last executing test programs: 2m31.068181901s ago: executing program 2 (id=1765): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, &(0x7f0000000280)={0x4, 0x3, 0xa, @state_change={0xc, 0x6, 0x8}}) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) write$auto(0xffffffffffffffff, 0x0, 0x7) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x3, 0x1, 0x6d2e99e8, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @integer64=@value_ptr=0x0, "528d458095d42b72adda0cac2d45bdaacfc82245992af763188bf00ab57d5d73b094925aa92857fd2f672f85343275f80841c6ca41e93023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8188ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c2"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x3]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="010329bd700002dcdf2524"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40044010) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000fddbdf3a04000000050011002e"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4044820) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f00000000c0), r0) 2m29.127115765s ago: executing program 2 (id=1771): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000040)='./file0\x00', 0x44, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x81, 0x10000, 0x8000, 0xeb1, r0, 0x7ffc) ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x6, 0xfffffffa, 0x6) sysfs$auto(0x2, 0x23, 0x0) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r2, 0x0, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) 2m25.03990385s ago: executing program 2 (id=1775): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) mincore$auto(0x7, 0xc, &(0x7f0000000000)='/dev/ptyd1\x00') close_range$auto(0x2, 0x8, 0x0) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2m23.08213368s ago: executing program 2 (id=1777): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x6, 0x9}, 0x283) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x0, 0x2, 0x8, 0xc, 0x66b, 0x4, 0x1}, 0x6f4) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x800000}, 0x4) bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000000)=@bpf_attr_1={r0, 0xe, @value=0xfffffffffffffff8, 0xfffffffffffffffa}, 0xc) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x1c, r4, 0xb81, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) umask$auto(0x6) r7 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r7, 0xe5a, 0x5) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044880}, 0x40000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0xcf2, 0x6fffffa) 2m22.438259383s ago: executing program 2 (id=1779): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) unshare$auto(0x9) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x3, 0x9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) unshare$auto(0x40000080) mmap$auto(0x100400000000000, 0x8001, 0x3, 0x16, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'tunl0\x00'}) sendmsg$auto_NCSI_CMD_PKG_INFO(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x41}, 0x44088) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x43403d05, 0x0) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1fc000, 0xfee0, 0x3fd8, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) 2m17.42336309s ago: executing program 2 (id=1785): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) mincore$auto(0x7, 0xc, &(0x7f0000000000)='/dev/ptyd1\x00') close_range$auto(0x2, 0x8, 0x0) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2m2.052465703s ago: executing program 32 (id=1785): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) mincore$auto(0x7, 0xc, &(0x7f0000000000)='/dev/ptyd1\x00') close_range$auto(0x2, 0x8, 0x0) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 1m7.099212638s ago: executing program 0 (id=2014): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) r0 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$auto_BTRFS_IOC_SCAN_DEV(r0, 0x50009404, 0x0) 1m6.912413043s ago: executing program 0 (id=2016): setuid$auto(0xe) r0 = socket(0x2b, 0x1, 0x0) getsockopt$auto_SO_PEEK_OFF(r0, 0x6, 0x2a, 0x0, &(0x7f0000000180)=0xdf56) 1m6.69475679s ago: executing program 0 (id=2019): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)={0x38, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0xc}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0xc800) 1m6.480704694s ago: executing program 0 (id=2022): ioperm$auto(0x7, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) vmsplice$auto(0x1, 0x0, 0xa, 0x6) 1m6.282439597s ago: executing program 0 (id=2024): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, 0x0, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x11000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(0x0, 0x0) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) 1m5.248526748s ago: executing program 0 (id=2033): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x18, 0xfffffffffffffff7, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x24, 0xfffffffd, 0x0, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r0) semctl$auto_SEM_STAT_ANY(0xe, 0xfffffffb, 0x14, 0x7) sendmsg$auto_OVS_VPORT_CMD_GET(r0, 0x0, 0x20000004) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket(0x2, 0x1, 0x106) sendmsg$auto_OVS_VPORT_CMD_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4100}, 0x20000000) socket(0xa, 0x2, 0x0) sendto$auto(0xffffffffffffffff, 0x0, 0x11, 0xffff, &(0x7f0000000040)=@ax25={0x3, @bcast, 0x6}, 0x16) getpgid(0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) flock$auto(0xffffffffffffffff, 0x4) socket(0x22, 0x3, 0x6) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) unshare$auto(0x40000080) socket(0x2b, 0x3, 0x1) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) unshare$auto(0x40000080) read$auto(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x44243, 0xe1d2b27bdc14aabc) 55.01796532s ago: executing program 4 (id=2108): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) fchdir$auto(r0) exit$auto(0x7) newfstatat$auto(0xffffffffffffff9c, 0x0, 0x0, 0x1000) 54.084795438s ago: executing program 4 (id=2118): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b47, 0x1) mount_setattr$auto(r1, 0x0, 0x0, 0x0, 0x283) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x0, 0x2, 0x8, 0xc, 0x66b, 0x4, 0x1}, 0x6f4) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x800000}, 0x4) bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000000)=@bpf_attr_1={r0, 0xe, @value=0xfffffffffffffff8, 0xfffffffffffffffa}, 0xc) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x1c, r5, 0xb81, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) umask$auto(0x6) r8 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r8, 0xe5a, 0x5) sendmsg$auto_NL80211_CMD_NEW_STATION(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044880}, 0x40000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 53.74103989s ago: executing program 4 (id=2121): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd3", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x11000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x8, 0xeb0, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) 52.205941422s ago: executing program 4 (id=2130): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/fua\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/loginuid\x00', 0x1a1081, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x62342, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000380)=""/172, 0xac) 52.053898423s ago: executing program 4 (id=2132): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xb, 0xb5, 0x10, 0x4, 0x53000000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x4f4, 0x6}, 0x10) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/028/001\x00', 0xa901, 0x0) get_robust_list$auto(0x1, 0x0, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000000000005"]) 51.850267065s ago: executing program 4 (id=2133): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4400000000df, 0xc157, 0x101000000000000, 0x7) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x4b}, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) mq_open$auto(&(0x7f0000000000)='/dev/sequencer2\x00', 0x5, 0x3, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/vm/dirty_background_ratio\x00', 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0xffffffffffffffff, r0, 0x2) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) bpf$auto(0x9, &(0x7f0000000a40)=@prog_bind_map={0xffffffffffffffff, r1, 0x2f}, 0x121) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0xa, 0x3, 0x3, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0x8000]}, 0x0) sched_get_priority_min$auto(0x40) socket(0x2, 0xa, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x19, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) faccessat2$auto(0x1, 0x0, 0x4, 0x1000) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) 50.054883494s ago: executing program 33 (id=2033): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x18, 0xfffffffffffffff7, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x24, 0xfffffffd, 0x0, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r0) semctl$auto_SEM_STAT_ANY(0xe, 0xfffffffb, 0x14, 0x7) sendmsg$auto_OVS_VPORT_CMD_GET(r0, 0x0, 0x20000004) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket(0x2, 0x1, 0x106) sendmsg$auto_OVS_VPORT_CMD_SET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4100}, 0x20000000) socket(0xa, 0x2, 0x0) sendto$auto(0xffffffffffffffff, 0x0, 0x11, 0xffff, &(0x7f0000000040)=@ax25={0x3, @bcast, 0x6}, 0x16) getpgid(0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) flock$auto(0xffffffffffffffff, 0x4) socket(0x22, 0x3, 0x6) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) unshare$auto(0x40000080) socket(0x2b, 0x3, 0x1) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) unshare$auto(0x40000080) read$auto(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x44243, 0xe1d2b27bdc14aabc) 36.693580174s ago: executing program 34 (id=2133): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4400000000df, 0xc157, 0x101000000000000, 0x7) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x4b}, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) mq_open$auto(&(0x7f0000000000)='/dev/sequencer2\x00', 0x5, 0x3, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/vm/dirty_background_ratio\x00', 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0xffffffffffffffff, r0, 0x2) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) bpf$auto(0x9, &(0x7f0000000a40)=@prog_bind_map={0xffffffffffffffff, r1, 0x2f}, 0x121) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0xa, 0x3, 0x3, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0x8000]}, 0x0) sched_get_priority_min$auto(0x40) socket(0x2, 0xa, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x19, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) faccessat2$auto(0x1, 0x0, 0x4, 0x1000) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) 9.063346943s ago: executing program 3 (id=2378): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = semctl$auto(0x1ff, 0x2, 0x13, 0x1) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_GET(0x0, 0x2, r0, 0x2fb, 0x33b4) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x94, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x3a, 0x1, "c0d006911cf619d430c6b42dc79ff6b7953087a9a52d4b8d4092092fc8930e78eb9df2ee8f26eb49e445aa5ac04c75ccd383abb225a5"}]}, 0x94}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) ioctl$auto_TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000200)=0x20000800) close_range$auto(r1, 0x8, 0x0) 8.410887407s ago: executing program 3 (id=2385): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 8.174092359s ago: executing program 3 (id=2387): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x20, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x1fe, 0x81) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x4c2801, 0x0) lsm_set_self_attr$auto(0x3, 0xfffffffffffffffc, 0x1f, 0x8000000000000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f00000002c0), 0xffffffffffffffff) pipe$auto(&(0x7f00000000c0)=r0) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x23, 0x80805, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x80) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_mon_fops_stat_usb_mon(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/usb/usbmon/11s\x00', 0x210601, 0x0) r3 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000005304"], 0x5f}, 0x1, 0x0, 0x0, 0x40040094}, 0x40) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) 7.178762807s ago: executing program 3 (id=2394): openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, 0x0, 0x100401, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) setsockopt$auto(0x3, 0x0, 0x28, 0xfffffffffffffffc, 0x70) 6.983749455s ago: executing program 3 (id=2396): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) open(0x0, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) symlink$auto(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000010c0)='./file0\x00') 5.902094298s ago: executing program 3 (id=2404): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(r1, 0x0, 0x0, 0x0, 0x11000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x4020009, 0x8, 0xeb0, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) 3.890454346s ago: executing program 5 (id=2414): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2b, 0x1, 0x1) epoll_create$auto(0x3e) epoll_create$auto(0x4) open(&(0x7f0000000100)='.\x00', 0x100, 0x0) ioctl$auto(0x3, 0x5460, 0x5) 3.716790279s ago: executing program 6 (id=2415): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x100000000, 0xfffffffffffff7fe, 0x57a, 0x40eb1, 0x602, 0x300000000000) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa102, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40d81, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x20800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x5, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x0, 0x13, 0xfffffffffffffffe, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x80, 0x0) mlockall$auto(0x7) shmat$auto(0x0, 0x0, 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) 3.660496876s ago: executing program 5 (id=2416): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, 0x0) fanotify_init$auto(0x4f1, 0x1) 3.457274878s ago: executing program 5 (id=2417): socket(0x2, 0x2, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) 3.062385543s ago: executing program 6 (id=2419): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b47, 0x1) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x6, 0x9}, 0x283) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x0, 0x2, 0x8, 0xc, 0x66b, 0x4, 0x1}, 0x6f4) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x800000}, 0x4) bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000000)=@bpf_attr_1={r0, 0xe, @value=0xfffffffffffffff8, 0xfffffffffffffffa}, 0xc) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) umask$auto(0x6) r6 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r6, 0xe5a, 0x5) sendmsg$auto_NL80211_CMD_NEW_STATION(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044880}, 0x40000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 2.890015564s ago: executing program 5 (id=2420): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) access$auto(0x0, 0x8) mlockall$auto(0x7) 2.466807295s ago: executing program 6 (id=2421): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b47, 0x1) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x6, 0x9}, 0x283) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x0, 0x2, 0x8, 0xc, 0x66b, 0x4, 0x1}, 0x6f4) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x800000}, 0x4) bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000000)=@bpf_attr_1={r0, 0xe, @value=0xfffffffffffffff8, 0xfffffffffffffffa}, 0xc) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x14, r5, 0xb81, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) umask$auto(0x6) r7 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r7, 0xe5a, 0x5) sendmsg$auto_NL80211_CMD_NEW_STATION(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044880}, 0x40000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0xcf2, 0x6fffffa) 2.186611595s ago: executing program 1 (id=2422): mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80a86f3d, r0) 1.965883774s ago: executing program 1 (id=2423): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x100000000, 0xfffffffffffff7fe, 0x57a, 0x40eb1, 0x602, 0x300000000000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x0, 0x13, 0xfffffffffffffffe, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x80, 0x0) mlockall$auto(0x7) close_range$auto(0x2, 0x8, 0x0) 1.853372693s ago: executing program 6 (id=2424): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/mpls/conf/netdevsim3/input\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x8, 0xb, 0x0, 0x9, 0xfffffffffffffffc, 0x83, 0x6, 0x2, 0x9, 0xffff, 0x4000000000000002, 0xd, 0x3, 0xfffffffffffffffe, 0x7, 0x1000000006]}, 0x0, 0x0) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x6, 0x4, 0xfffffff7) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x1000, 0x6) mlockall$auto(0x800000000000005) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5r0) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x23, 0x80805, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x80) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_mon_fops_stat_usb_mon(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/usb/usbmon/11s\x00', 0x210601, 0x0) r3 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000005304"], 0x5f}, 0x1, 0x0, 0x0, 0x40040094}, 0x40) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) 551.083488ms ago: executing program 6 (id=2429): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000400)='/proc/tty/driver/serial\x00', 0x43102, 0x0) sendfile$auto(r0, r0, 0x0, 0xb9) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b47, 0x1) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x6, 