0xd, 0xb1f}, 0xd4, &(0x7f00000000c0)={0x8000000000000000, 0x2}, &(0x7f0000000100)={0xc}, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0xa0010000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x3, 0x2e1b}, 0xf7, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/zram0/initstate\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) creat$auto(&(0x7f0000000040)='./file0\x00', 0x81) syz_genetlink_get_family_id$auto_wireguard(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x5, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, [0x0, 0x2, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0xfffffffffffffffd, 0x8, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x10]}, 0x1fe, 0x81) read$auto_udf_dir_operations_udfdecl(r1, 0x0, 0x0) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xf000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) execveat$auto(0x6, &(0x7f0000000000)='[[]$)%*++{#\x00', 0x0, 0x0, 0x1000) 9m30.659296984s ago: executing program 2 (id=2691): socket(0x10, 0x2, 0x14) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0x2a, 0x1, 0xfffffffc) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) ppoll$auto(&(0x7f0000000040)={r0, 0xd, 0xb1f}, 0xd4, &(0x7f00000000c0)={0x8000000000000000, 0x2}, &(0x7f0000000100)={0xc}, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0xa0010000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x3, 0x2e1b}, 0xf7, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) creat$auto(&(0x7f0000000040)='./file0\x00', 0x81) syz_genetlink_get_family_id$auto_wireguard(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0xfff, 0x7, 0x8001, 0x5, 0x5, 0x3, 0x40, 0x7, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, [0x0, 0x2, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0xfffffffffffffffd, 0x8, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x10]}, 0x1fe, 0x81) read$auto_udf_dir_operations_udfdecl(r1, &(0x7f0000000440)=""/121, 0x79) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xf000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) execveat$auto(0x6, &(0x7f0000000000)='[[]$)%*++{#\x00', 0x0, 0x0, 0x1000) 9m28.36883127s ago: executing program 2 (id=2688): close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x10, 0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x1000, 0x0) ioctl$auto(r0, 0x5607, r0) (fail_nth: 1) 9m27.502836013s ago: executing program 2 (id=2690): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x80002, 0x8) socket(0x2, 0x80805, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) timer_create$auto(0x0, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x23, 0x0, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x11, 0xffffffffffffffff, 0x62) socket$nl_generic(0x10, 0x3, 0x10) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="19000003d30000", 0x7) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xff, 0xfffffffffffffffe, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x1, 0x8, 0x1000000, 0xffffffdffffffffd, 0x7, 0x6d3c, 0x5, 0x4]}, 0x0) r1 = socket(0x2, 0x5, 0x0) socket(0x18, 0x5, 0x2) bind$auto(0x3, &(0x7f0000000000), 0x6b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6b) close_range$auto(r1, 0x8, 0x0) r2 = socket(0x2, 0x3, 0x100) connect$auto(r2, &(0x7f0000000240)=@hci={0x1f, 0x2, 0x1}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x40000, 0x0) 9m12.435810718s ago: executing program 32 (id=2690): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x80002, 0x8) socket(0x2, 0x80805, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) timer_create$auto(0x0, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x23, 0x0, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x11, 0xffffffffffffffff, 0x62) socket$nl_generic(0x10, 0x3, 0x10) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="19000003d30000", 0x7) socket(0x2, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xff, 0xfffffffffffffffe, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x1, 0x8, 0x1000000, 0xffffffdffffffffd, 0x7, 0x6d3c, 0x5, 0x4]}, 0x0) r1 = socket(0x2, 0x5, 0x0) socket(0x18, 0x5, 0x2) bind$auto(0x3, &(0x7f0000000000), 0x6b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6b) close_range$auto(r1, 0x8, 0x0) r2 = socket(0x2, 0x3, 0x100) connect$auto(r2, &(0x7f0000000240)=@hci={0x1f, 0x2, 0x1}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x40000, 0x0) 2m58.916819702s ago: executing program 3 (id=3860): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netstat\x00', 0x100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000300)='/dev/media3\x00', 0x220100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = inotify_init1$auto(0x10) ioctl$auto_SNDRV_CTL_IOCTL_POWER(r1, 0xc00455d0, &(0x7f00000000c0)=0x9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/snmp\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)=""/88, 0x58) mmap$auto(0x0, 0x2000b, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x101, 0x0, 0x5, 0x9ad}, 0x5}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x9, 0xc1b8, 0x4, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r4 = socket(0x29, 0x5, 0x0) syz_clone(0x40100100, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(r4, 0x0, 0x40) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) pwrite64$auto(r5, 0x0, 0x1, 0x2) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) 2m56.294848871s ago: executing program 3 (id=3866): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x261c2, 0x84) setreuid$auto(0x7, 0x806) fcntl$auto(0xff80000000000000, 0x406, 0x1) bind$auto(0x3, &(0x7f0000002000), 0xf) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/module/ima/parameters/ahash_bufsize\x00', 0x62, 0x0) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) pipe2$auto(0x0, 0x80) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram0/queue/nomerges\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) mmap$auto(0x8, 0x4, 0xc000000, 0x19, 0xfffffffffffffffc, 0x29400000000000) settimeofday$auto(&(0x7f0000000180)={0x1ed5d7403, 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x8b0b, 0x91) 2m55.224296386s ago: executing program 3 (id=3871): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x402, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) memfd_secret$auto(0x0) socket(0x2, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0x4008ae93, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0xa, 0x806, 0x0) r4 = io_uring_setup$auto(0x6, 0x0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r3) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec0000005c83d1c22e5eba28ec0bac2206c1d7e06a6fa1581b78a5b5896a9a120a7732beccfda9c06b3714887c092abe90a4a39e86897b5ca5d173a149efc209bb6387", @ANYRES16=r5, @ANYBLOB="000826bd7000fedbdf2521000000a6005b005adf59ba341f9d39525db5debb411e64be368d514f37945d8f96f01e7f785ce03bedad9dda887a1e74217179639eef730477623430edc52828b81f9373e3af5c7fc014279216428cee86e3ae5ffca848a66a05f3fdf0e071551be767007ba8c33fd21ab722896b6d52501e5eba8831ccadb955ee03ec940e9452db30808523bebd1ce5ff2492b016c5d03ba0398bdec628abea53c15845c1c1ab639ffb93c396dfb0000008000100090000000800cb000d0000000400ff000b00340097d773d0921b8c000d00bd00eb217c9a3d4a58736d000000"], 0xec}, 0x1, 0x0, 0x0, 0x8000}, 0x80) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$auto(r0, &(0x7f0000000000), 0x400, 0x7, &(0x7f0000000080)=@xdp={0x2c, 0x5, r6, 0x25}, 0x1) 2m53.936899359s ago: executing program 3 (id=3873): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cec2\x00', 0x131140, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) prctl$auto(0x23, 0x4, 0x2008, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) mincore$auto(0x9, 0x2fb, &(0x7f0000000040)='M[\x00') r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x2, 0x0) write$auto_ecryptfs_miscdev_fops_miscdev(r1, 0x0, 0x0) mmap$auto(0x100000000, 0x402000c, 0xdf, 0x91, r1, 0x8004) mmap$auto(0x0, 0x821e, 0x1000, 0x17, 0x2, 0x8000) unshare$auto(0x40000080) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r2) acct$auto(&(0x7f0000000080)='/proc/sys/kernel/sched_deadline\xdcBH\xc7H\xe2\x1d\b\x00ax_us\x00\xae\xb5\x86\xe9\xf6\xfe\x9b6\x91\x8f\x158\xe7qwI\t0\xc3\xd1\xcd\xf5\x04\xe0B\xe0U<\xb1\x1d\xda\xd2') removexattr$auto(0x0, 0x0) mmap$auto(0x4, 0x2020009, 0x8, 0xeb1, 0xffffffffffeffffa, 0x7ffd) getrandom$auto(0x0, 0x6000000, 0x3) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x41ee43, 0x193) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) socket(0x2, 0x80002, 0x73) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) read$auto(0x3, 0x0, 0x7) ioctl$auto(0x3, 0x5412, 0x38) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) ioctl$auto(0x3, 0x402c542b, 0x38) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x1c9180, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec16\x00', 0x1c1901, 0x0) 2m51.44669583s ago: executing program 3 (id=3879): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x9, 0xfffffffffffffff7, 0x8b75, r0, 0x8000) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) open(0x0, 0x2000, 0x0) socket(0x2a, 0x1, 0xfffffffe) r1 = socket(0x10, 0x2, 0x6) rseq$auto(0x0, 0x8000, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0xa, 0x0) timerfd_create$auto(0x1, 0x0) timerfd_gettime$auto(0x6, 0x0) epoll_create$auto(0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) ioctl$auto(0xffffffffffffffff, 0xa0000000, 0x0) 2m51.090673606s ago: executing program 3 (id=3882): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/rto_max\x00', 0x101201, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) write$auto(0x3, 0x0, 0xfdef) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) (async) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x1}, 0x803}, 0xfffffff9, 0x10, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={0x0}, 0x1, 0x0, 0x0, 0x8800}, 0x0) (async) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000180)={r1, &(0x7f00000000c0)="160b9875b527af70b53aee9483040028a89d618d4e226bb53864506323d246d326641f1e089f599de5", 0xa, &(0x7f0000000340)="1c4db6bc7b9ae3891971b514987132aed77abf8c18042b37e7103b3f97e925e3b06b0a1106290531e27804cdf0b1f8ceb5f056718b0fcc16dea67518f8bae8e839fe51e080a5cfe4f80fec591b44bf7c27df1bd55c138defb66a6c7ab4bc72f8a8e2197098c29d927ecb4483c52466ad9fe8afa1ac7f1f2edfdb43d92344409d01dc5376c78d0d1d0acc3d192270f864a0db5a3ed4a49cb630ff2b2d5e84496d6d445b4676e2d292d5677e24e4321e5a8d38e19149593fae8789de55a2e68724509fedf52f75c7e6b591fe57d5af84995c58c0b6e37b7b653dcb4e2491e4b38e4681abdd8c9139e9a5bfdfb61699e054113d11ed5ccaa8b0cb82", 0xffff, &(0x7f0000000440)="15165d2560977be4f670782f79b56b1c14175c91a9dcbb68319345287c6e7b52242a2850f5d0655ba0059975a5c4934eeea7922fb6c5da5008c3e25fbe6c67c94c26be76e8c60cacbea80ee08dec7ca81d0a15caa517cf74e775140ef14d31bc441410f3e8b33f9ec88ca84a839437c2ed98d6faba5bb4cace0965aff8b5775646f370714280d460bada677cca2c18eef3754704e09334c22195f817ba8b6c6c935cd6b4db9da2e9c9aa97c156a4445c58f94b5ed18fc02071fe95f2e532b2a08fb8c87f3e054cd6e2c0ccee2bbe881322341f2a5a17105f5c0cc923f1b22ab3d06417", &(0x7f0000000100)=0x8000}) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(r2, 0xc1004110, &(0x7f0000000540)={0x9e73, [0x3000, 0x401, 0x1], [{0x7, 0x9, 0x1, 0x1}, {0x0, 0xe61, 0x1}, {0x4, 0x80, 0x1}, {0x3, 0x6, 0x0, 0x0, 0x0, 0x1}, {0x3, 0xfffffffb, 0x1, 0x1, 0x1}, {0x9, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x8, 0x0, 0x0, 0x1, 0x1}, {0x80, 0xffffff03}, {0x9, 0x6, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x4, 0x0, 0x1, 0x1}, {0x1, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x4, 0xd975, 0x1, 0x0, 0x1, 0x1}], 0x6, 0x0, 0x2, 0x180, 0x6, 0x58f, 0xa1, "c182eee8662378a006eddb7c791f7acae477f1f48748eb0393cee5f38893223de1ac4875e43ebf2eb84c8a96304bcb05c59fb09c53e45717e330d09b0cc9ea9e"}) (async) r3 = openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000001400)='/sys/kernel/tracing/tracing_on\x00', 0x682, 0x0) socket(0x2, 0x801, 0x6) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async) writev$auto(r3, &(0x7f0000001500)={0x0, 0x1}, 0xf7) (async) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000040)={0x1c, r4, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) r5 = io_uring_setup$auto(0x7, 0x0) read$auto_hwsim_fops_rx_rssi_(r5, &(0x7f0000000140)=""/15, 0xf) (async) ioctl$auto_BTRFS_IOC_QGROUP_ASSIGN(r5, 0x40189429, &(0x7f0000000000)={0xfffffffffffffffe, 0x0, 0x4}) 2m35.079882971s ago: executing program 33 (id=3882): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/rto_max\x00', 0x101201, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) write$auto(0x3, 0x0, 0xfdef) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) (async) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x1}, 0x803}, 0xfffffff9, 0x10, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={0x0}, 0x1, 0x0, 0x0, 0x8800}, 0x0) (async) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000180)={r1, &(0x7f00000000c0)="160b9875b527af70b53aee9483040028a89d618d4e226bb53864506323d246d326641f1e089f599de5", 0xa, &(0x7f0000000340)="1c4db6bc7b9ae3891971b514987132aed77abf8c18042b37e7103b3f97e925e3b06b0a1106290531e27804cdf0b1f8ceb5f056718b0fcc16dea67518f8bae8e839fe51e080a5cfe4f80fec591b44bf7c27df1bd55c138defb66a6c7ab4bc72f8a8e2197098c29d927ecb4483c52466ad9fe8afa1ac7f1f2edfdb43d92344409d01dc5376c78d0d1d0acc3d192270f864a0db5a3ed4a49cb630ff2b2d5e84496d6d445b4676e2d292d5677e24e4321e5a8d38e19149593fae8789de55a2e68724509fedf52f75c7e6b591fe57d5af84995c58c0b6e37b7b653dcb4e2491e4b38e4681abdd8c9139e9a5bfdfb61699e054113d11ed5ccaa8b0cb82", 0xffff, &(0x7f0000000440)="15165d2560977be4f670782f79b56b1c14175c91a9dcbb68319345287c6e7b52242a2850f5d0655ba0059975a5c4934eeea7922fb6c5da5008c3e25fbe6c67c94c26be76e8c60cacbea80ee08dec7ca81d0a15caa517cf74e775140ef14d31bc441410f3e8b33f9ec88ca84a839437c2ed98d6faba5bb4cace0965aff8b5775646f370714280d460bada677cca2c18eef3754704e09334c22195f817ba8b6c6c935cd6b4db9da2e9c9aa97c156a4445c58f94b5ed18fc02071fe95f2e532b2a08fb8c87f3e054cd6e2c0ccee2bbe881322341f2a5a17105f5c0cc923f1b22ab3d06417", &(0x7f0000000100)=0x8000}) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(r2, 0xc1004110, &(0x7f0000000540)={0x9e73, [0x3000, 0x401, 0x1], [{0x7, 0x9, 0x1, 0x1}, {0x0, 0xe61, 0x1}, {0x4, 0x80, 0x1}, {0x3, 0x6, 0x0, 0x0, 0x0, 0x1}, {0x3, 0xfffffffb, 0x1, 0x1, 0x1}, {0x9, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x8, 0x0, 0x0, 0x1, 0x1}, {0x80, 0xffffff03}, {0x9, 0x6, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x4, 0x0, 0x1, 0x1}, {0x1, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x4, 0xd975, 0x1, 0x0, 0x1, 0x1}], 0x6, 0x0, 0x2, 0x180, 0x6, 0x58f, 0xa1, "c182eee8662378a006eddb7c791f7acae477f1f48748eb0393cee5f38893223de1ac4875e43ebf2eb84c8a96304bcb05c59fb09c53e45717e330d09b0cc9ea9e"}) (async) r3 = openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000001400)='/sys/kernel/tracing/tracing_on\x00', 0x682, 0x0) socket(0x2, 0x801, 0x6) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async) writev$auto(r3, &(0x7f0000001500)={0x0, 0x1}, 0xf7) (async) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000040)={0x1c, r4, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) r5 = io_uring_setup$auto(0x7, 0x0) read$auto_hwsim_fops_rx_rssi_(r5, &(0x7f0000000140)=""/15, 0xf) (async) ioctl$auto_BTRFS_IOC_QGROUP_ASSIGN(r5, 0x40189429, &(0x7f0000000000)={0xfffffffffffffffe, 0x0, 0x4}) 2m33.030330701s ago: executing program 1 (id=3904): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x402, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) memfd_secret$auto(0x0) socket(0x2, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0x4008ae93, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0xa, 0x806, 0x0) r4 = io_uring_setup$auto(0x6, 0x0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r3) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec0000005c83d1c22e5eba28ec0bac2206c1d7e06a6fa1581b78a5b5896a9a120a7732beccfda9c06b3714887c092abe90a4a39e86897b5ca5d173a149efc209bb6387", @ANYRES16=r5, @ANYBLOB="000826bd7000fedbdf2521000000a6005b005adf59ba341f9d39525db5debb411e64be368d514f37945d8f96f01e7f785ce03bedad9dda887a1e74217179639eef730477623430edc52828b81f9373e3af5c7fc014279216428cee86e3ae5ffca848a66a05f3fdf0e071551be767007ba8c33fd21ab722896b6d52501e5eba8831ccadb955ee03ec940e9452db30808523bebd1ce5ff2492b016c5d03ba0398bdec628abea53c15845c1c1ab639ffb93c396dfb0000008000100090000000800cb000d0000000400ff000b00340097d773d0921b8c000d00bd00eb217c9a3d4a58736d000000"], 0xec}, 0x1, 0x0, 0x0, 0x8000}, 0x80) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$auto(r0, &(0x7f0000000000), 0x400, 0x7, &(0x7f0000000080)=@xdp={0x2c, 0x5, r6, 0x25}, 0x1) 2m31.994653148s ago: executing program 1 (id=3908): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/bdi/43:416/min_ratio\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) write$auto_drm_edid_fops_drm_debugfs(0xffffffffffffffff, 0x0, 0x0) r3 = open(0x0, 0x181080, 0x118) open_by_handle_at$auto(r3, &(0x7f0000000140)={0x8, 0x1, "0400000000000000"}, 0x42) splice$auto(0x4, 0x0, 0x2, 0x0, 0x14000000000, 0xf) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r4) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f00000005c0)=""/8, 0x8) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r5, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44004811}, 0x40000c0) 2m31.228465121s ago: executing program 1 (id=3910): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x31}}, 0x6a) select$auto(0xf1, &(0x7f0000000080)={[0xf9da, 0x4e, 0x7, 0x7fffffff, 0x67, 0x7, 0x8000000000000000, 0xc24, 0x7fffffff, 0x2, 0x95, 0x1, 0xc20000000000000, 0x5f18, 0x4, 0xe9a0]}, &(0x7f0000000180)={[0x400, 0xf, 0x200, 0x0, 0x6, 0x800, 0x7df, 0x4820, 0x7, 0x4, 0xfffffffffffffeff, 0x8, 0x881a, 0x9, 0x0, 0x3]}, &(0x7f0000000200)={[0x6f, 0x2, 0x1, 0x1, 0x9, 0x10001, 0x1, 0x1, 0x3, 0x100, 0xcb7, 0xc00, 0x8, 0x3, 0x167]}, &(0x7f0000000000)={0x4, 0x1}) socket(0x2b, 0x80000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/blkio.bfq.avg_queue_size\x00', 0x820, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0xfffffffd, 0x0, 0x0) socketpair$auto(0x9, 0x0, 0x80000001, &(0x7f00000010c0)=0x7) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0x200000000000000f, 0x10007}, {0x9}}, 0x0) socket(0xa, 0x3, 0x39) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket(0x2a, 0x2, 0x6) setresgid$auto(0xa05, 0x4, 0x0) access$auto(0x0, 0x3) connect$auto(0x3, 0xfffffffffffffffe, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000140)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763c1dbfee3f787fc87cd0f5600ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b58", 0x46) 2m30.338905931s ago: executing program 1 (id=3912): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x261c2, 0x84) setreuid$auto(0x7, 0x806) r1 = waitid$auto_P_ALL(0x0, r0, &(0x7f0000000040)={@siginfo_0_0={0x0, 0xf, 0x5, @_sigsys={&(0x7f0000000000)="e71640e861d94b0ba5", 0xa0000000, 0xe9c}}}, 0x4, &(0x7f00000000c0)={{0x3, 0x6}, {0x7, 0x4}, 0xe341, 0x3, 0x1, 0x9, 0x3, 0x4, 0xa, 0x2, 0xec, 0x7, 0x3, 0x100000001, 0x19db433f}) fcntl$auto(0xff80000000000000, 0x1006, r1) bind$auto(0x3, &(0x7f0000002000), 0xf) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) pipe2$auto(0x0, 0x80) mmap$auto(0x8, 0x4, 0xc000000, 0x19, 0xfffffffffffffffc, 0x29400000000000) settimeofday$auto(&(0x7f0000000180)={0x1ed5d7403, 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x8b0b, 0x91) 2m30.210864982s ago: executing program 1 (id=3914): openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) msgctl$auto_IPC_RMID(0x2, 0x0, &(0x7f0000000100)={{0x6, 0xee01, 0xffffffffffffffff, 0xcbe1, 0xa97, 0x0, 0xfffc}, &(0x7f0000000040)=0x5, &(0x7f00000000c0)=0x17, 0xd4, 0xcc, 0x4, 0x6, 0x0, 0x4, 0x180, 0x4, @raw=0x8, @inferred=0xffffffffffffffff}) r1 = getgid() setresgid$auto(r1, 0xee00, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000200)={{0x1b, r0, r1, 0x6, 0x14560000, 0x80, 0x401}, &(0x7f0000000180)=0xd, &(0x7f00000001c0)=0x5, 0x0, 0x8, 0x7fffffff, 0xe08, 0x10001, 0x9, 0x4, 0x792, @raw=0xfffffe00, @raw}) newfstatat$auto(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x5, 0x8, 0x5, 0x3, r0, r1, 0x0, 0x85, 0x0, 0x6, 0x1be400000000, 0x5, 0x8000000000000000, 0x8, 0x3094, 0xfff, 0x2}, 0x2) shmctl$auto_IPC_RMID(0x6, 0x0, &(0x7f0000000400)={{0x2, r0, r3, 0x4, 0xfb6f, 0x3, 0x2}, 0x0, 0x9, 0x0, 0xffffffff, @raw=0x6, @raw=0x800, 0x6, 0x0, &(0x7f0000000380)="1af5794980a3aed2f444e3ac55540990bae8172224deb6dedd6cbd9d95f50dbecb", &(0x7f00000003c0)="3def88dd77906d85362a48b146c36cfcfaad2277effc3b6a9ee282"}) keyctl$auto_KEYCTL_PKEY_VERIFY(0x1c, r4, r2, r5, 0xfffffffffffffffb) 2m30.133742503s ago: executing program 1 (id=3915): r0 = prctl$auto_PR_RISCV_SET_ICACHE_FLUSH_CTX(0x47, 0xa8f, 0xffffffffffffffff, 0x6c, 0xfffffffffffffff7) close_range$auto(r0, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x10f, 0x81, 0x0, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="556c29bd6063f923bdc98d7000ff"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), r2) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001d80), r2) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000001dc0)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x50000014}, 0x20000080) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) creat$auto(&(0x7f00000001c0)='./file0\x00', 0xbc30) lstat$auto(&(0x7f0000000740)='./file0\x00', 0x0) stat$auto(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x6, 0x3, 0x8, 0x4, 0xee01, 0xee00, 0x0, 0x6, 0x7, 0xfffffffffffffffd, 0x800000, 0xfffffffffffffff8, 0x3, 0x1ff, 0x9, 0x6, 0x2}) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x3a0f0915) listen$auto(0x3, 0x81) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x8400, 0x82) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(r4, 0x0, 0x2, 0x0) ptrace$auto(0x10, r4, 0x0, 0x8693) open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) ioctl$auto_SNDCTL_SYNTH_ID(r1, 0xc08c5114, &(0x7f00000001c0)) 2m14.936597248s ago: executing program 34 (id=3915): r0 = prctl$auto_PR_RISCV_SET_ICACHE_FLUSH_CTX(0x47, 0xa8f, 0xffffffffffffffff, 0x6c, 0xfffffffffffffff7) close_range$auto(r0, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x10f, 0x81, 0x0, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="556c29bd6063f923bdc98d7000ff"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), r2) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001d80), r2) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000001dc0)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x50000014}, 0x20000080) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) creat$auto(&(0x7f00000001c0)='./file0\x00', 0xbc30) lstat$auto(&(0x7f0000000740)='./file0\x00', 0x0) stat$auto(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x6, 0x3, 0x8, 0x4, 0xee01, 0xee00, 0x0, 0x6, 0x7, 0xfffffffffffffffd, 0x800000, 0xfffffffffffffff8, 0x3, 0x1ff, 0x9, 0x6, 0x2}) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x3a0f0915) listen$auto(0x3, 0x81) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x8400, 0x82) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(r4, 0x0, 0x2, 0x0) ptrace$auto(0x10, r4, 0x0, 0x8693) open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) ioctl$auto_SNDCTL_SYNTH_ID(r1, 0xc08c5114, &(0x7f00000001c0)) 9.893850948s ago: executing program 6 (id=4283): write$auto(0xca, &(0x7f00000000c0)='\x04>2\x04!