last executing test programs: 8m54.804378442s ago: executing program 1 (id=870): openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x40, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, 0x0) socket(0x28, 0x1, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon1\x00', 0x4ad03, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101283, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x6d4382, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x4, 0x300000000000000, 0x80000001, 0x7, 0x0, 0x5, 0x2, 0x300000000000000]}, 0x0) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x41, 0x0, 0x0) madvise$auto(0x108000, 0x800034, 0xa) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x3e) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x100) socketpair$auto(0x8, 0x7, 0x1, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x8926, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r3, 0x40104d14, r3) 8m53.404001391s ago: executing program 1 (id=874): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030001000100060007000080000008000300000400000a0005001e16390f3abc00000a000500aaaaaaaaaabb00000a000500000000000000000008000200", @ANYRES32=0x0, @ANYBLOB="1b0006adace24c1906f514aec0478fc33340002d010000"], 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x3, 0x100) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYRES32=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x11}, 0x200c4044) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xb, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0xc4c}, 0x3, 0x0) r3 = open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) mount$auto(&(0x7f0000000400)='dvmrp1\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='^\x00', 0xfffffffffffffff9, &(0x7f00000004c0)="8f70888a13cde023fa452eab27fecad2fc0f053a88b2f1e98c36fadb5cddda5c4d7e2263817a196bbcb9ceec4109b3ec7b5c433af852ab464456330793c113ae7266bca4d0069ec762a14224f3c0ece2495fdad16f337ccde65b52a5b1c73f60") setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) r4 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0p\x00', 0x143101, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO(r4, 0x80184132, &(0x7f0000000240)={0x9, 0x49f, 0x0, 0xf583}) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r3, 0x0, 0x1003, 0x4005, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r6, &(0x7f0000005200)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000005080)={0x14, r5, 0x301, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x4) r7 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f00000001c0), r0) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x5edfed0c30547b27}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x58, r7, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_STATS={0x44, 0x6, {0x5, 0x7ffffffffffff, 0x8, 0x8, 0x3ff, 0x3, 0x7f, 0x8000000000000000}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040084}, 0x8084) sendfile$auto(0x1, 0x3, 0x0, 0xc01) mmap$auto(0x0, 0x20008, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x6, 0x7bd6, 0x0) 8m52.117515936s ago: executing program 1 (id=877): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200007, 0x2, 0x40ebd, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x40008, 0xdb, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x4, 0x0) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) prlimit64$auto(0x1, 0x3, 0x0, 0x0) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x24, 0x0, 0x0) ioperm$auto(0xfb, 0x5, 0xe) setreuid$auto(0x4, 0x8) sched_setaffinity$auto(0x1, 0x1, 0x0) 8m51.209281901s ago: executing program 1 (id=879): mmap$auto(0x0, 0x7, 0x1006, 0xeb1, 0xffffffffffffffff, 0x9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x80000001, 0xa) r1 = gettid() process_vm_writev$auto(r1, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) setsockopt$auto(r0, 0x11, 0xa, 0x0, 0x8) socket(0x10, 0x2, 0x0) 8m49.643997544s ago: executing program 1 (id=882): openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) r0 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0xa26, 0x4) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) socket(0x2, 0x3, 0x2) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0xfffffdef) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) write$auto(r2, &(0x7f0000000040)='\xce*+#\x00', 0x80) read$auto(r2, 0x0, 0x6864a34) madvise$auto(0xff, 0x10000, 0xe35) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mincore$auto(0x0, 0x10000, 0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) mincore$auto(0x0, 0x3, &(0x7f00000000c0)='\x00') setsockopt$auto(r3, 0x113, 0x1, 0x0, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8000000000000000, 0x8000) r4 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) ioctl$auto(r5, 0xc1205531, r4) 8m47.495639769s ago: executing program 1 (id=886): socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x3c) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x5603, r0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdf3) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0x2, 0x1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0x4008ae90, 0x0) 8m31.584404747s ago: executing program 32 (id=886): socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x3c) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x5603, r0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdf3) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0x2, 0x1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0x4008ae90, 0x0) 8m22.394852722s ago: executing program 0 (id=924): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x163742, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x282000b, 0x2, 0xeb1, 0xffffffffffffffff, 0x495ce92a) futex_wake$auto(0x0, 0x7, 0xffefffff, 0x12) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, 0x0, 0x4) write$auto(0x3, 0x0, 0xfffffded) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x1) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @remote}, 0x55) write$auto(0x3, 0x0, 0xfdef) socket(0xa, 0x3, 0x6) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/dfscache\x00', 0x101a41, 0x0) write$auto(r1, 0x0, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={0x3c, r3, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@nested={0x4, 0x83}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) socket(0x2b, 0x2, 0xfffffffd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8, @ANYBLOB="01", @ANYRES32], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) recvfrom$auto(0xffffffffffffffff, &(0x7f0000000000), 0xfffffffffffffff5, 0xaa, 0x0, 0x0) io_uring_setup$auto(0xd, 0x0) 8m18.025510835s ago: executing program 0 (id=934): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181000, 0x0) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x1, 0x1, 0x7) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0xfcff, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c2, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config/target/version\x00', 0x6d0500, 0x0) socket(0x1e, 0x5, 0x0) socket(0x2, 0x6, 0x0) epoll_create$auto(0x4) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtd0\x00', 0x8080, 0x0) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) 8m15.700385423s ago: executing program 0 (id=940): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x541c, r1) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x401) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) read$auto(r2, 0x0, 0x13) write$auto(r2, 0x0, 0x3) 8m12.687842383s ago: executing program 0 (id=945): socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/path\x00', 0xc8800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000022c0)=""/4127, 0x101f) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) socket(0xa, 0x80000, 0x0) read$auto(0x3, 0x0, 0xf34) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="010326bd700002dcdf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x8810}, 0x0) close_range$auto(0xffffffffffffffff, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x84) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/dynamic_debug/control\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r2, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x54) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0xa0800, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xd, 0x9, 0x7, 0x1f, 0x15f4da0a, 0x4000, 0x3, 0x1, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) 8m4.851562896s ago: executing program 0 (id=957): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x1, 0x1, 0x7) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0xfcff, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c2, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config/target/version\x00', 0x6d0500, 0x0) socket(0x1e, 0x5, 0x0) socket(0x2, 0x6, 0x0) epoll_create$auto(0x4) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtd0\x00', 0x8080, 0x0) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) 8m2.56773957s ago: executing program 0 (id=960): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffffff, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000, 0x5, 0x15) r1 = getpid() prlimit64$auto(r1, 0xf67a, 0x0, &(0x7f0000000080)={0x3ff}) mmap$auto(0x3, 0x400006, 0xdf, 0x15, 0xffffffffffffffff, 0x6000000000000) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) msync$auto(0x1ffff001, 0x180040000000021, 0xf52) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) lseek$auto(0xffffffffffffffff, 0x7ffffffffffffffe, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x109803, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) write$auto(0xffffffffffffffff, 0x0, 0x2) writev$auto(0xffffffffffffffff, &(0x7f00000015c0)={&(0x7f0000001540)="72c6a24e31520df5e6ec01dd1feb219c5d82dbedaff42ce5286b68b03eda226d06f75249154ab82c1e308e5271250fca0e30162fb81bdb77d7e2031953ad7688cf272cdc224bdba3fb938519d0f5bec148575e9394", 0x4}, 0x6) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001240)={&(0x7f00000012c0)={0x174, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY_CAPS={0x84, 0x18, 0x0, 0x1, [@typed={0x4, 0x10b}, @generic="a332ce2470bbb2099e1b8c8c0ded57191b17f9dae2aaa093c05ae1ccaf2ebc28a0bdc76edfb73ae5482311d234c447c0f447c38c1ecfff19805cc38afc5b0177302701cf922b29c5222fee7ca90a9851cb072d0a2ce2b864f15d03fc095b12d1672dfd5648a39a4debe34b249554b7093b3344034e81eb1d313ef684"]}, @NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x37}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}, @NL802154_ATTR_PEER={0xae, 0x28, 0x0, 0x1, [@typed={0x5, 0xce, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xb1, 0x0, 0x0, @pid=r1}, @nested={0x8, 0x1e, 0x0, 0x1, [@nested={0x4, 0x9d}]}, @generic="7b6e97546d5186356092527d8b430c86e1817e8c2dce205d70dc5cc1d435c1ce7d6f6932a49a0b3106617260df12", @generic="223a3092f7f8c3d46d5cd56d3e306ed9ebd11e2e", @nested={0x50, 0x100, 0x0, 0x1, [@nested={0x4, 0x113}, @typed={0x47, 0x65, 0x0, 0x0, @str='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00'}]}]}, @NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x9}]}, 0x174}, 0x1, 0x0, 0x0, 0x1}, 0x881) init_module$auto(0x0, 0x5, 0x0) r4 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00', 0x400, 0x0) mmap$auto(0x9, 0xca3, 0xf32, 0x16, r4, 0x4) 7m47.333912362s ago: executing program 33 (id=960): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffffff, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000, 0x5, 0x15) r1 = getpid() prlimit64$auto(r1, 0xf67a, 0x0, &(0x7f0000000080)={0x3ff}) mmap$auto(0x3, 0x400006, 0xdf, 0x15, 0xffffffffffffffff, 0x6000000000000) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) msync$auto(0x1ffff001, 0x180040000000021, 0xf52) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) lseek$auto(0xffffffffffffffff, 0x7ffffffffffffffe, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x109803, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) write$auto(0xffffffffffffffff, 0x0, 0x2) writev$auto(0xffffffffffffffff, &(0x7f00000015c0)={&(0x7f0000001540)="72c6a24e31520df5e6ec01dd1feb219c5d82dbedaff42ce5286b68b03eda226d06f75249154ab82c1e308e5271250fca0e30162fb81bdb77d7e2031953ad7688cf272cdc224bdba3fb938519d0f5bec148575e9394", 0x4}, 0x6) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001240)={&(0x7f00000012c0)={0x174, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY_CAPS={0x84, 0x18, 0x0, 0x1, [@typed={0x4, 0x10b}, @generic="a332ce2470bbb2099e1b8c8c0ded57191b17f9dae2aaa093c05ae1ccaf2ebc28a0bdc76edfb73ae5482311d234c447c0f447c38c1ecfff19805cc38afc5b0177302701cf922b29c5222fee7ca90a9851cb072d0a2ce2b864f15d03fc095b12d1672dfd5648a39a4debe34b249554b7093b3344034e81eb1d313ef684"]}, @NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x37}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}, @NL802154_ATTR_PEER={0xae, 0x28, 0x0, 0x1, [@typed={0x5, 0xce, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xb1, 0x0, 0x0, @pid=r1}, @nested={0x8, 0x1e, 0x0, 0x1, [@nested={0x4, 0x9d}]}, @generic="7b6e97546d5186356092527d8b430c86e1817e8c2dce205d70dc5cc1d435c1ce7d6f6932a49a0b3106617260df12", @generic="223a3092f7f8c3d46d5cd56d3e306ed9ebd11e2e", @nested={0x50, 0x100, 0x0, 0x1, [@nested={0x4, 0x113}, @typed={0x47, 0x65, 0x0, 0x0, @str='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00'}]}]}, @NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x9}]}, 0x174}, 0x1, 0x0, 0x0, 0x1}, 0x881) init_module$auto(0x0, 0x5, 0x0) r4 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00', 0x400, 0x0) mmap$auto(0x9, 0xca3, 0xf32, 0x16, r4, 0x4) 4m4.11919181s ago: executing program 5 (id=1667): mmap$auto(0x0, 0x3ff, 0x9, 0xeb1, 0xffffffffffffffff, 0x0) socket(0xa, 0x801, 0x84) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) listen$auto(r0, 0x1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) quotactl_fd$auto(0xffffffffffffffff, 0x4, 0x0, 0x0) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x0, 0x8, 0xd4, 0xfffffffffffffff6, 0x6, 0x0, 0x10001, 0x3, 0x2, {0x8, 0x10002}, 0x1, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0) ioctl$auto_TIOCSTI2(r2, 0x545c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0xf) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r6, 0x0, 0x3}, 0xc) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x9, 0x3, 0x15f4da0a, 0x6, 0x4b7, 0x62, 0x8000001d, 0x7, 0x6d3f, 0x9, 0x2, 0x7d6f170e]}, 0x0) r7 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy7/queues\x00', 0x0, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r7, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x17, 0x0) fsopen$auto(0x0, 0x1) brk$auto(0xfffffffffffffffb) 3m59.822055089s ago: executing program 5 (id=1676): r0 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x3, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video58\x00', 0x0, 0x0) ioctl$auto(r1, 0xc0285628, r1) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) socket(0x22, 0x1, 0x3) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/sda/sched/dispatch2\x00', 0xe2040, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x1, 0x300) socket(0x29, 0x5, 0x0) open(0x0, 0x80400, 0xb5d1af1605322dd2) r3 = open_by_handle_at$auto(r0, &(0x7f0000000080)={0xfffffffffffffef3, 0x2, "0200000000000000"}, 0x1) sendfile$auto(r2, r2, 0x0, 0x2) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket(0x11, 0x80003, 0x300) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'team0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000003b00), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r7, 0x540a, 0x0) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r4, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000003bc0)={&(0x7f0000003b80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010026bd7000fedbdf258800000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x180c0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) 3m58.833454841s ago: executing program 5 (id=1680): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x0) mmap$auto(0xfffffffffffffffc, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/misc\x00', 0x10b402, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r2, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf250a000000eff0030007000180e9ad511db7093efd70b465ee70047426c069ac03d3b7bb7c0274cb9b0d03fa5b92922c24ac8520e51158e2"], 0x20}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_ETHTOOL_MSG_MM_SET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r3, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_MM_TX_MIN_FRAG_SIZE={0x8, 