0x9}, 0x283) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x0, 0x2, 0x8, 0xc, 0x66b, 0x4, 0x1}, 0x6f4) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x800000}, 0x4) bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000000)=@bpf_attr_1={r0, 0xe, @value=0xfffffffffffffff8, 0xfffffffffffffffa}, 0xc) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) umask$auto(0x6) r6 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r6, 0xe5a, 0x5) sendmsg$auto_NL80211_CMD_NEW_STATION(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044880}, 0x40000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 222.416218ms ago: executing program 5 (id=2430): sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(0xffffffffffffffff, 0x0, 0x20000001) socket(0x2, 0x2, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) clock_gettime$auto(0x80000000, 0x0) ioperm$auto(0x4000000000080, 0xfffffffffffffffb, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) 34.040571ms ago: executing program 5 (id=2431): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) 0s ago: executing program 6 (id=2432): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0x2, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x13}}, 0x54) io_uring_setup$auto(0x81, 0x0) getsockopt$auto(r0, 0x84, 0x6c, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 960.891778][T14363] ? lockdep_hardirqs_on+0x7c/0x110 [ 960.891826][T14363] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 960.891870][T14363] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 960.891917][T14363] snd_seq_oss_open+0x893/0xa20 [ 960.891955][T14363] odev_open+0x6f/0x90 [ 960.891983][T14363] ? __pfx_odev_open+0x10/0x10 [ 960.892011][T14363] soundcore_open+0x409/0x580 [ 960.892043][T14363] ? __pfx_soundcore_open+0x10/0x10 [ 960.892071][T14363] chrdev_open+0x231/0x6a0 [ 960.892095][T14363] ? __pfx_apparmor_file_open+0x10/0x10 [ 960.892127][T14363] ? __pfx_chrdev_open+0x10/0x10 [ 960.892154][T14363] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 960.892197][T14363] do_dentry_open+0x741/0x1c10 [ 960.892225][T14363] ? __pfx_chrdev_open+0x10/0x10 [ 960.892257][T14363] vfs_open+0x82/0x3f0 [ 960.892291][T14363] path_openat+0x1e5e/0x2d40 [ 960.892326][T14363] ? __pfx_path_openat+0x10/0x10 [ 960.892357][T14363] do_filp_open+0x20b/0x470 [ 960.892380][T14363] ? __pfx_do_filp_open+0x10/0x10 [ 960.892426][T14363] ? alloc_fd+0x471/0x7d0 [ 960.892472][T14363] do_sys_openat2+0x11b/0x1d0 [ 960.892503][T14363] ? __pfx_do_sys_openat2+0x10/0x10 [ 960.892538][T14363] ? __pfx___might_resched+0x10/0x10 [ 960.892572][T14363] __x64_sys_openat+0x174/0x210 [ 960.892605][T14363] ? __pfx___x64_sys_openat+0x10/0x10 [ 960.892640][T14363] ? rcu_is_watching+0x12/0xc0 [ 960.892670][T14363] do_syscall_64+0xcd/0x230 [ 960.892707][T14363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 960.892731][T14363] RIP: 0033:0x7f448cf8e969 [ 960.892751][T14363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 960.892787][T14363] RSP: 002b:00007f448dd78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 960.892808][T14363] RAX: ffffffffffffffda RBX: 00007f448d1b5fa0 RCX: 00007f448cf8e969 [ 960.892823][T14363] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 960.892847][T14363] RBP: 00007f448d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 960.892861][T14363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 960.892875][T14363] R13: 0000000000000000 R14: 00007f448d1b5fa0 R15: 00007ffce39fa5f8 [ 960.892904][T14363] [ 961.879333][T14379] lo: entered allmulticast mode [ 961.990994][T14382] lo: left allmulticast mode [ 962.173864][T14382] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 962.180342][T14382] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 965.503050][T14425] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[14425] [ 973.030222][T14498] FAULT_INJECTION: forcing a failure. [ 973.030222][T14498] name failslab, interval 1, probability 0, space 0, times 0 [ 973.093323][T14498] CPU: 1 UID: 0 PID: 14498 Comm: syz.3.1629 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 973.093358][T14498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 973.093373][T14498] Call Trace: [ 973.093380][T14498] [ 973.093388][T14498] dump_stack_lvl+0x16c/0x1f0 [ 973.093431][T14498] should_fail_ex+0x512/0x640 [ 973.093464][T14498] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 973.093507][T14498] should_failslab+0xc2/0x120 [ 973.093535][T14498] __kmalloc_cache_noprof+0x6a/0x3e0 [ 973.093579][T14498] ? vkms_plane_duplicate_state+0x87/0x130 [ 973.093616][T14498] ? kasan_save_track+0x14/0x30 [ 973.093644][T14498] vkms_plane_duplicate_state+0x87/0x130 [ 973.093681][T14498] drm_atomic_get_plane_state+0x20b/0x590 [ 973.093715][T14498] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 973.093747][T14498] ? __pfx___might_resched+0x10/0x10 [ 973.093779][T14498] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 973.093847][T14498] drm_client_modeset_commit_locked+0x14d/0x580 [ 973.093881][T14498] drm_client_modeset_commit+0x4f/0x80 [ 973.093912][T14498] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 973.093940][T14498] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 973.093977][T14498] drm_fbdev_client_restore+0x2c/0x40 [ 973.094011][T14498] drm_client_dev_restore+0x1f3/0x2a0 [ 973.094045][T14498] drm_release+0x2c4/0x360 [ 973.094074][T14498] ? __pfx_drm_release+0x10/0x10 [ 973.094098][T14498] __fput+0x3ff/0xb70 [ 973.094134][T14498] task_work_run+0x14d/0x240 [ 973.094171][T14498] ? __pfx_task_work_run+0x10/0x10 [ 973.094208][T14498] ? __pfx___do_sys_close_range+0x10/0x10 [ 973.094230][T14498] ? rcu_is_watching+0x12/0xc0 [ 973.094257][T14498] syscall_exit_to_user_mode+0x27b/0x2a0 [ 973.094291][T14498] do_syscall_64+0xda/0x230 [ 973.094327][T14498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 973.094350][T14498] RIP: 0033:0x7fafdf38e969 [ 973.094369][T14498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 973.094391][T14498] RSP: 002b:00007fafe027b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 973.094412][T14498] RAX: 0000000000000000 RBX: 00007fafdf5b6080 RCX: 00007fafdf38e969 [ 973.094439][T14498] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 973.094452][T14498] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 973.094464][T14498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 973.094477][T14498] R13: 0000000000000000 R14: 00007fafdf5b6080 R15: 00007ffdf1150098 [ 973.094505][T14498] [ 974.865248][T14507] snd_aloop snd_aloop.0: control 16781581:65539:44:éFË·fCªáª:7 is already present [ 976.297988][T14521] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma? [ 976.636121][ T5840] Bluetooth: hci3: unexpected event 0x3e length: 1020 > 260 [ 976.636154][ T5840] Bluetooth: hci3: unexpected subevent 0x01 length: 1019 > 18 [ 979.165473][T14554] lo: entered allmulticast mode [ 979.325413][T14560] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 979.331891][T14560] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 979.394030][T14554] lo: left allmulticast mode [ 980.410614][T14568] snd_aloop snd_aloop.0: control 16781581:65539:44:éFË·fCªáª:7 is already present [ 984.482421][T14611] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[14611] [ 986.226762][T14641] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[14641] [ 988.796244][T14654] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[14654] [ 989.310515][T14670] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[14670] [ 992.789516][T14707] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[14707] [ 993.864030][T14723] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[14723] [ 994.461679][T14716] kexec: Could not allocate control_code_buffer [ 996.592455][T14752] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 996.598945][T14752] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 996.710550][T14749] lo: entered allmulticast mode [ 996.771813][T14754] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[14754] [ 997.027421][T14755] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[14755] [ 997.585628][T14749] lo: left allmulticast mode [ 998.097161][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.103478][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1000.137640][T14779] Invalid ELF header magic: != ELF [ 1000.895444][T14773] kexec: Could not allocate control_code_buffer [ 1001.340717][T14790] lo: entered allmulticast mode [ 1001.492512][T14792] lo: left allmulticast mode [ 1001.589226][T14792] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1001.595705][T14792] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1003.005154][T14806] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[14806] [ 1003.378148][T14807] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[14807] [ 1003.782909][T14815] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1003.789392][T14815] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1003.914455][T14810] lo: entered allmulticast mode [ 1003.964857][T14810] lo: left allmulticast mode [ 1005.620326][T14835] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[14835] [ 1008.120438][T14845] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[14845] [ 1010.361580][T14883] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[14883] [ 1010.600385][T14889] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1702'. [ 1012.524017][T14911] can: request_module (can-proto-3) failed. [ 1012.822329][T14917] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1708'. [ 1013.748491][T14931] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[14931] [ 1017.838557][T14969] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[14969] [ 1018.603878][T14979] lo: entered allmulticast mode [ 1019.081291][T14981] lo: left allmulticast mode [ 1019.580374][T14983] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[14983] [ 1021.306052][T15010] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 1021.501013][T15012] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1723'. [ 1021.535330][T15013] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[15013] [ 1021.950714][T15011] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 1023.398407][T15029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1726'. [ 1024.772723][T15043] lo: entered allmulticast mode [ 1025.026905][T15046] lo: left allmulticast mode [ 1025.055896][T15050] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1025.062347][T15050] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1025.121987][T15051] lo: entered allmulticast mode [ 1025.224309][T15051] lo: left allmulticast mode [ 1025.247810][T15054] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1025.254264][T15054] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1026.392997][T15065] lo: entered allmulticast mode [ 1026.426785][T15065] lo: left allmulticast mode [ 1026.489766][T15065] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1026.496240][T15065] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1039.126555][T15167] snd_aloop snd_aloop.0: control 16781581:65539:44:éFË·fCªáª:7 is already present [ 1045.370937][T15222] snd_aloop snd_aloop.0: control 16781581:65539:44:éFË·fCªáª:7 is already present [ 1045.790596][T15221] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[15221] syzkaller syzkaller login: [ 1050.327709][T15278] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[15278] [ 1051.936527][T15289] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[15289] [ 1059.530861][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.539732][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.667999][T15343] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[15343] [ 1060.151183][T15339] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[15339] [ 1060.448411][T15354] can: request_module (can-proto-3) failed. [ 1062.634841][T15378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1791'. [ 1063.237511][T15389] FAULT_INJECTION: forcing a failure. [ 1063.237511][T15389] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.326682][T15389] CPU: 1 UID: 0 PID: 15389 Comm: syz.3.1793 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1063.326718][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1063.326732][T15389] Call Trace: [ 1063.326739][T15389] [ 1063.326749][T15389] dump_stack_lvl+0x16c/0x1f0 [ 1063.326788][T15389] should_fail_ex+0x512/0x640 [ 1063.326822][T15389] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1063.326866][T15389] should_failslab+0xc2/0x120 [ 1063.326896][T15389] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1063.326938][T15389] ? snd_seq_port_connect+0x61/0x550 [ 1063.326974][T15389] snd_seq_port_connect+0x61/0x550 [ 1063.327004][T15389] ? _raw_read_unlock+0x28/0x50 [ 1063.327041][T15389] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1063.327079][T15389] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1063.327117][T15389] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1063.327166][T15389] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1063.327201][T15389] snd_seq_oss_midi_open+0x442/0x660 [ 1063.327243][T15389] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1063.327293][T15389] ? lockdep_hardirqs_on+0x7c/0x110 [ 1063.327326][T15389] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1063.327361][T15389] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1063.327408][T15389] snd_seq_oss_open+0x893/0xa20 [ 1063.327446][T15389] odev_open+0x6f/0x90 [ 1063.327474][T15389] ? __pfx_odev_open+0x10/0x10 [ 1063.327503][T15389] soundcore_open+0x409/0x580 [ 1063.327534][T15389] ? __pfx_soundcore_open+0x10/0x10 [ 1063.327562][T15389] chrdev_open+0x231/0x6a0 [ 1063.327587][T15389] ? __pfx_apparmor_file_open+0x10/0x10 [ 1063.327618][T15389] ? __pfx_chrdev_open+0x10/0x10 [ 1063.327646][T15389] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1063.327689][T15389] do_dentry_open+0x741/0x1c10 [ 1063.327714][T15389] ? __pfx_chrdev_open+0x10/0x10 [ 1063.327746][T15389] vfs_open+0x82/0x3f0 [ 1063.327781][T15389] path_openat+0x1e5e/0x2d40 [ 1063.327815][T15389] ? __pfx_path_openat+0x10/0x10 [ 1063.327845][T15389] do_filp_open+0x20b/0x470 [ 1063.327869][T15389] ? __pfx_do_filp_open+0x10/0x10 [ 1063.327913][T15389] ? alloc_fd+0x471/0x7d0 [ 1063.327960][T15389] do_sys_openat2+0x11b/0x1d0 [ 1063.327993][T15389] ? __pfx_do_sys_openat2+0x10/0x10 [ 1063.328042][T15389] ? __pfx___might_resched+0x10/0x10 [ 1063.328084][T15389] __x64_sys_openat+0x174/0x210 [ 1063.328123][T15389] ? __pfx___x64_sys_openat+0x10/0x10 [ 1063.328158][T15389] ? rcu_is_watching+0x12/0xc0 [ 1063.328189][T15389] do_syscall_64+0xcd/0x230 [ 1063.328226][T15389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1063.328251][T15389] RIP: 0033:0x7fafdf38e969 [ 1063.328270][T15389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1063.328294][T15389] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1063.328317][T15389] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1063.328334][T15389] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1063.328350][T15389] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1063.328364][T15389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1063.328378][T15389] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1063.328408][T15389] [ 1063.749093][T15386] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[15386] [ 1067.369030][T15413] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[15413] [ 1067.706994][T15425] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1798'. [ 1068.129884][T15428] FAULT_INJECTION: forcing a failure. [ 1068.129884][T15428] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.178739][T15428] CPU: 1 UID: 0 PID: 15428 Comm: syz.0.1799 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1068.178773][T15428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1068.178786][T15428] Call Trace: [ 1068.178793][T15428] [ 1068.178801][T15428] dump_stack_lvl+0x16c/0x1f0 [ 1068.178836][T15428] should_fail_ex+0x512/0x640 [ 1068.178868][T15428] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1068.178908][T15428] should_failslab+0xc2/0x120 [ 1068.178934][T15428] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1068.178971][T15428] ? snd_seq_port_connect+0x61/0x550 [ 1068.179003][T15428] snd_seq_port_connect+0x61/0x550 [ 1068.179030][T15428] ? _raw_read_unlock+0x28/0x50 [ 1068.179057][T15428] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1068.179090][T15428] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1068.179123][T15428] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1068.179165][T15428] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1068.179199][T15428] snd_seq_oss_midi_open+0x442/0x660 [ 1068.179236][T15428] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1068.179280][T15428] ? lockdep_hardirqs_on+0x7c/0x110 [ 1068.179308][T15428] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1068.179340][T15428] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1068.179382][T15428] snd_seq_oss_open+0x893/0xa20 [ 1068.179416][T15428] odev_open+0x6f/0x90 [ 1068.179441][T15428] ? __pfx_odev_open+0x10/0x10 [ 1068.179467][T15428] soundcore_open+0x409/0x580 [ 1068.179498][T15428] ? __pfx_soundcore_open+0x10/0x10 [ 1068.179524][T15428] chrdev_open+0x231/0x6a0 [ 1068.179546][T15428] ? __pfx_apparmor_file_open+0x10/0x10 [ 1068.179580][T15428] ? __pfx_chrdev_open+0x10/0x10 [ 1068.179606][T15428] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1068.179645][T15428] do_dentry_open+0x741/0x1c10 [ 1068.179668][T15428] ? __pfx_chrdev_open+0x10/0x10 [ 1068.179697][T15428] vfs_open+0x82/0x3f0 [ 1068.179728][T15428] path_openat+0x1e5e/0x2d40 [ 1068.179759][T15428] ? __pfx_path_openat+0x10/0x10 [ 1068.179786][T15428] do_filp_open+0x20b/0x470 [ 1068.179807][T15428] ? __pfx_do_filp_open+0x10/0x10 [ 1068.179847][T15428] ? alloc_fd+0x471/0x7d0 [ 1068.179888][T15428] do_sys_openat2+0x11b/0x1d0 [ 1068.179916][T15428] ? __pfx_do_sys_openat2+0x10/0x10 [ 1068.179947][T15428] ? __pfx___might_resched+0x10/0x10 [ 1068.179978][T15428] __x64_sys_openat+0x174/0x210 [ 1068.180008][T15428] ? __pfx___x64_sys_openat+0x10/0x10 [ 1068.180039][T15428] ? rcu_is_watching+0x12/0xc0 [ 1068.180066][T15428] do_syscall_64+0xcd/0x230 [ 1068.180099][T15428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1068.180121][T15428] RIP: 0033:0x7f448cf8e969 [ 1068.180138][T15428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1068.180162][T15428] RSP: 002b:00007f448dd78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1068.180182][T15428] RAX: ffffffffffffffda RBX: 00007f448d1b5fa0 RCX: 00007f448cf8e969 [ 1068.180215][T15428] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1068.180230][T15428] RBP: 00007f448d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1068.180244][T15428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1068.180258][T15428] R13: 0000000000000000 R14: 00007f448d1b5fa0 R15: 00007ffce39fa5f8 [ 1068.180287][T15428] [ 1069.075408][T15431] FAULT_INJECTION: forcing a failure. [ 1069.075408][T15431] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1069.104912][T15431] CPU: 1 UID: 0 PID: 15431 Comm: syz.3.1801 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1069.104947][T15431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1069.104961][T15431] Call Trace: [ 1069.104969][T15431] [ 1069.104977][T15431] dump_stack_lvl+0x16c/0x1f0 [ 1069.105016][T15431] should_fail_ex+0x512/0x640 [ 1069.105055][T15431] should_fail_alloc_page+0xe7/0x130 [ 1069.105087][T15431] prepare_alloc_pages+0x3c2/0x610 [ 1069.105125][T15431] ? rcu_is_watching+0x12/0xc0 [ 1069.105150][T15431] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1069.105183][T15431] ? __lock_acquire+0x5ca/0x1ba0 [ 1069.105218][T15431] ? xas_create+0x1d7/0x1460 [ 1069.105255][T15431] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1069.105284][T15431] ? cgroup_rstat_updated+0x2a/0xb20 [ 1069.105336][T15431] ? __lock_acquire+0x5ca/0x1ba0 [ 1069.105367][T15431] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1069.105402][T15431] ? policy_nodemask+0xea/0x4e0 [ 1069.105433][T15431] alloc_pages_mpol+0x1fb/0x550 [ 1069.105464][T15431] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1069.105503][T15431] ? filemap_get_entry+0x1a7/0x3b0 [ 1069.105542][T15431] folio_alloc_noprof+0x20/0x2d0 [ 1069.105577][T15431] filemap_alloc_folio_noprof+0x3a1/0x470 [ 1069.105606][T15431] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 1069.105636][T15431] ? rcu_is_watching+0x12/0xc0 [ 1069.105663][T15431] __filemap_get_folio+0x5e9/0xc10 [ 1069.105704][T15431] ioctx_alloc+0x761/0x2060 [ 1069.105753][T15431] ? __pfx_ioctx_alloc+0x10/0x10 [ 1069.105786][T15431] ? __might_fault+0x13b/0x190 [ 1069.105822][T15431] __x64_sys_io_setup+0xc9/0x210 [ 1069.105860][T15431] do_syscall_64+0xcd/0x230 [ 1069.105896][T15431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1069.105920][T15431] RIP: 0033:0x7fafdf38e969 [ 1069.105939][T15431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1069.105963][T15431] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1069.105985][T15431] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1069.106001][T15431] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 1069.106016][T15431] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1069.106030][T15431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1069.106044][T15431] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1069.106073][T15431] [ 1071.203633][T15459] lo: entered allmulticast mode [ 1071.275149][T15462] lo: left allmulticast mode [ 1071.334366][T15462] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1071.340837][T15462] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1072.014821][T15479] lo: entered allmulticast mode [ 1072.129885][T15482] lo: left allmulticast mode [ 1074.430187][T15510] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1815'. [ 1076.518432][T15533] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1076.529759][T15533] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1076.538895][T15533] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1076.557713][T15533] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1076.565346][T15533] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1077.073189][T15540] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 1077.167167][T15539] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1820'. [ 1077.563778][ T30] audit: type=1107 audit(6041527307.966:10): pid=15538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1077.634492][ T30] audit: type=1107 audit(6041527307.996:11): pid=15538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1077.730287][T15532] chnl_net:caif_netlink_parms(): no params data found [ 1078.540723][T15532] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.581156][T15532] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.617663][T15532] bridge_slave_0: entered allmulticast mode [ 1078.646638][T15533] Bluetooth: hci4: command tx timeout [ 1078.663380][T15532] bridge_slave_0: entered promiscuous mode [ 1078.752642][T15532] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.771831][T15558] Invalid ELF header magic: != ELF [ 1078.784266][T15532] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.811558][T15532] bridge_slave_1: entered allmulticast mode [ 1078.854570][T15532] bridge_slave_1: entered promiscuous mode [ 1079.011199][T15532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1079.078617][T15532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1079.333924][T15532] team0: Port device team_slave_0 added [ 1079.377911][T15532] team0: Port device team_slave_1 added [ 1079.567054][T15532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1079.587253][T15558] snd_aloop snd_aloop.0: control 16781581:65535:6:é'x?F¢é/èìzFË·fCªáª:8 is already present [ 1079.600238][T15532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1079.680126][T15532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1079.733238][T15532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1079.761694][T15532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1079.875741][T15532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1080.094612][T15570] lo: entered allmulticast mode [ 1080.226495][T15574] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1080.232960][T15574] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1080.302732][T15570] lo: left allmulticast mode [ 1080.340576][T15532] hsr_slave_0: entered promiscuous mode [ 1080.357962][T15532] hsr_slave_1: entered promiscuous mode [ 1080.372480][T15532] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1080.390740][T15532] Cannot create hsr debugfs directory [ 1080.725869][T15533] Bluetooth: hci4: command tx timeout [ 1081.142765][T15582] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1827'. [ 1081.204043][T15532] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1081.357783][T15532] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1081.412753][T15532] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1081.495488][T15532] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1081.857551][T15532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1081.911120][T15584] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1081.936878][T15584] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1081.947666][T15532] 8021q: adding VLAN 0 to HW filter on device team0 [ 1081.994415][T15215] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.001624][T15215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1082.031935][T15584] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1082.050793][T15584] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1082.077226][T15464] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.084411][T15464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1082.108246][T15584] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1082.129484][T15584] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1082.163856][T15584] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1082.210941][T15584] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1082.357485][T15584] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1082.480565][T15584] CPU0 is offline. [ 1082.737842][T15532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1082.952575][T15602] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1829'. [ 1083.447040][T15533] Bluetooth: hci0: command 0x0c1a tx timeout [ 1083.574799][T15532] veth0_vlan: entered promiscuous mode [ 1083.638186][T15532] veth1_vlan: entered promiscuous mode [ 1083.733896][T15532] veth0_macvtap: entered promiscuous mode [ 1083.788325][T15532] veth1_macvtap: entered promiscuous mode [ 1083.864338][T15532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1083.926996][T15532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.998244][T15532] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1084.049284][T15532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1084.088390][T15533] Bluetooth: hci2: command 0x0c1a tx timeout [ 1084.094448][T15223] Bluetooth: hci1: command 0x0c1a tx timeout [ 1084.110769][T15532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1084.166451][T15223] Bluetooth: hci4: command 0x0419 tx timeout [ 1084.172520][T15223] Bluetooth: hci3: command 0x0c1a tx timeout [ 1084.351595][T15532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1084.399164][T15532] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.665725][T15532] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.695041][T15532] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1084.730812][T15532] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1085.269081][T15464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1085.347575][T15464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1085.457056][T15220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1085.457078][T15220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1085.527585][T15223] Bluetooth: hci0: command 0x0c1a tx timeout [ 1085.564422][T15613] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1830'. [ 1086.247238][T15223] Bluetooth: hci3: command 0x0c1a tx timeout [ 1086.254234][T15533] Bluetooth: hci4: command 0x0419 tx timeout [ 1087.075306][T15628] FAULT_INJECTION: forcing a failure. [ 1087.075306][T15628] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.107524][T15633] lo: entered allmulticast mode [ 1087.208701][T15628] CPU: 1 UID: 0 PID: 15628 Comm: syz.0.1832 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1087.208735][T15628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1087.208749][T15628] Call Trace: [ 1087.208757][T15628] [ 1087.208766][T15628] dump_stack_lvl+0x16c/0x1f0 [ 1087.208803][T15628] should_fail_ex+0x512/0x640 [ 1087.208836][T15628] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 1087.208864][T15628] should_failslab+0xc2/0x120 [ 1087.208893][T15628] __kmalloc_cache_node_noprof+0x6d/0x420 [ 1087.208918][T15628] ? __lock_acquire+0x5ca/0x1ba0 [ 1087.208946][T15628] ? __get_vm_area_node+0x101/0x300 [ 1087.208992][T15628] __get_vm_area_node+0x101/0x300 [ 1087.209031][T15628] __vmalloc_node_range_noprof+0x277/0x1540 [ 1087.209070][T15628] ? bpf_check+0x1e4/0xb460 [ 1087.209093][T15628] ? find_held_lock+0x2b/0x80 [ 1087.209115][T15628] ? rcu_read_unlock+0x17/0x60 [ 1087.209150][T15628] ? bpf_check+0x1e4/0xb460 [ 1087.209180][T15628] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1087.209220][T15628] ? rcu_is_watching+0x12/0xc0 [ 1087.209241][T15628] ? trace_kmalloc+0x2b/0xd0 [ 1087.209270][T15628] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 1087.209300][T15628] ? rcu_is_watching+0x12/0xc0 [ 1087.209320][T15628] ? ktime_get+0x200/0x310 [ 1087.209362][T15628] ? bpf_check+0x1e4/0xb460 [ 1087.209388][T15628] vzalloc_noprof+0x6b/0x90 [ 1087.209426][T15628] ? bpf_check+0x1e4/0xb460 [ 1087.209450][T15628] bpf_check+0x1e4/0xb460 [ 1087.209474][T15628] ? __mutex_trylock_common+0xe9/0x250 [ 1087.209512][T15628] ? __mutex_trylock_common+0xe9/0x250 [ 1087.209552][T15628] ? __lock_acquire+0x5ca/0x1ba0 [ 1087.209584][T15628] ? __pfx_bpf_check+0x10/0x10 [ 1087.209607][T15628] ? pcpu_alloc_noprof+0x949/0x1470 [ 1087.209645][T15628] ? __lock_acquire+0xaa4/0x1ba0 [ 1087.209701][T15628] ? find_held_lock+0x2b/0x80 [ 1087.209726][T15628] ? rcu_is_watching+0x12/0xc0 [ 1087.209746][T15628] ? ktime_get_with_offset+0x26e/0x3b0 [ 1087.209773][T15628] ? __asan_memset+0x23/0x50 [ 1087.209810][T15628] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 1087.209845][T15628] bpf_prog_load+0xe41/0x2490 [ 1087.209883][T15628] ? __pfx_bpf_prog_load+0x10/0x10 [ 1087.209914][T15628] ? __pfx___futex_wait+0x10/0x10 [ 1087.209964][T15628] ? bpf_lsm_bpf+0x9/0x10 [ 1087.209994][T15628] __sys_bpf+0x433c/0x4d80 [ 1087.210049][T15628] ? __pfx___sys_bpf+0x10/0x10 [ 1087.210085][T15628] ? ksys_write+0x190/0x240 [ 1087.210112][T15628] ? do_futex+0x122/0x350 [ 1087.210137][T15628] ? __pfx_do_futex+0x10/0x10 [ 1087.210176][T15628] ? xfd_validate_state+0x5d/0x180 [ 1087.210217][T15628] ? rcu_is_watching+0x12/0xc0 [ 1087.210243][T15628] __x64_sys_bpf+0x78/0xc0 [ 1087.210278][T15628] ? lockdep_hardirqs_on+0x7c/0x110 [ 1087.210322][T15628] do_syscall_64+0xcd/0x230 [ 1087.210357][T15628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.210380][T15628] RIP: 0033:0x7f448cf8e969 [ 1087.210398][T15628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1087.210421][T15628] RSP: 002b:00007f448dd78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1087.210443][T15628] RAX: ffffffffffffffda RBX: 00007f448d1b5fa0 RCX: 00007f448cf8e969 [ 1087.210458][T15628] RDX: 0000000000000101 RSI: 0000200000000100 RDI: 0000000000000005 [ 1087.210472][T15628] RBP: 00007f448d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1087.210486][T15628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.210500][T15628] R13: 0000000000000000 R14: 00007f448d1b5fa0 R15: 00007ffce39fa5f8 [ 1087.210527][T15628] [ 1087.210547][T15628] warn_alloc: 1 callbacks suppressed [ 1087.210558][T15628] syz.0.1832: vmalloc error: size 160, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1087.634306][T15638] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1087.653217][T15638] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1087.740561][T15636] lo: left allmulticast mode [ 1087.900426][T15640] FAULT_INJECTION: forcing a failure. [ 1087.900426][T15640] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.983301][T15640] CPU: 1 UID: 0 PID: 15640 Comm: syz.3.1834 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1087.983335][T15640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1087.983349][T15640] Call Trace: [ 1087.983356][T15640] [ 1087.983365][T15640] dump_stack_lvl+0x16c/0x1f0 [ 1087.983401][T15640] should_fail_ex+0x512/0x640 [ 1087.983432][T15640] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1087.983460][T15640] should_failslab+0xc2/0x120 [ 1087.983489][T15640] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1087.983512][T15640] ? __proc_create+0xc3/0x8c0 [ 1087.983536][T15640] ? __proc_create+0x2ce/0x8c0 [ 1087.983564][T15640] __proc_create+0x2ce/0x8c0 [ 1087.983590][T15640] ? __pfx___proc_create+0x10/0x10 [ 1087.983619][T15640] ? _raw_write_unlock+0x28/0x50 [ 1087.983647][T15640] ? proc_register+0x314/0x5f0 [ 1087.983675][T15640] proc_create_reg+0x7d/0x180 [ 1087.983703][T15640] proc_create_seq_private+0x8e/0x1d0 [ 1087.983732][T15640] ? __pfx_proc_create_seq_private+0x10/0x10 [ 1087.983769][T15640] xt_proto_init+0x45b/0xc10 [ 1087.983802][T15640] ? __pfx_xt_proto_init+0x10/0x10 [ 1087.983831][T15640] ? trace_kmalloc+0x2b/0xd0 [ 1087.983860][T15640] ? __kasan_kmalloc+0xaa/0xb0 [ 1087.983896][T15640] ? __pfx_arp_tables_net_init+0x10/0x10 [ 1087.983936][T15640] ops_init+0x1df/0x5f0 [ 1087.983967][T15640] setup_net+0x21e/0x850 [ 1087.983998][T15640] ? __pfx_setup_net+0x10/0x10 [ 1087.984024][T15640] ? lockdep_init_map_type+0x5c/0x280 [ 1087.984057][T15640] ? __pfx_down_read_killable+0x10/0x10 [ 1087.984097][T15640] ? debug_mutex_init+0x37/0x70 [ 1087.984121][T15640] copy_net_ns+0x2a6/0x5f0 [ 1087.984155][T15640] create_new_namespaces+0x3ea/0xad0 [ 1087.984187][T15640] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1087.984216][T15640] ksys_unshare+0x45b/0xa40 [ 1087.984248][T15640] ? __pfx_ksys_unshare+0x10/0x10 [ 1087.984278][T15640] ? xfd_validate_state+0x5d/0x180 [ 1087.984317][T15640] ? rcu_is_watching+0x12/0xc0 [ 1087.984348][T15640] __x64_sys_unshare+0x31/0x40 [ 1087.984379][T15640] do_syscall_64+0xcd/0x230 [ 1087.984414][T15640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.984438][T15640] RIP: 0033:0x7fafdf38e969 [ 1087.984455][T15640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1087.984478][T15640] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1087.984500][T15640] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1087.984515][T15640] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1087.984529][T15640] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1087.984542][T15640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.984556][T15640] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1087.984585][T15640] [ 1088.571521][T15223] Bluetooth: hci4: command 0x0419 tx timeout [ 1090.648441][T15533] Bluetooth: hci4: command 0x0419 tx timeout [ 1090.906831][T15628] ,cpuset=/,mems_allowed=0-1 [ 1090.911516][T15628] CPU: 1 UID: 0 PID: 15628 Comm: syz.0.1832 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1090.911547][T15628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1090.911561][T15628] Call Trace: [ 1090.911569][T15628] [ 1090.911578][T15628] dump_stack_lvl+0x16c/0x1f0 [ 1090.911615][T15628] warn_alloc+0x248/0x3a0 [ 1090.911727][T15628] ? __pfx_warn_alloc+0x10/0x10 [ 1090.911757][T15628] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 1090.911788][T15628] ? __kasan_kmalloc+0x8a/0xb0 [ 1090.911813][T15628] ? __get_vm_area_node+0x1e5/0x300 [ 1090.911857][T15628] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1090.911897][T15628] ? find_held_lock+0x2b/0x80 [ 1090.911921][T15628] ? rcu_read_unlock+0x17/0x60 [ 1090.911958][T15628] ? bpf_check+0x1e4/0xb460 [ 1090.911989][T15628] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1090.912031][T15628] ? rcu_is_watching+0x12/0xc0 [ 1090.912065][T15628] ? trace_kmalloc+0x2b/0xd0 [ 1090.912095][T15628] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 1090.912126][T15628] ? rcu_is_watching+0x12/0xc0 [ 1090.912146][T15628] ? ktime_get+0x200/0x310 [ 1090.912171][T15628] ? bpf_check+0x1e4/0xb460 [ 1090.912195][T15628] vzalloc_noprof+0x6b/0x90 [ 1090.912233][T15628] ? bpf_check+0x1e4/0xb460 [ 1090.912255][T15628] bpf_check+0x1e4/0xb460 [ 1090.912298][T15628] ? __mutex_trylock_common+0xe9/0x250 [ 1090.912336][T15628] ? __mutex_trylock_common+0xe9/0x250 [ 1090.912377][T15628] ? __lock_acquire+0x5ca/0x1ba0 [ 1090.912408][T15628] ? __pfx_bpf_check+0x10/0x10 [ 1090.912432][T15628] ? pcpu_alloc_noprof+0x949/0x1470 [ 1090.912470][T15628] ? __lock_acquire+0xaa4/0x1ba0 [ 1090.912515][T15628] ? find_held_lock+0x2b/0x80 [ 1090.912540][T15628] ? rcu_is_watching+0x12/0xc0 [ 1090.912561][T15628] ? ktime_get_with_offset+0x26e/0x3b0 [ 1090.912590][T15628] ? __asan_memset+0x23/0x50 [ 1090.912628][T15628] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 1090.912673][T15628] bpf_prog_load+0xe41/0x2490 [ 1090.912713][T15628] ? __pfx_bpf_prog_load+0x10/0x10 [ 1090.912745][T15628] ? __pfx___futex_wait+0x10/0x10 [ 1090.912799][T15628] ? bpf_lsm_bpf+0x9/0x10 [ 1090.912825][T15628] __sys_bpf+0x433c/0x4d80 [ 1090.912863][T15628] ? __pfx___sys_bpf+0x10/0x10 [ 1090.912898][T15628] ? ksys_write+0x190/0x240 [ 1090.912926][T15628] ? do_futex+0x122/0x350 [ 1090.912951][T15628] ? __pfx_do_futex+0x10/0x10 [ 1090.912989][T15628] ? xfd_validate_state+0x5d/0x180 [ 1090.913031][T15628] ? rcu_is_watching+0x12/0xc0 [ 1090.913057][T15628] __x64_sys_bpf+0x78/0xc0 [ 1090.913092][T15628] ? lockdep_hardirqs_on+0x7c/0x110 [ 1090.913124][T15628] do_syscall_64+0xcd/0x230 [ 1090.913161][T15628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1090.913186][T15628] RIP: 0033:0x7f448cf8e969 [ 1090.913206][T15628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1090.913230][T15628] RSP: 002b:00007f448dd78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1090.913252][T15628] RAX: ffffffffffffffda RBX: 00007f448d1b5fa0 RCX: 00007f448cf8e969 [ 1090.913268][T15628] RDX: 0000000000000101 RSI: 0000200000000100 RDI: 0000000000000005 [ 1090.913283][T15628] RBP: 00007f448d010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1090.913297][T15628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1090.913311][T15628] R13: 0000000000000000 R14: 00007f448d1b5fa0 R15: 00007ffce39fa5f8 [ 1090.913340][T15628] [ 1090.913348][T15628] Mem-Info: [ 1091.997793][T15628] active_anon:16928 inactive_anon:22152 isolated_anon:0 [ 1091.997793][T15628] active_file:21355 inactive_file:36554 isolated_file:0 [ 1091.997793][T15628] unevictable:768 dirty:737 writeback:0 [ 1091.997793][T15628] slab_reclaimable:11840 slab_unreclaimable:118104 [ 1091.997793][T15628] mapped:34821 shmem:20359 pagetables:1000 [ 1091.997793][T15628] sec_pagetables:0 bounce:0 [ 1091.997793][T15628] kernel_misc_reclaimable:0 [ 1091.997793][T15628] free:1266624 free_pcp:149 free_cma:0 [ 1092.237206][T15628] Node 0 active_anon:67712kB inactive_anon:82248kB active_file:85416kB inactive_file:146148kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126180kB dirty:2944kB writeback:0kB shmem:75112kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11568kB pagetables:3740kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1092.529270][T15628] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1092.829562][T15628] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1093.091957][T15628] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1093.144237][T15628] Node 0 DMA32 free:1155600kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:71448kB inactive_anon:63972kB active_file:83960kB inactive_file:145796kB unevictable:1536kB writepending:3168kB present:3129332kB managed:2544168kB mlocked:0kB bounce:0kB free_pcp:5432kB local_pcp:5432kB free_cma:0kB [ 1093.477877][T15628] lowmem_reserve[]: 0 0 1 1 1 [ 1093.521291][T15628] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:4kB active_file:1460kB inactive_file:348kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 1093.548948][ C1] vkms_vblank_simulate: vblank timer overrun [ 1093.806386][T15628] lowmem_reserve[]: 0 0 0 0 0 [ 1093.841230][T15628] Node 1 Normal free:3911052kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1093.870019][ C1] vkms_vblank_simulate: vblank timer overrun [ 1094.166993][T15628] lowmem_reserve[]: 0 0 0 0 0 [ 1094.167044][T15628] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1094.167186][T15628] Node 0 DMA32: 364*4kB (UME) 589*8kB (UME) 414*16kB (UME) 950*32kB (UME) 558*64kB (ME) 314*128kB (ME) 113*256kB (ME) 38*512kB (UME) 13*1024kB (UM) 0*2048kB 243*4096kB (M) = 1176120kB [ 1094.167392][T15628] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 1094.167528][T15628] Node 1 Normal: 195*4kB (UME) 68*8kB (UME) 42*16kB (UME) 178*32kB (UME) 92*64kB (UME) 27*128kB (UME) 15*256kB (UM) 8*512kB (UME) 5*1024kB (UM) 3*2048kB (UME) 946*4096kB (M) = 3911052kB [ 1094.167735][T15628] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1094.167754][T15628] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1094.167774][T15628] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1094.167793][T15628] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1094.167812][T15628] 68446 total pagecache pages [ 1094.167821][T15628] 685 pages in swap cache [ 1094.167830][T15628] Free swap = 122268kB [ 1094.167839][T15628] Total swap = 124996kB [ 1094.167848][T15628] 2097051 pages RAM [ 1094.167856][T15628] 0 pages HighMem/MovableOnly [ 1094.167864][T15628] 428903 pages reserved [ 1094.167872][T15628] 0 pages cma reserved [ 1097.564571][T15533] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 1097.682575][ T30] audit: type=1800 audit(6041527344.085:12): pid=15767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1859" name="dbroot" dev="configfs" ino=241033 res=0 errno=0 [ 1102.741035][T15789] usb usb38: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1102.785929][T15789] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 1103.482369][T15796] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1866'. [ 1103.534692][T15796] : renamed from bond_slave_1 (while UP) [ 1103.647165][T15808] lo: entered allmulticast mode [ 1103.726927][T15811] lo: left allmulticast mode [ 1106.299581][T15849] lo: entered allmulticast mode [ 1106.396621][T15852] lo: left allmulticast mode [ 1106.446809][T15847] FAULT_INJECTION: forcing a failure. [ 1106.446809][T15847] name failslab, interval 1, probability 0, space 0, times 0 [ 1106.497360][T15852] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1106.503833][T15852] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1106.547917][T15847] CPU: 1 UID: 0 PID: 15847 Comm: syz.4.1879 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1106.547950][T15847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1106.547963][T15847] Call Trace: [ 1106.547970][T15847] [ 1106.547978][T15847] dump_stack_lvl+0x16c/0x1f0 [ 1106.548012][T15847] should_fail_ex+0x512/0x640 [ 1106.548044][T15847] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1106.548084][T15847] should_failslab+0xc2/0x120 [ 1106.548111][T15847] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1106.548146][T15847] ? lockdep_init_map_type+0x5c/0x280 [ 1106.548176][T15847] ? snd_seq_oss_timer_new+0x43/0x230 [ 1106.548212][T15847] snd_seq_oss_timer_new+0x43/0x230 [ 1106.548243][T15847] snd_seq_oss_open+0x5ce/0xa20 [ 1106.548278][T15847] odev_open+0x6f/0x90 [ 1106.548307][T15847] ? __pfx_odev_open+0x10/0x10 [ 1106.548334][T15847] soundcore_open+0x409/0x580 [ 1106.548362][T15847] ? __pfx_soundcore_open+0x10/0x10 [ 1106.548388][T15847] chrdev_open+0x231/0x6a0 [ 1106.548411][T15847] ? __pfx_apparmor_file_open+0x10/0x10 [ 1106.548439][T15847] ? __pfx_chrdev_open+0x10/0x10 [ 1106.548464][T15847] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1106.548502][T15847] do_dentry_open+0x741/0x1c10 [ 1106.548524][T15847] ? __pfx_chrdev_open+0x10/0x10 [ 1106.548553][T15847] vfs_open+0x82/0x3f0 [ 1106.548584][T15847] path_openat+0x1e5e/0x2d40 [ 1106.548614][T15847] ? __pfx_path_openat+0x10/0x10 [ 1106.548641][T15847] do_filp_open+0x20b/0x470 [ 1106.548662][T15847] ? __pfx_do_filp_open+0x10/0x10 [ 1106.548702][T15847] ? alloc_fd+0x471/0x7d0 [ 1106.548742][T15847] do_sys_openat2+0x11b/0x1d0 [ 1106.548771][T15847] ? __pfx_do_sys_openat2+0x10/0x10 [ 1106.548801][T15847] ? __pfx___might_resched+0x10/0x10 [ 1106.548832][T15847] __x64_sys_openat+0x174/0x210 [ 1106.548862][T15847] ? __pfx___x64_sys_openat+0x10/0x10 [ 1106.548893][T15847] ? rcu_is_watching+0x12/0xc0 [ 1106.548921][T15847] do_syscall_64+0xcd/0x230 [ 1106.548953][T15847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.548976][T15847] RIP: 0033:0x7f86b4b8e969 [ 1106.548993][T15847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1106.549015][T15847] RSP: 002b:00007f86b5948038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1106.549035][T15847] RAX: ffffffffffffffda RBX: 00007f86b4db5fa0 RCX: 00007f86b4b8e969 [ 1106.549049][T15847] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1106.549063][T15847] RBP: 00007f86b4c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1106.549076][T15847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1106.549088][T15847] R13: 0000000000000000 R14: 00007f86b4db5fa0 R15: 00007ffe2beb2528 [ 1106.549115][T15847] [ 1106.549123][T15847] ALSA: seq_oss: can't alloc timer [ 1110.323915][T15928] lo: entered allmulticast mode [ 1110.458162][T15928] lo: left allmulticast mode [ 1110.553527][T15933] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1110.553619][T15933] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1111.587095][T15937] FAULT_INJECTION: forcing a failure. [ 1111.587095][T15937] name failslab, interval 1, probability 0, space 0, times 0 [ 1111.688288][T15937] CPU: 1 UID: 0 PID: 15937 Comm: syz.3.1896 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1111.688323][T15937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1111.688337][T15937] Call Trace: [ 1111.688344][T15937] [ 1111.688353][T15937] dump_stack_lvl+0x16c/0x1f0 [ 1111.688390][T15937] should_fail_ex+0x512/0x640 [ 1111.688423][T15937] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1111.688476][T15937] should_failslab+0xc2/0x120 [ 1111.688504][T15937] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1111.688541][T15937] ? snd_seq_port_connect+0x61/0x550 [ 1111.688573][T15937] snd_seq_port_connect+0x61/0x550 [ 1111.688600][T15937] ? _raw_read_unlock+0x28/0x50 [ 1111.688626][T15937] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1111.688661][T15937] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1111.688695][T15937] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1111.688737][T15937] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1111.688769][T15937] snd_seq_oss_midi_open+0x442/0x660 [ 1111.688807][T15937] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1111.688880][T15937] ? lockdep_hardirqs_on+0x7c/0x110 [ 1111.688911][T15937] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1111.688946][T15937] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1111.688990][T15937] snd_seq_oss_open+0x893/0xa20 [ 1111.689028][T15937] odev_open+0x6f/0x90 [ 1111.689054][T15937] ? __pfx_odev_open+0x10/0x10 [ 1111.689082][T15937] soundcore_open+0x409/0x580 [ 1111.689112][T15937] ? __pfx_soundcore_open+0x10/0x10 [ 1111.689139][T15937] chrdev_open+0x231/0x6a0 [ 1111.689163][T15937] ? __pfx_apparmor_file_open+0x10/0x10 [ 1111.689193][T15937] ? __pfx_chrdev_open+0x10/0x10 [ 1111.689220][T15937] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1111.689262][T15937] do_dentry_open+0x741/0x1c10 [ 1111.689285][T15937] ? __pfx_chrdev_open+0x10/0x10 [ 1111.689315][T15937] vfs_open+0x82/0x3f0 [ 1111.689348][T15937] path_openat+0x1e5e/0x2d40 [ 1111.689381][T15937] ? __pfx_path_openat+0x10/0x10 [ 1111.689411][T15937] do_filp_open+0x20b/0x470 [ 1111.689433][T15937] ? __pfx_do_filp_open+0x10/0x10 [ 1111.689476][T15937] ? alloc_fd+0x471/0x7d0 [ 1111.689520][T15937] do_sys_openat2+0x11b/0x1d0 [ 1111.689550][T15937] ? __pfx_do_sys_openat2+0x10/0x10 [ 1111.689583][T15937] ? __pfx___might_resched+0x10/0x10 [ 1111.689616][T15937] __x64_sys_openat+0x174/0x210 [ 1111.689648][T15937] ? __pfx___x64_sys_openat+0x10/0x10 [ 1111.689682][T15937] ? rcu_is_watching+0x12/0xc0 [ 1111.689711][T15937] do_syscall_64+0xcd/0x230 [ 1111.689746][T15937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.689769][T15937] RIP: 0033:0x7fafdf38e969 [ 1111.689788][T15937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1111.689811][T15937] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1111.689832][T15937] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1111.689852][T15937] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1111.689867][T15937] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1111.689881][T15937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1111.689894][T15937] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1111.689923][T15937] [ 1112.014533][ C1] vkms_vblank_simulate: vblank timer overrun [ 1112.026888][T15954] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1897'. [ 1112.036092][T15954] : renamed from bond_slave_1 (while UP) [ 1112.416013][T15533] Bluetooth: hci3: unexpected subevent 0x01 length: 5 < 18 [ 1114.053389][T15973] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1115.180851][T15999] binder: 15998:15999 ioctl c00c6211 0 returned -14 [ 1115.737833][T16010] lo: entered allmulticast mode [ 1115.886797][T16014] lo: left allmulticast mode [ 1115.970828][T16014] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1115.977359][T16014] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1116.552102][T16026] lo: entered allmulticast mode [ 1116.667343][T16030] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1921'. [ 1116.682801][T16031] lo: left allmulticast mode [ 1116.755541][T16030] : renamed from bond_slave_1 (while UP) [ 1116.771038][T16031] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1116.777515][T16031] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1116.800924][T16034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1923'. [ 1116.865140][T16034] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1116.889433][T16034] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1116.925591][T16034] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1116.944821][T16034] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1117.168236][ T30] audit: type=1107 audit(6041527363.575:13): pid=16033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1118.057431][T16053] FAULT_INJECTION: forcing a failure. [ 1118.057431][T16053] name failslab, interval 1, probability 0, space 0, times 0 [ 1118.057482][T16053] CPU: 1 UID: 0 PID: 16053 Comm: syz.4.1928 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1118.057512][T16053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1118.057525][T16053] Call Trace: [ 1118.057532][T16053] [ 1118.057540][T16053] dump_stack_lvl+0x16c/0x1f0 [ 1118.057576][T16053] should_fail_ex+0x512/0x640 [ 1118.057609][T16053] ? __kmalloc_noprof+0xbf/0x510 [ 1118.057636][T16053] ? snd_seq_oss_readq_new+0x96/0x2c0 [ 1118.057658][T16053] should_failslab+0xc2/0x120 [ 1118.057687][T16053] __kmalloc_noprof+0xd2/0x510 [ 1118.057718][T16053] snd_seq_oss_readq_new+0x96/0x2c0 [ 1118.057743][T16053] snd_seq_oss_open+0x54b/0xa20 [ 1118.057780][T16053] odev_open+0x6f/0x90 [ 1118.057806][T16053] ? __pfx_odev_open+0x10/0x10 [ 1118.057834][T16053] soundcore_open+0x409/0x580 [ 1118.057864][T16053] ? __pfx_soundcore_open+0x10/0x10 [ 1118.057891][T16053] chrdev_open+0x231/0x6a0 [ 1118.057914][T16053] ? __pfx_apparmor_file_open+0x10/0x10 [ 1118.057945][T16053] ? __pfx_chrdev_open+0x10/0x10 [ 1118.057971][T16053] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1118.058011][T16053] do_dentry_open+0x741/0x1c10 [ 1118.058035][T16053] ? __pfx_chrdev_open+0x10/0x10 [ 1118.058065][T16053] vfs_open+0x82/0x3f0 [ 1118.058098][T16053] path_openat+0x1e5e/0x2d40 [ 1118.058134][T16053] ? __pfx_path_openat+0x10/0x10 [ 1118.058163][T16053] do_filp_open+0x20b/0x470 [ 1118.058185][T16053] ? __pfx_do_filp_open+0x10/0x10 [ 1118.058228][T16053] ? alloc_fd+0x471/0x7d0 [ 1118.058271][T16053] do_sys_openat2+0x11b/0x1d0 [ 1118.058302][T16053] ? __pfx_do_sys_openat2+0x10/0x10 [ 1118.058340][T16053] ? __pfx___might_resched+0x10/0x10 [ 1118.058374][T16053] __x64_sys_openat+0x174/0x210 [ 1118.058406][T16053] ? __pfx___x64_sys_openat+0x10/0x10 [ 1118.058439][T16053] ? rcu_is_watching+0x12/0xc0 [ 1118.058469][T16053] do_syscall_64+0xcd/0x230 [ 1118.058503][T16053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.058527][T16053] RIP: 0033:0x7f86b4b8e969 [ 1118.058545][T16053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1118.058568][T16053] RSP: 002b:00007f86b5948038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1118.058589][T16053] RAX: ffffffffffffffda RBX: 00007f86b4db5fa0 RCX: 00007f86b4b8e969 [ 1118.058604][T16053] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1118.058618][T16053] RBP: 00007f86b4c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1118.058632][T16053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1118.058646][T16053] R13: 0000000000000000 R14: 00007f86b4db5fa0 R15: 00007ffe2beb2528 [ 1118.058675][T16053] [ 1119.678047][T16076] lo: entered allmulticast mode [ 1119.718859][T16078] lo: entered allmulticast mode [ 1119.811958][T16079] lo: left allmulticast mode [ 1119.880053][T16079] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1119.886668][T16079] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1119.942476][T16080] lo: left allmulticast mode [ 1120.991204][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1120.997647][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.408744][T16102] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[16102] [ 1121.837034][T16123] lo: entered allmulticast mode [ 1121.936871][T16126] lo: left allmulticast mode [ 1122.048604][T16126] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1122.055026][T16126] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1122.375025][T16137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1956'. [ 1122.594393][ T30] audit: type=1107 audit(4294967297.110:14): pid=16136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1122.793591][T15223] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 1122.793623][T15223] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 1122.814132][T15223] Bluetooth: hci3: Dropping invalid advertising data [ 1122.821788][T15223] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 1122.821818][T15223] Bluetooth: hci3: Dropping invalid advertising data [ 1122.837233][T15223] Bluetooth: hci3: Malformed LE Event: 0x02 [ 1123.438402][T16170] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1966'. [ 1123.740672][ T30] audit: type=1107 audit(4294967298.250:15): pid=16168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1124.877059][T16212] ======================================================= [ 1124.877059][T16212] WARNING: The mand mount option has been deprecated and [ 1124.877059][T16212] and is ignored by this kernel. Remove the mand [ 1124.877059][T16212] option from the mount to silence this warning. [ 1124.877059][T16212] ======================================================= [ 1125.204872][T16221] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1987'. [ 1125.274933][T16224] netlink: 'syz.1.1988': attribute type 1 has an invalid length. [ 1125.701025][T16231] FAULT_INJECTION: forcing a failure. [ 1125.701025][T16231] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1125.743257][T16231] CPU: 1 UID: 0 PID: 16231 Comm: syz.0.1990 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1125.743289][T16231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1125.743301][T16231] Call Trace: [ 1125.743307][T16231] [ 1125.743315][T16231] dump_stack_lvl+0x16c/0x1f0 [ 1125.743348][T16231] should_fail_ex+0x512/0x640 [ 1125.743382][T16231] get_futex_key+0x49e/0x1000 [ 1125.743410][T16231] ? __pfx_get_futex_key+0x10/0x10 [ 1125.743441][T16231] futex_wake+0xe7/0x4e0 [ 1125.743465][T16231] ? rcu_is_watching+0x12/0xc0 [ 1125.743487][T16231] ? __pfx_futex_wake+0x10/0x10 [ 1125.743525][T16231] do_futex+0x1e3/0x350 [ 1125.743547][T16231] ? __pfx_do_futex+0x10/0x10 [ 1125.743567][T16231] ? __might_fault+0xe3/0x190 [ 1125.743599][T16231] mm_release+0x24e/0x300 [ 1125.743629][T16231] do_exit+0x898/0x2c30 [ 1125.743656][T16231] ? __pfx_futex_wake_mark+0x10/0x10 [ 1125.743688][T16231] ? __pfx_do_exit+0x10/0x10 [ 1125.743717][T16231] ? do_raw_spin_lock+0x12c/0x2b0 [ 1125.743748][T16231] ? find_held_lock+0x2b/0x80 [ 1125.743772][T16231] do_group_exit+0xd3/0x2a0 [ 1125.743822][T16231] get_signal+0x2673/0x26d0 [ 1125.743859][T16231] ? __pfx_get_signal+0x10/0x10 [ 1125.743884][T16231] ? do_futex+0x122/0x350 [ 1125.743908][T16231] ? __pfx_do_futex+0x10/0x10 [ 1125.743934][T16231] arch_do_signal_or_restart+0x8f/0x7a0 [ 1125.743968][T16231] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1125.744009][T16231] ? rcu_is_watching+0x12/0xc0 [ 1125.744034][T16231] syscall_exit_to_user_mode+0x150/0x2a0 [ 1125.744067][T16231] do_syscall_64+0xda/0x230 [ 1125.744101][T16231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1125.744124][T16231] RIP: 0033:0x7f448cf8e969 [ 1125.744142][T16231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1125.744164][T16231] RSP: 002b:00007f448dd780e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1125.744185][T16231] RAX: fffffffffffffe00 RBX: 00007f448d1b5fa8 RCX: 00007f448cf8e969 [ 1125.744201][T16231] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f448d1b5fa8 [ 1125.744214][T16231] RBP: 00007f448d1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1125.744228][T16231] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f448d1b5fac [ 1125.744241][T16231] R13: 0000000000000000 R14: 00007ffce39fa510 R15: 00007ffce39fa5f8 [ 1125.744269][T16231] [ 1126.533095][T16253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1999'. [ 1126.607508][T15223] Bluetooth: hci4: unexpected subevent 0x01 length: 5 < 18 [ 1128.586028][T16293] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2011'. [ 1130.090877][T16322] netlink: set zone limit has 8 unknown bytes [ 1130.773535][T16348] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2028'. [ 1132.578525][T16397] sg_write: data in/out 585827/71 bytes for SCSI command 0xed-- guessing data in; [ 1132.578525][T16397] program syz.4.2044 not setting count and/or reply_len properly [ 1132.614738][T16396] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2045'. [ 1132.872326][ T30] audit: type=1107 audit(4294967307.390:16): pid=16395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1132.887069][ T30] audit: type=1107 audit(4294967307.410:17): pid=16395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1133.963105][T16427] lo: entered allmulticast mode [ 1134.054934][T16430] lo: left allmulticast mode [ 1134.104129][T16430] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1134.110635][T16430] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1134.394719][T16433] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2057'. [ 1134.654391][T16443] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2060'. [ 1134.789850][T16450] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2063'. [ 1134.843414][ T30] audit: type=1107 audit(4294967309.360:18): pid=16442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1134.860727][ T30] audit: type=1107 audit(4294967309.380:19): pid=16442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1134.973320][ T30] audit: type=1107 audit(4294967309.490:20): pid=16449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1134.986912][ T30] audit: type=1107 audit(4294967309.510:21): pid=16449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1135.560726][T15223] Bluetooth: hci1: unexpected subevent 0x01 length: 5 < 18 [ 1136.184775][T16474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2070'. [ 1136.409639][T16478] netlink: 'syz.4.2072': attribute type 2 has an invalid length. [ 1136.443095][T16478] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2072'. [ 1137.857083][T16498] FAULT_INJECTION: forcing a failure. [ 1137.857083][T16498] name failslab, interval 1, probability 0, space 0, times 0 [ 1137.903467][T16498] CPU: 1 UID: 0 PID: 16498 Comm: syz.3.2080 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1137.903500][T16498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1137.903514][T16498] Call Trace: [ 1137.903521][T16498] [ 1137.903528][T16498] dump_stack_lvl+0x16c/0x1f0 [ 1137.903563][T16498] should_fail_ex+0x512/0x640 [ 1137.903601][T16498] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1137.903641][T16498] should_failslab+0xc2/0x120 [ 1137.903668][T16498] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1137.903705][T16498] ? snd_seq_port_connect+0x61/0x550 [ 1137.903738][T16498] snd_seq_port_connect+0x61/0x550 [ 1137.903765][T16498] ? _raw_read_unlock+0x28/0x50 [ 1137.903792][T16498] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1137.903825][T16498] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1137.903859][T16498] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1137.903901][T16498] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1137.903934][T16498] snd_seq_oss_midi_open+0x442/0x660 [ 1137.903971][T16498] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1137.904015][T16498] ? lockdep_hardirqs_on+0x7c/0x110 [ 1137.904044][T16498] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1137.904076][T16498] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1137.904131][T16498] snd_seq_oss_open+0x893/0xa20 [ 1137.904165][T16498] odev_open+0x6f/0x90 [ 1137.904190][T16498] ? __pfx_odev_open+0x10/0x10 [ 1137.904216][T16498] soundcore_open+0x409/0x580 [ 1137.904263][T16498] ? __pfx_soundcore_open+0x10/0x10 [ 1137.904290][T16498] chrdev_open+0x231/0x6a0 [ 1137.904314][T16498] ? __pfx_apparmor_file_open+0x10/0x10 [ 1137.904345][T16498] ? __pfx_chrdev_open+0x10/0x10 [ 1137.904371][T16498] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1137.904412][T16498] do_dentry_open+0x741/0x1c10 [ 1137.904436][T16498] ? __pfx_chrdev_open+0x10/0x10 [ 1137.904466][T16498] vfs_open+0x82/0x3f0 [ 1137.904499][T16498] path_openat+0x1e5e/0x2d40 [ 1137.904533][T16498] ? __pfx_path_openat+0x10/0x10 [ 1137.904562][T16498] do_filp_open+0x20b/0x470 [ 1137.904592][T16498] ? __pfx_do_filp_open+0x10/0x10 [ 1137.904635][T16498] ? alloc_fd+0x471/0x7d0 [ 1137.904679][T16498] do_sys_openat2+0x11b/0x1d0 [ 1137.904710][T16498] ? __pfx_do_sys_openat2+0x10/0x10 [ 1137.904743][T16498] ? __pfx___might_resched+0x10/0x10 [ 1137.904776][T16498] __x64_sys_openat+0x174/0x210 [ 1137.904808][T16498] ? __pfx___x64_sys_openat+0x10/0x10 [ 1137.904842][T16498] ? rcu_is_watching+0x12/0xc0 [ 1137.904872][T16498] do_syscall_64+0xcd/0x230 [ 1137.904907][T16498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.904931][T16498] RIP: 0033:0x7fafdf38e969 [ 1137.904949][T16498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1137.904972][T16498] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1137.904993][T16498] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1137.905009][T16498] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1137.905023][T16498] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1137.905037][T16498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1137.905051][T16498] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1137.905080][T16498] [ 1140.163092][T16543] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2096'. [ 1140.185470][T16543] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2096'. [ 1140.206019][T16543] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2096'. [ 1140.227324][T16543] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2096'. [ 1140.266159][T16543] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2096'. [ 1141.357398][T16573] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2107'. [ 1141.779206][T16585] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2112'. [ 1141.982341][ T30] audit: type=1107 audit(4294967316.500:22): pid=16584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1142.010946][ T30] audit: type=1107 audit(4294967316.520:23): pid=16584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1142.975564][T16616] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2124'. [ 1143.188735][ T30] audit: type=1107 audit(4294967317.710:24): pid=16615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1143.213477][ T30] audit: type=1107 audit(4294967317.710:25): pid=16615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1144.458092][T16641] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1145.740111][T16664] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2137'. [ 1145.944887][ T30] audit: type=1107 audit(4294967320.460:26): pid=16663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1145.960167][ T30] audit: type=1107 audit(4294967320.480:27): pid=16663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1146.179359][T16675] lo: entered allmulticast mode [ 1146.247350][T16676] lo: left allmulticast mode [ 1147.012123][T15533] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1147.020947][T15533] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1147.029618][T15533] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1147.039023][T15533] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1147.053396][T15533] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1147.572792][T16693] chnl_net:caif_netlink_parms(): no params data found [ 1147.838261][T16693] bridge0: port 1(bridge_slave_0) entered blocking state [ 1147.845489][T16693] bridge0: port 1(bridge_slave_0) entered disabled state [ 1147.866529][T16693] bridge_slave_0: entered allmulticast mode [ 1147.892986][T16693] bridge_slave_0: entered promiscuous mode [ 1147.922792][T16693] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.951358][T16693] bridge0: port 2(bridge_slave_1) entered disabled state [ 1147.978229][T16693] bridge_slave_1: entered allmulticast mode [ 1148.007526][T16693] bridge_slave_1: entered promiscuous mode [ 1148.208702][T16693] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1148.258595][T16693] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1148.425198][T16693] team0: Port device team_slave_0 added [ 1148.480089][T16693] team0: Port device team_slave_1 added [ 1148.576140][T16693] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1148.583122][T16693] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1148.660234][T16693] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1148.700389][T16693] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1148.732338][T16693] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1148.827168][T16693] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1149.072584][T16693] hsr_slave_0: entered promiscuous mode [ 1149.114591][T16693] hsr_slave_1: entered promiscuous mode [ 1149.131776][T15223] Bluetooth: hci5: command tx timeout [ 1149.164261][T16693] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1149.200701][T16693] Cannot create hsr debugfs directory [ 1149.811894][T16693] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1149.845413][T16693] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1149.886813][T16693] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1149.931471][T16693] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1150.252348][T16693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1150.308825][T16693] 8021q: adding VLAN 0 to HW filter on device team0 [ 1150.338793][T15247] bridge0: port 1(bridge_slave_0) entered blocking state [ 1150.345995][T15247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1150.391834][T15247] bridge0: port 2(bridge_slave_1) entered blocking state [ 1150.399012][T15247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1150.934936][T16693] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1151.210347][T15223] Bluetooth: hci5: command tx timeout [ 1151.375077][T16778] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2168'. [ 1151.613185][ T30] audit: type=1107 audit(4294967326.130:28): pid=16777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1151.642480][T16693] veth0_vlan: entered promiscuous mode [ 1151.651860][ T30] audit: type=1107 audit(4294967326.130:29): pid=16777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1151.723756][T16693] veth1_vlan: entered promiscuous mode [ 1151.804445][T16693] veth0_macvtap: entered promiscuous mode [ 1151.831313][T16693] veth1_macvtap: entered promiscuous mode [ 1151.883655][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1151.912640][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1151.938924][T16693] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1151.979674][T16693] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1152.009458][T16693] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1152.033892][T16693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1152.064471][T16693] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.090398][T16693] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.112606][T16693] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.134213][T16693] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1152.388465][T15464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1152.432285][T15464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1152.563775][T15220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1152.588044][T15220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1153.085210][T16784] kexec: Could not allocate control_code_buffer [ 1153.291532][T15223] Bluetooth: hci5: command tx timeout [ 1153.490020][T16811] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2177'. [ 1153.711897][ T30] audit: type=1107 audit(4294967328.220:30): pid=16810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1153.754650][ T30] audit: type=1107 audit(4294967328.220:31): pid=16810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1155.157473][T16847] FAULT_INJECTION: forcing a failure. [ 1155.157473][T16847] name failslab, interval 1, probability 0, space 0, times 0 [ 1155.196524][T16829] kexec: Could not allocate control_code_buffer [ 1155.215732][T16847] CPU: 1 UID: 0 PID: 16847 Comm: syz.5.2189 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1155.215767][T16847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1155.215781][T16847] Call Trace: [ 1155.215789][T16847] [ 1155.215798][T16847] dump_stack_lvl+0x16c/0x1f0 [ 1155.215835][T16847] should_fail_ex+0x512/0x640 [ 1155.215870][T16847] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1155.215913][T16847] should_failslab+0xc2/0x120 [ 1155.215943][T16847] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1155.215985][T16847] ? snd_seq_port_connect+0x61/0x550 [ 1155.216020][T16847] snd_seq_port_connect+0x61/0x550 [ 1155.216050][T16847] ? _raw_read_unlock+0x28/0x50 [ 1155.216086][T16847] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1155.216125][T16847] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1155.216163][T16847] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1155.216210][T16847] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1155.216247][T16847] snd_seq_oss_midi_open+0x442/0x660 [ 1155.216289][T16847] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1155.216338][T16847] ? lockdep_hardirqs_on+0x7c/0x110 [ 