\xe2\x00\x94\xf2\xa2\x00\x00', 0x7e) getresuid$auto(&(0x7f0000000080)=0x7, 0x0, 0xfffffffffffffffc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(r0, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x28) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = fcntl$auto_F_SETLK(r0, 0x6, 0xffffffffffffffff) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r1, 0x1, &(0x7f0000000140)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x40000, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) madvise$auto(0x0, 0x20499d, 0x9) ioctl$auto(0xffffffffffffffff, 0x40046205, 0x9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto(0x3, 0x541b, 0x7f) 8.819129861s ago: executing program 5 (id=4290): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) mmap$auto(0x0, 0x400005, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mlockall$auto(0x7) set_mempolicy$auto(0x7ff, &(0x7f0000000040)=0x87e, 0x8) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f00000000c0)) read$auto(0x3, 0x0, 0x7) keyctl$auto(0xb, 0x0, 0x6, 0x0, 0xa) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) unshare$auto(0x40000080) msgrcv$auto(0x9, 0x0, 0xffc, 0xfffffffffefffffd, 0xb3) msgrcv$auto(0x0, 0x0, 0xffc, 0xffffffffffffffff, 0xb1) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x121841, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x402802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00000069e03d6078756c1d3c97a3c485355ea75d5ab0ba659d181906be0a8814d9f902d9207fb6d5a9148b9e7cf8997d486d34e818d8d6dbc32d72a9034f6f4dca812e17a99bd9f1e793fcdca490563f8b622ea06977aae7cfb1634ad07cafd8d951d4500e7c9dff9bf410ad7bcb8605a01cd5cfc1d11555ab9f38a86c77105e16d8e98c9d6617453b367b0ecdfa755d1701a5756bcf10f1b0853093656ba9befd137e5bb6dd28348c13", @ANYRESDEC=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) sendmsg$auto_NET_SHAPER_CMD_GET2(r1, 0x0, 0x40800) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) arch_prctl$auto(0x1025, 0x10005) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xfffffffffffffffe, 0xb, 0x2, 0x15f4da0a, 0x1, 0x1000000000000003, 0x2300000000000000, 0x80000001, 0x6, 0x6d3c, 0x0, 0x3, 0x2e]}, 0x0) rseq$auto(&(0x7f0000000440)={0x6, 0x7, 0x1000000000, 0x6, 0x1, 0x8001, "3f386243c4371c2fb2f31b498e5f9f6bb39a76f1ba3adcab6b171b2ea042f7507a7ae3fffc897dd0b3da5f45a189ecd51520ed8465b20464a5a28059353c39b31a331f6d76d47e51a7da6f7e3164fbf757b1b5e132c17c4d98fc7f4bcef614ea9000af9df78f5e41cb8d89ce292b2c92ec67ecbdd7f8abc5b110504a23b9915527a9d390753480ae69a257b48e79170cd57fa3b49e97bfeb128075bc7424cb552330d144d74cdd196b6a8786a9f0e65cbb562575c9"}, 0x8000, 0xe, 0xc4f) 7.769440898s ago: executing program 5 (id=4295): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x7fff) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x1, 0x0, 0x8004) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x6, 0x38, 0x1000000000065f, 0x1ffde, 0x7, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x3, 0x2000, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x1, 0x3, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x200000000001, 0x0, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x400000, 0x400000000005b8, 0xc, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x10006]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x6}, 0xf7, 0x0) mmap$auto(0x0, 0xa9, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2b, 0x1, 0x1) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 7.457220725s ago: executing program 5 (id=4297): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netstat\x00', 0x100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000300)='/dev/media3\x00', 0x220100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = inotify_init1$auto(0x10) ioctl$auto_SNDRV_CTL_IOCTL_POWER(r1, 0xc00455d0, &(0x7f00000000c0)=0x9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/snmp\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)=""/88, 0x58) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x101, 0x0, 0x5, 0x9ad}, 0x5}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x9, 0xc1b8, 0x4, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r3 = socket(0x29, 0x5, 0x0) syz_clone(0x40100100, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(r3, 0x0, 0x40) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) pwrite64$auto(r4, 0x0, 0x1, 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) 6.604727028s ago: executing program 0 (id=4298): r0 = socket(0x25, 0x5, 0x0) mmap$auto(0x0, 0x202000b, 0x3, 0x15, 0xfffffffffffffffa, 0x8000) write$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffffff, 0x0, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x13, 0x0, 0x4) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2800, 0x0) pread64$auto(r1, 0x0, 0x8, 0xffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x420340, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0xc00, 0x2000000000002) r3 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) r4 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pread64$auto(r4, &(0x7f0000000440)='$^\\(]\x00', 0x40, 0x6) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), r0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r5 = open(&(0x7f0000000080)='./file0\x00', 0x22000, 0x50) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) epoll_create$auto(0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) socket(0x2, 0x80805, 0x0) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x64, 0x0, 0x8) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) connect$auto(r5, &(0x7f0000000040)=@rc={0x1f, @any, 0x1}, 0xb) 6.040150829s ago: executing program 5 (id=4299): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) clone$auto(0x1ff00, 0x2000000, 0x0, 0x0, 0x9) exit$auto(0x7) pidfd_getfd$auto(0x3, 0x1, 0x100000000) 5.582889802s ago: executing program 0 (id=4300): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40000c, 0xdf, 0x7fffffffffffffff, r0, 0x400) bpf$auto(0x0, 0x0, 0x6f4) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi18\x00', 0x280, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/vhci_hcd.7/usb24/24-0:1.0/usb24-port1/over_current_count\x00', 0x589800, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x80880, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRNcmyT\x04\xe9M\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\x85\x8a=\xbaKgn6\xa7\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\t\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9\x1d\xe1\xc6\x8b\xc0\xe8-\x94k\xef\x95\x1c\xcf_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/261, 0x5, 0x3d) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x4c2, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000080)='/dev/usbmon39\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r3, 0x0, 0x0) ioctl$auto_MON_IOCG_STATS(r3, 0x80089203, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'geneve0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r4) 5.398775568s ago: executing program 5 (id=4301): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) mmap$auto(0x0, 0x400005, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mlockall$auto(0x7) set_mempolicy$auto(0x7ff, &(0x7f0000000040)=0x87e, 0x8) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f00000000c0)) read$auto(0x3, 0x0, 0x7) keyctl$auto(0xb, 0x0, 0x6, 0x0, 0xa) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) unshare$auto(0x40000080) msgrcv$auto(0x9, 0x0, 0xffc, 0xfffffffffefffffd, 0xb3) msgrcv$auto(0x0, 0x0, 0xffc, 0xffffffffffffffff, 0xb1) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x121841, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x402802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00000069e03d6078756c1d3c97a3c485355ea75d5ab0ba659d181906be0a8814d9f902d9207fb6d5a9148b9e7cf8997d486d34e818d8d6dbc32d72a9034f6f4dca812e17a99bd9f1e793fcdca490563f8b622ea06977aae7cfb1634ad07cafd8d951d4500e7c9dff9bf410ad7bcb8605a01cd5cfc1d11555ab9f38a86c77105e16d8e98c9d6617453b367b0ecdfa755d1701a5756bcf10f1b0853093656ba9befd137e5bb6dd28348c13ea07255895cc8458fe9dbf8044474b68e4e59b548f30633149a742f3e4a6e51e0337eb85f2f96704300c", @ANYRESDEC=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) sendmsg$auto_NET_SHAPER_CMD_GET2(r1, 0x0, 0x40800) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) arch_prctl$auto(0x1025, 0x10005) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xfffffffffffffffe, 0xb, 0x2, 0x15f4da0a, 0x1, 0x1000000000000003, 0x2300000000000000, 0x80000001, 0x6, 0x6d3c, 0x0, 0x3, 0x2e]}, 0x0) rseq$auto(&(0x7f0000000440)={0x6, 0x7, 0x1000000000, 0x6, 0x1, 0x8001, "3f386243c4371c2fb2f31b498e5f9f6bb39a76f1ba3adcab6b171b2ea042f7507a7ae3fffc897dd0b3da5f45a189ecd51520ed8465b20464a5a28059353c39b31a331f6d76d47e51a7da6f7e3164fbf757b1b5e132c17c4d98fc7f4bcef614ea9000af9df78f5e41cb8d89ce292b2c92ec67ecbdd7f8abc5b110504a23b9915527a9d390753480ae69a257b48e79170cd57fa3b49e97bfeb128075bc7424cb552330d144d74cdd196b6a8786a9f0e65cbb562575c9"}, 0x8000, 0xe, 0xc4f) 5.151592122s ago: executing program 0 (id=4302): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x3ff, 0x3, 0x9, 0x10001, 0x12, 0xc05, 0xffffffffffffffff, [0x7fd, 0xfff, 0x8], {0x9, 0x1, 0x5, 0x0, 0x400, 0x0, 0x3fe0, 0x5, 0x1000000000e8}, {0x2, 0x100, 0x54f1, 0x0, 0x101, 0xff, 0x8d6, 0xa, 0x3}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ppoll$auto(&(0x7f0000000080)={r2, 0x7980, 0x6}, 0x2, 0x0, 0x0, 0x8) read$auto(0xffffffffffffffff, &(0x7f0000000100)='/dev/mapper/control\x00', 0x6) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) pidfd_getfd$auto(r3, r1, 0x100000000) 4.842072317s ago: executing program 6 (id=4303): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec16\x00', 0x1c1901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0) (fail_nth: 10) 4.739060511s ago: executing program 4 (id=4304): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYBLOB="6a0051b1"], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x0, 0xfffffffe, 0x0) (async) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x0, 0xfffffffe, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40181, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) (async) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) (async) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) close_range$auto(0x2, 0x8000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) bpf$auto(0x5, 0x0, 0x47) socket(0x23, 0x2, 0x53f0800) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x2, 0x15) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x41fa298f, &(0x7f0000000000)={&(0x7f0000000340)="b2711f72da78022d2a8b3f5b36060756e9da5728", 0x5}, 0x9, 0x0, 0x9}, 0x2}, 0x9, 0x0, 0x0) (async) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x41fa298f, &(0x7f0000000000)={&(0x7f0000000340)="b2711f72da78022d2a8b3f5b36060756e9da5728", 0x5}, 0x9, 0x0, 0x9}, 0x2}, 0x9, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000af"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000af"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x11, 0x80003, 0x300) (async) socket(0x11, 0x80003, 0x300) r5 = socket(0x2c, 0x4, 0xffffffff) mmap$auto(0x0, 0xffe, 0xffb, 0x8000000008011, 0x3, 0x0) (async) mmap$auto(0x0, 0xffe, 0xffb, 0x8000000008011, 0x3, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) write$auto(0x3, 0x0, 0xfdef) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r5) sendmsg$auto_NL80211_CMD_COLOR_CHANGE_REQUEST(r3, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x82024f08}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x38, r6, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'erspan0\x00'}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x5}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040080}, 0x20000000) 4.146468518s ago: executing program 0 (id=4305): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) open(0x0, 0xa240, 0x15e) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0xa00, 0x100) sysfs$auto(0x2, 0x1e, 0x0) rename$auto(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='./file0\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) connect$auto(0x3, 0x0, 0x55) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x1, 0x5, 0x10000000000eb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) mmap$auto(0x0, 0x2000b, 0x4000000000df, 0xeb1, 0x401, 0x4) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) write$auto_random_fops_random(r1, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRESOCT], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44810}, 0x80d0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.022804373s ago: executing program 6 (id=4306): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.max.depth\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(0x3, 0x0, 0x80) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8000008, 0x1, 0x9, 0x3, 0x26, 0x940, 0x1ffde, 0x3, 0x6, 0x902c, 0x9, 0x400005, 0xfff, 0x4, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x6, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, [0x3, 0x3, 0x200000000, 0x400000000, 0x0, 0x3903, 0x0, 0x4, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x0, 0xceb, 0x0, 0xfffffffffffffffc, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x2, 0x4001, 0xfffffffffffffffd, 0x0, 0xb548, 0x8, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3]}, 0xfffff7fffffffffa, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/vbi22\x00', 0x802, 0x0) poll$auto(&(0x7f00000000c0)={r1, 0x1, 0x3}, 0x8, 0xfffffff3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x28, 0x1, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000100)=@vsock={0x28, 0x0, 0x2710}, 0x55) connect$auto(r3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x56) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2400, 0x0) socket(0xa, 0x2, 0x0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video63\x00', 0x80800, 0x0) read$auto_v4l2_fops_v4l2_dev(r4, &(0x7f00000001c0)=""/191, 0x1f8) socket(0x2, 0x3, 0xfffffff1) adjtimex$auto(&(0x7f00000004c0)={0xf332b6b, 0x0, 0x7d, 0xfffffffffffffffd, 0xd4, 0x4, 0x4, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0x0, 0x804}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x4, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000140), 0x400000, 0x0) madvise$auto(0x20000000000, 0x2003f0, 0x8001) madvise$auto(0x0, 0x200007, 0x19) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) writev$auto(r2, &(0x7f0000000040)={0x0, 0x7}, 0x21) write$auto(r0, &(0x7f0000000000)='!]{\'\x00', 0x100000000) 3.889094947s ago: executing program 5 (id=4307): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netstat\x00', 0x100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000300)='/dev/media3\x00', 0x220100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = inotify_init1$auto(0x10) ioctl$auto_SNDRV_CTL_IOCTL_POWER(r1, 0xc00455d0, &(0x7f00000000c0)=0x9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/snmp\x00', 0x0, 0x0) mmap$auto(0x0, 0x2000b, 0xdf, 0xeb1, 0x401, 0x8000) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x101, 0x0, 0x5, 0x9ad}, 0x5}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x9, 0xc1b8, 0x4, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r2 = socket(0x29, 0x5, 0x0) syz_clone(0x40100100, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(r2, 0x0, 0x40) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) pwrite64$auto(r3, 0x0, 0x1, 0x2) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) 3.004412884s ago: executing program 6 (id=4308): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netstat\x00', 0x100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4096, 0x1000) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000300)='/dev/media3\x00', 0x220100, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = inotify_init1$auto(0x10) ioctl$auto_SNDRV_CTL_IOCTL_POWER(r1, 0xc00455d0, &(0x7f00000000c0)=0x9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/snmp\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000040)=""/88, 0x58) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x101, 0x0, 0x5, 0x9ad}, 0x5}, 0x5, 0x20000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x9, 0xc1b8, 0x4, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r3 = socket(0x29, 0x5, 0x0) syz_clone(0x40100100, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(r3, 0x0, 0x40) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) pwrite64$auto(r4, 0x0, 0x1, 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) 2.898827349s ago: executing program 4 (id=4309): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x261c2, 0x84) setreuid$auto(0x7, 0x806) r0 = fcntl$auto(0xff80000000000000, 0x406, 0x1) bind$auto(r0, &(0x7f0000002000)=@in={0x2, 0x0, @local}, 0xf) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) pipe2$auto(0x0, 0x80) mmap$auto(0x8, 0x4, 0xc000000, 0x19, 0xfffffffffffffffc, 0x29400000000000) settimeofday$auto(&(0x7f0000000180)={0x1ed5d7403, 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x8b0b, 0x91) 2.174584941s ago: executing program 4 (id=4310): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/xfrm_stat\x00', 0x0, 0x0) (async) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8000, 0x0) (async) socket(0x11, 0x80003, 0x200) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0x3, 0x0, 0x1, [@typed={0xc, 0xa, 0x0, 0x0, @u64=0x7}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) socket(0x2c, 0x80003, 0x0) (async) setsockopt$auto(0x3, 0x11b, 0x0, 0xffffffffffffffff, 0x43) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 1.664159012s ago: executing program 4 (id=4311): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cec2\x00', 0x131140, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) prctl$auto(0x23, 0x4, 0x2008, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) mincore$auto(0x9, 0x2fb, &(0x7f0000000040)='M[\x00') r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec16\x00', 0x1c1901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000480)={'\x00', 0xffff, 0x5, 0x2, 0x9b4, 0x5, "ce25aafc24b9952f997e703f222ce1", "01020980", "0001410c", "00ffff00", ["0500000004c10000000200", "1329a3afb614040000000100", '\x00', "0003020000000000000400"]}) r2 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, 0x0, 0x3) mmap$auto(0xfffffffffffffffe, 0x1, 0x8, 0x20000000018, r2, 0x0) mbind$auto(0x2000, 0x100000004, 0x5, 0x0, 0x6, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), r3) sendmsg$auto_TIPC_NL_PUBL_GET(r3, 0x0, 0x840) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r4 = socket(0x21, 0x2, 0x2) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) r5 = socket(0x21, 0x2, 0xffffffff) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r5, 0x0, 0x0) r6 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) read$auto(r6, 0x0, 0x39b8) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101600, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, 0x0, 0x0) socket(0x22, 0x5, 0x100000) 940.349967ms ago: executing program 6 (id=4312): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) mmap$auto(0x0, 0x400005, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mlockall$auto(0x7) set_mempolicy$auto(0x7ff, &(0x7f0000000040)=0x87e, 0x8) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f00000000c0)) read$auto(0x3, 0x0, 0x7) keyctl$auto(0xb, 0x0, 0x6, 0x0, 0xa) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) unshare$auto(0x40000080) msgrcv$auto(0x9, 0x0, 0xffc, 0xfffffffffefffffd, 0xb3) msgrcv$auto(0x0, 0x0, 0xffc, 0xffffffffffffffff, 0xb1) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x121841, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x402802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00000069e03d6078756c1d3c97a3c485355ea75d5ab0ba659d181906be0a8814d9f902d9207fb6d5a9148b9e7cf8997d486d34e818d8d6dbc32d72a9034f6f4dca812e17a99bd9f1e793fcdca490563f8b622ea06977aae7cfb1634ad07cafd8d951d4500e7c9dff9bf410ad7bcb8605a01cd5cfc1d11555ab9f38a86c77105e16d8e98c9d6617453b367b0ecdfa755d1701a5756bcf10f1b0853093656ba9befd137e5bb6dd28348c13ea07255895cc8458fe9dbf8044474b68e4e59b548f30633149a742f3", @ANYRESDEC=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) sendmsg$auto_NET_SHAPER_CMD_GET2(r1, 0x0, 0x40800) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) arch_prctl$auto(0x1025, 0x10005) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xfffffffffffffffe, 0xb, 0x2, 0x15f4da0a, 0x1, 0x1000000000000003, 0x2300000000000000, 0x80000001, 0x6, 0x6d3c, 0x0, 0x3, 0x2e]}, 0x0) rseq$auto(&(0x7f0000000440)={0x6, 0x7, 0x1000000000, 0x6, 0x1, 0x8001, "3f386243c4371c2fb2f31b498e5f9f6bb39a76f1ba3adcab6b171b2ea042f7507a7ae3fffc897dd0b3da5f45a189ecd51520ed8465b20464a5a28059353c39b31a331f6d76d47e51a7da6f7e3164fbf757b1b5e132c17c4d98fc7f4bcef614ea9000af9df78f5e41cb8d89ce292b2c92ec67ecbdd7f8abc5b110504a23b9915527a9d390753480ae69a257b48e79170cd57fa3b49e97bfeb128075bc7424cb552330d144d74cdd196b6a8786a9f0e65cbb562575c9"}, 0x8000, 0xe, 0xc4f) 914.424835ms ago: executing program 0 (id=4320): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r1) sendmsg$auto_NFSD_CMD_VERSION_SET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf250000ca94e52267e086f19ef3fd3ce900080002000700"/47], 0x28}, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xc008ae67, 0x38) 599.695092ms ago: executing program 4 (id=4313): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x261c2, 0x84) setreuid$auto(0x7, 0x806) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff) r3 = geteuid() sendmsg$auto_MACSEC_CMD_UPD_RXSC(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x28, r2, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @uid=r3}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x28}}, 0x48010) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001840), r5) sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r5, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001880)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="090f4ab2745d5caa71e9ca581e78"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) r7 = getpid() r8 = semctl$auto_IPC_SET(0x6, 0xfffffffd, 0x1, 0x6) r9 = geteuid() msgctl$auto_IPC_SET(0x9, 0x1, &(0x7f0000000180)={{0xf, 0xee01, 0xee00, 0x40ae, 0x7, 0x0, 0xfff}, &(0x7f0000000100)=0x8, &(0x7f0000000140)=0x40, 0x1, 0x8, 0xdb2, 0x0, 0x100000000, 0x67c0, 0x7, 0x81, @inferred=0xffffffffffffffff, @raw=0x9}) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000200)={0x8a8, r6, 0x200, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x27c, 0x2b, 0x0, 0x1, [@nested={0x233, 0x4e, 0x0, 0x1, [@generic="6bd53be18e86d7791336011df47b2eef5698bde3376bb48afbe7c780389d96cea8abdab46b8e42dd084b1af875c9e909dcdf71aa28dc89ce384cfacb06dd3d8775aa14b83c13121ae461a5da79f490ae4628971d97a99f65f8915d3485b246ecc8dc7514a32e9cba8154342ab513c1ecbaa487297817c5a7d57a0e3074639fbb8805cad58ac4e27c404fd14f70e143ca9346869952e64fc7ee1bfafe01613065c20d0e77df33926c8ce8a6bf816d3b924ce10e3472aee8be972c9893a5cb0877d60d7eebce91480570011c9e57c4c6ca40401b5261905ee07a636d6724c0bb96efc4130bd91a3138e351560354abce399634af34b9", @generic="595341027156a3eef8bfd5ac34f5ad4555ad45463b185aae9259d8aa6ae5aabcf644c8c7d5d69f934e06968867a719a1097096504c7f4d6675666e0973ecbe327e4bafb385f5c4863b5594302b79cc7939165000d3c20d249a05259508f37f36c00a0ad24dd8e3f16434818952ebec463967c07c9274c22291bfa22dccbe5ee6608c814e8fb45bdd0b46def99bee619a840acd20e51b3ddd08196a7702db9ee2504d5fd96218fb6046bb7f36a6c917d26b4afdb39cc39ade7570f7c61989b5a720d96ce68f0136c71e738d9de6eba17fbd731e269070dc3c320706983c9d35d231b7a466179c7d9aa9b4d5b4c2bfca7d95e48eec47a5d7c054", @generic="523ee5cee356af76c07d904cfac12431b20c76abaaaa9e6ccd4a701dee33863d48b66c4d8f2809050168b62b58ccbac7fbc32221f3d2235a6d32c3bf44", @nested={0x4, 0x7d}, @generic]}, @typed={0x8, 0x4e, 0x0, 0x0, @pid=r7}, @nested={0x20, 0xe1, 0x0, 0x1, [@nested={0x4, 0x4}, @typed={0x14, 0x13c, 0x0, 0x0, @ipv6=@private0}, @nested={0x4, 0x113}]}, @nested={0x10, 0x90, 0x0, 0x1, [@nested={0x4, 0x1}, @typed={0x8, 0x134, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @typed={0xc, 0xc8, 0x0, 0x0, @u64=0x2}]}, @NL802154_ATTR_SEC_LEVEL={0xaf, 0x2d, 0x0, 0x1, [@generic="b7c9812c83e4872387f630883c9e98cc2d270b574510b900e6e3346bac33c6fa648d8ecf44106cb3e38dd1b20f6fcf2feb8c94acb3ce710c7c091dc0bd9bc21cc188cc0571acb444305f94f2193a7022913b712176959d1c03eed5492238e2689735a1c700d3dcefba2e82c8453921233859fc6ed3276b12e40d645c68166afe7d29b79cac8ab4e036af583d1ff643bda0a6b7372dec06597173ea1723661766d0d6957a412b935b547a7e"]}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0xc}, @NL802154_ATTR_PID={0x8, 