0x5, 0x4224}, @ETHTOOL_A_MM_PMAC_ENABLED={0x5}, @ETHTOOL_A_MM_VERIFY_ENABLED={0x5}, @ETHTOOL_A_MM_PMAC_ENABLED={0x5, 0x2, 0x1}, @ETHTOOL_A_MM_VERIFY_ENABLED={0x5, 0x7, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x9080) pread64$auto(r1, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x100000001, 0x100) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r4, 0x80104592, &(0x7f0000000080)={0x2000, 0x800007, 0x5}) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x10800, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) close_range$auto(0x2, 0x8, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x80000, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x400, 0xffffffffffffffff, 0x4002) 3m55.180882372s ago: executing program 5 (id=1685): mmap$auto(0x0, 0x3ff, 0x9, 0xeb1, 0xffffffffffffffff, 0x0) socket(0xa, 0x801, 0x84) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) listen$auto(r0, 0x1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) quotactl_fd$auto(0xffffffffffffffff, 0x4, 0x0, 0x0) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x0, 0x8, 0xd4, 0xfffffffffffffff6, 0x6, 0x0, 0x10001, 0x3, 0x2, {0x8, 0x10002}, 0x1, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0) ioctl$auto_TIOCSTI2(r2, 0x545c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0xf) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r6, 0x0, 0x3}, 0xc) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x9, 0x3, 0x15f4da0a, 0x6, 0x4b7, 0x62, 0x8000001d, 0x7, 0x6d3f, 0x9, 0x2, 0x7d6f170e]}, 0x0) r7 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy7/queues\x00', 0x0, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r7, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x17, 0x0) fsopen$auto(0x0, 0x1) brk$auto(0xfffffffffffffffb) 3m53.36604417s ago: executing program 5 (id=1688): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x5, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r0 = socket(0x2a, 0x2, 0x1) r1 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x44001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) setsockopt$auto(0x3, 0x0, 0x8, 0x0, 0x7) read$auto(r1, 0x0, 0x80) writev$auto(r0, &(0x7f0000000100)={0x0, 0x9}, 0x8) close_range$auto(0x2, 0xffffffffffffffff, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x3ff) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) unshare$auto(0x40000080) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mbind$auto(0x0, 0x2, 0x2, &(0x7f0000002100)=0x4, 0x7, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x800) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) 3m51.826397066s ago: executing program 5 (id=1695): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x8080, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) kcmp$auto(0x0, 0x0, 0x4, 0xffffffffffffffff, r1) shmctl$auto_SHM_LOCK(0x1, 0xb, 0x0) accept$auto(0x3, 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3c, 0x4909b6fb, 0x1ffe0, 0x7, 0x6, 0x7fffffffffffffff, 0x0, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x82, 0x7, 0x0, 0x7, 0x8, 0x200, 0x0, 0x84, [0x0, 0x7, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x401, 0x6, 0x70624ce7, 0x0, 0x4, 0xb, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x400000000005b8, 0x100000000c, 0x0, 0x800, 0x0, 0x7, 0x2, 0x5, 0x8000000000008, 0x4, 0x9, 0xa38, 0x4, 0xffffffffffffffff, 0xfffffffffffffffd, 0x2, 0x3fffffffff, 0x0, 0x4, 0xffff]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xf6f6, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r3, r3, 0x0, 0x7fffe000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x80044943, 0x0) ioctl$auto_IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000000)={0x32, 0xffffffff}) close_range$auto(r1, r1, 0x6) mmap$auto(0x8000000, 0x8, 0x1000000016, 0x12, 0x3, 0x180000000) 3m36.070915731s ago: executing program 34 (id=1695): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x8080, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) kcmp$auto(0x0, 0x0, 0x4, 0xffffffffffffffff, r1) shmctl$auto_SHM_LOCK(0x1, 0xb, 0x0) accept$auto(0x3, 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3c, 0x4909b6fb, 0x1ffe0, 0x7, 0x6, 0x7fffffffffffffff, 0x0, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x82, 0x7, 0x0, 0x7, 0x8, 0x200, 0x0, 0x84, [0x0, 0x7, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x401, 0x6, 0x70624ce7, 0x0, 0x4, 0xb, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x400000000005b8, 0x100000000c, 0x0, 0x800, 0x0, 0x7, 0x2, 0x5, 0x8000000000008, 0x4, 0x9, 0xa38, 0x4, 0xffffffffffffffff, 0xfffffffffffffffd, 0x2, 0x3fffffffff, 0x0, 0x4, 0xffff]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xf6f6, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r3, r3, 0x0, 0x7fffe000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x80044943, 0x0) ioctl$auto_IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000000)={0x32, 0xffffffff}) close_range$auto(r1, r1, 0x6) mmap$auto(0x8000000, 0x8, 0x1000000016, 0x12, 0x3, 0x180000000) 13.950412143s ago: executing program 2 (id=2308): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x260083, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x1e, 0x805, 0x0) sysfs$auto(0x2, 0x1b, 0x0) fsopen$auto(0x0, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x103, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000100)='/d-:\xe7J\x00'/23, 0x1eb0800) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0) socket(0x28, 0x5, 0x0) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x27, 0x9, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x11000000, 0x0, 0x7, 0x200000006d3c, 0x5, 0x10, 0xfffffffffffffffd]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x0, 0x1f2) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/loop2/hctx0/sched_tags_bitmap\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8802, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) prctl$auto(0x1000000003b, 0x1, 0x0, 0x40005, 0x10004) io_uring_setup$auto(0x6, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 13.015766904s ago: executing program 6 (id=2310): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffffff, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000, 0x5, 0x15) r1 = getpid() newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x109803, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) write$auto(0xffffffffffffffff, 0x0, 0x2) writev$auto(0xffffffffffffffff, &(0x7f00000015c0)={&(0x7f0000001540)="72c6a24e31520df5e6ec01dd1feb219c5d82dbedaff42ce5286b68b03eda226d06f75249154ab82c1e308e5271250fca0e30162fb81bdb77d7e2031953ad7688cf272cdc224bdba3fb93", 0x4}, 0x6) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001240)={&(0x7f00000012c0)={0x174, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY_CAPS={0x84, 0x18, 0x0, 0x1, [@typed={0x4, 0x10b}, @generic="a332ce2470bbb2099e1b8c8c0ded57191b17f9dae2aaa093c05ae1ccaf2ebc28a0bdc76edfb73ae5482311d234c447c0f447c38c1ecfff19805cc38afc5b0177302701cf922b29c5222fee7ca90a9851cb072d0a2ce2b864f15d03fc095b12d1672dfd5648a39a4debe34b249554b7093b3344034e81eb1d313ef684"]}, @NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x37}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'batadv_slave_0\x00'}, @NL802154_ATTR_PEER={0xae, 0x28, 0x0, 0x1, [@typed={0x5, 0xce, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xb1, 0x0, 0x0, @pid=r1}, @nested={0x8, 0x1e, 0x0, 0x1, [@nested={0x4, 0x9d}]}, @generic="7b6e97546d5186356092527d8b430c86e1817e8c2dce205d70dc5cc1d435c1ce7d6f6932a49a0b3106617260df12", @generic="223a3092f7f8c3d46d5cd56d3e306ed9ebd11e2e", @nested={0x50, 0x100, 0x0, 0x1, [@nested={0x4, 0x113}, @typed={0x47, 0x65, 0x0, 0x0, @str='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00'}]}]}, @NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x9}]}, 0x174}, 0x1, 0x0, 0x0, 0x1}, 0x881) init_module$auto(0x0, 0x5, 0x0) r4 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00', 0x400, 0x0) mmap$auto(0x9, 0xca3, 0xf32, 0x16, r4, 0x4) 11.222269995s ago: executing program 2 (id=2313): mmap$auto(0x0, 0x3ff, 0x9, 0xeb1, 0xffffffffffffffff, 0x0) socket(0xa, 0x801, 0x84) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) listen$auto(r0, 0x1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) quotactl_fd$auto(0xffffffffffffffff, 0x4, 0x0, 0x0) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x0, 0x8, 0xd4, 0xfffffffffffffff6, 0x6, 0x0, 0x10001, 0x3, 0x2, {0x8, 0x10002}, 0x1, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, 0x0, 0x80, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyq9\x00', 0x1, 0x0) ioctl$auto_TIOCSTI2(r2, 0x545c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0xf) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r6, 0x0, 0x3}, 0xc) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x9, 0x3, 0x15f4da0a, 0x6, 0x4b7, 0x62, 0x8000001d, 0x7, 0x6d3f, 0x9, 0x2, 0x7d6f170e]}, 0x0) r7 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy7/queues\x00', 0x0, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r7, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x17, 0x0) fsopen$auto(0x0, 0x1) brk$auto(0xfffffffffffffffb) 10.039882485s ago: executing program 6 (id=2317): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x20499d, 0x9) r0 = socket(0x2, 0x1, 0x0) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r0, 0x7) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x2000fdff) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r1, 0x0, 0x9a6, 0xe000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x100000000001, 0xdb, 0x9b72, 0x5, 0x8000) socket(0x2, 0x1, 0x202) 8.817349652s ago: executing program 2 (id=2318): r0 = socket(0x23, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000040), r0) sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x9fb127cc8aea257e}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0002fa02c0da755e7611dd42a43dda829b25069ea0a507ef2b430206fd23a82d2f375257f3ae9ee4e7c464f5a22374bb67686992a2379f16c0cc139a305d1d67a7802c8e2b210a1200f71df86a85e2dae91e4b64906b6f528a3adc72127a1b662ae1f0a089e747e3ba54450553e2f9369ef4394d9989ba459232470b5772883d2b1ece1ea088309271bd31eef53e218bbd6fc2cbd699ce954c5ed425d55c93d76ebf29d17085e4812f1b76d30dfd22d5519bac287f777909a48792fc4369963aab28354792a670b5218e71b5dd5516b85b6111298f7d20e1d9d9ba8c06dcc95beaf7650585ac03dd47", @ANYRES16=r1, @ANYBLOB="000225bd7000fcdbdf2507000000080011000d000000"], 0x1c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x20000000) ioctl$auto(0x3, 0x80000541b, 0x38) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 32) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES64=r3, @ANYRESOCT, @ANYRES32=0x0, @ANYRESHEX=r0, @ANYRES8], 0x68}, 0x1, 0x0, 0x0, 0x20048084}, 0x40090) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x3, 0x100) (async) socket(0x10, 0x2, 0x0) (async, rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async, rerun: 64) sendmmsg$auto(r3, &(0x7f00000006c0)={{&(0x7f0000000480)="85a65f10c8a46a3cbe7c63d62d8443e0201f6e2aaa967cc22d8dcfd576fa032a03b596fcf8913f6028ca5360cd0d23389adac060b4638b028b4c16ea9c02d5532086a5ed7094097ed53bb56ff0cbc705f7a7742d9f6c449778788cb4ff74d7fb0abf13d3a016037cdb1eded7118dfce488d351a3c06f41254b869122cf3ce12f2e065ea097085e79fb3d1e50bb545f939ca3", 0x100, &(0x7f0000000300)={&(0x7f0000000540)="b1cf70a118204053f274faed51bac6fbccdb7a9953754737bb4449a33f5673183cdd83cfd494c6091101dd33ea93fd0faf0eff19d872946ee40af28aba62119ec253e1f8a1017cc514dc7a5e750a0c83b1f327eb1fd1c9ebde6fe63157948311e27aaf8caf0662e59fa4cc527aea217661bdb17c20812dc2af117dfb3ad032dc1b82ac52c27e73f5f833536c240e6c47d95ecc60d3eddf2e960fc95480be50cfeaa6153da46ba68be1ca793a7cefe76d74962d7df180f4fc1541972fe30a76ca912d940691070e05698318d252a6b5b28252d4648dbe67fa66438836", 0xa}, 0x8, &(0x7f0000000640)="1e69f4ebc3d1d2b58d160a228e87b17ef8d3b21319e403178d94f7c479108ae07067b73ec5065e9304e276665954a593bb1d3c74b22b9618e9b0d6c9f2fba7ccf0708ecbe437c455d7ac1c95767361dd", 0xe1db, 0x100}, 0x10000}, 0xbff9, 0x5) (async) mmap$auto(0x0, 0x2, 0x8, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/mem\x00', 0x100, 0x0) read$auto_proc_mem_operations_base(r4, &(0x7f0000000340)=""/230, 0xe6) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010325bd7040efdbf7250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0x8040004) (async) r5 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x1, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) socket(0x2a, 0x2, 0x1) (async) write$auto(0x3, 0x0, 0x3f04) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e"], 0x1ac}}, 0x0) (async, rerun: 32) recvmmsg$auto(r5, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000000), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) (async, rerun: 64) r6 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r3, @ANYBLOB="1c00fa"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) (async) write$auto(r0, &(0x7f0000000080)='vdpa\x00', 0x7) 8.305599578s ago: executing program 6 (id=2322): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x5, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) r1 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x44001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) setsockopt$auto(0x3, 0x0, 0x8, 0x0, 0x7) read$auto(r1, 0x0, 0x80) writev$auto(r0, &(0x7f0000000100)={0x0, 0x9}, 0x8) close_range$auto(0x2, 0xffffffffffffffff, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x3ff) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) unshare$auto(0x40000080) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mbind$auto(0x0, 0x2, 0x2, &(0x7f0000002100)=0x4, 0x7, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x800) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) 8.171885639s ago: executing program 2 (id=2323): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r0 = open(&(0x7f0000000100)='./cgroup\x00', 0x105040, 0x0) open_by_handle_at$auto(r0, &(0x7f0000000500)={0x8, 0xfe, "0100000000000000"}, 0xffffffff) r1 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r1, 0x29, 0xd1, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x454, 0x9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x7fffffff) ioctl$auto(r2, 0x541c, r3) sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='[\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="02002cbd7000ffdbdf258900000008006b0001000000050029001b00000008006200070000000400440004008c000500f6000500000008003f000d000000040005010500c200a7000000"], 0x50}}, 0x20000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/block/nbd6/hctx0/tags\x00', 0x40000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) read$auto(r4, 0x0, 0x13) write$auto(r4, 0x0, 0x3) 8.103815154s ago: executing program 3 (id=2324): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181000, 0x0) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) capget$auto(0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x1, 0x1, 0x7) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0xfcff, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x4c2, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config/target/version\x00', 0x6d0500, 0x0) socket(0x1e, 0x5, 0x0) socket(0x2, 0x6, 0x0) epoll_create$auto(0x4) 6.093764793s ago: executing program 3 (id=2326): socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(0xffffffffffffffff, 0x4144, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x1b}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) msgctl$auto_IPC_INFO(0x52a41eab, 0x3, &(0x7f00000001c0)={{0x0, 0xee01, 0x0, 0xb, 0x7, 0x6, 0xa1}, &(0x7f0000000140)=0xb3, &(0x7f0000000180)=0xda, 0x7, 0x101, 0x100000001, 0xc048, 0xe, 0x1000, 0x5, 0x1, @raw=0x7, @raw=0xc}) r1 = openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/saved_cmdlines\x00', 0x0, 0x0) pread64$auto(r1, 0x0, 0x1, 0x70) 4.7488824s ago: executing program 4 (id=2328): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(0x0, r0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="19000003d3", 0x5) socket(0x6, 0x1, 0x2) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0x2000000e, 0x0, 0x0, &(0x7f00000002c0)={[0x2, 0x6, 0x80000000000000d, 0x1, 0x948d, 0x6, 0x15f4da09, 0x1, 0xd3e2, 0x1000000, 0xfffffffffffffffd, 0x7, 0x6d3c, 0x1000, 0x2]}, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000013c0), 0x800001, 0x0) ioctl$auto_TUNSETQUEUE(r3, 0x400454d9, 0x0) socket(0x2, 0x3, 