1155.216370][T16847] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1155.216405][T16847] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1155.216451][T16847] snd_seq_oss_open+0x893/0xa20 [ 1155.216490][T16847] odev_open+0x6f/0x90 [ 1155.216517][T16847] ? __pfx_odev_open+0x10/0x10 [ 1155.216546][T16847] soundcore_open+0x409/0x580 [ 1155.216577][T16847] ? __pfx_soundcore_open+0x10/0x10 [ 1155.216605][T16847] chrdev_open+0x231/0x6a0 [ 1155.216630][T16847] ? __pfx_apparmor_file_open+0x10/0x10 [ 1155.216661][T16847] ? __pfx_chrdev_open+0x10/0x10 [ 1155.216689][T16847] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1155.216731][T16847] do_dentry_open+0x741/0x1c10 [ 1155.216756][T16847] ? __pfx_chrdev_open+0x10/0x10 [ 1155.216794][T16847] vfs_open+0x82/0x3f0 [ 1155.216829][T16847] path_openat+0x1e5e/0x2d40 [ 1155.216863][T16847] ? __pfx_path_openat+0x10/0x10 [ 1155.216894][T16847] do_filp_open+0x20b/0x470 [ 1155.216918][T16847] ? __pfx_do_filp_open+0x10/0x10 [ 1155.216963][T16847] ? alloc_fd+0x471/0x7d0 [ 1155.217009][T16847] do_sys_openat2+0x11b/0x1d0 [ 1155.217057][T16847] ? __pfx_do_sys_openat2+0x10/0x10 [ 1155.217100][T16847] ? __pfx___might_resched+0x10/0x10 [ 1155.217135][T16847] __x64_sys_openat+0x174/0x210 [ 1155.217168][T16847] ? __pfx___x64_sys_openat+0x10/0x10 [ 1155.217204][T16847] ? rcu_is_watching+0x12/0xc0 [ 1155.217235][T16847] do_syscall_64+0xcd/0x230 [ 1155.217271][T16847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1155.217296][T16847] RIP: 0033:0x7f34f538e969 [ 1155.217315][T16847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1155.217339][T16847] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1155.217361][T16847] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1155.217377][T16847] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1155.217392][T16847] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1155.217407][T16847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1155.217420][T16847] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1155.217451][T16847] [ 1155.544056][ C1] vkms_vblank_simulate: vblank timer overrun [ 1155.936478][T15223] Bluetooth: hci5: command tx timeout [ 1156.257253][T16866] ICMPv6: process `syz.3.2197' is using deprecated sysctl (syscall) net.ipv6.neigh.veth1_macvtap.base_reachable_time - use net.ipv6.neigh.veth1_macvtap.base_reachable_time_ms instead [ 1157.219003][T16872] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[16872] [ 1160.756998][T15223] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1160.771339][T15223] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1160.779786][T15223] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1160.788549][T15223] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1160.799256][T15223] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1161.589725][T16967] lo: entered allmulticast mode [ 1161.643103][T16950] chnl_net:caif_netlink_parms(): no params data found [ 1161.741138][T16968] lo: left allmulticast mode [ 1161.783327][T16968] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1161.789797][T16968] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1162.138676][T16950] bridge0: port 1(bridge_slave_0) entered blocking state [ 1162.157725][T16950] bridge0: port 1(bridge_slave_0) entered disabled state [ 1162.171575][T16950] bridge_slave_0: entered allmulticast mode [ 1162.190187][T16950] bridge_slave_0: entered promiscuous mode [ 1162.244369][T16950] bridge0: port 2(bridge_slave_1) entered blocking state [ 1162.284852][T16950] bridge0: port 2(bridge_slave_1) entered disabled state [ 1162.304660][T16950] bridge_slave_1: entered allmulticast mode [ 1162.343233][T16950] bridge_slave_1: entered promiscuous mode [ 1162.502990][T16950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1162.612538][T16950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1162.716285][T16982] FAULT_INJECTION: forcing a failure. [ 1162.716285][T16982] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.788600][T16982] CPU: 1 UID: 0 PID: 16982 Comm: syz.3.2235 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1162.788631][T16982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1162.788644][T16982] Call Trace: [ 1162.788651][T16982] [ 1162.788659][T16982] dump_stack_lvl+0x16c/0x1f0 [ 1162.788694][T16982] should_fail_ex+0x512/0x640 [ 1162.788725][T16982] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1162.788765][T16982] should_failslab+0xc2/0x120 [ 1162.788792][T16982] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1162.788828][T16982] ? snd_seq_port_connect+0x61/0x550 [ 1162.788861][T16982] snd_seq_port_connect+0x61/0x550 [ 1162.788887][T16982] ? _raw_read_unlock+0x28/0x50 [ 1162.788914][T16982] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1162.788947][T16982] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1162.788981][T16982] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1162.789023][T16982] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1162.789055][T16982] snd_seq_oss_midi_open+0x442/0x660 [ 1162.789093][T16982] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1162.789136][T16982] ? lockdep_hardirqs_on+0x7c/0x110 [ 1162.789165][T16982] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1162.789196][T16982] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1162.789239][T16982] snd_seq_oss_open+0x893/0xa20 [ 1162.789273][T16982] odev_open+0x6f/0x90 [ 1162.789297][T16982] ? __pfx_odev_open+0x10/0x10 [ 1162.789323][T16982] soundcore_open+0x409/0x580 [ 1162.789351][T16982] ? __pfx_soundcore_open+0x10/0x10 [ 1162.789376][T16982] chrdev_open+0x231/0x6a0 [ 1162.789411][T16982] ? __pfx_apparmor_file_open+0x10/0x10 [ 1162.789440][T16982] ? __pfx_chrdev_open+0x10/0x10 [ 1162.789465][T16982] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1162.789504][T16982] do_dentry_open+0x741/0x1c10 [ 1162.789526][T16982] ? __pfx_chrdev_open+0x10/0x10 [ 1162.789554][T16982] vfs_open+0x82/0x3f0 [ 1162.789585][T16982] path_openat+0x1e5e/0x2d40 [ 1162.789616][T16982] ? __pfx_path_openat+0x10/0x10 [ 1162.789643][T16982] do_filp_open+0x20b/0x470 [ 1162.789664][T16982] ? __pfx_do_filp_open+0x10/0x10 [ 1162.789704][T16982] ? alloc_fd+0x471/0x7d0 [ 1162.789745][T16982] do_sys_openat2+0x11b/0x1d0 [ 1162.789792][T16982] ? __pfx_do_sys_openat2+0x10/0x10 [ 1162.789825][T16982] ? __pfx___might_resched+0x10/0x10 [ 1162.789858][T16982] __x64_sys_openat+0x174/0x210 [ 1162.789902][T16982] ? __pfx___x64_sys_openat+0x10/0x10 [ 1162.789933][T16982] ? rcu_is_watching+0x12/0xc0 [ 1162.789961][T16982] do_syscall_64+0xcd/0x230 [ 1162.789993][T16982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1162.790015][T16982] RIP: 0033:0x7fafdf38e969 [ 1162.790032][T16982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1162.790053][T16982] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1162.790073][T16982] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1162.790087][T16982] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1162.790101][T16982] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1162.790114][T16982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1162.790126][T16982] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1162.790154][T16982] [ 1163.528323][T15223] Bluetooth: hci4: command tx timeout [ 1163.596667][T16989] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2237'. [ 1163.698646][T16950] team0: Port device team_slave_0 added [ 1163.787935][T16950] team0: Port device team_slave_1 added [ 1163.898418][ T30] audit: type=1107 audit(4294967338.400:32): pid=16988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1163.928049][ T30] audit: type=1107 audit(4294967338.400:33): pid=16988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1163.947524][T16950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1163.954531][T16950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1164.046286][T16950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1164.080266][T16950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1164.140242][T16950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1164.239754][T16950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1164.457745][T16950] hsr_slave_0: entered promiscuous mode [ 1164.503091][T16950] hsr_slave_1: entered promiscuous mode [ 1164.538335][T16950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1164.574822][T16950] Cannot create hsr debugfs directory [ 1165.349736][T16950] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1165.379915][T16950] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1165.413298][T16950] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1165.454427][T16950] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1165.617028][T15533] Bluetooth: hci4: command tx timeout [ 1165.909745][T16950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1165.929327][T17026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2251'. [ 1166.003647][T16950] 8021q: adding VLAN 0 to HW filter on device team0 [ 1166.052894][T15464] bridge0: port 1(bridge_slave_0) entered blocking state [ 1166.060085][T15464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1166.142377][T15220] bridge0: port 2(bridge_slave_1) entered blocking state [ 1166.149544][T15220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1166.193394][ T30] audit: type=1107 audit(4294967340.710:34): pid=17025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1166.216455][ T30] audit: type=1107 audit(4294967340.730:35): pid=17025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1166.677655][T16950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1166.950832][T17043] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2259'. [ 1166.950901][T17043] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1166.950939][T17043] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1167.001609][T17043] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1167.001645][T17043] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1167.308366][ T30] audit: type=1107 audit(4294967341.820:36): pid=17042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1167.361239][ T30] audit: type=1107 audit(4294967341.820:37): pid=17042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1167.481546][T16950] veth0_vlan: entered promiscuous mode [ 1167.508640][T16950] veth1_vlan: entered promiscuous mode [ 1167.608605][T16950] veth0_macvtap: entered promiscuous mode [ 1167.652735][T16950] veth1_macvtap: entered promiscuous mode [ 1167.690049][T15223] Bluetooth: hci4: command tx timeout [ 1167.732044][T17061] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2257'. [ 1167.774481][T16950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1167.828405][T16950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1167.898361][T16950] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1167.963024][T16950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1168.011742][T17064] FAULT_INJECTION: forcing a failure. [ 1168.011742][T17064] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.025309][T16950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1168.069831][T16950] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1168.087354][T17064] CPU: 1 UID: 0 PID: 17064 Comm: syz.3.2260 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1168.087388][T17064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1168.087402][T17064] Call Trace: [ 1168.087410][T17064] [ 1168.087419][T17064] dump_stack_lvl+0x16c/0x1f0 [ 1168.087456][T17064] should_fail_ex+0x512/0x640 [ 1168.087491][T17064] ? fs_reclaim_acquire+0xae/0x150 [ 1168.087530][T17064] ? security_inode_init_security+0x13f/0x390 [ 1168.087568][T17064] should_failslab+0xc2/0x120 [ 1168.087597][T17064] __kmalloc_noprof+0xd2/0x510 [ 1168.087630][T17064] security_inode_init_security+0x13f/0x390 [ 1168.087669][T17064] ? __pfx_shmem_initxattrs+0x10/0x10 [ 1168.087706][T17064] ? __pfx_security_inode_init_security+0x10/0x10 [ 1168.087755][T17064] shmem_mknod+0x22e/0x450 [ 1168.087797][T17064] vfs_mknod+0x5d7/0x8e0 [ 1168.087837][T17064] do_mknodat+0x30f/0x5d0 [ 1168.087879][T17064] ? __pfx_do_mknodat+0x10/0x10 [ 1168.087916][T17064] ? getname_flags.part.0+0x1c5/0x550 [ 1168.087953][T17064] ? rcu_is_watching+0x12/0xc0 [ 1168.087982][T17064] __x64_sys_mknod+0x87/0xb0 [ 1168.088005][T17064] do_syscall_64+0xcd/0x230 [ 1168.088041][T17064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.088066][T17064] RIP: 0033:0x7fafdf38e969 [ 1168.088084][T17064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.088107][T17064] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1168.088129][T17064] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1168.088145][T17064] RDX: 0000000000000002 RSI: 0000000000001001 RDI: 0000000000000000 [ 1168.088159][T17064] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1168.088173][T17064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1168.088187][T17064] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1168.088217][T17064] [ 1168.532254][T16950] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.556806][T16950] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.590722][T16950] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1168.616567][T16950] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1169.120924][T15213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1169.130144][T15213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1169.298124][T15213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1169.334965][T15213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1169.362959][T17081] lo: entered allmulticast mode [ 1169.485878][T17081] lo: left allmulticast mode [ 1169.770983][T15533] Bluetooth: hci4: command tx timeout [ 1170.047184][T17093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2268'. [ 1170.230654][ T30] audit: type=1107 audit(4294967344.750:38): pid=17092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1170.241046][ T30] audit: type=1107 audit(4294967344.760:39): pid=17092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1170.463348][T17102] FAULT_INJECTION: forcing a failure. [ 1170.463348][T17102] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1170.512451][T17102] CPU: 1 UID: 0 PID: 17102 Comm: syz.5.2271 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1170.512485][T17102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1170.512499][T17102] Call Trace: [ 1170.512506][T17102] [ 1170.512515][T17102] dump_stack_lvl+0x16c/0x1f0 [ 1170.512552][T17102] should_fail_ex+0x512/0x640 [ 1170.512589][T17102] _copy_to_iter+0x2a4/0x15a0 [ 1170.512628][T17102] ? chacha_block_generic+0x189/0x260 [ 1170.512661][T17102] ? __pfx__copy_to_iter+0x10/0x10 [ 1170.512701][T17102] ? __pfx___might_resched+0x10/0x10 [ 1170.512726][T17102] ? crng_make_state+0x48e/0x6d0 [ 1170.512770][T17102] get_random_bytes_user+0x17f/0x3c0 [ 1170.512810][T17102] ? __pfx_get_random_bytes_user+0x10/0x10 [ 1170.512842][T17102] ? do_writev+0x218/0x330 [ 1170.512883][T17102] ? do_futex+0x122/0x350 [ 1170.512915][T17102] ? import_ubuf+0x1b6/0x220 [ 1170.512950][T17102] __x64_sys_getrandom+0x183/0x290 [ 1170.512986][T17102] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 1170.513022][T17102] ? xfd_validate_state+0x5d/0x180 [ 1170.513061][T17102] ? rcu_is_watching+0x12/0xc0 [ 1170.513090][T17102] do_syscall_64+0xcd/0x230 [ 1170.513144][T17102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1170.513168][T17102] RIP: 0033:0x7f34f538e969 [ 1170.513186][T17102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1170.513210][T17102] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 1170.513231][T17102] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1170.513247][T17102] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 1170.513262][T17102] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1170.513276][T17102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1170.513290][T17102] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1170.513319][T17102] [ 1171.799897][T17130] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2282'. [ 1171.882566][T17133] netlink: 'syz.6.2283': attribute type 3 has an invalid length. [ 1172.106775][ T30] audit: type=1107 audit(4294967346.630:40): pid=17128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1172.163688][ T30] audit: type=1107 audit(4294967346.630:41): pid=17128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1172.311495][T17146] FAULT_INJECTION: forcing a failure. [ 1172.311495][T17146] name failslab, interval 1, probability 0, space 0, times 0 [ 1172.371178][T17146] CPU: 1 UID: 0 PID: 17146 Comm: syz.3.2286 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1172.371214][T17146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1172.371229][T17146] Call Trace: [ 1172.371236][T17146] [ 1172.371245][T17146] dump_stack_lvl+0x16c/0x1f0 [ 1172.371283][T17146] should_fail_ex+0x512/0x640 [ 1172.371317][T17146] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1172.371347][T17146] should_failslab+0xc2/0x120 [ 1172.371376][T17146] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1172.371402][T17146] ? __proc_create+0xc3/0x8c0 [ 1172.371428][T17146] ? __proc_create+0x2ce/0x8c0 [ 1172.371458][T17146] __proc_create+0x2ce/0x8c0 [ 1172.371485][T17146] ? __pfx___proc_create+0x10/0x10 [ 1172.371516][T17146] ? _raw_write_unlock+0x28/0x50 [ 1172.371546][T17146] ? proc_register+0x314/0x5f0 [ 1172.371575][T17146] proc_create_reg+0x7d/0x180 [ 1172.371603][T17146] ? __pfx_can_rcvlist_sff_proc_show+0x10/0x10 [ 1172.371631][T17146] proc_create_net_single+0x86/0x170 [ 1172.371660][T17146] ? __pfx_proc_create_net_single+0x10/0x10 [ 1172.371698][T17146] can_init_proc+0x37f/0x4d0 [ 1172.371723][T17146] can_pernet_init+0x1e4/0x370 [ 1172.371747][T17146] ? __pfx_can_pernet_init+0x10/0x10 [ 1172.371768][T17146] ops_init+0x1df/0x5f0 [ 1172.371800][T17146] setup_net+0x21e/0x850 [ 1172.371831][T17146] ? __pfx_setup_net+0x10/0x10 [ 1172.371867][T17146] ? lockdep_init_map_type+0x5c/0x280 [ 1172.371901][T17146] ? __pfx_down_read_killable+0x10/0x10 [ 1172.371944][T17146] ? debug_mutex_init+0x37/0x70 [ 1172.371969][T17146] copy_net_ns+0x2a6/0x5f0 [ 1172.372005][T17146] create_new_namespaces+0x3ea/0xad0 [ 1172.372038][T17146] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1172.372068][T17146] ksys_unshare+0x45b/0xa40 [ 1172.372102][T17146] ? __pfx_ksys_unshare+0x10/0x10 [ 1172.372133][T17146] ? xfd_validate_state+0x5d/0x180 [ 1172.372178][T17146] ? rcu_is_watching+0x12/0xc0 [ 1172.372207][T17146] __x64_sys_unshare+0x31/0x40 [ 1172.372239][T17146] do_syscall_64+0xcd/0x230 [ 1172.372275][T17146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.372300][T17146] RIP: 0033:0x7fafdf38e969 [ 1172.372319][T17146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.372343][T17146] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1172.372365][T17146] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1172.372381][T17146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1172.372395][T17146] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1172.372410][T17146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1172.372424][T17146] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1172.372453][T17146] [ 1174.079199][T17181] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2298'. [ 1174.360763][ T30] audit: type=1107 audit(4294967348.880:42): pid=17180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1174.411029][ T30] audit: type=1107 audit(4294967348.880:43): pid=17180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1175.109859][T17201] lo: entered allmulticast mode [ 1175.210685][T17204] lo: left allmulticast mode [ 1175.312738][T17206] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1175.319232][T17206] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1176.726301][T17238] lo: entered allmulticast mode [ 1176.820966][T17245] lo: left allmulticast mode [ 1176.947784][T17245] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1176.954251][T17245] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1177.114414][T17244] FAULT_INJECTION: forcing a failure. [ 1177.114414][T17244] name failslab, interval 1, probability 0, space 0, times 0 [ 1177.225878][T17244] CPU: 1 UID: 0 PID: 17244 Comm: syz.5.2312 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1177.225914][T17244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1177.225929][T17244] Call Trace: [ 1177.225937][T17244] [ 1177.225946][T17244] dump_stack_lvl+0x16c/0x1f0 [ 1177.225984][T17244] should_fail_ex+0x512/0x640 [ 1177.226018][T17244] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1177.226061][T17244] should_failslab+0xc2/0x120 [ 1177.226091][T17244] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1177.226131][T17244] ? snd_seq_oss_open+0x55/0xa20 [ 1177.226169][T17244] snd_seq_oss_open+0x55/0xa20 [ 1177.226215][T17244] odev_open+0x6f/0x90 [ 1177.226242][T17244] ? __pfx_odev_open+0x10/0x10 [ 1177.226272][T17244] soundcore_open+0x409/0x580 [ 1177.226303][T17244] ? __pfx_soundcore_open+0x10/0x10 [ 1177.226331][T17244] chrdev_open+0x231/0x6a0 [ 1177.226356][T17244] ? __pfx_apparmor_file_open+0x10/0x10 [ 1177.226387][T17244] ? __pfx_chrdev_open+0x10/0x10 [ 1177.226415][T17244] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1177.226469][T17244] do_dentry_open+0x741/0x1c10 [ 1177.226494][T17244] ? __pfx_chrdev_open+0x10/0x10 [ 1177.226524][T17244] vfs_open+0x82/0x3f0 [ 1177.226557][T17244] path_openat+0x1e5e/0x2d40 [ 1177.226589][T17244] ? __pfx_path_openat+0x10/0x10 [ 1177.226619][T17244] do_filp_open+0x20b/0x470 [ 1177.226641][T17244] ? __pfx_do_filp_open+0x10/0x10 [ 1177.226683][T17244] ? alloc_fd+0x471/0x7d0 [ 1177.226727][T17244] do_sys_openat2+0x11b/0x1d0 [ 1177.226757][T17244] ? __pfx_do_sys_openat2+0x10/0x10 [ 1177.226790][T17244] ? __pfx___might_resched+0x10/0x10 [ 1177.226823][T17244] __x64_sys_openat+0x174/0x210 [ 1177.226855][T17244] ? __pfx___x64_sys_openat+0x10/0x10 [ 1177.226888][T17244] ? rcu_is_watching+0x12/0xc0 [ 1177.226917][T17244] do_syscall_64+0xcd/0x230 [ 1177.226952][T17244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1177.226976][T17244] RIP: 0033:0x7f34f538e969 [ 1177.226994][T17244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1177.227016][T17244] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1177.227038][T17244] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1177.227053][T17244] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1177.227067][T17244] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1177.227081][T17244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1177.227095][T17244] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1177.227124][T17244] [ 1178.121801][T17272] netlink: 'syz.3.2322': attribute type 1 has an invalid length. [ 1179.150511][T17295] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2330'. [ 1179.193711][T17295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1179.234156][T17295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1179.321310][T17295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1179.366430][T17295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1179.484218][ T30] audit: type=1107 audit(4294967354.000:44): pid=17294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1179.544979][ T30] audit: type=1107 audit(4294967354.000:45): pid=17294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1181.787981][T17344] netlink: 186 bytes leftover after parsing attributes in process `syz.6.2345'. [ 1181.828719][T17340] FAULT_INJECTION: forcing a failure. [ 1181.828719][T17340] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.947924][T17340] CPU: 1 UID: 0 PID: 17340 Comm: syz.3.2344 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1181.947959][T17340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1181.947973][T17340] Call Trace: [ 1181.947980][T17340] [ 1181.947989][T17340] dump_stack_lvl+0x16c/0x1f0 [ 1181.948025][T17340] should_fail_ex+0x512/0x640 [ 1181.948059][T17340] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1181.948100][T17340] should_failslab+0xc2/0x120 [ 1181.948129][T17340] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1181.948177][T17340] ? snd_seq_port_connect+0x61/0x550 [ 1181.948216][T17340] snd_seq_port_connect+0x61/0x550 [ 1181.948245][T17340] ? _raw_read_unlock+0x28/0x50 [ 1181.948274][T17340] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1181.948310][T17340] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1181.948347][T17340] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1181.948392][T17340] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1181.948427][T17340] snd_seq_oss_midi_open+0x442/0x660 [ 1181.948467][T17340] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1181.948514][T17340] ? lockdep_hardirqs_on+0x7c/0x110 [ 1181.948544][T17340] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1181.948578][T17340] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1181.948623][T17340] snd_seq_oss_open+0x893/0xa20 [ 1181.948660][T17340] odev_open+0x6f/0x90 [ 1181.948687][T17340] ? __pfx_odev_open+0x10/0x10 [ 1181.948714][T17340] soundcore_open+0x409/0x580 [ 1181.948754][T17340] ? __pfx_soundcore_open+0x10/0x10 [ 1181.948781][T17340] chrdev_open+0x231/0x6a0 [ 1181.948806][T17340] ? __pfx_apparmor_file_open+0x10/0x10 [ 1181.948837][T17340] ? __pfx_chrdev_open+0x10/0x10 [ 1181.948863][T17340] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1181.948904][T17340] do_dentry_open+0x741/0x1c10 [ 1181.948929][T17340] ? __pfx_chrdev_open+0x10/0x10 [ 1181.948977][T17340] vfs_open+0x82/0x3f0 [ 1181.949012][T17340] path_openat+0x1e5e/0x2d40 [ 1181.949045][T17340] ? __pfx_path_openat+0x10/0x10 [ 1181.949076][T17340] do_filp_open+0x20b/0x470 [ 1181.949099][T17340] ? __pfx_do_filp_open+0x10/0x10 [ 1181.949144][T17340] ? alloc_fd+0x471/0x7d0 [ 1181.949190][T17340] do_sys_openat2+0x11b/0x1d0 [ 1181.949221][T17340] ? __pfx_do_sys_openat2+0x10/0x10 [ 1181.949256][T17340] ? __pfx___might_resched+0x10/0x10 [ 1181.949290][T17340] __x64_sys_openat+0x174/0x210 [ 1181.949323][T17340] ? __pfx___x64_sys_openat+0x10/0x10 [ 1181.949358][T17340] ? rcu_is_watching+0x12/0xc0 [ 1181.949389][T17340] do_syscall_64+0xcd/0x230 [ 1181.949425][T17340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.949450][T17340] RIP: 0033:0x7fafdf38e969 [ 1181.949469][T17340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1181.949493][T17340] RSP: 002b:00007fafe029c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1181.949515][T17340] RAX: ffffffffffffffda RBX: 00007fafdf5b5fa0 RCX: 00007fafdf38e969 [ 1181.949531][T17340] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1181.949546][T17340] RBP: 00007fafdf410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1181.949561][T17340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1181.949575][T17340] R13: 0000000000000000 R14: 00007fafdf5b5fa0 R15: 00007ffdf1150098 [ 1181.949605][T17340] [ 1182.643862][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.653885][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1184.314120][T17385] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2359'. [ 1184.513718][ T30] audit: type=1107 audit(4294967359.030:46): pid=17384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1184.564430][ T30] audit: type=1107 audit(4294967359.030:47): pid=17384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1185.169175][T17398] FAULT_INJECTION: forcing a failure. [ 1185.169175][T17398] name failslab, interval 1, probability 0, space 0, times 0 [ 1185.252416][T17398] CPU: 1 UID: 0 PID: 17398 Comm: syz.5.2363 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1185.252451][T17398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1185.252472][T17398] Call Trace: [ 1185.252480][T17398] [ 1185.252488][T17398] dump_stack_lvl+0x16c/0x1f0 [ 1185.252525][T17398] should_fail_ex+0x512/0x640 [ 1185.252558][T17398] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1185.252601][T17398] should_failslab+0xc2/0x120 [ 1185.252633][T17398] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1185.252673][T17398] ? snd_seq_port_connect+0x61/0x550 [ 1185.252707][T17398] snd_seq_port_connect+0x61/0x550 [ 1185.252736][T17398] ? _raw_read_unlock+0x28/0x50 [ 1185.252765][T17398] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1185.252801][T17398] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1185.252838][T17398] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1185.252883][T17398] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1185.252918][T17398] snd_seq_oss_midi_open+0x442/0x660 [ 1185.252959][T17398] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1185.253006][T17398] ? lockdep_hardirqs_on+0x7c/0x110 [ 1185.253037][T17398] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1185.253071][T17398] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1185.253116][T17398] snd_seq_oss_open+0x893/0xa20 [ 1185.253153][T17398] odev_open+0x6f/0x90 [ 1185.253180][T17398] ? __pfx_odev_open+0x10/0x10 [ 1185.253208][T17398] soundcore_open+0x409/0x580 [ 1185.253238][T17398] ? __pfx_soundcore_open+0x10/0x10 [ 1185.253265][T17398] chrdev_open+0x231/0x6a0 [ 1185.253289][T17398] ? __pfx_apparmor_file_open+0x10/0x10 [ 1185.253320][T17398] ? __pfx_chrdev_open+0x10/0x10 [ 1185.253346][T17398] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1185.253388][T17398] do_dentry_open+0x741/0x1c10 [ 1185.253412][T17398] ? __pfx_chrdev_open+0x10/0x10 [ 1185.253442][T17398] vfs_open+0x82/0x3f0 [ 1185.253481][T17398] path_openat+0x1e5e/0x2d40 [ 1185.253514][T17398] ? __pfx_path_openat+0x10/0x10 [ 1185.253544][T17398] do_filp_open+0x20b/0x470 [ 1185.253566][T17398] ? __pfx_do_filp_open+0x10/0x10 [ 1185.253610][T17398] ? alloc_fd+0x471/0x7d0 [ 1185.253655][T17398] do_sys_openat2+0x11b/0x1d0 [ 1185.253686][T17398] ? __pfx_do_sys_openat2+0x10/0x10 [ 1185.253738][T17398] ? __pfx___might_resched+0x10/0x10 [ 1185.253773][T17398] __x64_sys_openat+0x174/0x210 [ 1185.253805][T17398] ? __pfx___x64_sys_openat+0x10/0x10 [ 1185.253840][T17398] ? rcu_is_watching+0x12/0xc0 [ 1185.253871][T17398] do_syscall_64+0xcd/0x230 [ 1185.253908][T17398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1185.253932][T17398] RIP: 0033:0x7f34f538e969 [ 1185.253952][T17398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1185.253980][T17398] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1185.254003][T17398] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1185.254019][T17398] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1185.254034][T17398] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1185.254049][T17398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1185.254063][T17398] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1185.254093][T17398] [ 1185.771469][T17405] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2368'. [ 1187.937720][T17453] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2382'. [ 1188.171889][ T30] audit: type=1107 audit(4294967362.690:48): pid=17450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1188.231540][ T30] audit: type=1107 audit(4294967362.690:49): pid=17450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1188.335132][T17468] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2387'. [ 1188.500863][ T30] audit: type=1107 audit(4294967363.020:50): pid=17467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1188.550227][ T30] audit: type=1107 audit(4294967363.020:51): pid=17467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1189.065096][T17483] lo: entered allmulticast mode [ 1189.134900][T17484] lo: left allmulticast mode [ 1189.232068][T17484] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 1189.238644][T17484] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 1190.041938][T17504] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2399'. [ 1190.170303][T17506] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2400'. [ 1190.331724][T17511] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2402'. [ 1190.352951][ T30] audit: type=1107 audit(4294967364.870:52): pid=17505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1190.417842][ T30] audit: type=1107 audit(4294967364.870:53): pid=17505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1190.509988][ T30] audit: type=1107 audit(4294967365.030:54): pid=17509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1190.559329][ T30] audit: type=1107 audit(4294967365.030:55): pid=17509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1190.781057][T17518] FAULT_INJECTION: forcing a failure. [ 1190.781057][T17518] name failslab, interval 1, probability 0, space 0, times 0 [ 1190.814340][T17518] CPU: 1 UID: 0 PID: 17518 Comm: syz.5.2405 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1190.814374][T17518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1190.814389][T17518] Call Trace: [ 1190.814396][T17518] [ 1190.814405][T17518] dump_stack_lvl+0x16c/0x1f0 [ 1190.814442][T17518] should_fail_ex+0x512/0x640 [ 1190.814475][T17518] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1190.814517][T17518] should_failslab+0xc2/0x120 [ 1190.814547][T17518] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1190.814586][T17518] ? snd_seq_port_connect+0x61/0x550 [ 1190.814621][T17518] snd_seq_port_connect+0x61/0x550 [ 1190.814649][T17518] ? _raw_read_unlock+0x28/0x50 [ 1190.814678][T17518] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1190.814714][T17518] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1190.814750][T17518] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1190.814796][T17518] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1190.814831][T17518] snd_seq_oss_midi_open+0x442/0x660 [ 1190.814871][T17518] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1190.814918][T17518] ? lockdep_hardirqs_on+0x7c/0x110 [ 1190.814949][T17518] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1190.814988][T17518] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1190.815035][T17518] snd_seq_oss_open+0x893/0xa20 [ 1190.815072][T17518] odev_open+0x6f/0x90 [ 1190.815098][T17518] ? __pfx_odev_open+0x10/0x10 [ 1190.815126][T17518] soundcore_open+0x409/0x580 [ 1190.815157][T17518] ? __pfx_soundcore_open+0x10/0x10 [ 1190.815184][T17518] chrdev_open+0x231/0x6a0 [ 1190.815228][T17518] ? __pfx_apparmor_file_open+0x10/0x10 [ 1190.815260][T17518] ? __pfx_chrdev_open+0x10/0x10 [ 1190.815288][T17518] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1190.815335][T17518] do_dentry_open+0x741/0x1c10 [ 1190.815360][T17518] ? __pfx_chrdev_open+0x10/0x10 [ 1190.815391][T17518] vfs_open+0x82/0x3f0 [ 1190.815426][T17518] path_openat+0x1e5e/0x2d40 [ 1190.815460][T17518] ? __pfx_path_openat+0x10/0x10 [ 1190.815491][T17518] do_filp_open+0x20b/0x470 [ 1190.815514][T17518] ? __pfx_do_filp_open+0x10/0x10 [ 1190.815558][T17518] ? alloc_fd+0x471/0x7d0 [ 1190.815603][T17518] do_sys_openat2+0x11b/0x1d0 [ 1190.815635][T17518] ? __pfx_do_sys_openat2+0x10/0x10 [ 1190.815669][T17518] ? __pfx___might_resched+0x10/0x10 [ 1190.815704][T17518] __x64_sys_openat+0x174/0x210 [ 1190.815737][T17518] ? __pfx___x64_sys_openat+0x10/0x10 [ 1190.815772][T17518] ? rcu_is_watching+0x12/0xc0 [ 1190.815802][T17518] do_syscall_64+0xcd/0x230 [ 1190.815839][T17518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1190.815863][T17518] RIP: 0033:0x7f34f538e969 [ 1190.815882][T17518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1190.815906][T17518] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1190.815927][T17518] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1190.815944][T17518] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1190.815960][T17518] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1190.815974][T17518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1190.815995][T17518] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1190.816025][T17518] [ 1192.305942][T17536] FAULT_INJECTION: forcing a failure. [ 1192.305942][T17536] name