0x1c, r8}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x40}, @NL802154_ATTR_WPAN_PHY_CAPS={0x230, 0x18, 0x0, 0x1, [@nested={0x200, 0x13a, 0x0, 0x1, [@typed={0x8, 0x57, 0x0, 0x0, @u32=0x7}, @nested={0x4, 0xd}, @typed={0x4, 0xb6}, @generic="543d0d88f67ad35069508acfdcc8ceb3f0f010a8165005746e4d4ef41c46a874407f4f2f1832cbcc08273fe6645173023fd1d6b3729528125614d7010a3a1879f539bf377dd0bbfa64440b7d0676b72719", @typed={0x8, 0x130, 0x0, 0x0, @pid}, @generic="6896b4f2bfcdba74a78e3d548e809015494945e1e12c59c4673af9f99988a0d56fe6bc18de1555a081587cff318f07da7ca05c6733798cd44e7a0254a352250152bfba2e66da289e8b999aa21d54b3d45bebfeeb0aeed8de67f66beb9c8cdd4dd3ef507aeb3d7d01d90ed2617248633b1e06ef94539e411dd72aa35f7702687789ffbb08b793a94c70617c53c2bd5dad781e7581893c5f2705efca4a13a77abe0edd582e8e1fa09d7d30efc0ba6f54c7916b17d54b877128ff833320f016752e6b5fe9f10314d16937bc93ceeec5c43128a60c0e96634e167e253ecc3345990aa8abbe20", @generic="174ca24c106875096e3af0d1e9bd0d6f3d25a94e27e9ce929d135639b1afec9984f29a79cca7b225411dc29222c6e638cc58b5f299bca5eb8e927200e28e6be039fb1692361890cc5d76159df445cb1bae12f543932397a76eab5335d7a95f0de729c8f911c52983a9c4767ff5e922ab47b4980c169c3281100bf9815cf812bbf4fb84cecb320ca67c8c1edec8fb73d8bf6bd53d1c2faaab2e03f0b625db77a16603ca213c7700e89769b7d0cff2b0"]}, @typed={0x8, 0x112, 0x0, 0x0, @uid=r9}, @typed={0x8, 0x6b, 0x0, 0x0, @uid=r10}, @nested={0x18, 0x109, 0x0, 0x1, [@nested={0x4, 0x27}, @typed={0x8, 0x85, 0x0, 0x0, @fd=r4}, @typed={0x8, 0xab, 0x0, 0x0, @ipv4=@broadcast}]}, @typed={0x4}]}, @NL802154_ATTR_SEC_KEY={0x31d, 0x30, 0x0, 0x1, [@generic="779091ef9f04c169ba05e8b5915a34f67b29e6ffb70a69b4d1cf28855519a649a491319a0f3521ae49e7786b587a207dbcec2a856313d438dfc3f5180e3d56c93405258f3f354d33cd1c391b9d8e8e474bbbae88aeb7089e428aba3af129a9bfc4f26cdc33a6790021d92fb6b2", @typed={0x4, 0xc1}, @generic="27f9f01f774ecc4d39d4f9c2deb0def03680a2a8cec6ebe0bfac31e27ce932b0bc5e72b4af92874081ce2da40aeabe8a9d2028a7d115dbb5251b6da7233f543657de850bda51d1fd34bdb2249c953705890ac0d0c948ab1578d6c6b4586d28a9827450dbd383ba58aba7c2adf071bcd3cecdfb5838ea16e445d6bea54797ad5b85644169eb195e7646bab0084c4edfd119a7fa29fc83f5b06497447d9a0c2abebb6187d76edea77c5da55e606d29d14ee75fb82852", @generic="ed223e3d11649f5790d676e7ffec", @typed={0xc, 0x69, 0x0, 0x0, @u64=0x7}, @typed={0xc, 0x1c, 0x0, 0x0, @u64=0x5}, @nested={0x12b, 0x9, 0x0, 0x1, [@nested={0x4, 0x112}, @generic="fc49ddfdecdc1a162c9ed21afa3d78ef2ba2f9b8e0e366941a9184ce18fd98e18153c7607d95fc0811534b2968ae247d3de604475f8a39e8777cb934c7fa25712775ca3f0093e31ec6f221d394fee906e47311cdd94eb73bd32a2a1774e2fbc85097f2624b30f9ec4e4a33a666838984d98c1328b95b8c212f7edac2680ee443474e3349f60329176966044fd3b37df1ac3bba321282b3cbe554adea8fd487ff4636e8ec868b53ebf794030a42093ba23e670df0573e6bd74141b090869b9b808291ca30a1c121a4dba0bb37a3c9511fbd54badf", @generic="977c3307403a19c5cb6912e907d858e738148916275dadb5ba5fab0a9d2279ac93510aeba604bc0425e09907c971b1397489b6ad55c14dcbd4f57905c927713f2eeb657e960f134cb645f5d7fedd6f"]}, @generic="08349b2770c99f820f0644b411af96d6e4a39f4d27fdabf7b43bbddf61789d93637ead48108d1787d0fea840ef075c8635ef8f9f2dde643145271a0574a824edf625c1ecfed13a9a31111bdaacfa7c16224fb63a4037fec7d84ce2cca2fdac7ecc52cd6fe06876da1a0cdfdf3d85d3ab721308b4488bc1c60c6353b100a207d287250c8c8950f7b8b5cf376864cd5bb863b031e424b3b8e9c3daf9c482e8045e81"]}]}, 0x8a8}, 0x1, 0x0, 0x0, 0x40}, 0x20040810) ioctl$auto_KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000000)={0x6, 0xee00, 0x8, 0x80000001}) keyctl$auto_KEYCTL_INSTANTIATE_IOV(0x14, r3, r9, r11, 0xa1) fcntl$auto(0xff80000000000000, 0x406, 0x1) bind$auto(0x3, &(0x7f0000002000), 0xf) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r12 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2202, 0x0) fcntl$auto_F_SETFL(r12, 0x4, 0x0) pipe2$auto(0x0, 0x80) mmap$auto(0x8, 0x4, 0xc000000, 0x19, 0xfffffffffffffffc, 0x29400000000000) settimeofday$auto(&(0x7f0000000180)={0x1ed5d7403, 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x8b0b, 0x91) 321.216017ms ago: executing program 4 (id=4314): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) r0 = io_uring_setup$auto(0x42000003, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x806, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="000000003702151144c80c72db4db63df5b275dc2eb40c8423edc97ec80869675024b1bee2313d974f4368eb67b020acd9f869a473d70d3ed6b84bc09448a6bb9795a5e5877c3eda1a5d4d61683480fbbfc93eb26443ffce23f54827a8f94d2ce139034611e88ff29036b923e45e7588496d7670e67f94eb23cd107905aed45e4de2c4f0db0bbb580cf299d7d070f3f1a4bca01499213f1020", @ANYRES16=r3, @ANYBLOB="000826bd7000fedbdf2521000000a6005b005adf59ba341f9d39525db5debb411e64be368d514f37945d8f96f01e7f785ce03bedad862c32382925248371189b1fda9dda887a1e74217179639eef730477623430edc52828b81f9373e3af5c7fc014279216428cee86e3ae5ffca848a6fffffffff0e071551be767007ba8c33fd21ab722896b6d52501e5eba8831ccadb955ee03ec940e9452db30808523bebd1ce5ff2492b016c5d03ba0398bdec628abea53c15845c1c1ab639ffb93c396dfb000000800010009000000080008000d0000000400ff000b00340097d773d0921b8c000d00bd"], 0xec}, 0x1, 0x0, 0x0, 0x4000820}, 0x80) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), r4) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r4, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f00000000c0)={0x2c, r5, 0x1, 0x70bd2b, 0xa5dfdbfc, {}, [@ETHTOOL_A_CABLE_TEST_TDR_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}]}]}, 0x2c}, 0x1, 0xffff0000, 0x0, 0x801}, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x88) socket(0x2, 0x6, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) ioctl$auto(0x1, 0x890b, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00'}) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/cpu/vulnerabilities/retbleed\x00', 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000002c0), r2) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r7, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x48, r8, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@IOAM6_ATTR_NS_DATA={0x8, 0x2, 0x4}, @IOAM6_ATTR_NS_DATA_WIDE={0xc, 0x3, 0x46b29e61}, @IOAM6_ATTR_NS_DATA_WIDE={0xc, 0x3, 0x9}, @IOAM6_ATTR_NS_DATA_WIDE={0xc, 0x3, 0x9}, @IOAM6_ATTR_NS_DATA={0x8, 0x2, 0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000004}, 0x240400b0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000180)=""/181, 0xb5) 314.329633ms ago: executing program 0 (id=4315): shutdown$auto(0x200000003, 0x2) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) socket(0x1f, 0x800, 0xffffff01) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) r0 = socket(0x11, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mremap$auto(0x1, 0x10001, 0x58c, 0xd2be, 0xff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYRES16=r0, @ANYRES16=0x0, @ANYRES32], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv6/conf/macsec0/force_tllao\x00', 0x307c02, 0x0) write$auto(r2, &(0x7f0000000180)='/d\x86v/au6\xf2!\x8f\v\x19\xd0\\\xf54\xc7\x9a\x19B\x88\xf7\xff\x11\x00\x1f\x14\xaf\'-k\xec\xd5\xd2\xb1\xfa\x94!\xe5\x9f\x1c\xfd\x98\xf4\x9a\xc5\x99\x9f\x8bI\xf7\xc3=\x04\xae/yf\bCru\x02?%\xfbB\xa5U\x80\x85\x88\xb4z\xa9\xfd\xc2\x8a\")F\x18\x1c\xa5a\a)\xf6\x88\n\v\xad\xa7\x7fz\xeek\xb1\x8cf\x1d\x8e\xde\t\x9a\xdd\xb7,\x91v\xd7\xd8\xc5F\x18\x87%N\xcabL%.\xee\x04\x00\x12\x85U\x87=\xa9\x15\x02\b\xde\x85\xf5\x8c\x89\xe9:%\xcfc\x16\x85 \xd1\xacIJ\x94\xcd\xe4\xb8\xd7s\x02\xfd\xc21\x128\xf2\xa7\x18D\x81\xe0\xbdm\xce\xd8\x8e\xcbc\fr\xee\xda\xddHl\x9f\x05\xef\xf2\xcb\xe9\x1d\x06\x9c\xbc\x98{\xb50\'\xcd\xf5\xe7\xe2\x0e\x8b\x1c\x94`\x14\x84\xfe0J\x80\xd7\x82*\"\xd2\x87\xf8\'\x8ca8\xda\x15m\x90\xb9M\x94\xa2\x8d\x15\x8aj\x9d\x9a\x8e\x02\x8a\xde\xe1\xa4\xbb\"\x9ao^\x8dq\x9e\x05q\xa7T\xc3\xbb\xdcj\xeb\x17D\x19l\xf5v\xa4\xa3w\xee\xd5\x184e\x8c\x91\xb3E\xf9\xa9=l\x83\xd32\x9c\xed\x0e\x9f\xc9\xd5\xee', 0xa3d9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x0, 0x5, 0x2]}, 0x0) madvise$auto(0x108000, 0x800034, 0xa) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/ram6/queue/minimum_io_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001540)=""/104, 0x68) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x2, 0x0) mmap$auto(0xfffe, 0x400, 0xffb, 0x8000000008011, r4, 0xffffffffbffffff9) move_pages$auto(0x0, 0x9, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(r3, 0x80000, 0x1, 0x9, 0x0, 0xb) io_uring_enter$auto(0x3, 0x1, 0x2688, 0x5, 0x0, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x149101, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 0s ago: executing program 6 (id=4316): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) mmap$auto(0x0, 0x400005, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mlockall$auto(0x7) set_mempolicy$auto(0x7ff, &(0x7f0000000040)=0x87e, 0x8) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f00000000c0)) read$auto(0x3, 0x0, 0x7) keyctl$auto(0xb, 0x0, 0x6, 0x0, 0xa) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) unshare$auto(0x40000080) msgrcv$auto(0x9, 0x0, 0xffc, 0xfffffffffefffffd, 0xb3) msgrcv$auto(0x0, 0x0, 0xffc, 0xffffffffffffffff, 0xb1) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x121841, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x402802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c00000069e03d6078756c1d3c97a3c485355ea75d5ab0ba659d181906be0a8814d9f902d9207fb6d5a9148b9e7cf8997d486d34e818d8d6dbc32d72a9034f6f4dca812e17a99bd9f1e793fcdca490563f8b622ea06977aae7cfb1634ad07cafd8d951d4500e7c9dff9bf410ad7bcb8605a01cd5cfc1d11555ab9f38a86c77105e16d8e98c9d6617453b367b0ecdfa755d1701a5756bcf10f1b0853093656ba9befd137e5bb6dd28348c13ea07255895cc8458fe9dbf8044474b68e4e59b548f30633149a742f3e4a6e51e0337eb85f2f96704300c", @ANYRESDEC=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) sendmsg$auto_NET_SHAPER_CMD_GET2(r1, 0x0, 0x40800) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) arch_prctl$auto(0x1025, 0x10005) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xfffffffffffffffe, 0xb, 0x2, 0x15f4da0a, 0x1, 0x1000000000000003, 0x2300000000000000, 0x80000001, 0x6, 0x6d3c, 0x0, 0x3, 0x2e]}, 0x0) rseq$auto(&(0x7f0000000440)={0x6, 0x7, 0x1000000000, 0x6, 0x1, 0x8001, "3f386243c4371c2fb2f31b498e5f9f6bb39a76f1ba3adcab6b171b2ea042f7507a7ae3fffc897dd0b3da5f45a189ecd51520ed8465b20464a5a28059353c39b31a331f6d76d47e51a7da6f7e3164fbf757b1b5e132c17c4d98fc7f4bcef614ea9000af9df78f5e41cb8d89ce292b2c92ec67ecbdd7f8abc5b110504a23b9915527a9d390753480ae69a257b48e79170cd57fa3b49e97bfeb128075bc7424cb552330d144d74cdd196b6a8786a9f0e65cbb562575c9"}, 0x8000, 0xe, 0xc4f) kernel console output (not intermixed with test programs): ][T22069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1247.115128][T22069] RSP: 002b:00007fa5c13ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1247.115152][T22069] RAX: ffffffffffffffda RBX: 00007fa5c07a5fa0 RCX: 00007fa5c058cde9 [ 1247.115169][T22069] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1247.115184][T22069] RBP: 00007fa5c060e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1247.115199][T22069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1247.115213][T22069] R13: 0000000000000000 R14: 00007fa5c07a5fa0 R15: 00007ffd1decfa18 [ 1247.115255][T22069] [ 1247.511457][T22067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3921'. [ 1247.777229][T22078] FAULT_INJECTION: forcing a failure. [ 1247.777229][T22078] name failslab, interval 1, probability 0, space 0, times 0 [ 1247.833450][T22078] CPU: 1 UID: 0 PID: 22078 Comm: syz.0.3923 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1247.833483][T22078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1247.833496][T22078] Call Trace: [ 1247.833503][T22078] [ 1247.833513][T22078] dump_stack_lvl+0x16c/0x1f0 [ 1247.833551][T22078] should_fail_ex+0x50a/0x650 [ 1247.833578][T22078] ? fs_reclaim_acquire+0xae/0x150 [ 1247.833619][T22078] should_failslab+0xc2/0x120 [ 1247.833647][T22078] __kmalloc_noprof+0xce/0x4f0 [ 1247.833673][T22078] ? iter_file_splice_write+0x1cd/0x10b0 [ 1247.833702][T22078] iter_file_splice_write+0x1cd/0x10b0 [ 1247.833737][T22078] ? __pfx___lock_acquire+0x10/0x10 [ 1247.833766][T22078] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1247.833802][T22078] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1247.833836][T22078] ? splice_direct_to_actor+0x346/0xa40 [ 1247.833874][T22078] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1247.833899][T22078] direct_splice_actor+0x18f/0x6c0 [ 1247.833937][T22078] splice_direct_to_actor+0x346/0xa40 [ 1247.833972][T22078] ? __pfx_direct_splice_actor+0x10/0x10 [ 1247.834012][T22078] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1247.834049][T22078] ? __fget_files+0x1fc/0x3a0 [ 1247.834078][T22078] do_splice_direct+0x178/0x250 [ 1247.834112][T22078] ? __pfx_do_splice_direct+0x10/0x10 [ 1247.834147][T22078] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1247.834186][T22078] ? rw_verify_area+0xcf/0x680 [ 1247.834228][T22078] do_sendfile+0xafb/0xe40 [ 1247.834256][T22078] ? __pfx_do_sendfile+0x10/0x10 [ 1247.834278][T22078] ? __fget_files+0x206/0x3a0 [ 1247.834310][T22078] __x64_sys_sendfile64+0x1da/0x220 [ 1247.834337][T22078] ? ksys_write+0x1ba/0x250 [ 1247.834359][T22078] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1247.834398][T22078] do_syscall_64+0xcd/0x250 [ 1247.834422][T22078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1247.834452][T22078] RIP: 0033:0x7fa5c058cde9 [ 1247.834471][T22078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1247.834492][T22078] RSP: 002b:00007fa5c13ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1247.834514][T22078] RAX: ffffffffffffffda RBX: 00007fa5c07a5fa0 RCX: 00007fa5c058cde9 [ 1247.834530][T22078] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 1247.834544][T22078] RBP: 00007fa5c13ba090 R08: 0000000000000000 R09: 0000000000000000 [ 1247.834557][T22078] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 1247.834571][T22078] R13: 0000000000000000 R14: 00007fa5c07a5fa0 R15: 00007ffd1decfa18 [ 1247.834603][T22078] [ 1248.462755][ T5836] Bluetooth: hci0: command tx timeout [ 1249.180356][T22092] FAULT_INJECTION: forcing a failure. [ 1249.180356][T22092] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1249.195629][T22092] CPU: 0 UID: 0 PID: 22092 Comm: syz.4.3929 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1249.195659][T22092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1249.195672][T22092] Call Trace: [ 1249.195680][T22092] [ 1249.195687][T22092] dump_stack_lvl+0x16c/0x1f0 [ 1249.195725][T22092] should_fail_ex+0x50a/0x650 [ 1249.195751][T22092] ? __lock_acquire+0x15a9/0x3c40 [ 1249.195780][T22092] get_futex_key+0x4a3/0x1000 [ 1249.195819][T22092] ? __pfx_get_futex_key+0x10/0x10 [ 1249.195863][T22092] futex_wake+0xe8/0x4e0 [ 1249.195892][T22092] ? __pfx_futex_wake+0x10/0x10 [ 1249.195922][T22092] ? find_held_lock+0x2d/0x110 [ 1249.195961][T22092] do_futex+0x1e5/0x350 [ 1249.195983][T22092] ? __pfx_do_futex+0x10/0x10 [ 1249.196005][T22092] ? __might_fault+0xe3/0x190 [ 1249.196034][T22092] ? __might_fault+0xe3/0x190 [ 1249.196077][T22092] mm_release+0x24e/0x300 [ 1249.196107][T22092] do_exit+0x886/0x2d70 [ 1249.196131][T22092] ? get_signal+0x8f7/0x2610 [ 1249.196161][T22092] ? __pfx_do_exit+0x10/0x10 [ 1249.196181][T22092] ? do_raw_spin_lock+0x12d/0x2c0 [ 1249.196213][T22092] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1249.196248][T22092] do_group_exit+0xd3/0x2a0 [ 1249.196271][T22092] get_signal+0x2576/0x2610 [ 1249.196303][T22092] ? 0xffffffff81000000 [ 1249.196321][T22092] ? __pfx___sys_recvfrom+0x10/0x10 [ 1249.196347][T22092] ? __pfx_get_signal+0x10/0x10 [ 1249.196385][T22092] arch_do_signal_or_restart+0x90/0x7e0 [ 1249.196411][T22092] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1249.196444][T22092] ? ksys_write+0x1ba/0x250 [ 1249.196467][T22092] ? __pfx_ksys_write+0x10/0x10 [ 1249.196496][T22092] syscall_exit_to_user_mode+0x150/0x2a0 [ 1249.196532][T22092] do_syscall_64+0xda/0x250 [ 1249.196557][T22092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1249.196587][T22092] RIP: 0033:0x7fb9e738cde9 [ 1249.196605][T22092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1249.196626][T22092] RSP: 002b:00007fb9e81ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1249.196647][T22092] RAX: fffffffffffffe00 RBX: 00007fb9e75a6160 RCX: 00007fb9e738cde9 [ 1249.196662][T22092] RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 1249.196674][T22092] RBP: 00007fb9e81ee090 R08: 0000000000000000 R09: ffffffff81000000 [ 1249.196688][T22092] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 1249.196702][T22092] R13: 0000000000000001 R14: 00007fb9e75a6160 R15: 00007ffc0bfcd368 [ 1249.196722][T22092] ? 0xffffffff81000000 [ 1249.196751][T22092] [ 1250.685106][T22121] FAULT_INJECTION: forcing a failure. [ 1250.685106][T22121] name failslab, interval 1, probability 0, space 0, times 0 [ 1250.698908][T22121] CPU: 0 UID: 0 PID: 22121 Comm: syz.5.3934 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1250.698941][T22121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1250.698955][T22121] Call Trace: [ 1250.698963][T22121] [ 1250.698972][T22121] dump_stack_lvl+0x16c/0x1f0 [ 1250.699014][T22121] should_fail_ex+0x50a/0x650 [ 1250.699042][T22121] ? fs_reclaim_acquire+0xae/0x150 [ 1250.699083][T22121] should_failslab+0xc2/0x120 [ 1250.699112][T22121] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1250.699141][T22121] ? __kernfs_new_node+0xd3/0x890 [ 1250.699190][T22121] __kernfs_new_node+0xd3/0x890 [ 1250.699230][T22121] ? __pfx___kernfs_new_node+0x10/0x10 [ 1250.699266][T22121] ? __pfx_lock_release+0x10/0x10 [ 1250.699294][T22121] ? kernfs_add_one+0x39d/0x520 [ 1250.699330][T22121] ? up_write+0x1b2/0x520 [ 1250.699365][T22121] kernfs_new_node+0x186/0x240 [ 1250.699396][T22121] __kernfs_create_file+0x53/0x350 [ 1250.699429][T22121] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1250.699470][T22121] sysfs_merge_group+0x1b1/0x340 [ 1250.699493][T22121] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1250.699519][T22121] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1250.699547][T22121] ? bus_to_subsys+0x12d/0x160 [ 1250.699583][T22121] dpm_sysfs_add+0x237/0x280 [ 1250.699609][T22121] device_add+0x9a8/0x1a70 [ 1250.699642][T22121] ? __pfx_device_add+0x10/0x10 [ 1250.699671][T22121] ? kfree+0x260/0x4d0 [ 1250.699705][T22121] device_create_groups_vargs+0x1f8/0x270 [ 1250.699745][T22121] device_create+0xe9/0x130 [ 1250.699779][T22121] ? __pfx_device_create+0x10/0x10 [ 1250.699810][T22121] ? rcu_is_watching+0x12/0xc0 [ 1250.699848][T22121] ? do_init_timer+0xc9/0x110 [ 1250.699874][T22121] ? ieee80211_roc_setup+0x136/0x270 [ 1250.699911][T22121] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1250.699945][T22121] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1250.699982][T22121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.700039][T22121] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1250.700090][T22121] hwsim_new_radio_nl+0xb42/0x12b0 [ 1250.700131][T22121] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1250.700187][T22121] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1250.700230][T22121] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1250.700276][T22121] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1250.700316][T22121] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1250.700353][T22121] ? trace_cap_capable+0x1a2/0x210 [ 1250.700398][T22121] ? bpf_lsm_capable+0x9/0x10 [ 1250.700430][T22121] ? security_capable+0x7e/0x260 [ 1250.700466][T22121] ? ns_capable+0xd7/0x110 [ 1250.700498][T22121] genl_rcv_msg+0x565/0x800 [ 1250.700526][T22121] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1250.700552][T22121] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1250.700602][T22121] netlink_rcv_skb+0x165/0x410 [ 1250.700637][T22121] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1250.700664][T22121] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1250.700713][T22121] ? down_read+0xc9/0x330 [ 1250.700738][T22121] ? __pfx_down_read+0x10/0x10 [ 1250.700765][T22121] ? netlink_deliver_tap+0x1ae/0xca0 [ 1250.700803][T22121] genl_rcv+0x28/0x40 [ 1250.700836][T22121] netlink_unicast+0x53c/0x7f0 [ 1250.700874][T22121] ? __pfx_netlink_unicast+0x10/0x10 [ 1250.700909][T22121] ? __phys_addr_symbol+0x30/0x80 [ 1250.700943][T22121] ? __check_object_size+0x488/0x710 [ 1250.700981][T22121] netlink_sendmsg+0x8b8/0xd70 [ 1250.701023][T22121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1250.701071][T22121] ____sys_sendmsg+0x9ae/0xb40 [ 1250.701103][T22121] ? copy_msghdr_from_user+0x10b/0x160 [ 1250.701129][T22121] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1250.701186][T22121] ___sys_sendmsg+0x135/0x1e0 [ 1250.701216][T22121] ? __pfx____sys_sendmsg+0x10/0x10 [ 1250.701258][T22121] ? __pfx_lock_release+0x10/0x10 [ 1250.701287][T22121] ? trace_lock_acquire+0x14e/0x1f0 [ 1250.701322][T22121] ? __fget_files+0x206/0x3a0 [ 1250.701358][T22121] __sys_sendmsg+0x16e/0x220 [ 1250.701384][T22121] ? __pfx___sys_sendmsg+0x10/0x10 [ 1250.701410][T22121] ? __x64_sys_futex+0x1e1/0x4c0 [ 1250.701457][T22121] do_syscall_64+0xcd/0x250 [ 1250.701483][T22121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.701515][T22121] RIP: 0033:0x7f5a1c38cde9 [ 1250.701535][T22121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1250.701559][T22121] RSP: 002b:00007f5a1a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1250.701581][T22121] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa0 RCX: 00007f5a1c38cde9 [ 1250.701598][T22121] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1250.701615][T22121] RBP: 00007f5a1c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1250.701629][T22121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1250.701644][T22121] R13: 0000000000000000 R14: 00007f5a1c5a5fa0 R15: 00007ffcb09a4378 [ 1250.701676][T22121] [ 1251.961152][T22136] FAULT_INJECTION: forcing a failure. [ 1251.961152][T22136] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1251.980604][T22136] CPU: 0 UID: 0 PID: 22136 Comm: syz.5.3939 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1251.980637][T22136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1251.980652][T22136] Call Trace: [ 1251.980660][T22136] [ 1251.980670][T22136] dump_stack_lvl+0x16c/0x1f0 [ 1251.980720][T22136] should_fail_ex+0x50a/0x650 [ 1251.980756][T22136] get_futex_key+0x4a3/0x1000 [ 1251.980808][T22136] ? __pfx_get_futex_key+0x10/0x10 [ 1251.980857][T22136] futex_wake+0xe8/0x4e0 [ 1251.980886][T22136] ? __pfx_futex_wake+0x10/0x10 [ 1251.980917][T22136] ? kmem_cache_free+0x2e2/0x4d0 [ 1251.980943][T22136] ? putname+0x13c/0x180 [ 1251.980977][T22136] do_futex+0x1e5/0x350 [ 1251.981002][T22136] ? __pfx_do_futex+0x10/0x10 [ 1251.981034][T22136] __x64_sys_futex+0x1e1/0x4c0 [ 1251.981061][T22136] ? __x64_sys_openat+0x175/0x210 [ 1251.981094][T22136] ? __pfx___x64_sys_futex+0x10/0x10 [ 1251.981132][T22136] do_syscall_64+0xcd/0x250 [ 1251.981157][T22136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1251.981197][T22136] RIP: 0033:0x7f5a1c38cde9 [ 1251.981217][T22136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1251.981241][T22136] RSP: 002b:00007f5a1a1f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1251.981264][T22136] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa8 RCX: 00007f5a1c38cde9 [ 1251.981281][T22136] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5a1c5a5fac [ 1251.981297][T22136] RBP: 00007f5a1c5a5fa0 R08: 00007f5a1d0e4000 R09: 0000000000000000 [ 1251.981312][T22136] R10: 0000000000000009 R11: 0000000000000246 R12: 00007f5a1c5a5fac [ 1251.981327][T22136] R13: 0000000000000000 R14: 00007ffcb09a4290 R15: 00007ffcb09a4378 [ 1251.981358][T22136] [ 