0x100) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x4, 0x0) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x06:\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9', 0xfdef, 0x3) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x5c, r5, 0x1, 0x70bd27, 0x25dfdbf9, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x80}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @empty}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) socket(0x28, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5408, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'geneve1\x00'}) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 4.748420033s ago: executing program 3 (id=2329): mmap$auto(0x400000000000005, 0x9, 0xdf, 0x3a, 0x6, 0x8000) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x58) r1 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x44001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r0, 0x8000) socket(0x21, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) clone$auto(0x10051a, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) setsockopt$auto(r2, 0x0, 0x8, 0x0, 0x7) read$auto(r1, 0x0, 0x80) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2008) close_range$auto(0x2, 0xffffffffffffffff, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x3ff) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) unshare$auto(0xc0000083) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mbind$auto(0x0, 0x2, 0x2, &(0x7f0000002100)=0x4, 0x20000000007, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x800) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x0, 0x6) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/irq/1/effective_affinity\x00', 0x6002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) 4.660775588s ago: executing program 6 (id=2330): openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x6211, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c8aeb68", @ANYRES16=r1, @ANYBLOB="01002cbd7000fbdbdf250f00000008000300", @ANYRES32, @ANYBLOB="08002c0003000000"], 0x24}, 0x1, 0x0, 0x0, 0x400c010}, 0x140000e4) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xb, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/set_event\x00', 0x40, 0x0) pread64$auto(r4, 0x0, 0x400, 0x9871) r5 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x185002, 0x0) ioctl$auto_SNDCTL_TMR_SOURCE(r6, 0xc0045406, &(0x7f00000002c0)="88e45416bdda90301213554fefd05108db772559604ffd92d5648ce3fead5509e33786ea263ed8e21fbc40257c3cc3e9d67042c42678a3fd4a3b3152ad47a838ecb7630ecee32ee157753e9294564bbe7b83a816") mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(0x3, 0x200000000001, 0x3b, 0x0, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r5, 0x0, &(0x7f0000000240)="4115a8e668f9887f2903de26f7d1b652d5fc04ae33d91648520e5a40318348e04c44dab89a281508859e048440d501548b9470") r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x85, 0x0) r8 = socket(0xa, 0x1, 0x84) getsockopt$auto(r8, 0x0, 0x487, 0x0, 0x0) sendmsg$auto(r7, &(0x7f0000000200)={&(0x7f0000000080)="add024c5de170c70ae4e76f1d642f2f1afd3bd432e3919fe97546ea43a993f3641e164ccb47f6959722809283c750cedd01a8e4b007a59909e0b2e006bdc7ab2e6018584e4af180a9ad1e2401ff80ad205e582130cc5e59cb0407479b350179dbea46d8a43b4cde992a0faba644fadcdbee11aa9548f5e4ec7a5fd8f486f8496d3a7476a01a4e26511d486882c991e5144ea92a6259edb0e608ee293eeb0ed10464218265825cd", 0x6, &(0x7f0000000000)={&(0x7f0000000140)="114aee75cb07905dc5cb3f25f94d8089194a7d91ca078214aa7c2fc9cc3f1fedc3dc421e313fb7c10fd625ffbc9fc7c64e31f2f16c16998c2ba14fbee6c1692ac53c7926442dc0c6faa8e9", 0x8}, 0x1ff, &(0x7f00000001c0), 0x1000}, 0xfffffffd) ioctl$auto_SG_GET_RESERVED_SIZE(r7, 0x80081272, 0x0) 4.175339303s ago: executing program 3 (id=2331): r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto_nvram_misc_fops_nvram(r0, 0x0, 0x0) 4.156548972s ago: executing program 2 (id=2332): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) open(&(0x7f0000000300)='./file0\x00', 0x7ffd, 0x12) write$auto(0x3, 0x0, 0x100082) clone$auto(0x7, 0x2000400000d, 0xfffffffffffffffc, 0x0, 0x3) io_uring_setup$auto(0x6, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x29a02, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x401, 0x0) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/scsi\x00', 0x80002, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)="a458f4e5e5f4bcc7fad26fd67f02b7cd05e6589800c28ef8f8202c09b2638f3653c6ed3b849812627a484d93e7ca38bb6c75b1d0f95ba576d7f2aba7a6e17d8a748fa2c2b65445121fdb006e371bc9da60cdd2378cf6a100a75f14aee91714b49cf0714f88fa5e59aae9bcf9c237ad19523f31da1c288cdf6281c4b2abd40ce043cd48819ea9eaa38e675e316b30542f9931634b3a830a7b54d420ab67826dddb406fed3bed2b77ecb0a7d4e2af6b59bab4910255fc1c235940b6f7f253131c3cd2ac263c02923997e0d75105d0d2cf679ea39a73b46233a7ae8e3bbfb0d80046e233f9d8c5560fe1c960668ebcbe0f83692592c77c17cd13221d12f7101576ebed9672885ab88780d1e19fac43722706ec0ba321cbad1a4655b89cf162edf24d1fefcae46d1249c3454cec842f32115775e6874e5cd7ded5dd35826f4cd5305cb3ef22976a7038ab5b6c2f47ab885ca72fac9790238d313859fab15b48ac55d1f572eedc5696e7699164709ec83e685df236a03296471157171e45fc876d86da156922a730e921b1db59737aa99d3c340400112561338a371d1046b32398ad4d770d08435561793bb629ea9c546540c8f54fed75b9e2e96a93bbbe986a8f4979193d7542319a3420287a1ac0a39444fc1abbf0a42bcff5cfa283d15f6c6e299a21abb3a375b3e1ddbb02e6159c9457952209b24c1bf943c54670ae8c2e47f56c96fddee1f2e1632fabde9bcd0bf1ae29eaa6cd2eba33477d8c8731f44173d7c9f6671a951d3e53e696f8f9879f9a974f7e2966e75142cda07e655b6d2eabea316f895785acf3bc931bf224e07110af85ec024d81e326efd5d258d42f731858bb0cb93c93b9030cb34b2a95e7844c018230d92b285d8cbe8bee6a92fd4243e53fa90f4635ecfdb49081d198b4146014cfc4419497fb921b2f61e23ce527374349012778e08f814df03867fee8247ee26c549c0597f94afc17d785b61e1725fa64bc12f1affe87e9117e71290bce5f75ad394817234f97c49fbc63a4d811719871c0a2d5db42d5f8ec45959a8464af57cca0566f6bd41d693f1fb5c96e4c6a6f97f50f459f7793e6046d1b535de78802b9fd9953dafe263ab3d693c0fee0283e70c610e2cfc0e3cb3854dd9d02d700eb666d80dadef740e5f274c2a8ba5fafe1898378022c3d51249710e4f4081b3e2f53670250d3ad7a06eeb02ee94505f7fc8d2c5e9a984a6ab7c1b761f517919a2f44c6bfeaf840c359627be82c08c5769921720bbd883aa74003d8dafec23f539b6b26205d931dcbd381c61430e58954ccd8bef6e8ff18243d769b9139e86d83ee72e5a8c7ac6dc0c997faf9b347947a40e7ef33686c2ee0b49d7c58148e4c8f73fcab6c5597f71feef03fc47db06955299b166bff481c71499fe92fde4e754db5ac71e1c8471ecd1d15fc9c48ce2d01fcdec9b8a9c4cd5d591f590a521dd39d3354e7e2750f7260fe89c02bb3bddd30f11be772eb95752246632df16474832514493cb6c50e8fc6b37dbc263cf970f0ab0d1221245082e91e90f55ad8354eb735038335b42e2571267b07cf71225010aab65145e443b50099b2bd4bfbf546a411e733e97d54db91e84448f966469b796425bbd144f83694b9e05b756fbba36cc6075ad8f30edb0847be6934482d6e19950af47db60a96ca5eef83faf4a1f628daa8dafc78cc2607fa0fcf6fc0ad00c64efb2c223c70bf7a8414c290d13793a5fc81b10a5bb5e8dd7ca2f81f5556d231bf2cfbf1923285aba060c1c88882107e14fddcaaf3eaea37a0bb7216050585c886b6c3fad247d85ccd458dfb746d3d0f6e517adf50a31fc96530950f186943de01ff77d98273875b727cfaf927820d52ee3a63fea63b2d39b1f2c6c2d985e62b96e4ec129207e488a2f91356ba91a8d8bd5b63718d087dfc183e56ceb924afae5f3a12d8c53bb21b8593965b1d68aa52ca985fa510d279ffc470468e3aec2d7524d80826a94e48a6ca4d11e5fc3d5776efc1a696b04c391c872eb2f42fcf6b84e6498f5d0520600f9f68a36d3c535b9d7cfc1d45415374adb90f1e6d300a99f2b5f6f77594c336ddc9b171c4875247201b05ab171a7d4418dcfffcee9996be2cd77e9d7e92965d28e1458df6d184ba7d9cd55d5994a00e692d7674f2ae01d6dd56c3e4b5aa1c0f27ae4c4cbbfe7289743b7c5f9ba7300891f4c83f414318e77de74d84d33b7f83c456e198b99d64e8b7caad5bcd618993764bb24178a990d736edf4965346c2ac76c99b22a5114ec39bc818d6a469b0d4f1aeaf955c14d7a3a5b787141d465a55d71b6138a8dc8cb1d303371c97d8479cb09545bf4a08fa99ab7ea21b3b3a95f4b052e261baf2be0131ce619ecd352904fc2486735edf6d2df283f1e2dae7432557bd8c899b397e769088797f337b3aa1867a9728148f9c63f643ce41f19906640e50764b1a6286beabe9f9e074ca60552f1212aad80b22cbbb45c6e6f00f51020df928756caa3cf374342257807d6daea4e74a79c6144fae4f78915303542b7a5d48a17179a4a43ab18631b06d81c01409277dac0d58ff48c86f679e9c0c56aa8ca6c7591078d6bee3ff9857e099145cf0775ef0ee006f9697e4c69efe0ff72543d7028f5ef18c1d814d1a9f9a3e30fa5d324ba137aaa7175a529c13a8fc321d92472c9b19c941e701f7225664b05613cb07b0705112105ab3c28b00af1b6f930f3d903ee6cc164d77d5d2a0b16667cfb6b329b53b30d8d9a826ba7430d519b1b7f537ed2df08845eb5df7737fe3554f3d96144b42bfd92cc5daab42446f3d46272a00f2457d39ef3e9ea37362d402f6287ea6f485f68ffbe383e21089c313171f6c33f8a7055299ab7cfc5d974c487d992cac1ca53c05c1e9bdb38f6ca0ed6d4e0d8ab7b6197fdd1b4b95e6a466c8d9336c571ea1743e96e0b88da75520b8adddcaa932336fa02f63ce1a7eb909507f778ca3b5f2a736f396528d06ea86f63d3e45f545d262cadd337d321023ae0e5052ba4c0028dbd19765b0097039a64d58a8998ef7afba341b42d6b227cad8f4c4025a766de872a0cfde5f8c0581d4442a7aac906a0db5fad825611e487228aed5eec17f08d887a34d2b7c6c25f77412ee9941d5dec68a0464a1b0fd6eede1aa1b50579a93f205943dfd626204b9ca493c5aaececd17df71ac200cf7331a8bfbeddb6cd95b0b3016e56de0a9eeadf8d8c3591ae061e743f7c1ca4522bf55b2d80f3ba5df92d81433552dad6fd744ea71903b15a6374613b2a64a533cf6fa974273e7e5359f47428d7620d98d877faadad739a9a761713832ea70da990271b575e7cff075714d563b5b752ab50a7e1a1b5e689ff210503faabb37b8aa1d845825ab2488cfcb6a22010a55c4c045745f186ba8f42bc5a4dd06831da770670209ba568016459c50aef30c8aba754e341183817ad9b386e6b4e194cf66b76c9ea6313491d99d7e7a6d5c92bcec000c58794de2acfc4c490392a68f61e60bf664287e7020e4f30d897d916eb73dd4965b100f3c528cf2a46d43fca6351fc8c6c50fee04340b1f2fdf382a257eab0d964e7a2f0b1b7b9bc017117d8ebb40816b5515c88f7682c02b92b01d9fe884c963846f64800463830d83605a2ea32510dfbaaa29af264f60e8f72f307880f595715637dd799de8d77b0c7131bc04d44ce06b82a0f355e09e3d580124167e62fb12c584dc9553f3f91c86afffe6d871784c56c687b48b14bc974c65f18468eb3806be61c563a8af3075e4d9ff2c55ebab74ac4d384bc7f012dd39e373f74bab4ec597caa798112958890c00de56da95293e578490fb0e1e8fa63e1db877e75c7da1e394e37f8a971f7fe1354a800fff0c23aa66d990acf8fc7524d52a0c4f7b66459cb1811719afec92b7bd88e43569559f7f5fd41196c8ead0c70e13cb05b1155aab093a58b0d4652ce5ca005f868cf38fbefd401ddc9a747447ca6ea90b277688ef780461d14c5186b5a724cf50e5e3a7453e7ac4e79f07851317ae57911529daaa03d6745df50c78b868cb60757828b00d5215b0967733e2ab1366afacbec2fae934460a1e364275715fc2fe5b911240d59d94084b3386d130c9f52d844858bd36c866b2ca215c02aaff1c4be7a5d2329e00e5ad58de3e87c862402ff5d3632b1f871461f57f6194057ccde4d1d4adc08b0da2778896aa95ef376c53818fafa74872e2f99af03edfe5e8d8e030816a01fa193007f84a627991f24f9054d0347082c2c27294d8bea1422b5847a3bfd2684f5708013d6f3c4d41baca139ebab799b0f2d15eeb4a5fd195b892d331bd1db3f0ec4ddc225e52ef8a326ccd4b86995bf90ceffd0a18d37806ee49d09f072ddab15df82556c459daf45705ebfd358c4eb7547add41da3364d90fcdd36759e0000a88080a7f6d24ebb0e29e3a1b830e773a2c6d312472375b0428a221e03e2a1810a1c3cc8cde61e5359eefbb7324f4a6b04a2da87bce311a319ae8a842a518135750779d022b1a5321eb779d318d17387a7b7a739620594b090a2e550442c3debdc07a7a5283acc99539834c47ccf7635557a3066b81b32135df2e34c509dbf66dc0276e1e57977b45d77d41db78981883cf8ce8a738c04753911e957bf044e0bdbb1e9a72a7b5f884b61293e2f2756a32f6ef292a95e8484e101194a8c7e90f1e41fddf7d6af09dff5e308a2fbf5f0158d45bc87341ce3414c4b26cbc47ba43b2c2ad9ce6068df85d30fa994bf55cca9c327501c5335711988d3b4b5552c4fb9e9b6601a63cbb0a72ecdac3848ca4870814e0b8dee48a0ab5b14224c71f12cd648a3a39cba8e68f1562c1ad4966b7099015039518de65178c6a5e409166cc49d53b0f053773535421dfe289bd7c7fc2172dd4c5820ea3d2bbfd5bfd056a4d249a803440eada02f46e6fb9db13c74dad1303ca88b0a5091e196837eedd6a1dcd00e95fee39f252e3fb3afcb28d1db702bec482f19f7a5a327a522354e7bdbb3619697cd5c6e5b098b9a3c11478ef2b6467d22d0409e43bcb6552aaf47890c30077e56e77bfc53bc77fba63a324586f3172014b98dfac4ad686c83e611b89b1591a88dc4402d5cb60366455174cf0b84d0685454265a4a7d023b588ae491e6dac119433b2610170a8dc52a0c9f60cec85fe7fea415bf61e50c315b00c70a240a56345e1030731c4144d128e8dab606b1bda54874452af20ed7d6f3350b477417857884a6a6972b9696e92464b762da5739e400850df7ad82c63efb359d3a96b5a4a2f385432b6fa54c54a37678013d1774107b168b32225172d1081aa093def6e5ed6c05767128a4ebd0913ab03d200de072e81dbbc7b0c947ee3e34f6795211e632651852cb9cd7c2de1ef54d20ef625a193ed13061030c9a2e7f8c5674cbde924e25c8f97b6add0f4f89ef2b16ff418581aebd9f962f671a6adff28acf04edd01a96f69e0671780bdf40a19e9a3a235289771738cd32d1ef14509d11781d17608251fb7fa1b9d3c8646497ba0ce8890a2f0bd6e485959ceb8edf74981ef1c0ad7fc4f67bc4c941daef39fefbbdfa39979cf0e6454d565e8e90f8f4ac565a42dde87e16d4ad0977e1e67f88f560131ddaacc8a1f9db08441e6a9ddabae4b19441ef451ae9d9a854b193eb337d68830637f3ae81738bcc1a016077efe7692e146018b417d1199a14a79eecdcb00b0477f83627be935cc3a16a90b59b501d02be6091623c94f0fcf3e74616da0bbd767384c47fbe393c08c896979eef4cf1f200"/4096, 0x1000) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) r1 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, 0x0, 0x22641, 0x0) writev$auto(r1, 0x0, 0x568a) init_module$auto(0x0, 0xffff9, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.6/usb7/power/wakeup_active_count\x00') openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000001240)={0x80}) 3.933188923s ago: executing program 4 (id=2333): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(0x0, r0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000440)="19000003d3", 0x5) socket(0x6, 0x1, 0x2) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0x2000000e, 0x0, 0x0, &(0x7f00000002c0)={[0x2, 0x6, 0x80000000000000d, 0x1, 0x948d, 0x6, 0x15f4da09, 0x1, 0xd3e2, 0x1000000, 0xfffffffffffffffd, 0x7, 0x6d3c, 0x1000, 0x2]}, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000013c0), 0x800001, 0x0) ioctl$auto_TUNSETQUEUE(r3, 0x400454d9, 0x0) socket(0x2, 0x3, 0x100) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x4, 0x0) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x06:\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9', 0xfdef, 0x3) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x64, r5, 0x1, 0x70bd27, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x80}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @empty}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) socket(0x28, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5408, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.308502147s ago: executing program 3 (id=2334): mmap$auto(0x0, 0x3ff, 0x9, 0xeb1, 0xffffffffffffffff, 0x0) socket(0xa, 0x801, 0x84) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) listen$auto(r0, 0x1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) quotactl_fd$auto(0xffffffffffffffff, 0x4, 0x0, 0x0) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x0, 0x8, 0xd4, 0xfffffffffffffff6, 0x6, 0x0, 0x10001, 0x3, 0x2, {0x8, 0x10002}, 0x1, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$auto_TIOCSTI2(r2, 0x545c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0xf) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r6, 0x0, 0x3}, 0xc) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x9, 0x3, 0x15f4da0a, 0x6, 0x4b7, 0x62, 0x8000001d, 0x7, 0x6d3f, 0x9, 0x2, 0x7d6f170e]}, 0x0) r7 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy7/queues\x00', 0x0, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r7, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x17, 0x0) fsopen$auto(0x0, 0x1) brk$auto(0xfffffffffffffffb) 3.103882367s ago: executing program 4 (id=2335): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x260083, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x1e, 0x805, 0x0) sysfs$auto(0x2, 0x1b, 0x0) fsopen$auto(0x0, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x103, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000100)='/d-:\xe7J\x00'/23, 0x1eb0800) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0) socket(0x28, 0x5, 0x0) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x27, 0x9, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x11000000, 0x0, 0x7, 0x200000006d3c, 0x5, 0x10, 0xfffffffffffffffd]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x0, 0x1f2) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/loop2/hctx0/sched_tags_bitmap\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8802, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) prctl$auto(0x1000000003b, 0x1, 0x0, 0x40005, 0x10004) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) 2.98012739s ago: executing program 6 (id=2336): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffffff, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100002000, 0x0, 0x6, 0x2) madvise$auto(0x1000, 0x5, 0x15) mmap$auto(0x3, 0x400006, 0xdf, 0x15, 0xffffffffffffffff, 