failslab, interval 1, probability 0, space 0, times 0 [ 1192.306062][T17536] CPU: 1 UID: 0 PID: 17536 Comm: syz.6.2411 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1192.306093][T17536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1192.306107][T17536] Call Trace: [ 1192.306115][T17536] [ 1192.306124][T17536] dump_stack_lvl+0x16c/0x1f0 [ 1192.306161][T17536] should_fail_ex+0x512/0x640 [ 1192.306196][T17536] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1192.306226][T17536] should_failslab+0xc2/0x120 [ 1192.306255][T17536] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1192.306283][T17536] ? vm_area_dup+0x25/0x760 [ 1192.306314][T17536] vm_area_dup+0x25/0x760 [ 1192.306343][T17536] copy_vma+0x4c2/0xa50 [ 1192.306374][T17536] ? __pfx_copy_vma+0x10/0x10 [ 1192.306408][T17536] ? __mt_destroy+0xa8/0x3e0 [ 1192.306450][T17536] ? do_vmi_align_munmap+0x2a1/0x7d0 [ 1192.306484][T17536] copy_vma_and_data+0x1cf/0x810 [ 1192.306515][T17536] ? __pfx_copy_vma_and_data+0x10/0x10 [ 1192.306564][T17536] ? trace_cap_capable+0x18d/0x200 [ 1192.306586][T17536] ? percpu_counter_add_batch+0xb8/0x1f0 [ 1192.306620][T17536] ? __vm_enough_memory+0x184/0x3f0 [ 1192.306660][T17536] move_vma+0x548/0x1740 [ 1192.306691][T17536] ? __pfx_move_vma+0x10/0x10 [ 1192.306721][T17536] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 1192.306757][T17536] ? cap_mmap_addr+0x4b/0x120 [ 1192.306777][T17536] ? bpf_lsm_mmap_addr+0x9/0x10 [ 1192.306797][T17536] ? security_mmap_addr+0x6c/0x1e0 [ 1192.306826][T17536] ? __get_unmapped_area+0x26a/0x440 [ 1192.306864][T17536] ? vrm_set_new_addr+0x208/0x290 [ 1192.306893][T17536] __do_sys_mremap+0xe38/0x15d0 [ 1192.306923][T17536] ? __pfx___do_sys_mremap+0x10/0x10 [ 1192.306963][T17536] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1192.307006][T17536] ? __x64_sys_futex+0x1e0/0x4c0 [ 1192.307039][T17536] ? rcu_is_watching+0x12/0xc0 [ 1192.307069][T17536] do_syscall_64+0xcd/0x230 [ 1192.307103][T17536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.307127][T17536] RIP: 0033:0x7f21dd98e969 [ 1192.307145][T17536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1192.307167][T17536] RSP: 002b:00007f21de77d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1192.307188][T17536] RAX: ffffffffffffffda RBX: 00007f21ddbb5fa0 RCX: 00007f21dd98e969 [ 1192.307203][T17536] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 1192.307236][T17536] RBP: 00007f21dda10ab1 R08: 0000200000001000 R09: 0000000000000000 [ 1192.307251][T17536] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1192.307266][T17536] R13: 0000000000000000 R14: 00007f21ddbb5fa0 R15: 00007ffd909f5428 [ 1192.307295][T17536] [ 1192.855116][T17547] FAULT_INJECTION: forcing a failure. [ 1192.855116][T17547] name failslab, interval 1, probability 0, space 0, times 0 [ 1192.855152][T17547] CPU: 1 UID: 0 PID: 17547 Comm: syz.5.2416 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1192.855189][T17547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1192.855203][T17547] Call Trace: [ 1192.855210][T17547] [ 1192.855218][T17547] dump_stack_lvl+0x16c/0x1f0 [ 1192.855254][T17547] should_fail_ex+0x512/0x640 [ 1192.855288][T17547] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1192.855317][T17547] should_failslab+0xc2/0x120 [ 1192.855346][T17547] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1192.855372][T17547] ? security_file_alloc+0x34/0x2b0 [ 1192.855407][T17547] security_file_alloc+0x34/0x2b0 [ 1192.855438][T17547] init_file+0x93/0x4c0 [ 1192.855465][T17547] alloc_empty_file+0x73/0x1e0 [ 1192.855496][T17547] alloc_file_pseudo+0x13a/0x230 [ 1192.855527][T17547] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1192.855558][T17547] ? alloc_fd+0x471/0x7d0 [ 1192.855601][T17547] __anon_inode_getfile+0xf7/0x370 [ 1192.855645][T17547] anon_inode_getfile_fmode+0x37/0xa0 [ 1192.855685][T17547] __do_sys_fanotify_init+0x8e3/0xb80 [ 1192.855718][T17547] do_syscall_64+0xcd/0x230 [ 1192.855754][T17547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.855779][T17547] RIP: 0033:0x7f34f538e969 [ 1192.855797][T17547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1192.855827][T17547] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1192.855849][T17547] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1192.855865][T17547] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000000004f1 [ 1192.855879][T17547] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1192.855893][T17547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1192.855906][T17547] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1192.855935][T17547] [ 1193.040832][T17545] FAULT_INJECTION: forcing a failure. [ 1193.040832][T17545] name failslab, interval 1, probability 0, space 0, times 0 [ 1193.040882][T17545] CPU: 1 UID: 0 PID: 17545 Comm: syz.6.2415 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1193.040911][T17545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1193.040925][T17545] Call Trace: [ 1193.040932][T17545] [ 1193.040940][T17545] dump_stack_lvl+0x16c/0x1f0 [ 1193.040975][T17545] should_fail_ex+0x512/0x640 [ 1193.041008][T17545] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1193.041050][T17545] should_failslab+0xc2/0x120 [ 1193.041079][T17545] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1193.041118][T17545] ? snd_seq_port_connect+0x61/0x550 [ 1193.041152][T17545] snd_seq_port_connect+0x61/0x550 [ 1193.041180][T17545] ? _raw_read_unlock+0x28/0x50 [ 1193.041214][T17545] ? check_subscription_permission.isra.0+0xf5/0x240 [ 1193.041249][T17545] snd_seq_ioctl_subscribe_port+0x211/0x450 [ 1193.041285][T17545] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1193.041331][T17545] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1193.041366][T17545] snd_seq_oss_midi_open+0x442/0x660 [ 1193.041405][T17545] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1193.041452][T17545] ? lockdep_hardirqs_on+0x7c/0x110 [ 1193.041482][T17545] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1193.041516][T17545] snd_seq_oss_synth_setup_midi+0x131/0x580 [ 1193.041565][T17545] snd_seq_oss_open+0x893/0xa20 [ 1193.041601][T17545] odev_open+0x6f/0x90 [ 1193.041627][T17545] ? __pfx_odev_open+0x10/0x10 [ 1193.041655][T17545] soundcore_open+0x409/0x580 [ 1193.041684][T17545] ? __pfx_soundcore_open+0x10/0x10 [ 1193.041711][T17545] chrdev_open+0x231/0x6a0 [ 1193.041735][T17545] ? __pfx_apparmor_file_open+0x10/0x10 [ 1193.041765][T17545] ? __pfx_chrdev_open+0x10/0x10 [ 1193.041807][T17545] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1193.041849][T17545] do_dentry_open+0x741/0x1c10 [ 1193.041873][T17545] ? __pfx_chrdev_open+0x10/0x10 [ 1193.041904][T17545] vfs_open+0x82/0x3f0 [ 1193.041937][T17545] path_openat+0x1e5e/0x2d40 [ 1193.041970][T17545] ? __pfx_path_openat+0x10/0x10 [ 1193.041999][T17545] do_filp_open+0x20b/0x470 [ 1193.042022][T17545] ? __pfx_do_filp_open+0x10/0x10 [ 1193.042065][T17545] ? alloc_fd+0x471/0x7d0 [ 1193.042108][T17545] do_sys_openat2+0x11b/0x1d0 [ 1193.042139][T17545] ? __pfx_do_sys_openat2+0x10/0x10 [ 1193.042172][T17545] ? __pfx___might_resched+0x10/0x10 [ 1193.042205][T17545] __x64_sys_openat+0x174/0x210 [ 1193.042236][T17545] ? __pfx___x64_sys_openat+0x10/0x10 [ 1193.042270][T17545] ? rcu_is_watching+0x12/0xc0 [ 1193.042299][T17545] do_syscall_64+0xcd/0x230 [ 1193.042334][T17545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.042357][T17545] RIP: 0033:0x7f21dd98e969 [ 1193.042375][T17545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1193.042398][T17545] RSP: 002b:00007f21de77d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1193.042419][T17545] RAX: ffffffffffffffda RBX: 00007f21ddbb5fa0 RCX: 00007f21dd98e969 [ 1193.042433][T17545] RDX: 0000000000000080 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1193.042448][T17545] RBP: 00007f21dda10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1193.042462][T17545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1193.042475][T17545] R13: 0000000000000000 R14: 00007f21ddbb5fa0 R15: 00007ffd909f5428 [ 1193.042504][T17545] [ 1195.948806][T17586] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2428'. [ 1196.114619][ T30] audit: type=1107 audit(4294967370.630:56): pid=17585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1196.114665][ T30] audit: type=1107 audit(4294967370.630:57): pid=17585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1196.280739][T17594] FAULT_INJECTION: forcing a failure. [ 1196.280739][T17594] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.280772][T17594] CPU: 1 UID: 0 PID: 17594 Comm: syz.5.2430 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1196.280799][T17594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1196.280812][T17594] Call Trace: [ 1196.280819][T17594] [ 1196.280827][T17594] dump_stack_lvl+0x16c/0x1f0 [ 1196.280861][T17594] should_fail_ex+0x512/0x640 [ 1196.280894][T17594] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1196.280921][T17594] should_failslab+0xc2/0x120 [ 1196.280947][T17594] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1196.280972][T17594] ? dup_fd+0x4e/0xb90 [ 1196.281005][T17594] ? do_futex+0x122/0x350 [ 1196.281029][T17594] dup_fd+0x4e/0xb90 [ 1196.281062][T17594] ? find_held_lock+0x2b/0x80 [ 1196.281089][T17594] __do_sys_close_range+0x4ca/0x730 [ 1196.281110][T17594] ? xfd_validate_state+0x5d/0x180 [ 1196.281147][T17594] ? __pfx___do_sys_close_range+0x10/0x10 [ 1196.281166][T17594] ? rcu_is_watching+0x12/0xc0 [ 1196.281194][T17594] do_syscall_64+0xcd/0x230 [ 1196.281227][T17594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1196.281248][T17594] RIP: 0033:0x7f34f538e969 [ 1196.281264][T17594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1196.281285][T17594] RSP: 002b:00007f34f6294038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1196.281304][T17594] RAX: ffffffffffffffda RBX: 00007f34f55b5fa0 RCX: 00007f34f538e969 [ 1196.281318][T17594] RDX: 0004000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 1196.281332][T17594] RBP: 00007f34f5410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1196.281344][T17594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1196.281357][T17594] R13: 0000000000000000 R14: 00007f34f55b5fa0 R15: 00007ffef6182a48 [ 1196.281383][T17594] [ 1196.488886][ T31] INFO: task kworker/u10:3:15224 blocked for more than 143 seconds. [ 1196.488914][ T31] Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 [ 1196.488930][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1196.488940][ T31] task:kworker/u10:3 state:D stack:26952 pid:15224 tgid:15224 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1196.489038][ T31] Workqueue: netns cleanup_net [ 1196.489071][ T31] Call Trace: [ 1196.489079][ T31] [ 1196.489092][ T31] __schedule+0x116f/0x5de0 [ 1196.489125][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 1196.489160][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 1196.489197][ T31] ? __pfx___schedule+0x10/0x10 [ 1196.489251][ T31] ? find_held_lock+0x2b/0x80 [ 1196.489276][ T31] ? schedule+0x2d7/0x3a0 [ 1196.489309][ T31] schedule+0xe7/0x3a0 [ 1196.489340][ T31] schedule_timeout+0x257/0x290 [ 1196.489367][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1196.489402][ T31] ? mark_held_locks+0x49/0x80 [ 1196.489433][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1196.489466][ T31] __wait_for_common+0x2fc/0x4e0 [ 1196.489498][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1196.489536][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1196.489568][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1196.489600][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1196.489637][ T31] __flush_workqueue+0x3e2/0x1230 [ 1196.489684][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 1196.489720][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 1196.489751][ T31] ? release_sock+0x21/0x220 [ 1196.489786][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1196.489814][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 1196.489844][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1196.489870][ T31] rds_tcp_listen_stop+0x104/0x150 [ 1196.489906][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1196.489940][ T31] rds_tcp_exit_net+0xcb/0x810 [ 1196.489977][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1196.490011][ T31] ? __pfx___might_resched+0x10/0x10 [ 1196.490041][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1196.490075][ T31] ops_exit_list+0xb0/0x180 [ 1196.490106][ T31] cleanup_net+0x5c1/0xb30 [ 1196.490140][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1196.490178][ T31] ? rcu_is_watching+0x12/0xc0 [ 1196.490205][ T31] process_one_work+0x9cc/0x1b70 [ 1196.490254][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1196.490301][ T31] ? assign_work+0x1a0/0x250 [ 1196.490965][ T31] worker_thread+0x6c8/0xf10 [ 1196.491013][ T31] ? __kthread_parkme+0x19e/0x250 [ 1196.491044][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1196.491082][ T31] kthread+0x3c2/0x780 [ 1196.491118][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.491151][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.491184][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.491217][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.491250][ T31] ? rcu_is_watching+0x12/0xc0 [ 1196.491274][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.491310][ T31] ret_from_fork+0x45/0x80 [ 1196.491348][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.491382][ T31] ret_from_fork_asm+0x1a/0x30 [ 1196.491432][ T31] [ 1196.491481][ T31] [ 1196.491481][ T31] Showing all locks held in the system: [ 1196.491491][ T31] 1 lock held by khungtaskd/31: [ 1196.491510][ T31] #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1196.491606][ T31] 3 locks held by kworker/u10:3/15224: [ 1196.491620][ T31] #0: ffff88801c2f6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1196.491693][ T31] #1: ffffc9000ba1fd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1196.491766][ T31] #2: ffffffff90110710 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xc9/0xb30 [ 1196.491832][ T31] 2 locks held by getty/15276: [ 1196.491845][ T31] #0: ffff888035ed20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1196.491904][ T31] #1: ffffc900049d92f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1196.491995][ T31] 1 lock held by syz.2.1785/15340: [ 1196.492009][ T31] #0: ffffffff90110710 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 1196.492079][ T31] 2 locks held by udevd/15783: [ 1196.492094][ T31] 1 lock held by syz.0.2033/16370: [ 1196.492108][ T31] #0: ffffffff90110710 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 1196.492175][ T31] 1 lock held by syz.4.2133/16654: [ 1196.492188][ T31] #0: ffffffff90110710 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 1196.492273][ T31] 6 locks held by syz.3.2404/17530: [ 1196.492288][ T31] 1 lock held by syz.1.2428/17586: [ 1196.492301][ T31] #0: ffff888035511068 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80 [ 1196.492358][ T31] 2 locks held by syz.6.2432/17595: [ 1196.492371][ T31] [ 1196.492377][ T31] ============================================= [ 1196.492377][ T31] [ 1196.492395][ T31] NMI backtrace for cpu 1 [ 1196.492407][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1196.492435][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1196.492448][ T31] Call Trace: [ 1196.492456][ T31] [ 1196.492463][ T31] dump_stack_lvl+0x116/0x1f0 [ 1196.492496][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1196.492527][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1196.492565][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1196.492594][ T31] watchdog+0xf70/0x12c0 [ 1196.492630][ T31] ? __pfx_watchdog+0x10/0x10 [ 1196.492659][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1196.492692][ T31] ? __kthread_parkme+0x19e/0x250 [ 1196.492722][ T31] ? __pfx_watchdog+0x10/0x10 [ 1196.492752][ T31] kthread+0x3c2/0x780 [ 1196.492786][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.492817][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.492849][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.492880][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.492912][ T31] ? rcu_is_watching+0x12/0xc0 [ 1196.492934][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.492968][ T31] ret_from_fork+0x45/0x80 [ 1196.493003][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493035][ T31] ret_from_fork_asm+0x1a/0x30 [ 1196.493081][ T31] [ 1196.493096][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1196.493109][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 1196.493138][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 1196.493151][ T31] Call Trace: [ 1196.493159][ T31] [ 1196.493167][ T31] dump_stack_lvl+0x3d/0x1f0 [ 1196.493199][ T31] panic+0x71c/0x800 [ 1196.493234][ T31] ? __pfx_panic+0x10/0x10 [ 1196.493266][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 1196.493303][ T31] ? nmi_backtrace_stall_check+0x6e/0x540 [ 1196.493331][ T31] ? irq_work_queue+0xce/0x100 [ 1196.493365][ T31] ? watchdog+0xdda/0x12c0 [ 1196.493395][ T31] ? watchdog+0xdcd/0x12c0 [ 1196.493430][ T31] watchdog+0xdeb/0x12c0 [ 1196.493465][ T31] ? __pfx_watchdog+0x10/0x10 [ 1196.493516][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1196.493548][ T31] ? __kthread_parkme+0x19e/0x250 [ 1196.493578][ T31] ? __pfx_watchdog+0x10/0x10 [ 1196.493609][ T31] kthread+0x3c2/0x780 [ 1196.493643][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493675][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493708][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493741][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493773][ T31] ? rcu_is_watching+0x12/0xc0 [ 1196.493795][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493830][ T31] ret_from_fork+0x45/0x80 [ 1196.493866][ T31] ? __pfx_kthread+0x10/0x10 [ 1196.493899][ T31] ret_from_fork_asm+0x1a/0x30 [ 1196.493946][ T31] [ 1196.494001][ T31] Kernel Offset: disabled