1253.904408][T22161] FAULT_INJECTION: forcing a failure. [ 1253.904408][T22161] name failslab, interval 1, probability 0, space 0, times 0 [ 1253.940219][T22161] CPU: 1 UID: 0 PID: 22161 Comm: syz.0.3945 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1253.940254][T22161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1253.940269][T22161] Call Trace: [ 1253.940277][T22161] [ 1253.940287][T22161] dump_stack_lvl+0x16c/0x1f0 [ 1253.940330][T22161] should_fail_ex+0x50a/0x650 [ 1253.940359][T22161] ? fs_reclaim_acquire+0xae/0x150 [ 1253.940401][T22161] ? kobject_uevent_env+0x265/0x1670 [ 1253.940428][T22161] should_failslab+0xc2/0x120 [ 1253.940459][T22161] __kmalloc_cache_noprof+0x68/0x420 [ 1253.940482][T22161] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1253.940519][T22161] ? __pfx_lock_release+0x10/0x10 [ 1253.940554][T22161] kobject_uevent_env+0x265/0x1670 [ 1253.940582][T22161] ? __pfx_dev_uevent_name+0x10/0x10 [ 1253.940612][T22161] ? bus_to_subsys+0x12d/0x160 [ 1253.940653][T22161] device_add+0x10e0/0x1a70 [ 1253.940690][T22161] ? __pfx_device_add+0x10/0x10 [ 1253.940721][T22161] ? kfree+0x260/0x4d0 [ 1253.940757][T22161] device_create_groups_vargs+0x1f8/0x270 [ 1253.940796][T22161] device_create+0xe9/0x130 [ 1253.940830][T22161] ? __pfx_device_create+0x10/0x10 [ 1253.940870][T22161] ? rcu_is_watching+0x12/0xc0 [ 1253.940910][T22161] ? do_init_timer+0xc9/0x110 [ 1253.940937][T22161] ? ieee80211_roc_setup+0x136/0x270 [ 1253.940973][T22161] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1253.941009][T22161] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1253.941045][T22161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1253.941101][T22161] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1253.941161][T22161] hwsim_new_radio_nl+0xb42/0x12b0 [ 1253.941203][T22161] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1253.941252][T22161] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1253.941292][T22161] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1253.941340][T22161] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1253.941381][T22161] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1253.941418][T22161] ? trace_cap_capable+0x1a2/0x210 [ 1253.941465][T22161] ? bpf_lsm_capable+0x9/0x10 [ 1253.941495][T22161] ? security_capable+0x7e/0x260 [ 1253.941532][T22161] ? ns_capable+0xd7/0x110 [ 1253.941566][T22161] genl_rcv_msg+0x565/0x800 [ 1253.941593][T22161] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1253.941618][T22161] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1253.941669][T22161] netlink_rcv_skb+0x165/0x410 [ 1253.941704][T22161] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1253.941731][T22161] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1253.941779][T22161] ? down_read+0xc9/0x330 [ 1253.941804][T22161] ? __pfx_down_read+0x10/0x10 [ 1253.941829][T22161] ? netlink_deliver_tap+0x1ae/0xca0 [ 1253.941880][T22161] genl_rcv+0x28/0x40 [ 1253.941914][T22161] netlink_unicast+0x53c/0x7f0 [ 1253.941953][T22161] ? __pfx_netlink_unicast+0x10/0x10 [ 1253.941986][T22161] ? __phys_addr_symbol+0x30/0x80 [ 1253.942020][T22161] ? __check_object_size+0x488/0x710 [ 1253.942056][T22161] netlink_sendmsg+0x8b8/0xd70 [ 1253.942096][T22161] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1253.942144][T22161] ____sys_sendmsg+0x9ae/0xb40 [ 1253.942176][T22161] ? copy_msghdr_from_user+0x10b/0x160 [ 1253.942203][T22161] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1253.942252][T22161] ___sys_sendmsg+0x135/0x1e0 [ 1253.942281][T22161] ? __pfx____sys_sendmsg+0x10/0x10 [ 1253.942323][T22161] ? __pfx_lock_release+0x10/0x10 [ 1253.942351][T22161] ? trace_lock_acquire+0x14e/0x1f0 [ 1253.942387][T22161] ? __fget_files+0x206/0x3a0 [ 1253.942422][T22161] __sys_sendmsg+0x16e/0x220 [ 1253.942449][T22161] ? __pfx___sys_sendmsg+0x10/0x10 [ 1253.942474][T22161] ? __x64_sys_futex+0x1e1/0x4c0 [ 1253.942519][T22161] do_syscall_64+0xcd/0x250 [ 1253.942553][T22161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1253.942586][T22161] RIP: 0033:0x7fa5c058cde9 [ 1253.942605][T22161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1253.942629][T22161] RSP: 002b:00007fa5c13ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1253.942653][T22161] RAX: ffffffffffffffda RBX: 00007fa5c07a5fa0 RCX: 00007fa5c058cde9 [ 1253.942674][T22161] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1253.942690][T22161] RBP: 00007fa5c060e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1253.942705][T22161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1253.942721][T22161] R13: 0000000000000000 R14: 00007fa5c07a5fa0 R15: 00007ffd1decfa18 [ 1253.942753][T22161] [ 1259.066503][T22218] FAULT_INJECTION: forcing a failure. [ 1259.066503][T22218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1259.088162][T22218] CPU: 1 UID: 0 PID: 22218 Comm: syz.0.3958 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1259.088193][T22218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1259.088207][T22218] Call Trace: [ 1259.088214][T22218] [ 1259.088222][T22218] dump_stack_lvl+0x16c/0x1f0 [ 1259.088259][T22218] should_fail_ex+0x50a/0x650 [ 1259.088288][T22218] _copy_to_iter+0x29b/0x1400 [ 1259.088319][T22218] ? chacha_block_generic+0x181/0x260 [ 1259.088345][T22218] ? __pfx__copy_to_iter+0x10/0x10 [ 1259.088378][T22218] ? lockdep_hardirqs_on+0x7c/0x110 [ 1259.088408][T22218] ? crng_make_state+0x48e/0x6d0 [ 1259.088436][T22218] get_random_bytes_user+0x180/0x3c0 [ 1259.088462][T22218] ? __pfx_get_random_bytes_user+0x10/0x10 [ 1259.088491][T22218] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 1259.088535][T22218] ? import_ubuf+0x1b6/0x220 [ 1259.088564][T22218] __x64_sys_getrandom+0x184/0x290 [ 1259.088590][T22218] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 1259.088629][T22218] do_syscall_64+0xcd/0x250 [ 1259.088653][T22218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.088682][T22218] RIP: 0033:0x7fa5c058cde9 [ 1259.088701][T22218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1259.088723][T22218] RSP: 002b:00007fa5c13ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 1259.088744][T22218] RAX: ffffffffffffffda RBX: 00007fa5c07a5fa0 RCX: 00007fa5c058cde9 [ 1259.088759][T22218] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 1259.088772][T22218] RBP: 00007fa5c13ba090 R08: 0000000000000000 R09: 0000000000000000 [ 1259.088785][T22218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1259.088799][T22218] R13: 0000000000000000 R14: 00007fa5c07a5fa0 R15: 00007ffd1decfa18 [ 1259.088829][T22218] [ 1259.989270][T15635] Process accounting resumed [ 1260.069158][T15635] kernel write not supported for file /page_tables/current_user (pid: 15635 comm: syz-executor) [ 1260.823476][T21854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1260.842299][T21854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1260.850764][T21854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1260.863171][T21854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1260.871348][T21854] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1260.878911][T21854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1261.691634][T22236] chnl_net:caif_netlink_parms(): no params data found [ 1261.936283][T22236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1261.952871][T22236] bridge0: port 1(bridge_slave_0) entered disabled state [ 1261.960080][T22236] bridge_slave_0: entered allmulticast mode [ 1262.013939][T22236] bridge_slave_0: entered promiscuous mode [ 1262.043075][T22236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1262.050188][T22236] bridge0: port 2(bridge_slave_1) entered disabled state [ 1262.068921][T22236] bridge_slave_1: entered allmulticast mode [ 1262.085164][T22236] bridge_slave_1: entered promiscuous mode [ 1262.605600][T22236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1262.658021][T22236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1262.802101][T22236] team0: Port device team_slave_0 added [ 1262.830445][T22236] team0: Port device team_slave_1 added [ 1262.926602][ T5836] Bluetooth: hci2: command tx timeout [ 1262.965230][T22236] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1262.972192][T22236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.029121][T22236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1263.057892][T22236] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1263.072798][T22236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.150371][T22236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1263.301839][T22236] hsr_slave_0: entered promiscuous mode [ 1263.326256][T22236] hsr_slave_1: entered promiscuous mode [ 1263.342664][T22236] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1263.350337][T22236] Cannot create hsr debugfs directory [ 1264.992915][T22236] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1265.003637][ T5836] Bluetooth: hci2: command tx timeout [ 1265.018695][T22236] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1265.081067][T22236] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1265.128566][T22236] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1265.385212][T22236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1265.431863][T22236] 8021q: adding VLAN 0 to HW filter on device team0 [ 1265.469568][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1265.476754][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1265.572483][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1265.579662][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1265.744286][T22236] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1265.773284][T22236] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1265.891866][T22281] FAULT_INJECTION: forcing a failure. [ 1265.891866][T22281] name failslab, interval 1, probability 0, space 0, times 0 [ 1265.961349][T22281] CPU: 1 UID: 0 PID: 22281 Comm: syz.4.3968 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1265.961385][T22281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1265.961401][T22281] Call Trace: [ 1265.961409][T22281] [ 1265.961419][T22281] dump_stack_lvl+0x16c/0x1f0 [ 1265.961463][T22281] should_fail_ex+0x50a/0x650 [ 1265.961493][T22281] ? fs_reclaim_acquire+0xae/0x150 [ 1265.961533][T22281] should_failslab+0xc2/0x120 [ 1265.961562][T22281] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1265.961591][T22281] ? __kernfs_new_node+0xd3/0x890 [ 1265.961634][T22281] __kernfs_new_node+0xd3/0x890 [ 1265.961684][T22281] ? __pfx___kernfs_new_node+0x10/0x10 [ 1265.961723][T22281] ? __pfx_lock_release+0x10/0x10 [ 1265.961753][T22281] ? kernfs_add_one+0x39d/0x520 [ 1265.961790][T22281] ? up_write+0x1b2/0x520 [ 1265.961827][T22281] kernfs_new_node+0x186/0x240 [ 1265.961860][T22281] __kernfs_create_file+0x53/0x350 [ 1265.961896][T22281] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1265.961939][T22281] sysfs_merge_group+0x1b1/0x340 [ 1265.961964][T22281] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1265.961992][T22281] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1265.962021][T22281] ? bus_to_subsys+0x12d/0x160 [ 1265.962062][T22281] dpm_sysfs_add+0x237/0x280 [ 1265.962093][T22281] device_add+0x9a8/0x1a70 [ 1265.962130][T22281] ? __pfx_device_add+0x10/0x10 [ 1265.962160][T22281] ? kfree+0x260/0x4d0 [ 1265.962196][T22281] device_create_groups_vargs+0x1f8/0x270 [ 1265.962235][T22281] device_create+0xe9/0x130 [ 1265.962270][T22281] ? __pfx_device_create+0x10/0x10 [ 1265.962300][T22281] ? rcu_is_watching+0x12/0xc0 [ 1265.962337][T22281] ? do_init_timer+0xc9/0x110 [ 1265.962362][T22281] ? ieee80211_roc_setup+0x136/0x270 [ 1265.962405][T22281] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1265.962441][T22281] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1265.962478][T22281] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.962535][T22281] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1265.962585][T22281] hwsim_new_radio_nl+0xb42/0x12b0 [ 1265.962627][T22281] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1265.962682][T22281] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1265.962721][T22281] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1265.962764][T22281] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1265.962803][T22281] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1265.962840][T22281] ? trace_cap_capable+0x1a2/0x210 [ 1265.962883][T22281] ? bpf_lsm_capable+0x9/0x10 [ 1265.962913][T22281] ? security_capable+0x7e/0x260 [ 1265.962949][T22281] ? ns_capable+0xd7/0x110 [ 1265.962983][T22281] genl_rcv_msg+0x565/0x800 [ 1265.963011][T22281] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1265.963034][T22281] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1265.963080][T22281] netlink_rcv_skb+0x165/0x410 [ 1265.963114][T22281] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1265.963142][T22281] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1265.963190][T22281] ? down_read+0xc9/0x330 [ 1265.963215][T22281] ? __pfx_down_read+0x10/0x10 [ 1265.963241][T22281] ? netlink_deliver_tap+0x1ae/0xca0 [ 1265.963279][T22281] genl_rcv+0x28/0x40 [ 1265.963312][T22281] netlink_unicast+0x53c/0x7f0 [ 1265.963350][T22281] ? __pfx_netlink_unicast+0x10/0x10 [ 1265.963385][T22281] ? __phys_addr_symbol+0x30/0x80 [ 1265.963419][T22281] ? __check_object_size+0x488/0x710 [ 1265.963455][T22281] netlink_sendmsg+0x8b8/0xd70 [ 1265.963495][T22281] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1265.963542][T22281] ____sys_sendmsg+0x9ae/0xb40 [ 1265.963574][T22281] ? copy_msghdr_from_user+0x10b/0x160 [ 1265.963600][T22281] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1265.963649][T22281] ___sys_sendmsg+0x135/0x1e0 [ 1265.963686][T22281] ? __pfx____sys_sendmsg+0x10/0x10 [ 1265.963729][T22281] ? __pfx_lock_release+0x10/0x10 [ 1265.963758][T22281] ? trace_lock_acquire+0x14e/0x1f0 [ 1265.963795][T22281] ? __fget_files+0x206/0x3a0 [ 1265.963830][T22281] __sys_sendmsg+0x16e/0x220 [ 1265.963856][T22281] ? __pfx___sys_sendmsg+0x10/0x10 [ 1265.963882][T22281] ? __x64_sys_futex+0x1e1/0x4c0 [ 1265.963930][T22281] do_syscall_64+0xcd/0x250 [ 1265.963956][T22281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1265.963988][T22281] RIP: 0033:0x7fb9e738cde9 [ 1265.964007][T22281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1265.964030][T22281] RSP: 002b:00007fb9e8230038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1265.964053][T22281] RAX: ffffffffffffffda RBX: 00007fb9e75a5fa0 RCX: 00007fb9e738cde9 [ 1265.964071][T22281] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1265.964086][T22281] RBP: 00007fb9e740e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1265.964101][T22281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1265.964114][T22281] R13: 0000000000000000 R14: 00007fb9e75a5fa0 R15: 00007ffc0bfcd368 [ 1265.964147][T22281] [ 1267.082925][ T5836] Bluetooth: hci2: command tx timeout [ 1267.234632][T22236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1268.977403][T22236] veth0_vlan: entered promiscuous mode [ 1269.017509][T22236] veth1_vlan: entered promiscuous mode [ 1269.163010][ T5836] Bluetooth: hci2: command tx timeout [ 1269.245291][T22236] veth0_macvtap: entered promiscuous mode [ 1269.271010][T22236] veth1_macvtap: entered promiscuous mode [ 1269.331044][T22236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1269.375735][T22236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.411433][T22236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1269.450953][T22236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.490524][T22236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1269.527353][T22236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1269.567336][T22236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.614381][T22236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1269.647298][T22236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.677151][T22236] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1269.746491][T22236] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.782211][T22236] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.827086][T22236] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.862662][T22236] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1270.326022][ T9475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1270.346091][ T9475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1270.618016][T10599] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1270.654012][T10599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1273.276221][T22345] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1273.302978][T22345] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1273.345325][T22345] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1273.353398][T22345] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1273.400587][T22345] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1273.462948][T22345] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1273.626638][T22345] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1273.753686][T22345] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1273.759719][T22345] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1273.916748][T22345] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1273.958759][T22359] FAULT_INJECTION: forcing a failure. [ 1273.958759][T22359] name failslab, interval 1, probability 0, space 0, times 0 [ 1274.012891][T22359] CPU: 0 UID: 0 PID: 22359 Comm: syz.6.3982 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1274.012928][T22359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1274.012943][T22359] Call Trace: [ 1274.012952][T22359] [ 1274.012962][T22359] dump_stack_lvl+0x16c/0x1f0 [ 1274.013005][T22359] should_fail_ex+0x50a/0x650 [ 1274.013034][T22359] ? fs_reclaim_acquire+0xae/0x150 [ 1274.013077][T22359] should_failslab+0xc2/0x120 [ 1274.013107][T22359] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1274.013138][T22359] ? __kernfs_new_node+0xd3/0x890 [ 1274.013181][T22359] __kernfs_new_node+0xd3/0x890 [ 1274.013221][T22359] ? __pfx___kernfs_new_node+0x10/0x10 [ 1274.013257][T22359] ? __pfx_lock_release+0x10/0x10 [ 1274.013286][T22359] ? kernfs_add_one+0x39d/0x520 [ 1274.013324][T22359] ? up_write+0x1b2/0x520 [ 1274.013360][T22359] kernfs_new_node+0x186/0x240 [ 1274.013393][T22359] __kernfs_create_file+0x53/0x350 [ 1274.013428][T22359] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1274.013472][T22359] sysfs_merge_group+0x1b1/0x340 [ 1274.013497][T22359] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1274.013526][T22359] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1274.013556][T22359] ? bus_to_subsys+0x12d/0x160 [ 1274.013596][T22359] dpm_sysfs_add+0x237/0x280 [ 1274.013627][T22359] device_add+0x9a8/0x1a70 [ 1274.013672][T22359] ? __pfx_device_add+0x10/0x10 [ 1274.013703][T22359] ? kfree+0x260/0x4d0 [ 1274.013740][T22359] device_create_groups_vargs+0x1f8/0x270 [ 1274.013782][T22359] device_create+0xe9/0x130 [ 1274.013818][T22359] ? __pfx_device_create+0x10/0x10 [ 1274.013850][T22359] ? rcu_is_watching+0x12/0xc0 [ 1274.013888][T22359] ? do_init_timer+0xc9/0x110 [ 1274.013913][T22359] ? ieee80211_roc_setup+0x136/0x270 [ 1274.013951][T22359] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1274.013985][T22359] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1274.014021][T22359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1274.014078][T22359] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1274.014128][T22359] hwsim_new_radio_nl+0xb42/0x12b0 [ 1274.014168][T22359] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1274.014219][T22359] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1274.014253][T22359] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1274.014294][T22359] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1274.014332][T22359] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1274.014368][T22359] ? trace_cap_capable+0x1a2/0x210 [ 1274.014413][T22359] ? bpf_lsm_capable+0x9/0x10 [ 1274.014444][T22359] ? security_capable+0x7e/0x260 [ 1274.014480][T22359] ? ns_capable+0xd7/0x110 [ 1274.014513][T22359] genl_rcv_msg+0x565/0x800 [ 1274.014541][T22359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1274.014565][T22359] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1274.014629][T22359] netlink_rcv_skb+0x165/0x410 [ 1274.014673][T22359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1274.014701][T22359] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1274.014751][T22359] ? down_read+0xc9/0x330 [ 1274.014777][T22359] ? __pfx_down_read+0x10/0x10 [ 1274.014803][T22359] ? netlink_deliver_tap+0x1ae/0xca0 [ 1274.014843][T22359] genl_rcv+0x28/0x40 [ 1274.014877][T22359] netlink_unicast+0x53c/0x7f0 [ 1274.014915][T22359] ? __pfx_netlink_unicast+0x10/0x10 [ 1274.014950][T22359] ? __phys_addr_symbol+0x30/0x80 [ 1274.014985][T22359] ? __check_object_size+0x488/0x710 [ 1274.015021][T22359] netlink_sendmsg+0x8b8/0xd70 [ 1274.015061][T22359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1274.015108][T22359] ____sys_sendmsg+0x9ae/0xb40 [ 1274.015140][T22359] ? copy_msghdr_from_user+0x10b/0x160 [ 1274.015166][T22359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1274.015214][T22359] ___sys_sendmsg+0x135/0x1e0 [ 1274.015242][T22359] ? __pfx____sys_sendmsg+0x10/0x10 [ 1274.015282][T22359] ? __pfx_lock_release+0x10/0x10 [ 1274.015310][T22359] ? trace_lock_acquire+0x14e/0x1f0 [ 1274.015346][T22359] ? __fget_files+0x206/0x3a0 [ 1274.015380][T22359] __sys_sendmsg+0x16e/0x220 [ 1274.015407][T22359] ? __pfx___sys_sendmsg+0x10/0x10 [ 1274.015433][T22359] ? __x64_sys_futex+0x1e1/0x4c0 [ 1274.015480][T22359] do_syscall_64+0xcd/0x250 [ 1274.015506][T22359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1274.015538][T22359] RIP: 0033:0x7f818998cde9 [ 1274.015558][T22359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1274.015582][T22359] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1274.015604][T22359] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1274.015621][T22359] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1274.015636][T22359] RBP: 00007f8189a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1274.015658][T22359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1274.015673][T22359] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1274.015707][T22359] [ 1274.683117][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 1275.168357][T22372] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3986'. [ 1275.323088][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 1275.404165][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 1275.405789][T21854] Bluetooth: hci5: command 0x0406 tx timeout [ 1275.410192][T21049] Bluetooth: hci4: command 0x0c1a tx timeout [ 1275.805813][T21049] Bluetooth: hci2: command 0x0c1a tx timeout [ 1277.482759][T21049] Bluetooth: hci0: command 0x0c1a tx timeout [ 1277.898849][T21049] Bluetooth: hci2: command 0x0c1a tx timeout [ 1278.057558][T22400] FAULT_INJECTION: forcing a failure. [ 1278.057558][T22400] name failslab, interval 1, probability 0, space 0, times 0 [ 1278.122943][T22400] CPU: 1 UID: 0 PID: 22400 Comm: syz.6.3992 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1278.122977][T22400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1278.122992][T22400] Call Trace: [ 1278.123000][T22400] [ 1278.123010][T22400] dump_stack_lvl+0x16c/0x1f0 [ 1278.123050][T22400] should_fail_ex+0x50a/0x650 [ 1278.123079][T22400] ? fs_reclaim_acquire+0xae/0x150 [ 1278.123121][T22400] should_failslab+0xc2/0x120 [ 1278.123154][T22400] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1278.123183][T22400] ? __kernfs_new_node+0xd3/0x890 [ 1278.123225][T22400] __kernfs_new_node+0xd3/0x890 [ 1278.123265][T22400] ? __pfx___kernfs_new_node+0x10/0x10 [ 1278.123300][T22400] ? __pfx_lock_release+0x10/0x10 [ 1278.123340][T22400] ? kernfs_add_one+0x39d/0x520 [ 1278.123378][T22400] ? up_write+0x1b2/0x520 [ 1278.123414][T22400] kernfs_new_node+0x186/0x240 [ 1278.123447][T22400] __kernfs_create_file+0x53/0x350 [ 1278.123481][T22400] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1278.123525][T22400] sysfs_merge_group+0x1b1/0x340 [ 1278.123550][T22400] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1278.123577][T22400] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1278.123606][T22400] ? bus_to_subsys+0x12d/0x160 [ 1278.123645][T22400] dpm_sysfs_add+0x237/0x280 [ 1278.123677][T22400] device_add+0x9a8/0x1a70 [ 1278.123712][T22400] ? __pfx_device_add+0x10/0x10 [ 1278.123741][T22400] ? kfree+0x260/0x4d0 [ 1278.123776][T22400] device_create_groups_vargs+0x1f8/0x270 [ 1278.123815][T22400] device_create+0xe9/0x130 [ 1278.123848][T22400] ? __pfx_device_create+0x10/0x10 [ 1278.123878][T22400] ? rcu_is_watching+0x12/0xc0 [ 1278.123915][T22400] ? do_init_timer+0xc9/0x110 [ 1278.123941][T22400] ? ieee80211_roc_setup+0x136/0x270 [ 1278.123977][T22400] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1278.124011][T22400] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1278.124047][T22400] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.124102][T22400] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1278.124150][T22400] hwsim_new_radio_nl+0xb42/0x12b0 [ 1278.124193][T22400] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1278.124243][T22400] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1278.124282][T22400] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1278.124337][T22400] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1278.124381][T22400] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1278.124419][T22400] ? trace_cap_capable+0x1a2/0x210 [ 1278.124465][T22400] ? bpf_lsm_capable+0x9/0x10 [ 1278.124496][T22400] ? security_capable+0x7e/0x260 [ 1278.124537][T22400] ? ns_capable+0xd7/0x110 [ 1278.124570][T22400] genl_rcv_msg+0x565/0x800 [ 1278.124597][T22400] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1278.124622][T22400] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1278.124670][T22400] netlink_rcv_skb+0x165/0x410 [ 1278.124704][T22400] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1278.124731][T22400] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1278.124781][T22400] ? down_read+0xc9/0x330 [ 1278.124805][T22400] ? __pfx_down_read+0x10/0x10 [ 1278.124830][T22400] ? netlink_deliver_tap+0x1ae/0xca0 [ 1278.124868][T22400] genl_rcv+0x28/0x40 [ 1278.124900][T22400] netlink_unicast+0x53c/0x7f0 [ 1278.124938][T22400] ? __pfx_netlink_unicast+0x10/0x10 [ 1278.124972][T22400] ? __phys_addr_symbol+0x30/0x80 [ 1278.125007][T22400] ? __check_object_size+0x488/0x710 [ 1278.125042][T22400] netlink_sendmsg+0x8b8/0xd70 [ 1278.125082][T22400] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1278.125129][T22400] ____sys_sendmsg+0x9ae/0xb40 [ 1278.125161][T22400] ? copy_msghdr_from_user+0x10b/0x160 [ 1278.125187][T22400] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1278.125237][T22400] ___sys_sendmsg+0x135/0x1e0 [ 1278.125265][T22400] ? __pfx____sys_sendmsg+0x10/0x10 [ 1278.125305][T22400] ? __pfx_lock_release+0x10/0x10 [ 1278.125343][T22400] ? trace_lock_acquire+0x14e/0x1f0 [ 1278.125379][T22400] ? __fget_files+0x206/0x3a0 [ 1278.125414][T22400] __sys_sendmsg+0x16e/0x220 [ 1278.125441][T22400] ? __pfx___sys_sendmsg+0x10/0x10 [ 1278.125466][T22400] ? __x64_sys_futex+0x1e1/0x4c0 [ 1278.125513][T22400] do_syscall_64+0xcd/0x250 [ 1278.125540][T22400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.125572][T22400] RIP: 0033:0x7f818998cde9 [ 1278.125593][T22400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1278.125616][T22400] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1278.125640][T22400] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1278.125658][T22400] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1278.125674][T22400] RBP: 00007f8189a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1278.125690][T22400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1278.125705][T22400] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1278.125738][T22400] [ 1278.595289][ C1] vkms_vblank_simulate: vblank timer overrun [ 1279.512812][T22405] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3993'. [ 1279.562811][T21049] Bluetooth: hci0: command 0x0c1a tx timeout [ 1279.964933][T21049] Bluetooth: hci2: command 0x0c1a tx timeout [ 1280.104518][T22423] FAULT_INJECTION: forcing a failure. [ 1280.104518][T22423] name failslab, interval 1, probability 0, space 0, times 0 [ 1280.237773][T22423] CPU: 0 UID: 0 PID: 22423 Comm: syz.4.4005 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1280.237809][T22423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1280.237825][T22423] Call Trace: [ 1280.237833][T22423] [ 1280.237844][T22423] dump_stack_lvl+0x16c/0x1f0 [ 1280.237888][T22423] should_fail_ex+0x50a/0x650 [ 1280.237917][T22423] ? fs_reclaim_acquire+0xae/0x150 [ 1280.237959][T22423] should_failslab+0xc2/0x120 [ 1280.237990][T22423] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1280.238020][T22423] ? __kernfs_new_node+0xd3/0x890 [ 1280.238061][T22423] __kernfs_new_node+0xd3/0x890 [ 1280.238102][T22423] ? __pfx___kernfs_new_node+0x10/0x10 [ 1280.238138][T22423] ? __pfx_lock_release+0x10/0x10 [ 1280.238167][T22423] ? kernfs_add_one+0x39d/0x520 [ 1280.238204][T22423] ? up_write+0x1b2/0x520 [ 1280.238241][T22423] kernfs_new_node+0x186/0x240 [ 1280.238274][T22423] __kernfs_create_file+0x53/0x350 [ 1280.238316][T22423] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1280.238362][T22423] sysfs_merge_group+0x1b1/0x340 [ 1280.238387][T22423] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1280.238417][T22423] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1280.238448][T22423] ? bus_to_subsys+0x12d/0x160 [ 1280.238487][T22423] dpm_sysfs_add+0x237/0x280 [ 1280.238518][T22423] device_add+0x9a8/0x1a70 [ 1280.238554][T22423] ? __pfx_device_add+0x10/0x10 [ 1280.238584][T22423] ? kfree+0x260/0x4d0 [ 1280.238620][T22423] device_create_groups_vargs+0x1f8/0x270 [ 1280.238659][T22423] device_create+0xe9/0x130 [ 1280.238694][T22423] ? __pfx_device_create+0x10/0x10 [ 1280.238725][T22423] ? rcu_is_watching+0x12/0xc0 [ 1280.238762][T22423] ? do_init_timer+0xc9/0x110 [ 1280.238788][T22423] ? ieee80211_roc_setup+0x136/0x270 [ 1280.238825][T22423] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1280.238860][T22423] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1280.238897][T22423] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1280.238954][T22423] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1280.239004][T22423] hwsim_new_radio_nl+0xb42/0x12b0 [ 1280.239047][T22423] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1280.239094][T22423] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1280.239135][T22423] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1280.239182][T22423] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1280.239223][T22423] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1280.239261][T22423] ? trace_cap_capable+0x1a2/0x210 [ 1280.239332][T22423] ? bpf_lsm_capable+0x9/0x10 [ 1280.239365][T22423] ? security_capable+0x7e/0x260 [ 1280.239402][T22423] ? ns_capable+0xd7/0x110 [ 1280.239436][T22423] genl_rcv_msg+0x565/0x800 [ 1280.239464][T22423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1280.239489][T22423] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1280.239539][T22423] netlink_rcv_skb+0x165/0x410 [ 1280.239574][T22423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1280.239601][T22423] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1280.239651][T22423] ? down_read+0xc9/0x330 [ 1280.239675][T22423] ? __pfx_down_read+0x10/0x10 [ 1280.239701][T22423] ? netlink_deliver_tap+0x1ae/0xca0 [ 1280.239745][T22423] genl_rcv+0x28/0x40 [ 1280.239789][T22423] netlink_unicast+0x53c/0x7f0 [ 1280.239833][T22423] ? __pfx_netlink_unicast+0x10/0x10 [ 1280.239873][T22423] ? __phys_addr_symbol+0x30/0x80 [ 1280.239909][T22423] ? __check_object_size+0x488/0x710 [ 1280.239945][T22423] netlink_sendmsg+0x8b8/0xd70 [ 1280.239985][T22423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1280.240033][T22423] ____sys_sendmsg+0x9ae/0xb40 [ 1280.240065][T22423] ? copy_msghdr_from_user+0x10b/0x160 [ 1280.240091][T22423] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1280.240140][T22423] ___sys_sendmsg+0x135/0x1e0 [ 1280.240170][T22423] ? __pfx____sys_sendmsg+0x10/0x10 [ 1280.240210][T22423] ? __pfx_lock_release+0x10/0x10 [ 1280.240238][T22423] ? trace_lock_acquire+0x14e/0x1f0 [ 1280.240274][T22423] ? __fget_files+0x206/0x3a0 [ 1280.240315][T22423] __sys_sendmsg+0x16e/0x220 [ 1280.240343][T22423] ? __pfx___sys_sendmsg+0x10/0x10 [ 1280.240370][T22423] ? __x64_sys_futex+0x1e1/0x4c0 [ 1280.240419][T22423] do_syscall_64+0xcd/0x250 [ 1280.240446][T22423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1280.240479][T22423] RIP: 0033:0x7fb9e738cde9 [ 1280.240499][T22423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1280.240522][T22423] RSP: 002b:00007fb9e8230038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1280.240547][T22423] RAX: ffffffffffffffda RBX: 00007fb9e75a5fa0 RCX: 00007fb9e738cde9 [ 1280.240563][T22423] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1280.240578][T22423] RBP: 00007fb9e740e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1280.240593][T22423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1280.240608][T22423] R13: 0000000000000000 R14: 00007fb9e75a5fa0 R15: 00007ffc0bfcd368 [ 1280.240642][T22423] [ 1282.799462][T22450] FAULT_INJECTION: forcing a failure. [ 1282.799462][T22450] name failslab, interval 1, probability 0, space 0, times 0 [ 1282.892787][T22450] CPU: 0 UID: 0 PID: 22450 Comm: syz.6.4003 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1282.892825][T22450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1282.892841][T22450] Call Trace: [ 1282.892849][T22450] [ 1282.892860][T22450] dump_stack_lvl+0x16c/0x1f0 [ 1282.892905][T22450] should_fail_ex+0x50a/0x650 [ 1282.892935][T22450] ? fs_reclaim_acquire+0xae/0x150 [ 1282.892976][T22450] should_failslab+0xc2/0x120 [ 1282.893013][T22450] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1282.893044][T22450] ? __kernfs_new_node+0xd3/0x890 [ 1282.893089][T22450] __kernfs_new_node+0xd3/0x890 [ 1282.893129][T22450] ? __pfx___kernfs_new_node+0x10/0x10 [ 1282.893165][T22450] ? __pfx_lock_release+0x10/0x10 [ 1282.893194][T22450] ? kernfs_add_one+0x39d/0x520 [ 1282.893232][T22450] ? up_write+0x1b2/0x520 [ 1282.893268][T22450] kernfs_new_node+0x186/0x240 [ 1282.893301][T22450] __kernfs_create_file+0x53/0x350 [ 1282.893336][T22450] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1282.893379][T22450] sysfs_merge_group+0x1b1/0x340 [ 1282.893405][T22450] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1282.893433][T22450] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1282.893463][T22450] ? bus_to_subsys+0x12d/0x160 [ 1282.893503][T22450] dpm_sysfs_add+0x237/0x280 [ 1282.893533][T22450] device_add+0x9a8/0x1a70 [ 1282.893573][T22450] ? __pfx_device_add+0x10/0x10 [ 1282.893603][T22450] ? kfree+0x260/0x4d0 [ 1282.893640][T22450] device_create_groups_vargs+0x1f8/0x270 [ 1282.893680][T22450] device_create+0xe9/0x130 [ 1282.893714][T22450] ? __pfx_device_create+0x10/0x10 [ 1282.893745][T22450] ? rcu_is_watching+0x12/0xc0 [ 1282.893797][T22450] ? do_init_timer+0xc9/0x110 [ 1282.893824][T22450] ? ieee80211_roc_setup+0x136/0x270 [ 1282.893861][T22450] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1282.893895][T22450] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1282.893931][T22450] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.893988][T22450] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1282.894042][T22450] hwsim_new_radio_nl+0xb42/0x12b0 [ 1282.894082][T22450] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1282.894132][T22450] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1282.894172][T22450] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1282.894219][T22450] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1282.894260][T22450] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1282.894296][T22450] ? trace_cap_capable+0x1a2/0x210 [ 1282.894342][T22450] ? bpf_lsm_capable+0x9/0x10 [ 1282.894373][T22450] ? security_capable+0x7e/0x260 [ 1282.894410][T22450] ? ns_capable+0xd7/0x110 [ 1282.894442][T22450] genl_rcv_msg+0x565/0x800 [ 1282.894471][T22450] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1282.894496][T22450] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1282.894545][T22450] netlink_rcv_skb+0x165/0x410 [ 1282.894580][T22450] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1282.894606][T22450] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1282.894655][T22450] ? down_read+0xc9/0x330 [ 1282.894679][T22450] ? __pfx_down_read+0x10/0x10 [ 1282.894705][T22450] ? netlink_deliver_tap+0x1ae/0xca0 [ 1282.894743][T22450] genl_rcv+0x28/0x40 [ 1282.894777][T22450] netlink_unicast+0x53c/0x7f0 [ 1282.894815][T22450] ? __pfx_netlink_unicast+0x10/0x10 [ 1282.894851][T22450] ? __phys_addr_symbol+0x30/0x80 [ 1282.894886][T22450] ? __check_object_size+0x488/0x710 [ 1282.894922][T22450] netlink_sendmsg+0x8b8/0xd70 [ 1282.894961][T22450] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1282.895014][T22450] ____sys_sendmsg+0x9ae/0xb40 [ 1282.895048][T22450] ? copy_msghdr_from_user+0x10b/0x160 [ 1282.895075][T22450] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1282.895126][T22450] ___sys_sendmsg+0x135/0x1e0 [ 1282.895155][T22450] ? __pfx____sys_sendmsg+0x10/0x10 [ 1282.895196][T22450] ? __pfx_lock_release+0x10/0x10 [ 1282.895223][T22450] ? trace_lock_acquire+0x14e/0x1f0 [ 1282.895260][T22450] ? __fget_files+0x206/0x3a0 [ 1282.895295][T22450] __sys_sendmsg+0x16e/0x220 [ 1282.895322][T22450] ? __pfx___sys_sendmsg+0x10/0x10 [ 1282.895348][T22450] ? __x64_sys_futex+0x1e1/0x4c0 [ 1282.895395][T22450] do_syscall_64+0xcd/0x250 [ 1282.895421][T22450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.895454][T22450] RIP: 0033:0x7f818998cde9 [ 1282.895475][T22450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1282.895499][T22450] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1282.895524][T22450] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1282.895541][T22450] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000007 [ 1282.895557][T22450] RBP: 00007f8189a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1282.895573][T22450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1282.895588][T22450] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1282.895622][T22450] [ 1284.189799][T22458] Invalid ELF header magic: != ELF [ 1284.463521][T22463] FAULT_INJECTION: forcing a failure. [ 1284.463521][T22463] name failslab, interval 1, probability 0, space 0, times 0 [ 1284.511587][T22463] CPU: 0 UID: 0 PID: 22463 Comm: syz.6.4007 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1284.511626][T22463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1284.511638][T22463] Call Trace: [ 1284.511645][T22463] [ 1284.511654][T22463] dump_stack_lvl+0x16c/0x1f0 [ 1284.511689][T22463] should_fail_ex+0x50a/0x650 [ 1284.511715][T22463] ? fs_reclaim_acquire+0xae/0x150 [ 1284.511752][T22463] should_failslab+0xc2/0x120 [ 1284.511779][T22463] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1284.511803][T22463] ? trace_cap_capable+0x1a2/0x210 [ 1284.511836][T22463] ? create_new_namespaces+0x30/0xad0 [ 1284.511870][T22463] create_new_namespaces+0x30/0xad0 [ 1284.511897][T22463] ? bpf_lsm_capable+0x9/0x10 [ 1284.511924][T22463] ? security_capable+0x7e/0x260 [ 1284.511959][T22463] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1284.511993][T22463] ksys_unshare+0x45d/0xa40 [ 1284.512023][T22463] ? __pfx_ksys_unshare+0x10/0x10 [ 1284.512056][T22463] ? ksys_write+0x1ba/0x250 [ 1284.512088][T22463] __x64_sys_unshare+0x31/0x40 [ 1284.512120][T22463] do_syscall_64+0xcd/0x250 [ 1284.512143][T22463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1284.512171][T22463] RIP: 0033:0x7f818998cde9 [ 1284.512189][T22463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1284.512210][T22463] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1284.512232][T22463] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1284.512247][T22463] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1284.512260][T22463] RBP: 00007f81877f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1284.512274][T22463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1284.512287][T22463] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1284.512317][T22463] [ 1287.974254][T22474] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4012'. [ 1288.542578][T22475] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4018'. [ 1289.145117][T22497] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4014'. [ 1289.553901][T22497] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1289.622789][T22497] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1289.694210][T22497] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1289.710152][T22497] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1289.938387][T22506] FAULT_INJECTION: forcing a failure. [ 1289.938387][T22506] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1290.045547][T22506] CPU: 1 UID: 0 PID: 22506 Comm: syz.0.4016 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1290.045581][T22506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1290.045595][T22506] Call Trace: [ 1290.045602][T22506] [ 1290.045612][T22506] dump_stack_lvl+0x16c/0x1f0 [ 1290.045652][T22506] should_fail_ex+0x50a/0x650 [ 1290.045685][T22506] _copy_from_user+0x2e/0xd0 [ 1290.045717][T22506] copy_msghdr_from_user+0x99/0x160 [ 1290.045743][T22506] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1290.045766][T22506] ? __lock_acquire+0xcc5/0x3c40 [ 1290.045808][T22506] ___sys_sendmsg+0xff/0x1e0 [ 1290.045835][T22506] ? __pfx____sys_sendmsg+0x10/0x10 [ 1290.045874][T22506] ? trace_lock_acquire+0x14e/0x1f0 [ 1290.045918][T22506] __sys_sendmmsg+0x201/0x420 [ 1290.045947][T22506] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1290.045983][T22506] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1290.046030][T22506] ? fput+0x67/0x440 [ 1290.046066][T22506] ? ksys_write+0x1ba/0x250 [ 1290.046089][T22506] ? __pfx_ksys_write+0x10/0x10 [ 1290.046118][T22506] __x64_sys_sendmmsg+0x9c/0x100 [ 1290.046143][T22506] ? lockdep_hardirqs_on+0x7c/0x110 [ 1290.046175][T22506] do_syscall_64+0xcd/0x250 [ 1290.046200][T22506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1290.046230][T22506] RIP: 0033:0x7fa5c058cde9 [ 1290.046248][T22506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1290.046271][T22506] RSP: 002b:00007fa5c1378038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1290.046293][T22506] RAX: ffffffffffffffda RBX: 00007fa5c07a6160 RCX: 00007fa5c058cde9 [ 1290.046309][T22506] RDX: 0000000000000007 RSI: 0000400000000200 RDI: 000000000000000b [ 1290.046323][T22506] RBP: 00007fa5c1378090 R08: 0000000000000000 R09: 0000000000000000 [ 1290.046338][T22506] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 1290.046352][T22506] R13: 0000000000000000 R14: 00007fa5c07a6160 R15: 00007ffd1decfa18 [ 1290.046382][T22506] [ 1291.058324][T22515] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4019'. [ 1292.204889][T22533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4021'. [ 1293.017725][T22540] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4023'. [ 1293.331084][T22549] FAULT_INJECTION: forcing a failure. [ 1293.331084][T22549] name failslab, interval 1, probability 0, space 0, times 0 [ 1293.362884][T22549] CPU: 0 UID: 0 PID: 22549 Comm: syz.5.4027 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1293.362916][T22549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1293.362929][T22549] Call Trace: [ 1293.362937][T22549] [ 1293.362946][T22549] dump_stack_lvl+0x16c/0x1f0 [ 1293.362985][T22549] should_fail_ex+0x50a/0x650 [ 1293.363012][T22549] ? fs_reclaim_acquire+0xae/0x150 [ 1293.363047][T22549] should_failslab+0xc2/0x120 [ 1293.363073][T22549] __kmalloc_noprof+0xce/0x4f0 [ 1293.363093][T22549] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1293.363115][T22549] ? tomoyo_realpath_from_path+0xbf/0x710 [ 1293.363143][T22549] tomoyo_realpath_from_path+0xbf/0x710 [ 1293.363166][T22549] ? tomoyo_path_number_perm+0x235/0x5b0 [ 1293.363189][T22549] tomoyo_path_number_perm+0x248/0x5b0 [ 1293.363206][T22549] ? tomoyo_path_number_perm+0x235/0x5b0 [ 1293.363229][T22549] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1293.363271][T22549] ? __pfx_lock_release+0x10/0x10 [ 1293.363291][T22549] ? trace_lock_acquire+0x14e/0x1f0 [ 1293.363313][T22549] ? lock_acquire+0x2f/0xb0 [ 1293.363335][T22549] ? __fget_files+0x40/0x3a0 [ 1293.363359][T22549] ? __fget_files+0x206/0x3a0 [ 1293.363386][T22549] security_file_ioctl+0x9b/0x240 [ 1293.363410][T22549] __x64_sys_ioctl+0xb7/0x200 [ 1293.363441][T22549] do_syscall_64+0xcd/0x250 [ 1293.363464][T22549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1293.363493][T22549] RIP: 0033:0x7f5a1c38cde9 [ 1293.363511][T22549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1293.363532][T22549] RSP: 002b:00007f5a1a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1293.363553][T22549] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa0 RCX: 00007f5a1c38cde9 [ 1293.363568][T22549] RDX: 0000000000000005 RSI: 00000000401070cd RDI: 0000000000000003 [ 1293.363582][T22549] RBP: 00007f5a1a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1293.363597][T22549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1293.363610][T22549] R13: 0000000000000000 R14: 00007f5a1c5a5fa0 R15: 00007ffcb09a4378 [ 1293.363642][T22549] [ 1293.363652][T22549] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1294.176708][T22565] FAULT_INJECTION: forcing a failure. [ 1294.176708][T22565] name failslab, interval 1, probability 0, space 0, times 0 [ 1294.215194][T22565] CPU: 1 UID: 0 PID: 22565 Comm: syz.4.4031 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1294.215227][T22565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1294.215240][T22565] Call Trace: [ 1294.215247][T22565] [ 1294.215257][T22565] dump_stack_lvl+0x16c/0x1f0 [ 1294.215297][T22565] should_fail_ex+0x50a/0x650 [ 1294.215325][T22565] ? fs_reclaim_acquire+0xae/0x150 [ 1294.215363][T22565] should_failslab+0xc2/0x120 [ 1294.215392][T22565] __kmalloc_node_noprof+0xd1/0x520 [ 1294.215420][T22565] ? aa_file_perm+0x4c6/0xfe0 [ 1294.215445][T22565] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 1294.215475][T22565] __kvmalloc_node_noprof+0xad/0x1a0 [ 1294.215501][T22565] seq_read_iter+0x82a/0x12b0 [ 1294.215537][T22565] ? aa_file_perm+0x4d5/0xfe0 [ 1294.215573][T22565] seq_read+0x39f/0x4e0 [ 1294.215606][T22565] ? __pfx_seq_read+0x10/0x10 [ 1294.215659][T22565] ? __pfx_seq_read+0x10/0x10 [ 1294.215689][T22565] proc_reg_read+0x23d/0x330 [ 1294.215714][T22565] ? __pfx_proc_reg_read+0x10/0x10 [ 1294.215739][T22565] vfs_read+0x1df/0xbf0 [ 1294.215763][T22565] ? __fget_files+0x1fc/0x3a0 [ 1294.215787][T22565] ? __pfx___mutex_lock+0x10/0x10 [ 1294.215820][T22565] ? __pfx_vfs_read+0x10/0x10 [ 1294.215859][T22565] ? __fget_files+0x206/0x3a0 [ 1294.215894][T22565] ksys_read+0x12b/0x250 [ 1294.215916][T22565] ? __pfx_ksys_read+0x10/0x10 [ 1294.215956][T22565] do_syscall_64+0xcd/0x250 [ 1294.215982][T22565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1294.216013][T22565] RIP: 0033:0x7fb9e738cde9 [ 