0x6000000000000) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) msync$auto(0x1ffff001, 0x180040000000021, 0xf52) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) 1.453782044s ago: executing program 4 (id=2337): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x400008, 0xdd, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181000, 0x0) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) capget$auto(0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x40342, 0x62) utimensat$auto(r0, &(0x7f0000001c80)='\x00', &(0x7f0000001cc0)={0x7, 0x3ffffffb}, 0x1000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x1, 0x1, 0x7) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000000) r2 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r2, 0x0, 0x4004) madvise$auto(0x0, 0x1010001, 0x100000003) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) ioctl$auto(0x3, 0x80a86f3d, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x1, 0x200, &(0x7f0000000140)={0x0, 0x2800000a}, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c2, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config/target/version\x00', 0x6d0500, 0x0) 549.96476ms ago: executing program 2 (id=2338): mmap$auto(0x0, 0xa, 0x1, 0xeb1, 0x401, 0x8000) alarm$auto(0x5) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) r0 = socket(0x28, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000) mount$auto(0x0, 0x0, 0x0, 0x3379, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x80, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x0, 0x5, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_RESET2(0xffffffffffffffff, 0x4141, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x40802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)=ANY=[@ANYBLOB='p\a\x00\x00', @ANYRES16, @ANYBLOB="1b002cbd7000fddbdf2503000000040008003e07028004000c00a46d7dcf3663a2461bba661453caa528a1ef5fa0142afabe25c7f4dde9cbfbd8d0a808000f00", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=r2, @ANYRES32=r2, @ANYBLOB="8dbe1bbf23bdd968621cfe10b4a8137cab95bc782465166d3ad00c3a78bc52f84fc004c5f6d2", @ANYRES16=r0, @ANYBLOB="6f6a92bbab39e704b3417f92d6b238461262c1356a69ea1d41712e8feebe957e53b115233e63f5ccf76617eaf6d23d3fd4696e4d75e619734b4e17e7e39fca78e83ff35a93e2eb9350793bbd6dd482b6bf738882f0721a8349d10c9f625232162474ef4d4244a350c219d0deac51a09501ad7570c20c84488478f551f21d4e95ec97dca85d53e611685ef69a9c666407f1ffcd1b0180cb", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="040034800400c58008004800", @ANYRES32=0x0, @ANYBLOB="44b8faf27622f0c52854d5c6fa83a98089aee4c989712af1732226aa3b2e47903fa207b243b758c6351fa60614079cd343bbea5053678c669fdf1f4053a8aa5fb4ef01e3460ffcf6555ce0f456efd78c1a07a546251c2c05639229a630d8048c0904e6a63e6dddd2602a2f79cb11a7d95873a0338c5d0613d2bef3783758be4fb2c55bb98eac8bfb1c46496b3ae976388634f5472a2361d3201291fcaabd584dcb15c0fe560400ff80068722d610b6e9da36b5a7fb8b8e68a0d204a9b378eab4fcacdc1d96d1b9777ac68fff5f1d8e1a7ba10a8e3441b8a61b81aa16c4bcfe3ba80e0f11026d1bad833a118008d9873e136d68f5e1903aa0bf3ad27f05ecb7cc02354183ff556b4923e7c81db8e111d89c1277f93ec8096d3eee496b51d11d6287448faf4a5b9951c38820cd405c9fdf1ad599eea5d1a9a0857def2dd90d56995fd1df0c45f2656df485a119fca0554ddf436c04d22718d91aff053e8e64d2eff7dd41c26da27727c5503544d85289005c05876de22dd060fda6160d1efea12194eec329edc94be082c8245fddb2ab4d39d024cb47aac834a61a255bc94ca913f2777a3fca162439aa0ecce48ecf067aafc1a1658f00032895598a3f207537f00b6f2f02b691601fe3bc2ed83747f140a04dc5733c1cf57689f27dd0f1b4888b6f8639aebc51f0ecc2459907e3cc66dd8db2ffeb9d837f4b24c53f2092218f03d063d749513f7d3b91437ff12a47764786d385dd782c3470dc70064002cb34f91a464b2732c1a53efb97601400ef002f6465762f73657175656e636572320012016e80368a323ac846ad1c6ef67723c43fe5dc90e44bca6ed26650d088c4f5b3b6f0a24b45f07861b40f0e1e3f6d80657555bbdf1d176a637f589d07f9d9cb29cc7d24c8890cb6ec3d3ef5c93e4d7818eeac92ef7fbf7abbbea7023d105c3fd2ecf0ee51d21f88eef2f3d9ecf66c608f5e207d37f4f799d53e45afa077e0d32361d5f2ec0716fa534d0276783487a3d1cae990621d5c3b29059a1320bd2ac6d5420c9d5f7dc8979b84797aae0cd55784463805014615518f62f3c5b4a803b3ecc1d4e3a40ba122347b28fbc9d736ff5bf13fe9234326ef092e34eed62493de578dfd583fbb34cffaff21bca4d6c308009600100000000400548008006100080000000400a280bebc240800ce00", @ANYRES32=0x0, @ANYBLOB="000000000012000100898771f1c19f1779048590828848000004000280"], 0x770}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) 527.336458ms ago: executing program 3 (id=2339): mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x7fe, 0xfe2) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x101, 0x7, 0xeb1, 0x3fd, 0x800007ffc) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x10, 0x2, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x80000001, 0x0, 0x100, 0x0, 0x0, 0x0, 0xffffffffffffff91, 0xfd3, 0x2, 0xec, 0x4, 0x80000002081, 0x8, 0x2, 0xfffffffffffffff8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) epoll_ctl$auto(0xffffffffffffffff, 0x860, 0xffffffffffffffff, 0x0) r4 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0xa0042, 0x0) write$auto_lockdown_ops_lockdown(r4, &(0x7f0000000080)="a3c72e71ed506a221381f0538fefa465158fbbeb89451043553ff869189cf3250b65c544ccd3988b29f3cdb20660e616d3daa3e36b174c5661e383221287595a7e873202add9b0f11733de4ec2cd9c5b048058ed89c590d73c2e44d11636cb85ea9cb4180c5d1ab11f731cec20c57489baf87d298ef21b138e83a6a13cfdc39ffcf7c18ae6946c0d58c5026cd804c5d2f1a5348a159fe5e6746038217e838e23a24c5cda52d0af4c570a9983422fb706704f8410113a38fc2decb77fbcbca9e8f3dd2b2ccb939869852e91137af1e79ab833c8b104726d0a00", 0xd9) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) getpid() sendmsg$auto_NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000380)={&(0x7f0000000400), 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYRES32=r2], 0x210}, 0x1, 0x0, 0x0, 0x4000015}, 0x40010) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'veth0_to_bridge\x00', 0x0}) sendmsg$auto_NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="74000000fc492843d1e8f14083f062a4d2df00ec395dba0af313921cd2532ff933b4821e3a5832608143de4e620c70897ebc0751cf4e2386b71a5362d09cb7d3de3caa7996ff231a7b849682399b9d66671fb5391654726bcc3b6292dc22e58cfef0c98ecd8b25ad3f23723e429c933be51234ef893d3bbef4b58141c603352b35d8e96dab34d8bbcbd7ecf11d5425a8cf7c42d9e9ca010883d44d9495e634854bd073585c46319c9f4ced402d2600907174e21d664486f96ac51c3bb6db8e641ab9083d5677181850531a7c9a66b0b81fd3f3a9393de2ac7d3bc30a3f2a0f438f7b4df8c6590ff21fbd121dc3eb7c05862cd33fec7d4181a286a5ceef4246cb83289f70fcb9e771fdaa782122ae44cba8ebfb", @ANYRES16=r5, @ANYBLOB="00022cbd7000fcdbdf25180000000500290001000000050007000500000008000100aecc000006000a000600000008002c000200000008000300", @ANYRES32=r6, @ANYBLOB="08002700ffffffff140004006e69637666300000000000000000000008001600000000000c0006000500000000000000"], 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x20000095) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rt_sigsuspend$auto(0x0, 0x8) syz_clone3(0x0, 0x0) 458.627883ms ago: executing program 4 (id=2340): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000ac0)={0x14, r1, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) socket(0xa, 0x3, 0x73) socket(0x29, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) getsockopt$auto(0x6, 0x10f, 0x4, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r3, @ANYRES8=r2], 0x18}}, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10048884) open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) r6 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0) write$auto_nvmf_dev_fops_fabrics(r6, &(0x7f0000001500)='7', 0x1) ppoll$auto(&(0x7f0000000040)={r6, 0x3, 0x3}, 0x0, &(0x7f0000000080)={0x10000, 0xffffffffffffffff}, &(0x7f0000000100)={0x3}, 0x8) ioctl$auto_RNDADDTOENTCNT2(r7, 0x40045201, &(0x7f0000000140)=0x8001) 214.379256ms ago: executing program 4 (id=2341): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0xffffffff, 0x10000000000002d, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000, 0x5, 0x15) getpid() newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x109803, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) write$auto(0xffffffffffffffff, 0x0, 0x2) writev$auto(0xffffffffffffffff, &(0x7f00000015c0)={&(0x7f0000001540)="72c6a24e31520df5e6ec01dd1feb219c5d82dbedaff42ce5286b68b03eda226d06f75249154ab82c1e308e5271250fca0e30162fb81bdb77d7e2031953ad7688cf272cdc224bdba3fb9385", 0x4}, 0x6) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, 0x0, 0x881) init_module$auto(0x0, 0x5, 0x0) r3 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, 0x0, 0x400, 0x0) mmap$auto(0x9, 0xca3, 0xf32, 0x16, r3, 0x4) 0s ago: executing program 6 (id=2342): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/set_event\x00', 0x40, 0x0) pread64$auto(r0, &(0x7f0000000000), 0xf, 0x5af) (fail_nth: 2) kernel console output (not intermixed with test programs): 1.182018][ T5847] hsr_slave_1: entered promiscuous mode [ 71.188389][ T5838] Bluetooth: hci1: command tx timeout [ 71.188472][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.201551][ T5847] Cannot create hsr debugfs directory [ 71.240440][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.258669][ T5838] Bluetooth: hci2: command tx timeout [ 71.275927][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.297249][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.318331][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.389324][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.426115][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.433556][ T5838] Bluetooth: hci3: command tx timeout [ 71.445799][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.461533][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.476472][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.492461][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.516766][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.542959][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.613146][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.626278][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.642849][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.656422][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.726145][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.781654][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.815222][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.822490][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.834597][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.841404][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.844569][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.854911][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.887028][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.927096][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.954489][ T2978] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.961667][ T2978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.984082][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.020838][ T2978] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.027994][ T2978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.091459][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.123366][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.147373][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.164227][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.171416][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.195885][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.203013][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.237492][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.244723][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.277424][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.285189][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.325330][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.447325][ T5836] veth0_vlan: entered promiscuous mode [ 72.476285][ T5836] veth1_vlan: entered promiscuous mode [ 72.502405][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.558914][ T5836] veth0_macvtap: entered promiscuous mode [ 72.586084][ T5836] veth1_macvtap: entered promiscuous mode [ 72.619008][ T5839] veth0_vlan: entered promiscuous mode [ 72.637289][ T5839] veth1_vlan: entered promiscuous mode [ 72.649433][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.681307][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.712613][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.725266][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.736347][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.745430][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.774826][ T5839] veth0_macvtap: entered promiscuous mode [ 72.786006][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.800414][ T5839] veth1_macvtap: entered promiscuous mode [ 72.829077][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.840107][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.851605][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.862451][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.888307][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.900311][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.912332][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.945494][ T5841] veth0_vlan: entered promiscuous mode [ 72.963798][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.974481][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.985637][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.994468][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.031460][ T5841] veth1_vlan: entered promiscuous mode [ 73.099951][ T5838] Bluetooth: hci0: command tx timeout [ 73.125223][ T5847] veth0_vlan: entered promiscuous mode [ 73.134812][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.136811][ T5847] veth1_vlan: entered promiscuous mode [ 73.151123][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.194988][ T5841] veth0_macvtap: entered promiscuous mode [ 73.216333][ T5841] veth1_macvtap: entered promiscuous mode [ 73.235873][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.254927][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.261168][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.266742][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.272966][ T5838] Bluetooth: hci1: command tx timeout [ 73.283909][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.300439][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.312838][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.338490][ T5838] Bluetooth: hci2: command tx timeout [ 73.342013][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.356630][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.367207][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.377744][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.388774][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.397721][ T2978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.408592][ T2978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.417636][ T5847] veth0_macvtap: entered promiscuous mode [ 73.430873][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.440107][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.450297][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.461297][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.488953][ T5847] veth1_macvtap: entered promiscuous mode [ 73.498923][ T5838] Bluetooth: hci3: command tx timeout [ 73.529644][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.544971][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.557230][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.573011][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.585394][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.596134][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.607512][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.632573][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.633890][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 73.649641][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.665508][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.676829][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.687199][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.698467][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.708558][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.719346][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.731536][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.767009][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.783557][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.792891][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.806740][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.893159][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.907201][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.000864][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.017045][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.032099][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.045440][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.155023][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.173336][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.426135][ T5897] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 74.848355][ T5910] could not allocate digest TFM handle [ 75.088560][ T5910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 75.180443][ T5838] Bluetooth: hci0: command tx timeout [ 75.338061][ T5838] Bluetooth: hci1: command tx timeout [ 75.417975][ T5838] Bluetooth: hci2: command tx timeout [ 75.588293][ T5838] Bluetooth: hci3: command tx timeout syzkaller syzkaller login: [ 77.259553][ T5838] Bluetooth: hci0: command tx timeout [ 77.419274][ T5838] Bluetooth: hci1: command tx timeout [ 77.498610][ T5838] Bluetooth: hci2: command tx timeout [ 77.671845][ T5838] Bluetooth: hci3: command tx timeout [ 78.542158][ T5970] cougar: G6 mapped to space [ 78.808043][ T5975] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 79.567216][ T5985] cougar: G6 mapped to space syzkaller syzkaller login: [ 80.310557][ T5992] cougar: G6 mapped to space [ 80.597118][ T5997] cougar: G6 mapped to space [ 84.688816][ T6055] cougar: G6 mapped to space [ 85.930180][ T6074] cougar: G6 mapped to space [ 86.057504][ T5838] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 87.187489][ T8] cfg80211: failed to load regulatory.db [ 87.935456][ T6093] mmap: syz.0.39 (6093) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 88.080449][ T6092] Zero length message leads to an empty skb [ 88.324033][ T6099] netlink: 186 bytes leftover after parsing attributes in process `syz.2.40'. [ 90.769352][ T6128] cougar: G6 mapped to space [ 92.743462][ T6155] netlink: 80 bytes leftover after parsing attributes in process `syz.3.55'. [ 490.091017][T11759] FAULT_INJECTION: forcing a failure. [ 490.091017][T11759] name failslab, interval 1, probability 0, space 0, times 0 [ 490.104758][T11759] CPU: 1 UID: 8 PID: 11759 Comm: syz.4.1213 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 490.104798][T11759] Tainted: [U]=USER [ 490.104806][T11759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 490.104821][T11759] Call Trace: [ 490.104828][T11759] [ 490.104838][T11759] dump_stack_lvl+0x16c/0x1f0 [ 490.104875][T11759] should_fail_ex+0x50a/0x650 [ 490.104910][T11759] ? fs_reclaim_acquire+0xae/0x150 [ 490.104943][T11759] should_failslab+0xc2/0x120 [ 490.104966][T11759] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 490.105001][T11759] ? __alloc_skb+0x2b1/0x380 [ 490.105037][T11759] __alloc_skb+0x2b1/0x380 [ 490.105067][T11759] ? __pfx___alloc_skb+0x10/0x10 [ 490.105100][T11759] ? genl_rcv_msg+0x4bd/0x800 [ 490.105143][T11759] netlink_ack+0x15f/0xb80 [ 490.105183][T11759] netlink_rcv_skb+0x348/0x440 [ 490.105214][T11759] ? __pfx_genl_rcv_msg+0x10/0x10 [ 490.105249][T11759] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 490.105294][T11759] ? down_read+0xc9/0x330 [ 490.105324][T11759] ? __pfx_down_read+0x10/0x10 [ 490.105355][T11759] ? netlink_deliver_tap+0x1ae/0xd30 [ 490.105390][T11759] genl_rcv+0x28/0x40 [ 490.105420][T11759] netlink_unicast+0x53c/0x7f0 [ 490.105455][T11759] ? __pfx_netlink_unicast+0x10/0x10 [ 490.105487][T11759] ? __phys_addr_symbol+0x30/0x80 [ 490.105513][T11759] ? __check_object_size+0x488/0x710 [ 490.105542][T11759] netlink_sendmsg+0x8b8/0xd70 [ 490.105581][T11759] ? __pfx_netlink_sendmsg+0x10/0x10 [ 490.105624][T11759] __sys_sendto+0x488/0x4f0 [ 490.105656][T11759] ? __pfx___sys_sendto+0x10/0x10 [ 490.105712][T11759] ? xfd_validate_state+0x5d/0x180 [ 490.105753][T11759] ? rcu_is_watching+0x12/0xc0 [ 490.105785][T11759] __x64_sys_sendto+0xe0/0x1c0 [ 490.105816][T11759] ? do_syscall_64+0x91/0x250 [ 490.105845][T11759] ? lockdep_hardirqs_on+0x7c/0x110 [ 490.105874][T11759] do_syscall_64+0xcd/0x250 [ 490.105902][T11759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.105933][T11759] RIP: 0033:0x7f419cb8effc [ 490.105952][T11759] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 490.105976][T11759] RSP: 002b:00007f419d9ccec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 490.105996][T11759] RAX: ffffffffffffffda RBX: 00007f419d9ccfc0 RCX: 00007f419cb8effc [ 490.106011][T11759] RDX: 0000000000000020 RSI: 00007f419d9cd010 RDI: 000000000000000b [ 490.106025][T11759] RBP: 0000000000000000 R08: 00007f419d9ccf14 R09: 000000000000000c [ 490.106039][T11759] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000b [ 490.106051][T11759] R13: 00007f419d9ccf68 R14: 00007f419d9cd010 R15: 0000000000000000 [ 490.106080][T11759] [ 490.130207][T11763] cougar: G6 mapped to space [ 490.138648][ T29] audit: type=1800 audit(4294981680.244:9): pid=11759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1213" name="members" dev="configfs" ino=34927 res=0 errno=0 [ 490.548609][T11769] cougar: G6 mapped to space [ 493.099311][T11808] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1223'. [ 493.572674][T11812] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1224'. [ 494.287741][T11774] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 494.352603][T11774] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 494.358698][T11774] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 494.373027][T11774] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 496.023989][T11850] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1235'. [ 496.141809][ T5845] Bluetooth: hci2: command 0x0406 tx timeout [ 496.387535][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 496.387560][ T5148] Bluetooth: hci1: command 0x0c1a tx timeout [ 496.394806][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 498.420841][T11887] bond0: option all_slaves_active: invalid value () [ 499.823163][T11900] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1246'. [ 499.972938][T11901] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1245'. [ 501.909697][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.917842][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.602604][T11920] ptrace attach of "./syz-executor exec"[5847] was attempted by ""[11920] [ 502.971930][T11934] FAULT_INJECTION: forcing a failure. [ 502.971930][T11934] name failslab, interval 1, probability 0, space 0, times 0 [ 503.042977][T11934] CPU: 1 UID: 0 PID: 11934 Comm: syz.4.1254 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 503.043020][T11934] Tainted: [U]=USER [ 503.043028][T11934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 503.043042][T11934] Call Trace: [ 503.043048][T11934] [ 503.043057][T11934] dump_stack_lvl+0x16c/0x1f0 [ 503.043093][T11934] should_fail_ex+0x50a/0x650 [ 503.043130][T11934] ? fs_reclaim_acquire+0xae/0x150 [ 503.043164][T11934] ? rpc_mkpipe_data+0x49/0x460 [ 503.043192][T11934] should_failslab+0xc2/0x120 [ 503.043216][T11934] __kmalloc_cache_noprof+0x68/0x410 [ 503.043249][T11934] ? lockdep_init_map_type+0x16d/0x7d0 [ 503.043290][T11934] rpc_mkpipe_data+0x49/0x460 [ 503.043320][T11934] nfs4blocklayout_net_init+0x95/0x240 [ 503.043360][T11934] ? __pfx_nfs4blocklayout_net_init+0x10/0x10 [ 503.043398][T11934] ops_init+0x1df/0x5f0 [ 503.043436][T11934] setup_net+0x21f/0x860 [ 503.043473][T11934] ? __pfx_setup_net+0x10/0x10 [ 503.043515][T11934] ? down_read_killable+0xcc/0x380 [ 503.043550][T11934] ? __pfx_down_read_killable+0x10/0x10 [ 503.043582][T11934] ? __raw_spin_lock_init+0x3a/0x110 [ 503.043620][T11934] ? debug_mutex_init+0x37/0x70 [ 503.043648][T11934] copy_net_ns+0x2a6/0x5f0 [ 503.043671][T11934] create_new_namespaces+0x3ea/0xad0 [ 503.043713][T11934] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 503.043752][T11934] ksys_unshare+0x45d/0xa40 [ 503.043779][T11934] ? __pfx_ksys_unshare+0x10/0x10 [ 503.043801][T11934] ? xfd_validate_state+0x5d/0x180 [ 503.043846][T11934] __x64_sys_unshare+0x31/0x40 [ 503.043870][T11934] do_syscall_64+0xcd/0x250 [ 503.043902][T11934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.043934][T11934] RIP: 0033:0x7f419cb8d169 [ 503.043955][T11934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.043979][T11934] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 503.044005][T11934] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 503.044022][T11934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 503.044037][T11934] RBP: 00007f419cc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 503.044052][T11934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 503.044068][T11934] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 503.044100][T11934] [ 503.125413][T11940] cougar: G6 mapped to space [ 505.173497][T11969] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1266'. [ 507.011644][T12001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1271'. [ 508.032716][T12013] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1275'. [ 510.904206][T11962] Process accounting resumed [ 514.992440][T12109] Invalid ELF header magic: != ELF [ 515.216380][T12113] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1298'. [ 515.271374][T12096] sctp: [Deprecated]: syz.5.1293 (pid 12096) Use of struct sctp_assoc_value in delayed_ack socket option. [ 515.271374][T12096] Use struct sctp_sack_info instead [ 516.086556][T12118] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1300'. [ 521.086928][T12174] FAULT_INJECTION: forcing a failure. [ 521.086928][T12174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 521.111838][T12174] CPU: 1 UID: 0 PID: 12174 Comm: syz.3.1312 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 521.111874][T12174] Tainted: [U]=USER [ 521.111881][T12174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 521.111894][T12174] Call Trace: [ 521.111901][T12174] [ 521.111910][T12174] dump_stack_lvl+0x16c/0x1f0 [ 521.111944][T12174] should_fail_ex+0x50a/0x650 [ 521.111982][T12174] _copy_from_user+0x2e/0xd0 [ 521.112011][T12174] copy_msghdr_from_user+0x99/0x160 [ 521.112043][T12174] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 521.112086][T12174] ? __lock_acquire+0xcc5/0x3c40 [ 521.112130][T12174] ___sys_sendmsg+0xff/0x1e0 [ 521.112163][T12174] ? __pfx____sys_sendmsg+0x10/0x10 [ 521.112208][T12174] ? trace_lock_acquire+0x14e/0x1f0 [ 521.112255][T12174] __sys_sendmmsg+0x201/0x420 [ 521.112290][T12174] ? __pfx___sys_sendmmsg+0x10/0x10 [ 521.112331][T12174] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 521.112372][T12174] ? fput+0x67/0x440 [ 521.112396][T12174] ? ksys_write+0x1ba/0x250 [ 521.112424][T12174] ? __pfx_ksys_write+0x10/0x10 [ 521.112459][T12174] __x64_sys_sendmmsg+0x9c/0x100 [ 521.112489][T12174] ? lockdep_hardirqs_on+0x7c/0x110 [ 521.112516][T12174] do_syscall_64+0xcd/0x250 [ 521.112546][T12174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.112577][T12174] RIP: 0033:0x7f5877d8d169 [ 521.112596][T12174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.112617][T12174] RSP: 002b:00007f5878ca8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 521.112639][T12174] RAX: ffffffffffffffda RBX: 00007f5877fa5fa0 RCX: 00007f5877d8d169 [ 521.112655][T12174] RDX: 0000000000000007 RSI: 0000400000000200 RDI: 0000000000000003 [ 521.112669][T12174] RBP: 00007f5878ca8090 R08: 0000000000000000 R09: 0000000000000000 [ 521.112683][T12174] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 521.112696][T12174] R13: 0000000000000000 R14: 00007f5877fa5fa0 R15: 00007ffeef08bbd8 [ 521.112726][T12174] [ 521.607920][T12177] svc: failed to register nfsdv3 RPC service (errno 111). [ 521.620027][T12177] svc: failed to register nfsaclv3 RPC service (errno 111). [ 522.729583][T12189] cougar: G6 mapped to space [ 524.812515][T12205] delete_channel: no stack [ 527.033884][T12239] cougar: G6 mapped to space [ 527.987092][T12250] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1328'. [ 528.568702][T12256] FAULT_INJECTION: forcing a failure. [ 528.568702][T12256] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 528.600891][T12256] CPU: 1 UID: 0 PID: 12256 Comm: syz.4.1331 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 528.600931][T12256] Tainted: [U]=USER [ 528.600938][T12256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 528.600951][T12256] Call Trace: [ 528.600958][T12256] [ 528.600968][T12256] dump_stack_lvl+0x16c/0x1f0 [ 528.601002][T12256] should_fail_ex+0x50a/0x650 [ 528.601034][T12256] ? __pfx___might_resched+0x10/0x10 [ 528.601073][T12256] should_fail_alloc_page+0xe7/0x130 [ 528.601098][T12256] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 528.601134][T12256] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 528.601168][T12256] ? mark_lock+0xb5/0xc60 [ 528.601197][T12256] ? __pfx_mark_lock+0x10/0x10 [ 528.601228][T12256] ? __pfx_mark_lock+0x10/0x10 [ 528.601254][T12256] ? __pfx_stack_trace_save+0x10/0x10 [ 528.601280][T12256] ? stack_depot_save_flags+0x28/0x9c0 [ 528.601315][T12256] ? rcu_is_watching+0x12/0xc0 [ 528.601339][T12256] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 528.601374][T12256] ? kasan_save_stack+0x42/0x60 [ 528.601403][T12256] ? kasan_save_stack+0x33/0x60 [ 528.601431][T12256] ? kasan_save_track+0x14/0x30 [ 528.601468][T12256] ? hlock_class+0x4e/0x130 [ 528.601491][T12256] ? __lock_acquire+0x15a9/0x3c40 [ 528.601524][T12256] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 528.601560][T12256] ? policy_nodemask+0xea/0x4e0 [ 528.601596][T12256] alloc_pages_mpol+0x1fc/0x540 [ 528.601620][T12256] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 528.601647][T12256] ? lock_acquire.part.0+0x11b/0x380 [ 528.601684][T12256] ? __pfx_filemap_map_pages+0x10/0x10 [ 528.601707][T12256] alloc_pages_noprof+0x131/0x390 [ 528.601727][T12256] pte_alloc_one+0x20/0x390 [ 528.601757][T12256] __do_fault+0x320/0x490 [ 528.601782][T12256] ? __pfx_filemap_map_pages+0x10/0x10 [ 528.601807][T12256] do_pte_missing+0x1a8/0x3e10 [ 528.601849][T12256] ? do_raw_spin_unlock+0x172/0x230 [ 528.601874][T12256] ? __pmd_alloc+0x3c2/0x870 [ 528.601902][T12256] __handle_mm_fault+0x1166/0x2c60 [ 528.601938][T12256] ? __pfx___handle_mm_fault+0x10/0x10 [ 528.601965][T12256] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 528.602008][T12256] ? find_vma+0xc0/0x140 [ 528.602030][T12256] ? __pfx_find_vma+0x10/0x10 [ 528.602057][T12256] handle_mm_fault+0x3fa/0xaa0 [ 528.602091][T12256] do_user_addr_fault+0x7a3/0x13f0 [ 528.602126][T12256] exc_page_fault+0x5c/0xc0 [ 528.602153][T12256] asm_exc_page_fault+0x26/0x30 [ 528.602182][T12256] RIP: 0010:__put_user_8+0x11/0x20 [ 528.602210][T12256] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 [ 528.602232][T12256] RSP: 0018:ffffc90003d4fe48 EFLAGS: 00050246 [ 528.602252][T12256] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 528.602266][T12256] RDX: ffff888030d20000 RSI: ffffffff84a6669a RDI: ffffffff8bd34740 [ 528.602282][T12256] RBP: ffff88802ec75180 R08: 0000000000000000 R09: fffffbfff20c4f02 [ 528.602297][T12256] R10: ffffffff90627817 R11: 0000000000000000 R12: 0000000000000000 [ 528.602311][T12256] R13: 1ffff920007a9fcb R14: ffff888023ae2280 R15: 000000000000000a [ 528.602337][T12256] ? blkdev_ioctl+0x42a/0x6d0 [ 528.602365][T12256] blkdev_ioctl+0x435/0x6d0 [ 528.602388][T12256] ? __pfx_blkdev_ioctl+0x10/0x10 [ 528.602409][T12256] ? __fget_files+0x206/0x3a0 [ 528.602444][T12256] ? __pfx_blkdev_ioctl+0x10/0x10 [ 528.602469][T12256] __x64_sys_ioctl+0x190/0x200 [ 528.602499][T12256] do_syscall_64+0xcd/0x250 [ 528.602529][T12256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.602558][T12256] RIP: 0033:0x7f419cb8d169 [ 528.602577][T12256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.602597][T12256] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 528.602618][T12256] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 528.602633][T12256] RDX: 0000000000000000 RSI: 0000000080081272 RDI: 