1294.216031][T22565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1294.216053][T22565] RSP: 002b:00007fb9e8230038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1294.216074][T22565] RAX: ffffffffffffffda RBX: 00007fb9e75a5fa0 RCX: 00007fb9e738cde9 [ 1294.216089][T22565] RDX: 0000000000001000 RSI: 0000400000000040 RDI: 0000000000000003 [ 1294.216103][T22565] RBP: 00007fb9e8230090 R08: 0000000000000000 R09: 0000000000000000 [ 1294.216117][T22565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1294.216130][T22565] R13: 0000000000000000 R14: 00007fb9e75a5fa0 R15: 00007ffc0bfcd368 [ 1294.216163][T22565] [ 1294.779556][T22579] FAULT_INJECTION: forcing a failure. [ 1294.779556][T22579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1294.812951][T22579] CPU: 0 UID: 0 PID: 22579 Comm: syz.0.4035 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1294.812989][T22579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1294.813005][T22579] Call Trace: [ 1294.813014][T22579] [ 1294.813024][T22579] dump_stack_lvl+0x16c/0x1f0 [ 1294.813071][T22579] should_fail_ex+0x50a/0x650 [ 1294.813108][T22579] _copy_from_iter+0x29b/0x1400 [ 1294.813146][T22579] ? trace_lock_acquire+0x14e/0x1f0 [ 1294.813174][T22579] ? __alloc_skb+0x200/0x380 [ 1294.813203][T22579] ? __pfx__copy_from_iter+0x10/0x10 [ 1294.813238][T22579] ? __virt_addr_valid+0x1a4/0x590 [ 1294.813268][T22579] ? __virt_addr_valid+0x5e/0x590 [ 1294.813293][T22579] ? __phys_addr_symbol+0x30/0x80 [ 1294.813333][T22579] ? __check_object_size+0x488/0x710 [ 1294.813372][T22579] netlink_sendmsg+0x813/0xd70 [ 1294.813415][T22579] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1294.813465][T22579] ____sys_sendmsg+0x9ae/0xb40 [ 1294.813500][T22579] ? copy_msghdr_from_user+0x10b/0x160 [ 1294.813527][T22579] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1294.813573][T22579] ___sys_sendmsg+0x135/0x1e0 [ 1294.813602][T22579] ? __pfx____sys_sendmsg+0x10/0x10 [ 1294.813654][T22579] ? __pfx_lock_release+0x10/0x10 [ 1294.813684][T22579] ? trace_lock_acquire+0x14e/0x1f0 [ 1294.813719][T22579] ? __fget_files+0x206/0x3a0 [ 1294.813755][T22579] __sys_sendmsg+0x16e/0x220 [ 1294.813782][T22579] ? __pfx___sys_sendmsg+0x10/0x10 [ 1294.813810][T22579] ? __x64_sys_futex+0x1e1/0x4c0 [ 1294.813855][T22579] do_syscall_64+0xcd/0x250 [ 1294.813883][T22579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1294.813920][T22579] RIP: 0033:0x7fa5c058cde9 [ 1294.813941][T22579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1294.813965][T22579] RSP: 002b:00007fa5c13ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1294.813993][T22579] RAX: ffffffffffffffda RBX: 00007fa5c07a5fa0 RCX: 00007fa5c058cde9 [ 1294.814013][T22579] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000009 [ 1294.814029][T22579] RBP: 00007fa5c060e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1294.814045][T22579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1294.814061][T22579] R13: 0000000000000000 R14: 00007fa5c07a5fa0 R15: 00007ffd1decfa18 [ 1294.814094][T22579] [ 1295.349640][T22586] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4038'. [ 1295.572333][T22594] FAULT_INJECTION: forcing a failure. [ 1295.572333][T22594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1295.588136][T22594] CPU: 1 UID: 0 PID: 22594 Comm: syz.6.4041 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1295.588166][T22594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1295.588180][T22594] Call Trace: [ 1295.588187][T22594] [ 1295.588196][T22594] dump_stack_lvl+0x16c/0x1f0 [ 1295.588234][T22594] should_fail_ex+0x50a/0x650 [ 1295.588266][T22594] _copy_from_user+0x2e/0xd0 [ 1295.588297][T22594] copy_msghdr_from_user+0x99/0x160 [ 1295.588322][T22594] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1295.588362][T22594] ___sys_sendmsg+0xff/0x1e0 [ 1295.588387][T22594] ? __pfx____sys_sendmsg+0x10/0x10 [ 1295.588425][T22594] ? __pfx_lock_release+0x10/0x10 [ 1295.588450][T22594] ? trace_lock_acquire+0x14e/0x1f0 [ 1295.588479][T22594] ? __fget_files+0x206/0x3a0 [ 1295.588518][T22594] __sys_sendmsg+0x16e/0x220 [ 1295.588540][T22594] ? __pfx___sys_sendmsg+0x10/0x10 [ 1295.588579][T22594] do_syscall_64+0xcd/0x250 [ 1295.588601][T22594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1295.588628][T22594] RIP: 0033:0x7f818998cde9 [ 1295.588645][T22594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1295.588665][T22594] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1295.588685][T22594] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1295.588699][T22594] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000009 [ 1295.588712][T22594] RBP: 00007f81877f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1295.588724][T22594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1295.588736][T22594] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1295.588764][T22594] [ 1295.894409][T22603] FAULT_INJECTION: forcing a failure. [ 1295.894409][T22603] name failslab, interval 1, probability 0, space 0, times 0 [ 1295.907845][T22603] CPU: 1 UID: 0 PID: 22603 Comm: syz.6.4042 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1295.907878][T22603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1295.907894][T22603] Call Trace: [ 1295.907901][T22603] [ 1295.907911][T22603] dump_stack_lvl+0x16c/0x1f0 [ 1295.907953][T22603] should_fail_ex+0x50a/0x650 [ 1295.907983][T22603] ? fs_reclaim_acquire+0xae/0x150 [ 1295.908026][T22603] should_failslab+0xc2/0x120 [ 1295.908056][T22603] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 1295.908085][T22603] ? __alloc_skb+0x2b3/0x380 [ 1295.908114][T22603] __alloc_skb+0x2b3/0x380 [ 1295.908135][T22603] ? __pfx___alloc_skb+0x10/0x10 [ 1295.908159][T22603] ? genl_rcv_msg+0x4bd/0x800 [ 1295.908190][T22603] netlink_ack+0x164/0xb20 [ 1295.908232][T22603] netlink_rcv_skb+0x327/0x410 [ 1295.908263][T22603] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1295.908288][T22603] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1295.908334][T22603] ? down_read+0xc9/0x330 [ 1295.908357][T22603] ? __pfx_down_read+0x10/0x10 [ 1295.908383][T22603] ? netlink_deliver_tap+0x1ae/0xca0 [ 1295.908421][T22603] genl_rcv+0x28/0x40 [ 1295.908454][T22603] netlink_unicast+0x53c/0x7f0 [ 1295.908490][T22603] ? __pfx_netlink_unicast+0x10/0x10 [ 1295.908522][T22603] ? __phys_addr_symbol+0x30/0x80 [ 1295.908558][T22603] ? __check_object_size+0x488/0x710 [ 1295.908593][T22603] netlink_sendmsg+0x8b8/0xd70 [ 1295.908633][T22603] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1295.908678][T22603] __sys_sendto+0x488/0x4f0 [ 1295.908716][T22603] ? __pfx___sys_sendto+0x10/0x10 [ 1295.908758][T22603] ? reacquire_held_locks+0x20b/0x4c0 [ 1295.908788][T22603] ? do_user_addr_fault+0xdc7/0x13f0 [ 1295.908856][T22603] __x64_sys_sendto+0xe0/0x1c0 [ 1295.908878][T22603] ? do_syscall_64+0x91/0x250 [ 1295.908899][T22603] ? lockdep_hardirqs_on+0x7c/0x110 [ 1295.908932][T22603] do_syscall_64+0xcd/0x250 [ 1295.908957][T22603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1295.908989][T22603] RIP: 0033:0x7f818998ec7c [ 1295.909009][T22603] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 1295.909033][T22603] RSP: 002b:00007f81877f4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1295.909055][T22603] RAX: ffffffffffffffda RBX: 00007f81877f4fc0 RCX: 00007f818998ec7c [ 1295.909071][T22603] RDX: 0000000000000020 RSI: 00007f81877f5010 RDI: 0000000000000003 [ 1295.909086][T22603] RBP: 0000000000000000 R08: 00007f81877f4f14 R09: 000000000000000c [ 1295.909101][T22603] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1295.909116][T22603] R13: 00007f81877f4f68 R14: 00007f81877f5010 R15: 0000000000000000 [ 1295.909148][T22603] [ 1296.954670][T22625] FAULT_INJECTION: forcing a failure. [ 1296.954670][T22625] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1297.022822][T22625] CPU: 1 UID: 0 PID: 22625 Comm: syz.6.4048 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1297.022854][T22625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1297.022868][T22625] Call Trace: [ 1297.022876][T22625] [ 1297.022885][T22625] dump_stack_lvl+0x16c/0x1f0 [ 1297.022923][T22625] should_fail_ex+0x50a/0x650 [ 1297.022949][T22625] ? __pfx___might_resched+0x10/0x10 [ 1297.022984][T22625] should_fail_alloc_page+0xe7/0x130 [ 1297.023014][T22625] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 1297.023057][T22625] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 1297.023086][T22625] ? mark_lock+0xb5/0xc60 [ 1297.023111][T22625] ? __pfx_mark_lock+0x10/0x10 [ 1297.023138][T22625] ? __pfx_mark_lock+0x10/0x10 [ 1297.023162][T22625] ? __pfx_stack_trace_save+0x10/0x10 [ 1297.023184][T22625] ? stack_depot_save_flags+0x28/0x9e0 [ 1297.023213][T22625] ? rcu_is_watching+0x12/0xc0 [ 1297.023245][T22625] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1297.023275][T22625] ? kasan_save_stack+0x42/0x60 [ 1297.023299][T22625] ? kasan_save_stack+0x33/0x60 [ 1297.023321][T22625] ? kasan_save_track+0x14/0x30 [ 1297.023354][T22625] ? hlock_class+0x4e/0x130 [ 1297.023392][T22625] ? __lock_acquire+0x15a9/0x3c40 [ 1297.023424][T22625] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1297.023456][T22625] ? policy_nodemask+0xea/0x4e0 [ 1297.023488][T22625] alloc_pages_mpol+0x1fc/0x540 [ 1297.023519][T22625] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1297.023551][T22625] ? lock_acquire.part.0+0x11b/0x380 [ 1297.023582][T22625] ? __pfx_filemap_map_pages+0x10/0x10 [ 1297.023614][T22625] alloc_pages_noprof+0x131/0x390 [ 1297.023643][T22625] pte_alloc_one+0x20/0x390 [ 1297.023676][T22625] __do_fault+0x320/0x490 [ 1297.023709][T22625] ? __pfx_filemap_map_pages+0x10/0x10 [ 1297.023740][T22625] do_pte_missing+0x1a8/0x3e10 [ 1297.023766][T22625] ? do_raw_spin_unlock+0x172/0x230 [ 1297.023799][T22625] ? __pmd_alloc+0x3c2/0x870 [ 1297.023825][T22625] __handle_mm_fault+0x1166/0x2c60 [ 1297.023865][T22625] ? __pfx___handle_mm_fault+0x10/0x10 [ 1297.023888][T22625] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1297.023936][T22625] ? find_vma+0xc0/0x140 [ 1297.023968][T22625] ? __pfx_find_vma+0x10/0x10 [ 1297.024005][T22625] handle_mm_fault+0x3fa/0xaa0 [ 1297.024039][T22625] do_user_addr_fault+0x7a3/0x13f0 [ 1297.024075][T22625] exc_page_fault+0x5c/0xc0 [ 1297.024109][T22625] asm_exc_page_fault+0x26/0x30 [ 1297.024138][T22625] RIP: 0010:rep_movs_alternative+0x15/0x70 [ 1297.024166][T22625] Code: cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 [ 1297.024188][T22625] RSP: 0018:ffffc9000bc17af8 EFLAGS: 00050202 [ 1297.024207][T22625] RAX: 0000000000000030 RBX: 0000000000000000 RCX: 0000000000000002 [ 1297.024221][T22625] RDX: ffffed100c382401 RSI: ffff888061c12000 RDI: 0000000000000000 [ 1297.024236][T22625] RBP: ffffc9000bc17da0 R08: 0000000000000000 R09: ffffed100c382400 [ 1297.024250][T22625] R10: ffff888061c12001 R11: 0000000000000002 R12: 0000000000000002 [ 1297.024264][T22625] R13: 00007ffffffff000 R14: ffff888061c12000 R15: 0000000000000002 [ 1297.024298][T22625] _copy_to_iter+0x384/0x1400 [ 1297.024331][T22625] ? trace_lock_acquire+0x14e/0x1f0 [ 1297.024352][T22625] ? __pfx_lock_release+0x10/0x10 [ 1297.024385][T22625] ? __pfx__copy_to_iter+0x10/0x10 [ 1297.024412][T22625] ? __virt_addr_valid+0x1a4/0x590 [ 1297.024440][T22625] ? __virt_addr_valid+0x5e/0x590 [ 1297.024462][T22625] ? __phys_addr_symbol+0x30/0x80 [ 1297.024495][T22625] ? __check_object_size+0x488/0x710 [ 1297.024529][T22625] seq_read_iter+0xd00/0x12b0 [ 1297.024578][T22625] kernfs_fop_read_iter+0x414/0x580 [ 1297.024606][T22625] ? rw_verify_area+0xcf/0x680 [ 1297.024642][T22625] vfs_read+0x886/0xbf0 [ 1297.024671][T22625] ? __pfx_vfs_read+0x10/0x10 [ 1297.024715][T22625] ksys_read+0x12b/0x250 [ 1297.024737][T22625] ? __pfx_ksys_read+0x10/0x10 [ 1297.024771][T22625] do_syscall_64+0xcd/0x250 [ 1297.024796][T22625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1297.024825][T22625] RIP: 0033:0x7f818998cde9 [ 1297.024842][T22625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1297.024864][T22625] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1297.024885][T22625] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1297.024901][T22625] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1297.024915][T22625] RBP: 00007f81877f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1297.024929][T22625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1297.024942][T22625] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1297.024975][T22625] [ 1297.052150][T22631] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4050'. [ 1297.805075][T22640] block2mtd: illegal erase size [ 1297.994714][T22640] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1298.040133][T22640] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1298.061458][T22650] FAULT_INJECTION: forcing a failure. [ 1298.061458][T22650] name failslab, interval 1, probability 0, space 0, times 0 [ 1298.127980][T22640] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1298.165892][T22640] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1298.171912][T22650] CPU: 0 UID: 0 PID: 22650 Comm: syz.0.4053 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1298.171942][T22650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1298.171955][T22650] Call Trace: [ 1298.171962][T22650] [ 1298.171972][T22650] dump_stack_lvl+0x16c/0x1f0 [ 1298.172012][T22650] should_fail_ex+0x50a/0x650 [ 1298.172040][T22650] ? fs_reclaim_acquire+0xae/0x150 [ 1298.172078][T22650] should_failslab+0xc2/0x120 [ 1298.172107][T22650] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1298.172133][T22650] ? __lock_acquire+0x15a9/0x3c40 [ 1298.172161][T22650] ? __kernfs_new_node+0xd3/0x890 [ 1298.172201][T22650] __kernfs_new_node+0xd3/0x890 [ 1298.172239][T22650] ? __pfx___kernfs_new_node+0x10/0x10 [ 1298.172296][T22650] ? __pfx___lock_acquire+0x10/0x10 [ 1298.172340][T22650] kernfs_new_node+0x186/0x240 [ 1298.172366][T22650] ? find_held_lock+0x2d/0x110 [ 1298.172402][T22650] __kernfs_create_file+0x53/0x350 [ 1298.172436][T22650] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 1298.172478][T22650] internal_create_group+0x56c/0xf10 [ 1298.172527][T22650] ? __pfx_internal_create_group+0x10/0x10 [ 1298.172568][T22650] ? kernfs_create_link+0x1bd/0x240 [ 1298.172603][T22650] internal_create_groups+0x9d/0x150 [ 1298.172641][T22650] device_add+0x6d3/0x1a70 [ 1298.172678][T22650] ? __pfx_device_add+0x10/0x10 [ 1298.172709][T22650] ? __init_waitqueue_head+0xca/0x150 [ 1298.172751][T22650] netdev_register_kobject+0x183/0x3a0 [ 1298.172781][T22650] register_netdevice+0x147b/0x1e50 [ 1298.172814][T22650] ? __pfx_register_netdevice+0x10/0x10 [ 1298.172841][T22650] ? mark_held_locks+0x9f/0xe0 [ 1298.172872][T22650] register_netdev+0x34/0x50 [ 1298.172896][T22650] sixpack_open+0x6e5/0xa40 [ 1298.172924][T22650] ? __pfx_sixpack_open+0x10/0x10 [ 1298.172950][T22650] ? down_write+0x14e/0x200 [ 1298.172976][T22650] ? __pfx_sixpack_open+0x10/0x10 [ 1298.173003][T22650] tty_ldisc_open+0x9c/0x120 [ 1298.173035][T22650] tty_set_ldisc+0x318/0x720 [ 1298.173069][T22650] tty_ioctl+0xc22/0x1640 [ 1298.173103][T22650] ? __pfx_tty_ioctl+0x10/0x10 [ 1298.173143][T22650] ? __pfx_lock_release+0x10/0x10 [ 1298.173168][T22650] ? trace_lock_acquire+0x14e/0x1f0 [ 1298.173203][T22650] ? __fget_files+0x206/0x3a0 [ 1298.173232][T22650] ? __pfx_tty_ioctl+0x10/0x10 [ 1298.173273][T22650] __x64_sys_ioctl+0x190/0x200 [ 1298.173309][T22650] do_syscall_64+0xcd/0x250 [ 1298.173334][T22650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1298.173364][T22650] RIP: 0033:0x7fa5c058cde9 [ 1298.173383][T22650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1298.173405][T22650] RSP: 002b:00007fa5c1399038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1298.173426][T22650] RAX: ffffffffffffffda RBX: 00007fa5c07a6080 RCX: 00007fa5c058cde9 [ 1298.173441][T22650] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000009 [ 1298.173455][T22650] RBP: 00007fa5c1399090 R08: 0000000000000000 R09: 0000000000000000 [ 1298.173469][T22650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1298.173482][T22650] R13: 0000000000000000 R14: 00007fa5c07a6080 R15: 00007ffd1decfa18 [ 1298.173514][T22650] [ 1298.863828][T22640] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1298.907304][T22640] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1299.928826][T22669] Invalid ELF header magic: != ELF [ 1300.042825][T21049] Bluetooth: hci3: command 0x0c1a tx timeout [ 1300.043707][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 1300.215674][ T5836] Bluetooth: hci5: command 0x0406 tx timeout [ 1300.215686][T21049] Bluetooth: hci4: command 0x0c1a tx timeout [ 1300.423924][T22660] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4055'. [ 1300.449560][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.456341][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.922936][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 1300.930240][T21049] Bluetooth: hci2: command 0x0c1a tx timeout [ 1301.347490][T22690] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4061'. [ 1303.874329][T22734] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4073'. [ 1304.098904][T22742] bridge0: port 3(bond0) entered blocking state [ 1304.132216][T22742] bridge0: port 3(bond0) entered disabled state [ 1304.171472][T22742] bond0: entered allmulticast mode [ 1304.176770][T22742] bond_slave_0: entered allmulticast mode [ 1304.187690][T22742] bond_slave_1: entered allmulticast mode [ 1304.214562][T22742] bond0: entered promiscuous mode [ 1304.219751][T22742] bond_slave_0: entered promiscuous mode [ 1304.233077][T22742] bond_slave_1: entered promiscuous mode [ 1304.262125][T22742] bridge0: port 3(bond0) entered blocking state [ 1304.269831][T22742] bridge0: port 3(bond0) entered forwarding state [ 1304.417816][T22743] snd_aloop snd_aloop.0: control 16781581:65535:6:'x?F/zF˷fC:8 is already present [ 1305.054084][T22762] FAULT_INJECTION: forcing a failure. [ 1305.054084][T22762] name failslab, interval 1, probability 0, space 0, times 0 [ 1305.103800][T22762] CPU: 1 UID: 0 PID: 22762 Comm: syz.6.4078 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1305.103837][T22762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1305.103859][T22762] Call Trace: [ 1305.103867][T22762] [ 1305.103876][T22762] dump_stack_lvl+0x16c/0x1f0 [ 1305.103919][T22762] should_fail_ex+0x50a/0x650 [ 1305.103947][T22762] ? fs_reclaim_acquire+0xae/0x150 [ 1305.103988][T22762] should_failslab+0xc2/0x120 [ 1305.104018][T22762] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1305.104048][T22762] ? __kernfs_new_node+0xd3/0x890 [ 1305.104092][T22762] __kernfs_new_node+0xd3/0x890 [ 1305.104131][T22762] ? __pfx___kernfs_new_node+0x10/0x10 [ 1305.104164][T22762] ? __pfx___lock_acquire+0x10/0x10 [ 1305.104199][T22762] ? lock_acquire.part.0+0x11b/0x380 [ 1305.104224][T22762] ? find_held_lock+0x2d/0x110 [ 1305.104263][T22762] kernfs_new_node+0x186/0x240 [ 1305.104293][T22762] kernfs_create_link+0xcc/0x240 [ 1305.104325][T22762] sysfs_do_create_link_sd+0x90/0x140 [ 1305.104360][T22762] sysfs_create_link+0x61/0xc0 [ 1305.104394][T22762] device_add+0x50c/0x1a70 [ 1305.104428][T22762] ? __pfx_device_add+0x10/0x10 [ 1305.104455][T22762] ? kfree+0x260/0x4d0 [ 1305.104486][T22762] device_create_groups_vargs+0x1f8/0x270 [ 1305.104523][T22762] device_create+0xe9/0x130 [ 1305.104553][T22762] ? __pfx_device_create+0x10/0x10 [ 1305.104580][T22762] ? rcu_is_watching+0x12/0xc0 [ 1305.104612][T22762] ? do_init_timer+0xc9/0x110 [ 1305.104632][T22762] ? ieee80211_roc_setup+0x136/0x270 [ 1305.104672][T22762] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1305.104707][T22762] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1305.104746][T22762] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.104803][T22762] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1305.104860][T22762] hwsim_new_radio_nl+0xb42/0x12b0 [ 1305.104903][T22762] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1305.104951][T22762] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1305.104993][T22762] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1305.105041][T22762] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1305.105080][T22762] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1305.105115][T22762] ? trace_cap_capable+0x1a2/0x210 [ 1305.105165][T22762] ? bpf_lsm_capable+0x9/0x10 [ 1305.105199][T22762] ? security_capable+0x7e/0x260 [ 1305.105238][T22762] ? ns_capable+0xd7/0x110 [ 1305.105273][T22762] genl_rcv_msg+0x565/0x800 [ 1305.105302][T22762] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1305.105342][T22762] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1305.105395][T22762] netlink_rcv_skb+0x165/0x410 [ 1305.105427][T22762] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1305.105453][T22762] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1305.105500][T22762] ? down_read+0xc9/0x330 [ 1305.105524][T22762] ? __pfx_down_read+0x10/0x10 [ 1305.105550][T22762] ? netlink_deliver_tap+0x1ae/0xca0 [ 1305.105587][T22762] genl_rcv+0x28/0x40 [ 1305.105624][T22762] netlink_unicast+0x53c/0x7f0 [ 1305.105666][T22762] ? __pfx_netlink_unicast+0x10/0x10 [ 1305.105700][T22762] ? __phys_addr_symbol+0x30/0x80 [ 1305.105742][T22762] ? __check_object_size+0x488/0x710 [ 1305.105781][T22762] netlink_sendmsg+0x8b8/0xd70 [ 1305.105822][T22762] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1305.105877][T22762] ____sys_sendmsg+0x9ae/0xb40 [ 1305.105912][T22762] ? copy_msghdr_from_user+0x10b/0x160 [ 1305.105941][T22762] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1305.105992][T22762] ___sys_sendmsg+0x135/0x1e0 [ 1305.106017][T22762] ? __pfx____sys_sendmsg+0x10/0x10 [ 1305.106060][T22762] ? __pfx_lock_release+0x10/0x10 [ 1305.106090][T22762] ? trace_lock_acquire+0x14e/0x1f0 [ 1305.106128][T22762] ? __fget_files+0x206/0x3a0 [ 1305.106166][T22762] __sys_sendmsg+0x16e/0x220 [ 1305.106196][T22762] ? __pfx___sys_sendmsg+0x10/0x10 [ 1305.106225][T22762] ? __x64_sys_futex+0x1e1/0x4c0 [ 1305.106274][T22762] do_syscall_64+0xcd/0x250 [ 1305.106302][T22762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.106340][T22762] RIP: 0033:0x7f818998cde9 [ 1305.106362][T22762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1305.106388][T22762] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1305.106414][T22762] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1305.106432][T22762] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000008 [ 1305.106450][T22762] RBP: 00007f8189a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1305.106467][T22762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1305.106482][T22762] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1305.106517][T22762] [ 1305.526869][T22771] FAULT_INJECTION: forcing a failure. [ 1305.526869][T22771] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1305.526905][T22771] CPU: 0 UID: 0 PID: 22771 Comm: syz.6.4079 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1305.526933][T22771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1305.526947][T22771] Call Trace: [ 1305.526954][T22771] [ 1305.526963][T22771] dump_stack_lvl+0x16c/0x1f0 [ 1305.527007][T22771] should_fail_ex+0x50a/0x650 [ 1305.527041][T22771] _copy_to_user+0x32/0xd0 [ 1305.527074][T22771] rng_dev_read+0x24b/0x790 [ 1305.527104][T22771] ? __pfx_rng_dev_read+0x10/0x10 [ 1305.527133][T22771] ? bpf_lsm_file_permission+0x9/0x10 [ 1305.527160][T22771] ? security_file_permission+0x71/0x210 [ 1305.527189][T22771] ? rw_verify_area+0xcf/0x680 [ 1305.527222][T22771] ? __pfx_rng_dev_read+0x10/0x10 [ 1305.527245][T22771] vfs_readv+0x6c2/0x8a0 [ 1305.527275][T22771] ? find_held_lock+0x2d/0x110 [ 1305.527314][T22771] ? __pfx_vfs_readv+0x10/0x10 [ 1305.527346][T22771] ? find_held_lock+0x2d/0x110 [ 1305.527386][T22771] ? __pfx_lock_release+0x10/0x10 [ 1305.527412][T22771] ? trace_lock_acquire+0x14e/0x1f0 [ 1305.527445][T22771] ? __fget_files+0x206/0x3a0 [ 1305.527478][T22771] ? do_readv+0x133/0x340 [ 1305.527508][T22771] do_readv+0x133/0x340 [ 1305.527542][T22771] ? __pfx_do_readv+0x10/0x10 [ 1305.527583][T22771] do_syscall_64+0xcd/0x250 [ 1305.527607][T22771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1305.527637][T22771] RIP: 0033:0x7f818998cde9 [ 1305.527656][T22771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1305.527677][T22771] RSP: 002b:00007f81877b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1305.527699][T22771] RAX: ffffffffffffffda RBX: 00007f8189ba6160 RCX: 00007f818998cde9 [ 1305.527715][T22771] RDX: 0000000000000001 RSI: 0000400000000a80 RDI: 0000000000000003 [ 1305.527729][T22771] RBP: 00007f81877b4090 R08: 0000000000000000 R09: 0000000000000000 [ 1305.527743][T22771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1305.527757][T22771] R13: 0000000000000001 R14: 00007f8189ba6160 R15: 00007ffc336c9228 [ 1305.527787][T22771] [ 1306.315698][T22761] snd_aloop snd_aloop.0: control 16781581:65535:6:'x?F/zF˷fC:8 is already present [ 1308.963094][T22783] tty tty12: ldisc open failed (-12), clearing slot 11 [ 1308.981313][T22792] ttyS ttyS1: ldisc open failed (-12), clearing slot 1 [ 1309.286308][T22803] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4087'. [ 1311.745358][T22830] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in; [ 1311.745358][T22830] program syz.5.4091 not setting count and/or reply_len properly [ 1312.275448][T22841] Invalid ELF header magic: != ELF [ 1314.374267][T22871] bridge0: port 3(bond0) entered blocking state [ 1314.402885][T22871] bridge0: port 3(bond0) entered disabled state [ 1314.463177][T22871] bond0: entered allmulticast mode [ 1314.507714][T22871] bond_slave_0: entered allmulticast mode [ 1314.543594][T22871] bond_slave_1: entered allmulticast mode [ 1314.587319][T22871] bond0: entered promiscuous mode [ 1314.604669][T22871] bond_slave_0: entered promiscuous mode [ 1314.622965][T22871] bond_slave_1: entered promiscuous mode [ 1314.644017][T22871] bridge0: port 3(bond0) entered blocking state [ 1314.650392][T22871] bridge0: port 3(bond0) entered forwarding state [ 1315.545066][T22891] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4108'. [ 1315.995797][T22898] FAULT_INJECTION: forcing a failure. [ 1315.995797][T22898] name failslab, interval 1, probability 0, space 0, times 0 [ 1316.008774][T22898] CPU: 0 UID: 0 PID: 22898 Comm: syz.5.4107 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1316.008822][T22898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1316.008837][T22898] Call Trace: [ 1316.008845][T22898] [ 1316.008854][T22898] dump_stack_lvl+0x16c/0x1f0 [ 1316.008896][T22898] should_fail_ex+0x50a/0x650 [ 1316.008926][T22898] ? fs_reclaim_acquire+0xae/0x150 [ 1316.008967][T22898] ? device_add+0xccf/0x1a70 [ 1316.008997][T22898] should_failslab+0xc2/0x120 [ 1316.009027][T22898] __kmalloc_cache_noprof+0x68/0x420 [ 1316.009062][T22898] device_add+0xccf/0x1a70 [ 1316.009098][T22898] ? __pfx_device_add+0x10/0x10 [ 1316.009128][T22898] ? kfree+0x260/0x4d0 [ 1316.009164][T22898] device_create_groups_vargs+0x1f8/0x270 [ 1316.009203][T22898] device_create+0xe9/0x130 [ 1316.009238][T22898] ? __pfx_device_create+0x10/0x10 [ 1316.009269][T22898] ? rcu_is_watching+0x12/0xc0 [ 1316.009307][T22898] ? do_init_timer+0xc9/0x110 [ 1316.009333][T22898] ? ieee80211_roc_setup+0x136/0x270 [ 1316.009370][T22898] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1316.009405][T22898] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1316.009441][T22898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.009499][T22898] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1316.009547][T22898] hwsim_new_radio_nl+0xb42/0x12b0 [ 1316.009588][T22898] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1316.009636][T22898] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1316.009676][T22898] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1316.009724][T22898] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1316.009764][T22898] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1316.009810][T22898] ? trace_cap_capable+0x1a2/0x210 [ 1316.009858][T22898] ? bpf_lsm_capable+0x9/0x10 [ 1316.009890][T22898] ? security_capable+0x7e/0x260 [ 1316.009927][T22898] ? ns_capable+0xd7/0x110 [ 1316.009960][T22898] genl_rcv_msg+0x565/0x800 [ 1316.009989][T22898] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1316.010015][T22898] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1316.010059][T22898] netlink_rcv_skb+0x165/0x410 [ 1316.010094][T22898] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1316.010121][T22898] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1316.010170][T22898] ? down_read+0xc9/0x330 [ 1316.010195][T22898] ? __pfx_down_read+0x10/0x10 [ 1316.010222][T22898] ? netlink_deliver_tap+0x1ae/0xca0 [ 1316.010261][T22898] genl_rcv+0x28/0x40 [ 1316.010293][T22898] netlink_unicast+0x53c/0x7f0 [ 1316.010332][T22898] ? __pfx_netlink_unicast+0x10/0x10 [ 1316.010367][T22898] ? __phys_addr_symbol+0x30/0x80 [ 1316.010403][T22898] ? __check_object_size+0x488/0x710 [ 1316.010438][T22898] netlink_sendmsg+0x8b8/0xd70 [ 1316.010478][T22898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1316.010542][T22898] ____sys_sendmsg+0x9ae/0xb40 [ 1316.010576][T22898] ? copy_msghdr_from_user+0x10b/0x160 [ 1316.010603][T22898] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1316.010655][T22898] ___sys_sendmsg+0x135/0x1e0 [ 1316.010684][T22898] ? __pfx____sys_sendmsg+0x10/0x10 [ 1316.010726][T22898] ? __pfx_lock_release+0x10/0x10 [ 1316.010754][T22898] ? trace_lock_acquire+0x14e/0x1f0 [ 1316.010795][T22898] ? __fget_files+0x206/0x3a0 [ 1316.010832][T22898] __sys_sendmsg+0x16e/0x220 [ 1316.010860][T22898] ? __pfx___sys_sendmsg+0x10/0x10 [ 1316.010887][T22898] ? __x64_sys_futex+0x1e1/0x4c0 [ 1316.010937][T22898] do_syscall_64+0xcd/0x250 [ 1316.010963][T22898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.010995][T22898] RIP: 0033:0x7f5a1c38cde9 [ 1316.011015][T22898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1316.011038][T22898] RSP: 002b:00007f5a1a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1316.011061][T22898] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa0 RCX: 00007f5a1c38cde9 [ 1316.011078][T22898] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000008 [ 1316.011094][T22898] RBP: 00007f5a1c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1316.011109][T22898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1316.011124][T22898] R13: 0000000000000000 R14: 00007f5a1c5a5fa0 R15: 00007ffcb09a4378 [ 1316.011159][T22898] [ 1317.050068][T22911] netlink: 1196 bytes leftover after parsing attributes in process `syz.6.4113'. [ 1317.063240][T22903] synth uevent: /bus/memstick: unknown uevent action string [ 1317.104608][T22912] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4113'. [ 1318.536361][T22947] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4121'. [ 1319.125279][T22955] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4130'. [ 1321.500006][ T29] audit: type=1326 audit(8277292922.512:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22991 comm="syz.0.4132" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa5c058cde9 code=0x0 [ 1321.632802][T22995] Process accounting resumed [ 1321.889911][T22999] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4133'. [ 1324.606349][T23035] FAULT_INJECTION: forcing a failure. [ 1324.606349][T23035] name failslab, interval 1, probability 0, space 0, times 0 [ 1324.652584][T23035] CPU: 0 UID: 0 PID: 23035 Comm: syz.6.4141 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1324.652623][T23035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1324.652639][T23035] Call Trace: [ 1324.652650][T23035] [ 1324.652660][T23035] dump_stack_lvl+0x16c/0x1f0 [ 1324.652702][T23035] should_fail_ex+0x50a/0x650 [ 1324.652739][T23035] ? fs_reclaim_acquire+0xae/0x150 [ 1324.652776][T23035] should_failslab+0xc2/0x120 [ 1324.652803][T23035] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1324.652830][T23035] ? __kernfs_new_node+0xd3/0x890 [ 1324.652862][T23035] ? kstrdup+0x8b/0xb0 [ 1324.652898][T23035] __kernfs_new_node+0xd3/0x890 [ 1324.652935][T23035] ? hlock_class+0x4e/0x130 [ 1324.652970][T23035] ? __pfx___kernfs_new_node+0x10/0x10 [ 1324.653020][T23035] ? __pfx___lock_acquire+0x10/0x10 [ 1324.653056][T23035] kernfs_new_node+0x186/0x240 [ 1324.653083][T23035] ? lock_acquire.part.0+0x11b/0x380 [ 1324.653115][T23035] kernfs_create_dir_ns+0x4c/0x150 [ 1324.653146][T23035] sysfs_create_dir_ns+0x13b/0x2b0 [ 1324.653180][T23035] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1324.653213][T23035] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1324.653244][T23035] ? kobject_add_internal+0x12d/0x990 [ 1324.653269][T23035] ? class_dir_child_ns_type+0xd/0x60 [ 1324.653300][T23035] kobject_add_internal+0x2c8/0x990 [ 1324.653328][T23035] kobject_add+0x16f/0x240 [ 1324.653351][T23035] ? __pfx_kobject_add+0x10/0x10 [ 1324.653375][T23035] ? lock_acquire+0x2f/0xb0 [ 1324.653398][T23035] ? get_device_parent+0x11f/0x4e0 [ 1324.653427][T23035] ? kobject_put+0xab/0x5a0 [ 1324.653459][T23035] device_add+0x289/0x1a70 [ 1324.653493][T23035] ? __pfx_device_add+0x10/0x10 [ 1324.653521][T23035] ? kfree+0x260/0x4d0 [ 1324.653555][T23035] device_create_groups_vargs+0x1f8/0x270 [ 1324.653590][T23035] device_create+0xe9/0x130 [ 1324.653622][T23035] ? __pfx_device_create+0x10/0x10 [ 1324.653650][T23035] ? rcu_is_watching+0x12/0xc0 [ 1324.653685][T23035] ? do_init_timer+0xc9/0x110 [ 1324.653709][T23035] ? ieee80211_roc_setup+0x136/0x270 [ 1324.653755][T23035] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 1324.653788][T23035] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 1324.653823][T23035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.653877][T23035] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1324.653927][T23035] hwsim_new_radio_nl+0xb42/0x12b0 [ 1324.653965][T23035] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1324.654012][T23035] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1324.654051][T23035] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1324.654098][T23035] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1324.654138][T23035] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1324.654175][T23035] ? trace_cap_capable+0x1a2/0x210 [ 1324.654221][T23035] ? bpf_lsm_capable+0x9/0x10 [ 1324.654252][T23035] ? security_capable+0x7e/0x260 [ 1324.654288][T23035] ? ns_capable+0xd7/0x110 [ 1324.654321][T23035] genl_rcv_msg+0x565/0x800 [ 1324.654348][T23035] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1324.654374][T23035] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1324.654423][T23035] netlink_rcv_skb+0x165/0x410 [ 1324.654457][T23035] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1324.654483][T23035] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1324.654532][T23035] ? down_read+0xc9/0x330 [ 1324.654556][T23035] ? __pfx_down_read+0x10/0x10 [ 1324.654582][T23035] ? netlink_deliver_tap+0x1ae/0xca0 [ 1324.654621][T23035] genl_rcv+0x28/0x40 [ 1324.654654][T23035] netlink_unicast+0x53c/0x7f0 [ 1324.654691][T23035] ? __pfx_netlink_unicast+0x10/0x10 [ 1324.654746][T23035] ? __phys_addr_symbol+0x30/0x80 [ 1324.654785][T23035] ? __check_object_size+0x488/0x710 [ 1324.654821][T23035] netlink_sendmsg+0x8b8/0xd70 [ 1324.654860][T23035] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1324.654907][T23035] ____sys_sendmsg+0x9ae/0xb40 [ 1324.654940][T23035] ? copy_msghdr_from_user+0x10b/0x160 [ 1324.654965][T23035] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1324.655013][T23035] ___sys_sendmsg+0x135/0x1e0 [ 1324.655041][T23035] ? __pfx____sys_sendmsg+0x10/0x10 [ 1324.655082][T23035] ? __pfx_lock_release+0x10/0x10 [ 1324.655109][T23035] ? trace_lock_acquire+0x14e/0x1f0 [ 1324.655143][T23035] ? __fget_files+0x206/0x3a0 [ 1324.655178][T23035] __sys_sendmsg+0x16e/0x220 [ 1324.655205][T23035] ? __pfx___sys_sendmsg+0x10/0x10 [ 1324.655230][T23035] ? __x64_sys_futex+0x1e1/0x4c0 [ 1324.655277][T23035] do_syscall_64+0xcd/0x250 [ 1324.655303][T23035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.655334][T23035] RIP: 0033:0x7f818998cde9 [ 1324.655354][T23035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1324.655377][T23035] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1324.655400][T23035] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1324.655417][T23035] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000008 [ 1324.655432][T23035] RBP: 00007f8189a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1324.655448][T23035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1324.655464][T23035] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1324.655497][T23035] [ 1325.167819][T23035] kobject: kobject_add_internal failed for hwsim204 (error: -12 parent: mac80211_hwsim) [ 1332.086072][T23102] FAULT_INJECTION: forcing a failure. [ 1332.086072][T23102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1332.123021][T23102] CPU: 0 UID: 0 PID: 23102 Comm: syz.4.4163 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1332.123053][T23102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1332.123067][T23102] Call Trace: [ 1332.123074][T23102] [ 1332.123084][T23102] dump_stack_lvl+0x16c/0x1f0 [ 1332.123123][T23102] should_fail_ex+0x50a/0x650 [ 1332.123157][T23102] _copy_to_user+0x32/0xd0 [ 1332.123191][T23102] simple_read_from_buffer+0xd0/0x160 [ 1332.123229][T23102] proc_fail_nth_read+0x198/0x270 [ 1332.123263][T23102] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1332.123304][T23102] ? rw_verify_area+0xcf/0x680 [ 1332.123337][T23102] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1332.123369][T23102] vfs_read+0x1df/0xbf0 [ 1332.123392][T23102] ? __fget_files+0x1fc/0x3a0 [ 1332.123418][T23102] ? __pfx___mutex_lock+0x10/0x10 [ 1332.123452][T23102] ? __pfx_vfs_read+0x10/0x10 [ 1332.123485][T23102] ? __fget_files+0x206/0x3a0 [ 1332.123520][T23102] ksys_read+0x12b/0x250 [ 1332.123542][T23102] ? __pfx_ksys_read+0x10/0x10 [ 1332.123576][T23102] do_syscall_64+0xcd/0x250 [ 1332.123601][T23102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1332.123632][T23102] RIP: 0033:0x7fb9e738b7fc [ 1332.123651][T23102] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1332.123672][T23102] RSP: 002b:00007fb9e8230030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1332.123694][T23102] RAX: ffffffffffffffda RBX: 00007fb9e75a5fa0 RCX: 00007fb9e738b7fc [ 1332.123710][T23102] RDX: 000000000000000f RSI: 00007fb9e82300a0 RDI: 0000000000000004 [ 1332.123724][T23102] RBP: 00007fb9e8230090 R08: 0000000000000000 R09: 0000000000000000 [ 1332.123738][T23102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1332.123752][T23102] R13: 0000000000000000 R14: 00007fb9e75a5fa0 R15: 00007ffc0bfcd368 [ 1332.123784][T23102] [ 1332.317134][ C0] vkms_vblank_simulate: vblank timer overrun [ 1333.443609][T23113] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4155'. [ 1334.886124][T23144] openvswitch: netlink: IP tunnel dst address not specified [ 1335.136002][T23144] CIFS: VFS: Invalid SecurityFlags: [ 1335.909553][T23153] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4167'. [ 1338.242852][T23182] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 1340.122975][ T29] audit: type=1326 audit(8277292941.072:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23211 comm="syz.5.4179" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a1c38cde9 code=0x0 [ 1340.144629][ C1] vkms_vblank_simulate: vblank timer overrun [ 1340.220175][T23219] Process accounting resumed [ 1341.308539][T23231] FAULT_INJECTION: forcing a failure. [ 1341.308539][T23231] name failslab, interval 1, probability 0, space 0, times 0 [ 1341.321989][T23231] CPU: 1 UID: 0 PID: 23231 Comm: syz.0.4182 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1341.322014][T23231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1341.322025][T23231] Call Trace: [ 1341.322031][T23231] [ 1341.322037][T23231] dump_stack_lvl+0x116/0x1f0 [ 1341.322070][T23231] should_fail_ex+0x50a/0x650 [ 1341.322092][T23231] ? trace_lock_acquire+0x14e/0x1f0 [ 1341.322112][T23231] should_failslab+0xc2/0x120 [ 1341.322135][T23231] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1341.322156][T23231] ? __send_signal_locked+0x159/0x11a0 [ 1341.322177][T23231] ? sig_get_ucounts+0x1c0/0x5b0 [ 1341.322196][T23231] __send_signal_locked+0x159/0x11a0 [ 1341.322221][T23231] do_notify_parent+0xe0e/0x1020 [ 1341.322244][T23231] ? __pfx_do_notify_parent+0x10/0x10 [ 1341.322266][T23231] ? release_task+0xd24/0x1b00 [ 1341.322293][T23231] ? __pfx_lock_release+0x10/0x10 [ 1341.322318][T23231] ? __change_pid+0x3ba/0x5a0 [ 1341.322345][T23231] release_task+0x1583/0x1b00 [ 1341.322374][T23231] ? do_exit+0x15c3/0x2d70 [ 1341.322391][T23231] ? __pfx_release_task+0x10/0x10 [ 1341.322427][T23231] do_exit+0x16ca/0x2d70 [ 1341.322445][T23231] ? get_signal+0x8f7/0x2610 [ 1341.322468][T23231] ? __pfx_do_exit+0x10/0x10 [ 1341.322486][T23231] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1341.322516][T23231] do_group_exit+0xd3/0x2a0 [ 1341.322535][T23231] get_signal+0x2576/0x2610 [ 1341.322566][T23231] ? __pfx_get_signal+0x10/0x10 [ 1341.322591][T23231] ? __pfx_do_futex+0x10/0x10 [ 1341.322613][T23231] arch_do_signal_or_restart+0x90/0x7e0 [ 1341.322634][T23231] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1341.322674][T23231] syscall_exit_to_user_mode+0x150/0x2a0 [ 1341.322708][T23231] do_syscall_64+0xda/0x250 [ 1341.322727][T23231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1341.322750][T23231] RIP: 0033:0x7fa5c058cde9 [ 1341.322765][T23231] Code: Unable to access opcode bytes at 0x7fa5c058cdbf. [ 1341.322772][T23231] RSP: 002b:00007fa5c13ba0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1341.322789][T23231] RAX: fffffffffffffe00 RBX: 00007fa5c07a5fa8 RCX: 00007fa5c058cde9 [ 1341.322801][T23231] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa5c07a5fa8 [ 1341.322812][T23231] RBP: 00007fa5c07a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1341.322823][T23231] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5c07a5fac [ 1341.322833][T23231] R13: 0000000000000000 R14: 00007ffd1decf930 R15: 00007ffd1decfa18 [ 1341.322857][T23231] [ 1341.556025][ C1] vkms_vblank_simulate: vblank timer overrun [ 1341.944958][T23238] device-mapper: ioctl: Invalid ioctl structure: name , dev 400008000010006 [ 1348.459569][T23316] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4199'. [ 1353.240979][T23372] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4211'. [ 1356.416143][T23393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4223'. [ 1358.425081][T23393] team0 (unregistering): Port device team_slave_0 removed [ 1358.474221][T23393] team0 (unregistering): Port device team_slave_1 removed [ 1361.889816][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.907292][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.503632][T23454] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4229'. [ 1364.363329][T23454] team0 (unregistering): Port device team_slave_0 removed [ 1364.390696][T23454] team0 (unregistering): Port device team_slave_1 removed [ 1370.991989][T23570] FAULT_INJECTION: forcing a failure. [ 1370.991989][T23570] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1371.024661][T23570] CPU: 1 UID: 0 PID: 23570 Comm: syz.6.4255 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1371.024695][T23570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1371.024710][T23570] Call Trace: [ 1371.024717][T23570] [ 1371.024727][T23570] dump_stack_lvl+0x16c/0x1f0 [ 1371.024766][T23570] should_fail_ex+0x50a/0x650 [ 1371.024793][T23570] ? __pfx___might_resched+0x10/0x10 [ 1371.024827][T23570] should_fail_alloc_page+0xe7/0x130 [ 1371.024858][T23570] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 1371.024900][T23570] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 1371.024930][T23570] ? __pfx_mark_lock+0x10/0x10 [ 1371.024957][T23570] ? lock_acquire.part.0+0x11b/0x380 [ 1371.024986][T23570] ? hlock_class+0x4e/0x130 [ 1371.025016][T23570] ? __lock_acquire+0x15a9/0x3c40 [ 1371.025042][T23570] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1371.025097][T23570] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1371.025129][T23570] ? policy_nodemask+0xea/0x4e0 [ 1371.025179][T23570] alloc_pages_mpol+0x1fc/0x540 [ 1371.025209][T23570] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1371.025238][T23570] ? find_held_lock+0x2d/0x110 [ 1371.025277][T23570] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1371.025311][T23570] shmem_alloc_folio+0x135/0x160 [ 1371.025341][T23570] shmem_alloc_and_add_folio+0x48e/0xc10 [ 1371.025378][T23570] ? shmem_huge_global_enabled+0x72/0x6b0 [ 1371.025408][T23570] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1371.025443][T23570] ? shmem_allowable_huge_orders+0xd0/0x410 [ 1371.025483][T23570] shmem_get_folio_gfp+0x689/0x1530 [ 1371.025522][T23570] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1371.025553][T23570] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1371.025583][T23570] ? __pfx___might_resched+0x10/0x10 [ 1371.025616][T23570] shmem_fallocate+0x7c0/0xfb0 [ 1371.025660][T23570] ? __pfx_shmem_fallocate+0x10/0x10 [ 1371.025695][T23570] ? __pfx___lock_acquire+0x10/0x10 [ 1371.025735][T23570] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1371.025763][T23570] ? rcu_is_watching+0x12/0xc0 [ 1371.025795][T23570] ? trace_lock_acquire+0x14e/0x1f0 [ 1371.025818][T23570] ? __x64_sys_fallocate+0xd5/0x150 [ 1371.025850][T23570] ? __pfx_shmem_fallocate+0x10/0x10 [ 1371.025884][T23570] vfs_fallocate+0x60d/0x10d0 [ 1371.025911][T23570] ? __pfx_vfs_fallocate+0x10/0x10 [ 1371.025932][T23570] ? __fget_files+0x206/0x3a0 [ 1371.025966][T23570] __x64_sys_fallocate+0xd5/0x150 [ 1371.025995][T23570] do_syscall_64+0xcd/0x250 [ 1371.026020][T23570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1371.026050][T23570] RIP: 0033:0x7f818998cde9 [ 1371.026069][T23570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1371.026090][T23570] RSP: 002b:00007f81877f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 1371.026112][T23570] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998cde9 [ 1371.026127][T23570] RDX: 000000000000000d RSI: 0000000000000000 RDI: 8000000000000003 [ 1371.026147][T23570] RBP: 00007f81877f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1371.026161][T23570] R10: 00000000000cbd5d R11: 0000000000000246 R12: 0000000000000002 [ 1371.026175][T23570] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1371.026207][T23570] [ 1371.851186][ T5836] Bluetooth: hci0: unexpected subevent 0x04 length: 122 > 11 [ 1372.213513][T23584] Invalid ELF header magic: != ELF [ 1377.846805][ T5836] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 1378.249786][T23664] FAULT_INJECTION: forcing a failure. [ 1378.249786][T23664] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1378.344871][T23664] CPU: 1 UID: 0 PID: 23664 Comm: syz.5.4272 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1378.344907][T23664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1378.344922][T23664] Call Trace: [ 1378.344930][T23664] [ 1378.344939][T23664] dump_stack_lvl+0x16c/0x1f0 [ 1378.344980][T23664] should_fail_ex+0x50a/0x650 [ 1378.345008][T23664] ? __pfx___might_resched+0x10/0x10 [ 1378.345045][T23664] should_fail_alloc_page+0xe7/0x130 [ 1378.345077][T23664] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 1378.345115][T23664] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1378.345156][T23664] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 