0000000000000003 [ 528.602647][T12256] RBP: 00007f419d9ce090 R08: 0000000000000000 R09: 0000000000000000 [ 528.602661][T12256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 528.602675][T12256] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 528.602707][T12256] [ 530.245117][T12270] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1334'. [ 530.383674][T12275] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1336'. [ 533.219624][T12312] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1345'. [ 534.567240][T12325] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1346'. [ 536.948234][T12355] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1354'. [ 537.440499][T12360] cougar: G6 mapped to space [ 538.463012][T12371] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1360'. [ 539.051359][T12377] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1361'. [ 539.309303][T12387] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1363'. [ 540.646022][T12401] cougar: G6 mapped to space [ 541.034934][T12410] FAULT_INJECTION: forcing a failure. [ 541.034934][T12410] name failslab, interval 1, probability 0, space 0, times 0 [ 541.140185][T12410] CPU: 0 UID: 0 PID: 12410 Comm: syz.2.1369 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 541.140224][T12410] Tainted: [U]=USER [ 541.140232][T12410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 541.140245][T12410] Call Trace: [ 541.140251][T12410] [ 541.140261][T12410] dump_stack_lvl+0x16c/0x1f0 [ 541.140294][T12410] should_fail_ex+0x50a/0x650 [ 541.140333][T12410] should_failslab+0xc2/0x120 [ 541.140355][T12410] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 541.140389][T12410] ? skb_clone+0x190/0x3f0 [ 541.140426][T12410] skb_clone+0x190/0x3f0 [ 541.140459][T12410] netlink_deliver_tap+0xabd/0xd30 [ 541.140496][T12410] netlink_unicast+0x5e1/0x7f0 [ 541.140531][T12410] ? __pfx_netlink_unicast+0x10/0x10 [ 541.140561][T12410] ? __phys_addr_symbol+0x30/0x80 [ 541.140585][T12410] ? __check_object_size+0x488/0x710 [ 541.140613][T12410] netlink_sendmsg+0x8b8/0xd70 [ 541.140648][T12410] ? __pfx_netlink_sendmsg+0x10/0x10 [ 541.140676][T12410] ? __might_fault+0xe3/0x190 [ 541.140713][T12410] ____sys_sendmsg+0xaaf/0xc90 [ 541.140740][T12410] ? __pfx_____sys_sendmsg+0x10/0x10 [ 541.140763][T12410] ? __lock_acquire+0xcc5/0x3c40 [ 541.140814][T12410] ___sys_sendmsg+0x135/0x1e0 [ 541.140848][T12410] ? __pfx____sys_sendmsg+0x10/0x10 [ 541.140893][T12410] ? trace_lock_acquire+0x14e/0x1f0 [ 541.140942][T12410] __sys_sendmmsg+0x201/0x420 [ 541.140977][T12410] ? __pfx___sys_sendmmsg+0x10/0x10 [ 541.141021][T12410] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 541.141064][T12410] ? fput+0x67/0x440 [ 541.141087][T12410] ? ksys_write+0x1ba/0x250 [ 541.141116][T12410] ? __pfx_ksys_write+0x10/0x10 [ 541.141152][T12410] __x64_sys_sendmmsg+0x9c/0x100 [ 541.141182][T12410] ? lockdep_hardirqs_on+0x7c/0x110 [ 541.141209][T12410] do_syscall_64+0xcd/0x250 [ 541.141240][T12410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.141271][T12410] RIP: 0033:0x7f099098d169 [ 541.141290][T12410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.141312][T12410] RSP: 002b:00007f0991831038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 541.141334][T12410] RAX: ffffffffffffffda RBX: 00007f0990ba6080 RCX: 00007f099098d169 [ 541.141349][T12410] RDX: 0000000000000007 RSI: 0000400000000200 RDI: 0000000000000003 [ 541.141363][T12410] RBP: 00007f0991831090 R08: 0000000000000000 R09: 0000000000000000 [ 541.141376][T12410] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 541.141390][T12410] R13: 0000000000000000 R14: 00007f0990ba6080 R15: 00007fff45240958 [ 541.141422][T12410] [ 541.714341][T12401] Process accounting paused [ 541.764710][T12412] cougar: G6 mapped to space [ 542.279017][T12400] FAULT_INJECTION: forcing a failure. [ 542.279017][T12400] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 542.541965][T12400] CPU: 1 UID: 0 PID: 12400 Comm: syz.4.1368 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 542.542003][T12400] Tainted: [U]=USER [ 542.542010][T12400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 542.542023][T12400] Call Trace: [ 542.542030][T12400] [ 542.542039][T12400] dump_stack_lvl+0x16c/0x1f0 [ 542.542073][T12400] should_fail_ex+0x50a/0x650 [ 542.542111][T12400] _copy_from_user+0x2e/0xd0 [ 542.542137][T12400] get_timespec64+0x8c/0x240 [ 542.542165][T12400] ? __pfx_get_timespec64+0x10/0x10 [ 542.542201][T12400] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 542.542227][T12400] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 542.542252][T12400] ? do_user_addr_fault+0x83d/0x13f0 [ 542.542289][T12400] do_syscall_64+0xcd/0x250 [ 542.542320][T12400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.542350][T12400] RIP: 0033:0x7f419cbbfa25 [ 542.542369][T12400] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 542.542391][T12400] RSP: 002b:00007ffe806ee600 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 542.542413][T12400] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cbbfa25 [ 542.542428][T12400] RDX: 00007ffe806ee640 RSI: 0000000000000000 RDI: 0000000000000000 [ 542.542442][T12400] RBP: 00007f419cda7ba0 R08: 0000000000000000 R09: 00007f419d9cf000 [ 542.542457][T12400] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000084681 [ 542.542471][T12400] R13: 00007f419cda6160 R14: ffffffffffffffff R15: 00007ffe806ee780 [ 542.542502][T12400] [ 543.353174][ T29] audit: type=1800 audit(4294981765.515:10): pid=12435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1375" name="discovery_nqn" dev="configfs" ino=38307 res=0 errno=0 [ 544.635630][T12453] cougar: G6 mapped to space [ 548.110413][T12486] kexec: Could not allocate control_code_buffer [ 548.529129][T12508] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1395'. [ 548.937810][T12510] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1396'. [ 550.272956][T12535] cougar: G6 mapped to space [ 553.245064][T12563] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1408'. [ 555.297746][T12588] netlink: 'syz.5.1416': attribute type 1 has an invalid length. [ 556.098618][T12605] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1419'. [ 558.482431][T12628] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1424'. [ 558.652534][T12633] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1425'. [ 558.820842][T12630] FAULT_INJECTION: forcing a failure. [ 558.820842][T12630] name failslab, interval 1, probability 0, space 0, times 0 [ 558.870217][T12630] CPU: 1 UID: 0 PID: 12630 Comm: syz.2.1424 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 558.870259][T12630] Tainted: [U]=USER [ 558.870267][T12630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 558.870294][T12630] Call Trace: [ 558.870302][T12630] [ 558.870312][T12630] dump_stack_lvl+0x16c/0x1f0 [ 558.870351][T12630] should_fail_ex+0x50a/0x650 [ 558.870387][T12630] ? fs_reclaim_acquire+0xae/0x150 [ 558.870422][T12630] should_failslab+0xc2/0x120 [ 558.870446][T12630] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 558.870486][T12630] ? kstrdup_const+0x63/0x80 [ 558.870519][T12630] kstrdup+0x53/0x100 [ 558.870549][T12630] kstrdup_const+0x63/0x80 [ 558.870577][T12630] kvasprintf_const+0x10f/0x1a0 [ 558.870607][T12630] kobject_set_name_vargs+0x5a/0x140 [ 558.870643][T12630] dev_set_name+0xc8/0x100 [ 558.870678][T12630] ? __pfx_dev_set_name+0x10/0x10 [ 558.870720][T12630] ? __init_waitqueue_head+0xca/0x150 [ 558.870757][T12630] netdev_register_kobject+0xc5/0x3a0 [ 558.870798][T12630] register_netdevice+0x147b/0x1eb0 [ 558.870841][T12630] ? __pfx_register_netdevice+0x10/0x10 [ 558.870888][T12630] __ip_tunnel_create+0x4aa/0x690 [ 558.870921][T12630] ? __pfx___ip_tunnel_create+0x10/0x10 [ 558.870953][T12630] ? read_word_at_a_time+0xe/0x20 [ 558.870993][T12630] ip_tunnel_init_net+0x22a/0x790 [ 558.871028][T12630] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 558.871067][T12630] ? __kmalloc_noprof+0x23b/0x510 [ 558.871107][T12630] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 558.871133][T12630] ops_init+0x1df/0x5f0 [ 558.871172][T12630] setup_net+0x21f/0x860 [ 558.871209][T12630] ? __pfx_setup_net+0x10/0x10 [ 558.871241][T12630] ? down_read_killable+0xcc/0x380 [ 558.871282][T12630] ? __pfx_down_read_killable+0x10/0x10 [ 558.871315][T12630] ? __raw_spin_lock_init+0x3a/0x110 [ 558.871357][T12630] ? debug_mutex_init+0x37/0x70 [ 558.871388][T12630] copy_net_ns+0x2a6/0x5f0 [ 558.871416][T12630] create_new_namespaces+0x3ea/0xad0 [ 558.871462][T12630] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 558.871503][T12630] ksys_unshare+0x45d/0xa40 [ 558.871528][T12630] ? __pfx_ksys_unshare+0x10/0x10 [ 558.871551][T12630] ? xfd_validate_state+0x5d/0x180 [ 558.871597][T12630] __x64_sys_unshare+0x31/0x40 [ 558.871622][T12630] do_syscall_64+0xcd/0x250 [ 558.871655][T12630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.871691][T12630] RIP: 0033:0x7f099098d169 [ 558.871709][T12630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.871732][T12630] RSP: 002b:00007f0991810038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 558.871753][T12630] RAX: ffffffffffffffda RBX: 00007f0990ba6160 RCX: 00007f099098d169 [ 558.871768][T12630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 558.871781][T12630] RBP: 00007f0990a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 558.871793][T12630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.871806][T12630] R13: 0000000000000000 R14: 00007f0990ba6160 R15: 00007fff45240958 [ 558.871836][T12630] [ 559.779293][T12641] cougar: G6 mapped to space [ 560.342929][T12650] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1431'. [ 560.920165][T12667] FAULT_INJECTION: forcing a failure. [ 560.920165][T12667] name failslab, interval 1, probability 0, space 0, times 0 [ 560.935800][T12667] CPU: 1 UID: 0 PID: 12667 Comm: syz.4.1436 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 560.935840][T12667] Tainted: [U]=USER [ 560.935849][T12667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 560.935863][T12667] Call Trace: [ 560.935870][T12667] [ 560.935880][T12667] dump_stack_lvl+0x16c/0x1f0 [ 560.935917][T12667] should_fail_ex+0x50a/0x650 [ 560.935954][T12667] ? fs_reclaim_acquire+0xae/0x150 [ 560.935989][T12667] ? xfrm_hash_alloc+0xd1/0x100 [ 560.936022][T12667] should_failslab+0xc2/0x120 [ 560.936048][T12667] __kmalloc_noprof+0xcb/0x510 [ 560.936083][T12667] ? xfrm_state_init+0x378/0x630 [ 560.936114][T12667] ? xfrm_state_init+0x3d4/0x630 [ 560.936148][T12667] ? __pfx_xfrm_net_init+0x10/0x10 [ 560.936184][T12667] xfrm_hash_alloc+0xd1/0x100 [ 560.936218][T12667] xfrm_net_init+0x245/0xcb0 [ 560.936259][T12667] ? __pfx_xfrm_net_init+0x10/0x10 [ 560.936294][T12667] ops_init+0x1df/0x5f0 [ 560.936333][T12667] setup_net+0x21f/0x860 [ 560.936380][T12667] ? __pfx_setup_net+0x10/0x10 [ 560.936414][T12667] ? down_read_killable+0xcc/0x380 [ 560.936449][T12667] ? __pfx_down_read_killable+0x10/0x10 [ 560.936483][T12667] ? __raw_spin_lock_init+0x3a/0x110 [ 560.936523][T12667] ? debug_mutex_init+0x37/0x70 [ 560.936552][T12667] copy_net_ns+0x2a6/0x5f0 [ 560.936580][T12667] create_new_namespaces+0x3ea/0xad0 [ 560.936626][T12667] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 560.936666][T12667] ksys_unshare+0x45d/0xa40 [ 560.936693][T12667] ? __pfx_ksys_unshare+0x10/0x10 [ 560.936717][T12667] ? xfd_validate_state+0x5d/0x180 [ 560.936761][T12667] __x64_sys_unshare+0x31/0x40 [ 560.936786][T12667] do_syscall_64+0xcd/0x250 [ 560.936819][T12667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.936851][T12667] RIP: 0033:0x7f419cb8d169 [ 560.936871][T12667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.936894][T12667] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 560.936918][T12667] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 560.936935][T12667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 560.936949][T12667] RBP: 00007f419cc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 560.936964][T12667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.936979][T12667] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 560.937013][T12667] [ 561.985531][T12687] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 563.347877][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.356380][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.462764][T12710] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1444'. [ 565.141211][T12729] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1448'. [ 566.362973][ T5844] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 566.857017][T12743] zswap: compressor not available [ 567.582588][T12775] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1454'. [ 568.494426][T12787] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1458'. [ 570.448511][T12801] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1463'. [ 571.642519][ T29] audit: type=1800 audit(4294981841.812:11): pid=12827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1470" name="discovery_nqn" dev="configfs" ino=40035 res=0 errno=0 [ 571.836888][T12828] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1468'. [ 572.492920][T12823] Process accounting resumed [ 574.244218][T12862] usb usb15: usbfs: process 12862 (syz.4.1475) did not claim interface 0 before use [ 574.259706][T12862] netlink: 130 bytes leftover after parsing attributes in process `syz.4.1475'. [ 576.399290][T12893] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1482'. [ 576.497845][T12893] hsr_slave_0: left promiscuous mode [ 576.524948][T12893] hsr_slave_1: left promiscuous mode [ 577.943049][T12916] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1487'. [ 578.783040][T12922] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1489'. [ 582.773625][T12994] FAULT_INJECTION: forcing a failure. [ 582.773625][T12994] name failslab, interval 1, probability 0, space 0, times 0 [ 582.912929][T12994] CPU: 1 UID: 0 PID: 12994 Comm: syz.4.1508 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 582.912972][T12994] Tainted: [U]=USER [ 582.912980][T12994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 582.912995][T12994] Call Trace: [ 582.913003][T12994] [ 582.913013][T12994] dump_stack_lvl+0x16c/0x1f0 [ 582.913051][T12994] should_fail_ex+0x50a/0x650 [ 582.913089][T12994] ? fs_reclaim_acquire+0xae/0x150 [ 582.913123][T12994] should_failslab+0xc2/0x120 [ 582.913147][T12994] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 582.913186][T12994] ? alloc_empty_file+0x73/0x1e0 [ 582.913216][T12994] alloc_empty_file+0x73/0x1e0 [ 582.913243][T12994] alloc_file_pseudo+0x13b/0x230 [ 582.913271][T12994] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 582.913300][T12994] ? __raw_spin_lock_init+0x3a/0x110 [ 582.913342][T12994] create_pipe_files+0x364/0x930 [ 582.913381][T12994] do_pipe2+0xb0/0x1d0 [ 582.913414][T12994] ? __pfx_do_pipe2+0x10/0x10 [ 582.913448][T12994] ? xfd_validate_state+0x5d/0x180 [ 582.913491][T12994] __x64_sys_pipe2+0x54/0x80 [ 582.913526][T12994] do_syscall_64+0xcd/0x250 [ 582.913559][T12994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.913591][T12994] RIP: 0033:0x7f419cb8d169 [ 582.913611][T12994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 582.913635][T12994] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125 [ 582.913666][T12994] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 582.913683][T12994] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000 [ 582.913698][T12994] RBP: 00007f419cc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 582.913714][T12994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.913729][T12994] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 582.913762][T12994] [ 589.578256][T13050] syz.3.1520(13050): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 589.713178][T13050] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1520'. [ 592.482850][T13076] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1524'. [ 593.811400][T13093] bridge0: port 3(team0) entered blocking state [ 593.889316][T13093] bridge0: port 3(team0) entered disabled state [ 593.892552][T13095] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1530'. [ 593.953413][T13093] team0: entered allmulticast mode [ 593.958595][T13093] team_slave_0: entered allmulticast mode [ 593.992709][T13093] team_slave_1: entered allmulticast