1378.345186][T23664] ? unwind_get_return_address+0x59/0xa0 [ 1378.345222][T23664] ? arch_stack_walk+0xa7/0x100 [ 1378.345262][T23664] ? hlock_class+0x4e/0x130 [ 1378.345296][T23664] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1378.345338][T23664] ? __pfx___lock_acquire+0x10/0x10 [ 1378.345363][T23664] ? kasan_save_stack+0x42/0x60 [ 1378.345385][T23664] ? kasan_save_stack+0x33/0x60 [ 1378.345408][T23664] ? kasan_save_track+0x14/0x30 [ 1378.345432][T23664] ? __kasan_slab_alloc+0x89/0x90 [ 1378.345468][T23664] ? kmem_cache_alloc_node_noprof+0x1ca/0x3b0 [ 1378.345498][T23664] ? alloc_vmap_area+0x636/0x2a60 [ 1378.345532][T23664] ? __get_vm_area_node+0x19e/0x2f0 [ 1378.345566][T23664] ? __vmalloc_node_range_noprof+0x26a/0x1530 [ 1378.345592][T23664] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1378.345625][T23664] ? policy_nodemask+0xea/0x4e0 [ 1378.345657][T23664] alloc_pages_mpol+0x1fc/0x540 [ 1378.345688][T23664] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1378.345716][T23664] ? __page_table_check_ptes_set+0x16b/0x3e0 [ 1378.345745][T23664] ? do_raw_spin_lock+0x12d/0x2c0 [ 1378.345778][T23664] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1378.345815][T23664] alloc_pages_noprof+0x131/0x390 [ 1378.345845][T23664] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1378.345870][T23664] get_free_pages_noprof+0xc/0x40 [ 1378.345899][T23664] kasan_populate_vmalloc_pte+0x2d/0x160 [ 1378.345923][T23664] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1378.345946][T23664] __apply_to_page_range+0x5fd/0xd30 [ 1378.345973][T23664] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 1378.346003][T23664] ? __pfx___apply_to_page_range+0x10/0x10 [ 1378.346030][T23664] ? insert_vmap_area+0x2ef/0x4d0 [ 1378.346068][T23664] alloc_vmap_area+0x93e/0x2a60 [ 1378.346116][T23664] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1378.346160][T23664] __get_vm_area_node+0x19e/0x2f0 [ 1378.346202][T23664] __vmalloc_node_range_noprof+0x26a/0x1530 [ 1378.346229][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.346269][T23664] ? find_held_lock+0x2d/0x110 [ 1378.346307][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.346350][T23664] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1378.346377][T23664] ? rcu_is_watching+0x12/0xc0 [ 1378.346412][T23664] ? trace_kmalloc+0x2d/0xd0 [ 1378.346452][T23664] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 1378.346481][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.346519][T23664] __kvmalloc_node_noprof+0x14f/0x1a0 [ 1378.346545][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.346582][T23664] __do_sys_listmount+0x1bf/0xeb0 [ 1378.346623][T23664] ? __x64_sys_futex+0x1e1/0x4c0 [ 1378.346646][T23664] ? __x64_sys_futex+0x1ea/0x4c0 [ 1378.346671][T23664] ? __pfx___do_sys_listmount+0x10/0x10 [ 1378.346706][T23664] ? xfd_validate_state+0x5d/0x180 [ 1378.346749][T23664] do_syscall_64+0xcd/0x250 [ 1378.346776][T23664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1378.346807][T23664] RIP: 0033:0x7f5a1c38cde9 [ 1378.346827][T23664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1378.346851][T23664] RSP: 002b:00007f5a1a1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1378.346873][T23664] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa0 RCX: 00007f5a1c38cde9 [ 1378.346889][T23664] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000400000000100 [ 1378.346905][T23664] RBP: 00007f5a1c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.346920][T23664] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1378.346934][T23664] R13: 0000000000000000 R14: 00007f5a1c5a5fa0 R15: 00007ffcb09a4378 [ 1378.346965][T23664] [ 1378.347014][T23664] syz.5.4272: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1378.946049][T23664] CPU: 1 UID: 0 PID: 23664 Comm: syz.5.4272 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1378.946079][T23664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1378.946092][T23664] Call Trace: [ 1378.946098][T23664] [ 1378.946107][T23664] dump_stack_lvl+0x16c/0x1f0 [ 1378.946142][T23664] warn_alloc+0x24d/0x3a0 [ 1378.946172][T23664] ? __pfx_warn_alloc+0x10/0x10 [ 1378.946201][T23664] ? kfree+0x2c4/0x4d0 [ 1378.946229][T23664] ? __get_vm_area_node+0x1dc/0x2f0 [ 1378.946271][T23664] __vmalloc_node_range_noprof+0xd24/0x1530 [ 1378.946303][T23664] ? find_held_lock+0x2d/0x110 [ 1378.946341][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.946386][T23664] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1378.946413][T23664] ? rcu_is_watching+0x12/0xc0 [ 1378.946447][T23664] ? trace_kmalloc+0x2d/0xd0 [ 1378.946488][T23664] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 1378.946515][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.946552][T23664] __kvmalloc_node_noprof+0x14f/0x1a0 [ 1378.946578][T23664] ? __do_sys_listmount+0x1bf/0xeb0 [ 1378.946615][T23664] __do_sys_listmount+0x1bf/0xeb0 [ 1378.946656][T23664] ? __x64_sys_futex+0x1e1/0x4c0 [ 1378.946679][T23664] ? __x64_sys_futex+0x1ea/0x4c0 [ 1378.946704][T23664] ? __pfx___do_sys_listmount+0x10/0x10 [ 1378.946738][T23664] ? xfd_validate_state+0x5d/0x180 [ 1378.946782][T23664] do_syscall_64+0xcd/0x250 [ 1378.946807][T23664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1378.946839][T23664] RIP: 0033:0x7f5a1c38cde9 [ 1378.946858][T23664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1378.946881][T23664] RSP: 002b:00007f5a1a1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 1378.946904][T23664] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa0 RCX: 00007f5a1c38cde9 [ 1378.946920][T23664] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000400000000100 [ 1378.946934][T23664] RBP: 00007f5a1c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1378.946949][T23664] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1378.946964][T23664] R13: 0000000000000000 R14: 00007f5a1c5a5fa0 R15: 00007ffcb09a4378 [ 1378.946994][T23664] [ 1378.947003][T23664] Mem-Info: [ 1379.433946][T23664] active_anon:62891 inactive_anon:1 isolated_anon:0 [ 1379.433946][T23664] active_file:10670 inactive_file:47817 isolated_file:0 [ 1379.433946][T23664] unevictable:768 dirty:772 writeback:0 [ 1379.433946][T23664] slab_reclaimable:16512 slab_unreclaimable:137532 [ 1379.433946][T23664] mapped:40652 shmem:38317 pagetables:940 [ 1379.433946][T23664] sec_pagetables:0 bounce:0 [ 1379.433946][T23664] kernel_misc_reclaimable:0 [ 1379.433946][T23664] free:1208168 free_pcp:821 free_cma:0 [ 1379.803071][T23664] Node 0 active_anon:241964kB inactive_anon:4kB active_file:42680kB inactive_file:191264kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:162608kB dirty:3088kB writeback:0kB shmem:142232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11636kB pagetables:3760kB sec_pagetables:0kB all_unreclaimable? no [ 1379.902774][T23664] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1380.044303][T23664] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1380.134862][T23664] lowmem_reserve[]: 0 2490 2491 0 0 [ 1380.140174][T23664] Node 0 DMA32 free:928968kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:237064kB inactive_anon:4kB active_file:42652kB inactive_file:190952kB unevictable:1536kB writepending:3100kB present:3129332kB managed:2550580kB mlocked:0kB bounce:0kB free_pcp:4688kB local_pcp:3316kB free_cma:0kB [ 1380.232693][T23664] lowmem_reserve[]: 0 0 0 0 0 [ 1380.268356][T23664] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1380.412812][T23664] lowmem_reserve[]: 0 0 0 0 0 [ 1380.461807][T23664] Node 1 Normal free:3904460kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1380.679301][T23664] lowmem_reserve[]: 0 0 0 0 0 [ 1380.722944][T23664] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1380.814116][T23664] Node 0 DMA32: 7*4kB (UE) 103*8kB (UE) 33*16kB (UE) 45*32kB (UME) 73*64kB (UME) 407*128kB (UME) 210*256kB (UME) 111*512kB (UME) 42*1024kB (UM) 7*2048kB (ME) 163*4096kB (M) = 895172kB [ 1380.912768][T23664] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 1380.975793][T23664] Node 1 Normal: 188*4kB (UME) 46*8kB (UME) 28*16kB (UME) 217*32kB (UME) 87*64kB (UME) 28*128kB (UME) 17*256kB (UME) 9*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3904512kB [ 1381.074460][T23664] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1381.165007][T23664] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1381.203907][T23664] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1381.261714][T23664] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1381.319598][T23664] 94493 total pagecache pages [ 1381.352397][T23664] 95 pages in swap cache [ 1381.389087][T23664] Free swap = 124464kB [ 1381.411809][T23664] Total swap = 124996kB [ 1381.437677][T23664] 2097051 pages RAM [ 1381.473996][T23664] 0 pages HighMem/MovableOnly [ 1381.506095][T23664] 427684 pages reserved [ 1381.535046][T23664] 0 pages cma reserved [ 1383.688107][T23710] can: request_module (can-proto-0) failed. [ 1385.094190][ T5836] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 1385.404828][T23743] FAULT_INJECTION: forcing a failure. [ 1385.404828][T23743] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.455010][T23743] CPU: 1 UID: 0 PID: 23743 Comm: syz.5.4286 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1385.455043][T23743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1385.455056][T23743] Call Trace: [ 1385.455063][T23743] [ 1385.455071][T23743] dump_stack_lvl+0x16c/0x1f0 [ 1385.455109][T23743] should_fail_ex+0x50a/0x650 [ 1385.455136][T23743] ? fs_reclaim_acquire+0xae/0x150 [ 1385.455170][T23743] should_failslab+0xc2/0x120 [ 1385.455198][T23743] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1385.455225][T23743] ? getname_flags.part.0+0x4c/0x550 [ 1385.455254][T23743] ? vfs_write+0x306/0x1150 [ 1385.455279][T23743] getname_flags.part.0+0x4c/0x550 [ 1385.455312][T23743] getname+0x8d/0xe0 [ 1385.455333][T23743] do_sys_openat2+0x104/0x1e0 [ 1385.455362][T23743] ? __pfx_do_sys_openat2+0x10/0x10 [ 1385.455394][T23743] ? __fget_files+0x206/0x3a0 [ 1385.455423][T23743] __x64_sys_openat+0x175/0x210 [ 1385.455453][T23743] ? __pfx___x64_sys_openat+0x10/0x10 [ 1385.455481][T23743] ? ksys_write+0x1ba/0x250 [ 1385.455514][T23743] do_syscall_64+0xcd/0x250 [ 1385.455538][T23743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1385.455569][T23743] RIP: 0033:0x7f5a1c38cde9 [ 1385.455586][T23743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1385.455608][T23743] RSP: 002b:00007f5a1a1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1385.455629][T23743] RAX: ffffffffffffffda RBX: 00007f5a1c5a5fa0 RCX: 00007f5a1c38cde9 [ 1385.455644][T23743] RDX: 1a6b75d63882a712 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 1385.455659][T23743] RBP: 00007f5a1a1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1385.455673][T23743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1385.455685][T23743] R13: 0000000000000001 R14: 00007f5a1c5a5fa0 R15: 00007ffcb09a4378 [ 1385.455714][T23743] [ 1385.648538][ C1] vkms_vblank_simulate: vblank timer overrun [ 1388.940388][T23792] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1390.181381][T23814] FAULT_INJECTION: forcing a failure. [ 1390.181381][T23814] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1390.247462][T23814] CPU: 1 UID: 0 PID: 23814 Comm: syz.6.4303 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1390.247493][T23814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1390.247506][T23814] Call Trace: [ 1390.247513][T23814] [ 1390.247522][T23814] dump_stack_lvl+0x16c/0x1f0 [ 1390.247560][T23814] should_fail_ex+0x50a/0x650 [ 1390.247591][T23814] _copy_to_user+0x32/0xd0 [ 1390.247622][T23814] simple_read_from_buffer+0xd0/0x160 [ 1390.247657][T23814] proc_fail_nth_read+0x198/0x270 [ 1390.247692][T23814] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1390.247724][T23814] ? rw_verify_area+0xcf/0x680 [ 1390.247754][T23814] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1390.247785][T23814] vfs_read+0x1df/0xbf0 [ 1390.247807][T23814] ? __fget_files+0x1fc/0x3a0 [ 1390.247830][T23814] ? __pfx___mutex_lock+0x10/0x10 [ 1390.247862][T23814] ? __pfx_vfs_read+0x10/0x10 [ 1390.247893][T23814] ? __fget_files+0x206/0x3a0 [ 1390.247926][T23814] ksys_read+0x12b/0x250 [ 1390.247949][T23814] ? __pfx_ksys_read+0x10/0x10 [ 1390.247981][T23814] do_syscall_64+0xcd/0x250 [ 1390.248006][T23814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1390.248037][T23814] RIP: 0033:0x7f818998b7fc [ 1390.248056][T23814] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1390.248077][T23814] RSP: 002b:00007f81877f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1390.248099][T23814] RAX: ffffffffffffffda RBX: 00007f8189ba5fa0 RCX: 00007f818998b7fc [ 1390.248114][T23814] RDX: 000000000000000f RSI: 00007f81877f60a0 RDI: 0000000000000004 [ 1390.248128][T23814] RBP: 00007f81877f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1390.248142][T23814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1390.248156][T23814] R13: 0000000000000000 R14: 00007f8189ba5fa0 R15: 00007ffc336c9228 [ 1390.248187][T23814] [ 1390.437137][ C1] vkms_vblank_simulate: vblank timer overrun [ 1391.052865][T23819] netlink: 146 bytes leftover after parsing attributes in process `syz.4.4304'. [ 1395.803203][ T30] INFO: task syz.1.3915:22034 blocked for more than 143 seconds. [ 1395.815777][ T30] Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1395.840546][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1395.912674][ T30] task:syz.1.3915 state:D stack:26848 pid:22034 tgid:22033 ppid:15635 task_flags:0x400140 flags:0x00000004 [ 1395.999298][ T30] Call Trace: [ 1396.018495][ T30] [ 1396.055446][ T30] __schedule+0xf43/0x5890 [ 1396.079115][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1396.097157][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1396.117232][ T30] ? __pfx___schedule+0x10/0x10 [ 1396.142751][ T30] ? schedule+0x298/0x350 [ 1396.147234][ T30] ? __pfx_lock_release+0x10/0x10 [ 1396.161456][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1396.176497][ T30] ? lock_acquire+0x2f/0xb0 [ 1396.188982][ T30] ? schedule+0x1fd/0x350 [ 1396.200439][ T30] schedule+0xe7/0x350 [ 1396.326486][ T30] schedule_preempt_disabled+0x13/0x30 [ 1396.332130][ T30] __mutex_lock+0x6bd/0xb10 [ 1396.351516][ T30] ? rcu_watching_snap_stopped_since+0x41/0x110 [ 1396.369070][ T30] ? nfsd_nl_version_get_doit+0x183/0x780 [ 1396.386633][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1396.400975][ T30] ? skb_put+0x138/0x1b0 [ 1396.411258][ T30] ? genlmsg_put+0x258/0x2d0 [ 1396.423852][ T30] ? nfsd_nl_version_get_doit+0x183/0x780 [ 1396.448470][ T30] nfsd_nl_version_get_doit+0x183/0x780 [ 1396.465368][ T30] ? kasan_quarantine_put+0x10a/0x240 [ 1396.481999][ T30] ? __pfx_nfsd_nl_version_get_doit+0x10/0x10 [ 1396.500940][ T30] ? hlock_class+0x4e/0x130 [ 1396.512698][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1396.533966][ T30] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1396.548509][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1396.563807][ T30] ? __dev_queue_xmit+0x89b/0x43e0 [ 1396.575835][ T30] ? genl_get_cmd+0x195/0x580 [ 1396.586305][ T30] ? __radix_tree_lookup+0x21f/0x2c0 [ 1396.602665][ T30] genl_rcv_msg+0x565/0x800 [ 1396.616868][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1396.630777][ T30] ? __pfx_nfsd_nl_version_get_doit+0x10/0x10 [ 1396.651152][ T30] netlink_rcv_skb+0x165/0x410 [ 1396.662726][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1396.678999][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1396.694768][ T30] ? down_read+0xc9/0x330 [ 1396.712561][ T30] ? __pfx_down_read+0x10/0x10 [ 1396.736448][ T30] ? netlink_deliver_tap+0x1ae/0xca0 [ 1396.756110][ T30] genl_rcv+0x28/0x40 [ 1396.762538][ T30] netlink_unicast+0x53c/0x7f0 [ 1396.809724][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1396.874192][ T30] ? __phys_addr_symbol+0x30/0x80 [ 1396.886268][ T30] ? __check_object_size+0x488/0x710 [ 1396.897872][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1396.910293][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1396.925885][ T30] ____sys_sendmsg+0x9ae/0xb40 [ 1396.939761][ T30] ? copy_msghdr_from_user+0x10b/0x160 [ 1396.952313][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1396.962756][ T30] ___sys_sendmsg+0x135/0x1e0 [ 1396.980427][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1396.993847][ T30] ? __pfx_lock_release+0x10/0x10 [ 1397.016501][ T30] ? trace_lock_acquire+0x14e/0x1f0 [ 1397.031936][ T30] ? __fget_files+0x206/0x3a0 [ 1397.046081][ T30] __sys_sendmsg+0x16e/0x220 [ 1397.059711][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 1397.071614][ T30] ? __x64_sys_futex+0x1e1/0x4c0 [ 1397.088558][ T30] do_syscall_64+0xcd/0x250 [ 1397.102719][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1397.112082][ T30] RIP: 0033:0x7f60d0f8cde9 [ 1397.186991][ T30] RSP: 002b:00007f60d1dfd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1397.209371][ T30] RAX: ffffffffffffffda RBX: 00007f60d11a5fa0 RCX: 00007f60d0f8cde9 [ 1397.226098][ T30] RDX: 0000000020000080 RSI: 0000400000002780 RDI: 0000000000000004 [ 1397.249552][ T30] RBP: 00007f60d100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1397.269608][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1397.291978][ T30] R13: 0000000000000000 R14: 00007f60d11a5fa0 R15: 00007fffb1660bf8 [ 1397.318277][ T30] [ 1397.348746][ T30] [ 1397.348746][ T30] Showing all locks held in the system: [ 1397.429299][ T30] 1 lock held by khungtaskd/30: [ 1397.451500][ T30] #0: ffffffff8e1bc140 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 [ 1397.526170][ T30] 1 lock held by udevd/5209: [ 1397.600608][ T30] 2 locks held by getty/6471: [ 1397.610137][ T30] #0: ffff8880350c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1397.631606][ T30] #1: ffffc900096cd2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 [ 1397.654650][ T30] 2 locks held by kworker/u8:30/10617: [ 1397.669708][ T30] #0: ffff8880b863ed58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 1397.749041][ T30] #1: ffff88807f6a2018 (&pid_list->lock){-.-.}-{2:2}, at: trace_pid_list_is_set+0x4c/0x150 [ 1397.784649][ T30] 3 locks held by kworker/1:1/12280: [ 1397.855850][ T30] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 1397.904244][ T30] #1: ffffc9000c657d18 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1397.927156][ T30] #2: ffffffff8fed8b28 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 1397.952501][ T30] 4 locks held by kworker/u8:0/16928: [ 1397.965382][ T30] 4 locks held by kworker/u8:4/16955: [ 1397.978675][ T30] #0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 1398.010581][ T30] #1: ffffc900052cfd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1398.042255][ T30] #2: ffffffff8fec2b50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 [ 1398.099061][ T30] #3: ffffffff8fed8b28 (rtnl_mutex){+.+.}-{4:4}, at: mpls_net_exit+0x83/0x350 [ 1398.135011][ T30] 2 locks held by syz.3.3882/21865: [ 1398.140256][ T30] #0: ffffffff8ff79030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1398.162697][ T30] #1: ffffffff8e5bda88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x694/0xbe0 [ 1398.192803][ T30] 2 locks held by syz.1.3915/22034: [ 1398.198046][ T30] #0: ffffffff8ff79030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1398.222717][ T30] #1: ffffffff8e5bda88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_get_doit+0x183/0x780 [ 1398.242701][ T30] 6 locks held by syz.0.4302/23808: [ 1398.248265][ T30] 2 locks held by syz.5.4307/23834: [ 1398.260544][ T30] #0: ffffffff8fec2b50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x292/0x6c0 [ 1398.282781][ T30] #1: ffffffff8fed8b28 (rtnl_mutex){+.+.}-{4:4}, at: ppp_exit_net+0xae/0x3b0 [ 1398.291751][ T30] 3 locks held by syz.6.4316/23880: [ 1398.312844][ T30] #0: ffffffff8fec2b50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x292/0x6c0 [ 1398.322325][ T30] #1: ffffffff8fed8b28 (rtnl_mutex){+.+.}-{4:4}, at: setup_net+0x40b/0x860 [ 1398.351973][ T30] #2: ffffffff8e1c75b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a4/0x3b0 [ 1398.372884][ T30] [ 1398.378709][ T30] ============================================= [ 1398.378709][ T30] [ 1398.400483][ T30] NMI backtrace for cpu 1 [ 1398.400498][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1398.400524][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1398.400538][ T30] Call Trace: [ 1398.400545][ T30] [ 1398.400554][ T30] dump_stack_lvl+0x116/0x1f0 [ 1398.400592][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 1398.400621][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1398.400651][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1398.400681][ T30] watchdog+0xf62/0x12b0 [ 1398.400716][ T30] ? __pfx_watchdog+0x10/0x10 [ 1398.400747][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1398.400781][ T30] ? __kthread_parkme+0x148/0x220 [ 1398.400814][ T30] ? __pfx_watchdog+0x10/0x10 [ 1398.400844][ T30] kthread+0x3af/0x750 [ 1398.400867][ T30] ? __pfx_kthread+0x10/0x10 [ 1398.400896][ T30] ? __pfx_kthread+0x10/0x10 [ 1398.400920][ T30] ret_from_fork+0x45/0x80 [ 1398.400948][ T30] ? __pfx_kthread+0x10/0x10 [ 1398.400971][ T30] ret_from_fork_asm+0x1a/0x30 [ 1398.401009][ T30] [ 1398.401018][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1398.514245][ C0] NMI backtrace for cpu 0 [ 1398.514258][ C0] CPU: 0 UID: 0 PID: 5209 Comm: udevd Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1398.514282][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1398.514294][ C0] RIP: 0033:0x7f1c7554ef23 [ 1398.514310][ C0] Code: 00 f0 ff ff 76 1f 48 83 f8 da 8b 7c 24 04 48 8b 74 24 08 74 cb 48 8b 15 f3 7e 0f 00 f7 d8 64 89 02 48 83 c8 ff 48 83 c4 18 c3 <48> 8b 05 96 7f 0f 00 48 8b 80 f8 02 00 00 48 85 c0 74 1c 51 ff d0 [ 1398.514329][ C0] RSP: 002b:00007fffdaaab9a8 EFLAGS: 00000246 [ 1398.514346][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004 [ 1398.514358][ C0] RDX: 00007fffdaaabae4 RSI: 00007fffdaaab9b8 RDI: 0000000000000001 [ 1398.514371][ C0] RBP: 00007fffdaaab9b8 R08: 00000000535c5b01 R09: 0000000000000008 [ 1398.514383][ C0] R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000000 [ 1398.514395][ C0] R13: 00005635b5e39d00 R14: 0000000000000000 R15: 0000000000000000 [ 1398.514412][ C0] FS: 00007f1c75496c80 GS: 0000000000000000 [ 1398.623213][ C1] vkms_vblank_simulate: vblank timer overrun [ 1398.692770][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1398.699666][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0 [ 1398.710190][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1398.720261][ T30] Call Trace: [ 1398.723559][ T30] [ 1398.726499][ T30] dump_stack_lvl+0x3d/0x1f0 [ 1398.731120][ T30] panic+0x71d/0x800 [ 1398.735041][ T30] ? __pfx_panic+0x10/0x10 [ 1398.739486][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1398.744884][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1398.750884][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1398.756280][ T30] ? watchdog+0xdcc/0x12b0 [ 1398.760717][ T30] ? watchdog+0xdbf/0x12b0 [ 1398.765173][ T30] watchdog+0xddd/0x12b0 [ 1398.769441][ T30] ? __pfx_watchdog+0x10/0x10 [ 1398.774222][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1398.779445][ T30] ? __kthread_parkme+0x148/0x220 [ 1398.784482][ T30] ? __pfx_watchdog+0x10/0x10 [ 1398.789166][ T30] kthread+0x3af/0x750 [ 1398.793237][ T30] ? __pfx_kthread+0x10/0x10 [ 1398.797830][ T30] ? __pfx_kthread+0x10/0x10 [ 1398.802418][ T30] ret_from_fork+0x45/0x80 [ 1398.806852][ T30] ? __pfx_kthread+0x10/0x10 [ 1398.811443][ T30] ret_from_fork_asm+0x1a/0x30 [ 1398.816218][ T30] [ 1398.819449][ T30] Kernel Offset: disabled [ 1398.823769][ T30] Rebooting in 86400 seconds..