mode [ 593.999680][T13093] team0: entered promiscuous mode [ 594.063013][T13093] team_slave_0: entered promiscuous mode [ 594.068865][T13093] team_slave_1: entered promiscuous mode [ 594.113221][T13093] bridge0: port 3(team0) entered blocking state [ 594.119622][T13093] bridge0: port 3(team0) entered forwarding state [ 596.722759][T13118] Invalid ELF header magic: != ELF [ 597.241510][T13126] bond0: option mode: unable to set because the bond device is up [ 598.708602][T13151] netlink: 5 bytes leftover after parsing attributes in process `syz.5.1540'. [ 598.967679][T13156] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1541'. [ 599.108794][T13162] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1542'. [ 599.296450][T13162] hsr_slave_0: left promiscuous mode [ 599.319660][T13162] hsr_slave_1: left promiscuous mode [ 599.900683][T13170] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1545'. [ 599.945050][T13170] netlink: 'syz.3.1545': attribute type 2 has an invalid length. [ 599.945074][T13170] netlink: 'syz.3.1545': attribute type 3 has an invalid length. [ 599.945090][T13170] netlink: 118 bytes leftover after parsing attributes in process `syz.3.1545'. [ 601.244941][T13195] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1550'. [ 602.079378][T13201] Invalid ELF header magic: != ELF [ 602.798824][T13202] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1553'. [ 602.817564][T13202] geneve1: entered allmulticast mode [ 603.574395][T13226] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1559'. [ 603.676191][T13226] hsr_slave_0: left promiscuous mode [ 603.682810][T13226] hsr_slave_1: left promiscuous mode [ 606.961480][T13284] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1573'. [ 609.341804][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 609.358004][T13272] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 609.413314][T13272] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 609.419431][T13272] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 609.473465][T13272] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 611.048627][T13329] FAULT_INJECTION: forcing a failure. [ 611.048627][T13329] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 611.157623][T13329] CPU: 0 UID: 0 PID: 13329 Comm: syz.3.1584 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 611.157663][T13329] Tainted: [U]=USER [ 611.157670][T13329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 611.157683][T13329] Call Trace: [ 611.157690][T13329] [ 611.157700][T13329] dump_stack_lvl+0x16c/0x1f0 [ 611.157735][T13329] should_fail_ex+0x50a/0x650 [ 611.157774][T13329] _copy_to_user+0x32/0xd0 [ 611.157801][T13329] simple_read_from_buffer+0xd0/0x160 [ 611.157833][T13329] proc_fail_nth_read+0x198/0x270 [ 611.157862][T13329] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 611.157893][T13329] ? rw_verify_area+0xcf/0x680 [ 611.157920][T13329] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 611.157948][T13329] vfs_read+0x1df/0xbf0 [ 611.157978][T13329] ? __fget_files+0x1fc/0x3a0 [ 611.158012][T13329] ? __pfx___mutex_lock+0x10/0x10 [ 611.158040][T13329] ? __pfx_vfs_read+0x10/0x10 [ 611.158078][T13329] ? __fget_files+0x206/0x3a0 [ 611.158119][T13329] ksys_read+0x12b/0x250 [ 611.158147][T13329] ? __pfx_ksys_read+0x10/0x10 [ 611.158186][T13329] do_syscall_64+0xcd/0x250 [ 611.158217][T13329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.158248][T13329] RIP: 0033:0x7f5877d8bb7c [ 611.158266][T13329] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 611.158294][T13329] RSP: 002b:00007f5878ca8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 611.158316][T13329] RAX: ffffffffffffffda RBX: 00007f5877fa5fa0 RCX: 00007f5877d8bb7c [ 611.158332][T13329] RDX: 000000000000000f RSI: 00007f5878ca80a0 RDI: 0000000000000004 [ 611.158346][T13329] RBP: 00007f5878ca8090 R08: 0000000000000000 R09: 0000000180000000 [ 611.158361][T13329] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 611.158375][T13329] R13: 0000000000000000 R14: 00007f5877fa5fa0 R15: 00007ffeef08bbd8 [ 611.158407][T13329] [ 611.433865][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 611.440061][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 611.506603][T13333] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1586'. [ 611.515918][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 613.886388][T13365] FAULT_INJECTION: forcing a failure. [ 613.886388][T13365] name failslab, interval 1, probability 0, space 0, times 0 [ 614.295443][T13365] CPU: 1 UID: 0 PID: 13365 Comm: syz.2.1593 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 614.295487][T13365] Tainted: [U]=USER [ 614.295496][T13365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 614.295511][T13365] Call Trace: [ 614.295520][T13365] [ 614.295531][T13365] dump_stack_lvl+0x16c/0x1f0 [ 614.295568][T13365] should_fail_ex+0x50a/0x650 [ 614.295606][T13365] ? fs_reclaim_acquire+0xae/0x150 [ 614.295640][T13365] ? alloc_tty_struct+0x98/0x8d0 [ 614.295671][T13365] should_failslab+0xc2/0x120 [ 614.295695][T13365] __kmalloc_cache_noprof+0x68/0x410 [ 614.295728][T13365] ? __mutex_lock+0x1cc/0xb10 [ 614.295766][T13365] alloc_tty_struct+0x98/0x8d0 [ 614.295796][T13365] ? __pfx___mutex_lock+0x10/0x10 [ 614.295826][T13365] ? __pfx_alloc_tty_struct+0x10/0x10 [ 614.295858][T13365] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 614.295898][T13365] tty_init_dev.part.0+0x1e/0x660 [ 614.295932][T13365] tty_init_dev+0x60/0x80 [ 614.295963][T13365] ? __pfx_ptmx_open+0x10/0x10 [ 614.295990][T13365] ptmx_open+0x10d/0x360 [ 614.296015][T13365] ? __pfx_ptmx_open+0x10/0x10 [ 614.296039][T13365] chrdev_open+0x237/0x6a0 [ 614.296074][T13365] ? __pfx_apparmor_file_open+0x10/0x10 [ 614.296105][T13365] ? __pfx_chrdev_open+0x10/0x10 [ 614.296143][T13365] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 614.296181][T13365] do_dentry_open+0x735/0x1c40 [ 614.296223][T13365] ? __pfx_chrdev_open+0x10/0x10 [ 614.296262][T13365] ? inode_permission+0xdd/0x5f0 [ 614.296293][T13365] vfs_open+0x82/0x3f0 [ 614.296317][T13365] ? may_open+0x1f2/0x400 [ 614.296348][T13365] path_openat+0x1e88/0x2d80 [ 614.296397][T13365] ? __pfx_path_openat+0x10/0x10 [ 614.296432][T13365] ? __pfx___lock_acquire+0x10/0x10 [ 614.296463][T13365] ? lock_acquire.part.0+0x11b/0x380 [ 614.296495][T13365] ? find_held_lock+0x2d/0x110 [ 614.296525][T13365] do_filp_open+0x20c/0x470 [ 614.296560][T13365] ? __pfx_do_filp_open+0x10/0x10 [ 614.296591][T13365] ? find_held_lock+0x2d/0x110 [ 614.296642][T13365] ? alloc_fd+0x41f/0x760 [ 614.296685][T13365] do_sys_openat2+0x17a/0x1e0 [ 614.296710][T13365] ? __pfx_do_sys_openat2+0x10/0x10 [ 614.296750][T13365] __x64_sys_openat+0x175/0x210 [ 614.296777][T13365] ? __pfx___x64_sys_openat+0x10/0x10 [ 614.296818][T13365] do_syscall_64+0xcd/0x250 [ 614.296852][T13365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.296884][T13365] RIP: 0033:0x7f099098d169 [ 614.296904][T13365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.296928][T13365] RSP: 002b:00007f0991852038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 614.296952][T13365] RAX: ffffffffffffffda RBX: 00007f0990ba5fa0 RCX: 00007f099098d169 [ 614.296969][T13365] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: ffffffffffffff9c [ 614.296984][T13365] RBP: 00007f0990a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 614.296999][T13365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.297014][T13365] R13: 0000000000000000 R14: 00007f0990ba5fa0 R15: 00007fff45240958 [ 614.297058][T13365] [ 616.207962][T13384] Process accounting resumed [ 617.466056][T13423] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1608'. [ 618.546111][T13446] Invalid ELF header magic: != ELF [ 618.905874][T13459] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1617'. [ 622.357701][T13522] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1630'. [ 624.786419][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.792906][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.730819][T13652] ecryptfs_miscdev_write: Error while inspecting packet size [ 632.924325][T13652] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed. [ 637.788308][T13722] FAULT_INJECTION: forcing a failure. [ 637.788308][T13722] name failslab, interval 1, probability 0, space 0, times 0 [ 637.811860][T13722] CPU: 1 UID: 0 PID: 13722 Comm: syz.4.1677 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 637.811899][T13722] Tainted: [U]=USER [ 637.811907][T13722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 637.811920][T13722] Call Trace: [ 637.811926][T13722] [ 637.811936][T13722] dump_stack_lvl+0x16c/0x1f0 [ 637.811971][T13722] should_fail_ex+0x50a/0x650 [ 637.812005][T13722] ? fs_reclaim_acquire+0xae/0x150 [ 637.812036][T13722] should_failslab+0xc2/0x120 [ 637.812057][T13722] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 637.812092][T13722] ? lockdep_init_map_type+0x16d/0x7d0 [ 637.812128][T13722] ? security_inode_alloc+0x3b/0x2b0 [ 637.812154][T13722] security_inode_alloc+0x3b/0x2b0 [ 637.812177][T13722] inode_init_always_gfp+0xce4/0x1030 [ 637.812224][T13722] alloc_inode+0x82/0x230 [ 637.812247][T13722] sock_alloc+0x40/0x280 [ 637.812285][T13722] __sock_create+0xc1/0x8d0 [ 637.812317][T13722] __sys_socket+0x14f/0x260 [ 637.812345][T13722] ? __pfx___sys_socket+0x10/0x10 [ 637.812371][T13722] ? rcu_is_watching+0x12/0xc0 [ 637.812402][T13722] __x64_sys_socket+0x72/0xb0 [ 637.812426][T13722] ? lockdep_hardirqs_on+0x7c/0x110 [ 637.812451][T13722] do_syscall_64+0xcd/0x250 [ 637.812479][T13722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.812507][T13722] RIP: 0033:0x7f419cb8d169 [ 637.812525][T13722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.812547][T13722] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 637.812570][T13722] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 637.812586][T13722] RDX: 0000000000000007 RSI: 0000000000000002 RDI: 000000000000001d [ 637.812599][T13722] RBP: 00007f419cc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 637.812613][T13722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 637.812627][T13722] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 637.812657][T13722] [ 637.812688][T13722] socket: no more sockets [ 644.370808][T13779] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1690'. [ 644.479440][T13783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1691'. [ 644.662137][T13778] ima: policy update failed [ 644.666985][ T29] audit: type=1802 audit(4294982002.841:12): pid=13778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.1690" res=0 errno=0 [ 645.716714][T13800] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1694'. [ 645.793945][T13800] netlink: 11 bytes leftover after parsing attributes in process `syz.4.1694'. [ 646.269839][T13807] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1696'. [ 646.437526][T13807] Process accounting paused [ 646.708849][T13819] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1699'. [ 647.305511][T13824] can0: slcan on ttyS2. [ 647.411866][T13827] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 647.503149][T13829] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 647.574423][T13831] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 647.632598][T13824] can0 (unregistered): slcan off ttyS2. [ 649.984786][ T5845] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 649.984837][ T5845] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 650.002136][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 650.002263][ T5845] Bluetooth: hci3: Malformed LE Event: 0x0d [ 650.824065][ T5845] Bluetooth: hci4: Malformed Event: 0x13 [ 650.833293][ T5845] Bluetooth: hci4: unexpected subevent 0x04 length: 122 > 11 [ 651.354813][T13858] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1709'. [ 655.799972][T13893] cougar: G6 mapped to space [ 655.870483][T13897] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1718'. [ 660.249589][T13934] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1695'. [ 660.313341][T13934] ipvlan1: entered allmulticast mode [ 660.318867][T13934] veth0_vlan: entered allmulticast mode [ 661.472596][T13955] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 661.551839][T13955] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 661.580209][T13955] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 662.971003][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 662.982639][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 662.993767][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 663.002277][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 663.011188][ T5844] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 663.018984][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 663.915440][T11803] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.282020][T11803] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.464474][T13991] vivid-003: ================= START STATUS ================= [ 664.500055][T13991] vivid-003: Radio HW Seek Mode: Bounded [ 664.516534][T11803] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.541941][T13991] vivid-003: Radio Programmable HW Seek: false [ 664.548187][T13991] vivid-003: RDS Rx I/O Mode: Block I/O [ 664.601064][T13975] chnl_net:caif_netlink_parms(): no params data found [ 664.632310][T13991] vivid-003: Generate RBDS Instead of RDS: false [ 664.641043][T13991] vivid-003: RDS Reception: true [ 664.651806][T13991] vivid-003: RDS Program Type: 0 inactive [ 664.663946][T13991] vivid-003: RDS PS Name: inactive [ 664.675790][T13991] vivid-003: RDS Radio Text: inactive [ 664.688463][T13991] vivid-003: RDS Traffic Announcement: false inactive [ 664.703025][T13991] vivid-003: RDS Traffic Program: false inactive [ 664.717927][T13991] vivid-003: RDS Music: false inactive [ 664.758821][T13991] vivid-003: ================== END STATUS ================== [ 664.979231][T11803] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.106372][ T5844] Bluetooth: hci0: command tx timeout [ 665.150905][T13975] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.169391][T13975] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.231046][T13975] bridge_slave_0: entered allmulticast mode [ 665.271084][T13975] bridge_slave_0: entered promiscuous mode [ 665.320174][T13975] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.327753][T13975] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.340722][T13975] bridge_slave_1: entered allmulticast mode [ 665.349956][T13975] bridge_slave_1: entered promiscuous mode [ 665.819458][T13975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 665.883797][T13975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 666.274905][T13975] team0: Port device team_slave_0 added [ 666.296031][T13975] team0: Port device team_slave_1 added [ 666.686762][T11803] bridge_slave_1: left allmulticast mode [ 666.713226][T11803] bridge_slave_1: left promiscuous mode [ 666.719018][T11803] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.823343][T11803] bridge_slave_0: left allmulticast mode [ 666.864302][T11803] bridge_slave_0: left promiscuous mode [ 666.870584][T11803] bridge0: port 1(bridge_slave_0) entered disabled state [ 667.182208][ T5844] Bluetooth: hci0: command tx timeout [ 668.508919][T14023] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1746'. [ 668.770862][ T29] audit: type=1800 audit(4294982034.888:13): pid=14021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1745" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 669.262918][ T5844] Bluetooth: hci0: command tx timeout [ 669.512310][T11803] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 669.527136][T11803] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 669.568326][T11803] bond0 (unregistering): Released all slaves [ 669.678725][T13975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 669.705968][T13975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.761682][T13975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 669.783726][T13975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 669.790815][T13975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.867023][T13975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 669.992583][T14035] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1748'. [ 670.055502][T14035] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 670.160189][T13975] hsr_slave_0: entered promiscuous mode [ 670.172557][T13975] hsr_slave_1: entered promiscuous mode [ 670.337978][T14041] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 670.397671][T14043] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 670.801778][T11803] hsr_slave_0: left promiscuous mode [ 670.832371][T11803] hsr_slave_1: left promiscuous mode [ 670.838309][T11803] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 670.891750][T11803] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 670.922519][T11803] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 670.929989][T11803] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 670.988368][T11803] veth1_macvtap: left promiscuous mode [ 671.011866][T11803] veth0_macvtap: left promiscuous mode [ 671.028046][T11803] veth1_vlan: left promiscuous mode [ 671.042703][T11803] veth0_vlan: left promiscuous mode [ 671.342227][ T5844] Bluetooth: hci0: command tx timeout [ 673.750595][T11803] team0 (unregistering): Port device team_slave_1 removed [ 673.885795][T11803] team0 (unregistering): Port device team_slave_0 removed [ 674.126908][T14070] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1755'. [ 675.083365][T14079] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 675.146138][T14082] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 675.188207][T13975] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 675.275251][T13975] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 675.637155][T13975] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 675.785591][T13975] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 676.012201][T14093] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 676.212730][T14096] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 676.300113][T13975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 676.452935][T13975] 8021q: adding VLAN 0 to HW filter on device team0 [ 676.517879][ T9180] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.523298][T14097] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 676.525059][ T9180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 676.603218][T14098] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 676.620417][ T9180] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.627642][ T9180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 676.736682][T14101] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 676.789112][T13975] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 677.004265][T14105] Invalid ELF header magic: != ELF [ 677.124476][T14116] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 677.161076][T14102] Process accounting resumed [ 677.205010][T14117] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 677.294563][T13975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 677.399114][T14125] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 677.473448][T14130] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 677.482760][T14131] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1766'. [ 677.581491][T14134] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 677.806680][T13975] veth0_vlan: entered promiscuous mode [ 677.847155][T13975] veth1_vlan: entered promiscuous mode [ 677.937942][T13975] veth0_macvtap: entered promiscuous mode [ 677.962326][T13975] veth1_macvtap: entered promiscuous mode [ 678.004219][T13975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.019898][T13975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.031669][T13975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.052833][T13975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.069573][T13975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 678.094549][T13975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.122431][T13975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.146932][T13975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 678.171977][T13975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.196461][T13975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 678.346778][T13975] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.368645][T13975] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.397402][T13975] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 678.420132][T13975] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.286725][T11803] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.364814][T11803] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.577031][T11802] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.591814][T11802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.806563][T14184] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 683.571599][T14251] FAULT_INJECTION: forcing a failure. [ 683.571599][T14251] name failslab, interval 1, probability 0, space 0, times 0 [ 683.589719][T14251] CPU: 0 UID: 0 PID: 14251 Comm: syz.2.1784 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 683.589757][T14251] Tainted: [U]=USER [ 683.589765][T14251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 683.589778][T14251] Call Trace: [ 683.589785][T14251] [ 683.589794][T14251] dump_stack_lvl+0x16c/0x1f0 [ 683.589829][T14251] should_fail_ex+0x50a/0x650 [ 683.589862][T14251] ? fs_reclaim_acquire+0xae/0x150 [ 683.589894][T14251] should_failslab+0xc2/0x120 [ 683.589917][T14251] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 683.589950][T14251] ? getname_flags.part.0+0x4c/0x550 [ 683.589976][T14251] ? vfs_write+0x306/0x1150 [ 683.590008][T14251] getname_flags.part.0+0x4c/0x550 [ 683.590037][T14251] getname+0x8d/0xe0 [ 683.590066][T14251] do_sys_openat2+0x104/0x1e0 [ 683.590090][T14251] ? __pfx_do_sys_openat2+0x10/0x10 [ 683.590118][T14251] ? __fget_files+0x206/0x3a0 [ 683.590155][T14251] __x64_sys_openat+0x175/0x210 [ 683.590179][T14251] ? __pfx___x64_sys_openat+0x10/0x10 [ 683.590203][T14251] ? ksys_write+0x1ba/0x250 [ 683.590243][T14251] do_syscall_64+0xcd/0x250 [ 683.590274][T14251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.590304][T14251] RIP: 0033:0x7f099098d169 [ 683.590323][T14251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 683.590345][T14251] RSP: 002b:00007f0991831038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 683.590367][T14251] RAX: ffffffffffffffda RBX: 00007f0990ba6080 RCX: 00007f099098d169 [ 683.590383][T14251] RDX: 00000000006d0500 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 683.590398][T14251] RBP: 00007f0991831090 R08: 0000000000000000 R09: 0000000000000000 [ 683.590412][T14251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 683.590426][T14251] R13: 0000000000000000 R14: 00007f0990ba6080 R15: 00007fff45240958 [ 683.590456][T14251] [ 684.986988][T14264] Invalid ELF header magic: != ELF [ 686.227862][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.241694][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.336832][T14313] EXT4-fs error: 10 callbacks suppressed [ 688.336852][T14313] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 688.432744][T14315] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1796'. [ 688.588456][T14319] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 688.788716][T14323] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 688.925524][T14328] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 689.076789][T14333] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 689.106714][T14332] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1797'. [ 690.043633][T14351] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 690.174946][T14352] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 690.861522][T14358] EXT4-fs error (device sda1): ext4_xattr_ibody_get:653: inode #89: comm dhcpcd: corrupted in-inode xattr: bad magic number in in-inode xattr [ 690.940615][T14359] FAULT_INJECTION: forcing a failure. [ 690.940615][T14359] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 691.126443][T14359] CPU: 1 UID: 0 PID: 14359 Comm: syz.4.1807 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 691.126483][T14359] Tainted: [U]=USER [ 691.126491][T14359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 691.126503][T14359] Call Trace: [ 691.126510][T14359] [ 691.126519][T14359] dump_stack_lvl+0x16c/0x1f0 [ 691.126553][T14359] should_fail_ex+0x50a/0x650 [ 691.126585][T14359] ? __pfx___might_resched+0x10/0x10 [ 691.126624][T14359] should_fail_alloc_page+0xe7/0x130 [ 691.126650][T14359] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 691.126688][T14359] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 691.126726][T14359] ? __pfx_mark_lock+0x10/0x10 [ 691.126759][T14359] ? __pfx___lock_acquire+0x10/0x10 [ 691.126788][T14359] ? mark_lock+0xb5/0xc60 [ 691.126815][T14359] ? find_held_lock+0x2d/0x110 [ 691.126842][T14359] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 691.126899][T14359] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 691.126936][T14359] ? policy_nodemask+0xea/0x4e0 [ 691.126974][T14359] alloc_pages_mpol+0x1fc/0x540 [ 691.126999][T14359] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 691.127022][T14359] ? find_held_lock+0x2d/0x110 [ 691.127054][T14359] folio_alloc_mpol_noprof+0x36/0x2f0 [ 691.127090][T14359] shmem_alloc_folio+0x135/0x160 [ 691.127126][T14359] shmem_alloc_and_add_folio+0x48e/0xc10 [ 691.127158][T14359] ? shmem_huge_global_enabled+0x72/0x6b0 [ 691.127183][T14359] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 691.127213][T14359] ? shmem_allowable_huge_orders+0xd0/0x410 [ 691.127248][T14359] shmem_get_folio_gfp+0x689/0x1530 [ 691.127283][T14359] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 691.127313][T14359] ? filemap_map_pages+0xf92/0x16b0 [ 691.127345][T14359] shmem_fault+0x200/0xae0 [ 691.127374][T14359] ? __pfx_shmem_fault+0x10/0x10 [ 691.127408][T14359] ? do_pte_missing+0xde9/0x3e10 [ 691.127439][T14359] ? __pfx_lock_release+0x10/0x10 [ 691.127476][T14359] __do_fault+0x10a/0x490 [ 691.127504][T14359] do_pte_missing+0xecf/0x3e10 [ 691.127537][T14359] ? do_raw_spin_unlock+0x172/0x230 [ 691.127561][T14359] ? __pmd_alloc+0x3c2/0x870 [ 691.127594][T14359] __handle_mm_fault+0x1166/0x2c60 [ 691.127636][T14359] ? __pfx___handle_mm_fault+0x10/0x10 [ 691.127667][T14359] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 691.127719][T14359] ? find_vma+0xc0/0x140 [ 691.127745][T14359] ? __pfx_find_vma+0x10/0x10 [ 691.127776][T14359] handle_mm_fault+0x3fa/0xaa0 [ 691.127816][T14359] do_user_addr_fault+0x7a3/0x13f0 [ 691.127855][T14359] exc_page_fault+0x5c/0xc0 [ 691.127883][T14359] asm_exc_page_fault+0x26/0x30 [ 691.127911][T14359] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 691.127946][T14359] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 691.127967][T14359] RSP: 0018:ffffc9000420fb60 EFLAGS: 00050206 [ 691.127986][T14359] RAX: 0000000000000001 RBX: 0000000000000800 RCX: 0000000000000800 [ 691.128001][T14359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888061abe000 [ 691.128015][T14359] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100c357cff [ 691.128030][T14359] R10: ffff888061abe7ff R11: 0000000000000000 R12: ffffc9000420fda0 [ 691.128045][T14359] R13: 0000000000000800 R14: ffff888061abe000 R15: 00007ffffffff000 [ 691.128083][T14359] _copy_from_iter+0x385/0x1560 [ 691.128109][T14359] ? trace_lock_acquire+0x14e/0x1f0 [ 691.128140][T14359] ? __pfx__copy_from_iter+0x10/0x10 [ 691.128162][T14359] ? __virt_addr_valid+0x1a4/0x590 [ 691.128191][T14359] ? __virt_addr_valid+0x5e/0x590 [ 691.128215][T14359] ? __phys_addr_symbol+0x30/0x80 [ 691.128237][T14359] ? __check_object_size+0x488/0x710 [ 691.128266][T14359] file_tty_write.constprop.0+0x48d/0x9a0 [ 691.128306][T14359] redirected_tty_write+0xcc/0x140 [ 691.128335][T14359] vfs_write+0x5ae/0x1150 [ 691.128366][T14359] ? __pfx_redirected_tty_write+0x10/0x10 [ 691.128398][T14359] ? __pfx_vfs_write+0x10/0x10 [ 691.128430][T14359] ? __fget_files+0x40/0x3a0 [ 691.128479][T14359] ksys_write+0x12b/0x250 [ 691.128508][T14359] ? __pfx_ksys_write+0x10/0x10 [ 691.128548][T14359] do_syscall_64+0xcd/0x250 [ 691.128579][T14359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.128608][T14359] RIP: 0033:0x7f419cb8d169 [ 691.128626][T14359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.128647][T14359] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 691.128668][T14359] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 691.128683][T14359] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 691.128697][T14359] RBP: 00007f419d9ce090 R08: 0000000000000000 R09: 0000000000000000 [ 691.128711][T14359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 691.128724][T14359] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 691.128757][T14359] [ 691.747106][T14367] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1808'. [ 691.988347][T14367] hsr_slave_0: left promiscuous mode [ 692.091886][T14367] hsr_slave_1: left promiscuous mode [ 694.042660][T14400] FAULT_INJECTION: forcing a failure. [ 694.042660][T14400] name failslab, interval 1, probability 0, space 0, times 0 [ 694.265492][T14400] CPU: 0 UID: 0 PID: 14400 Comm: syz.2.1815 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 694.265532][T14400] Tainted: [U]=USER [ 694.265540][T14400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 694.265553][T14400] Call Trace: [ 694.265560][T14400] [ 694.265569][T14400] dump_stack_lvl+0x16c/0x1f0 [ 694.265603][T14400] should_fail_ex+0x50a/0x650 [ 694.265637][T14400] ? fs_reclaim_acquire+0xae/0x150 [ 694.265669][T14400] should_failslab+0xc2/0x120 [ 694.265692][T14400] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 694.265726][T14400] ? alloc_empty_file+0x73/0x1e0 [ 694.265753][T14400] alloc_empty_file+0x73/0x1e0 [ 694.265779][T14400] path_openat+0xe1/0x2d80 [ 694.265807][T14400] ? hlock_class+0x4e/0x130 [ 694.265832][T14400] ? __lock_acquire+0x15a9/0x3c40 [ 694.265877][T14400] ? __pfx_path_openat+0x10/0x10 [ 694.265908][T14400] ? __pfx___lock_acquire+0x10/0x10 [ 694.265937][T14400] ? lock_acquire.part.0+0x11b/0x380 [ 694.265966][T14400] ? find_held_lock+0x2d/0x110 [ 694.265993][T14400] do_filp_open+0x20c/0x470 [ 694.266024][T14400] ? __pfx_do_filp_open+0x10/0x10 [ 694.266053][T14400] ? find_held_lock+0x2d/0x110 [ 694.266100][T14400] ? alloc_fd+0x41f/0x760 [ 694.266139][T14400] do_sys_openat2+0x17a/0x1e0 [ 694.266163][T14400] ? __pfx_do_sys_openat2+0x10/0x10 [ 694.266190][T14400] ? __fget_files+0x206/0x3a0 [ 694.266227][T14400] __x64_sys_openat+0x175/0x210 [ 694.266251][T14400] ? __pfx___x64_sys_openat+0x10/0x10 [ 694.266278][T14400] ? ksys_write+0x1ba/0x250 [ 694.266317][T14400] do_syscall_64+0xcd/0x250 [ 694.266349][T14400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.266378][T14400] RIP: 0033:0x7f099098d169 [ 694.266396][T14400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.266418][T14400] RSP: 002b:00007f0991831038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 694.266441][T14400] RAX: ffffffffffffffda RBX: 00007f0990ba6080 RCX: 00007f099098d169 [ 694.266457][T14400] RDX: 00000000006d0500 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 694.266472][T14400] RBP: 00007f0991831090 R08: 0000000000000000 R09: 0000000000000000 [ 694.266486][T14400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 694.266500][T14400] R13: 0000000000000000 R14: 00007f0990ba6080 R15: 00007fff45240958 [ 694.266530][T14400] [ 696.263034][T14422] FAULT_INJECTION: forcing a failure. [ 696.263034][T14422] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 696.307087][T14422] CPU: 1 UID: 0 PID: 14422 Comm: syz.3.1820 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 696.307126][T14422] Tainted: [U]=USER [ 696.307134][T14422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 696.307147][T14422] Call Trace: [ 696.307154][T14422] [ 696.307164][T14422] dump_stack_lvl+0x16c/0x1f0 [ 696.307197][T14422] should_fail_ex+0x50a/0x650 [ 696.307238][T14422] _copy_from_iter+0x2a1/0x1560 [ 696.307263][T14422] ? trace_lock_acquire+0x14e/0x1f0 [ 696.307294][T14422] ? __pfx__copy_from_iter+0x10/0x10 [ 696.307316][T14422] ? __virt_addr_valid+0x1a4/0x590 [ 696.307350][T14422] ? __virt_addr_valid+0x5e/0x590 [ 696.307374][T14422] ? __phys_addr_symbol+0x30/0x80 [ 696.307396][T14422] ? __check_object_size+0x488/0x710 [ 696.307424][T14422] file_tty_write.constprop.0+0x48d/0x9a0 [ 696.307463][T14422] redirected_tty_write+0xcc/0x140 [ 696.307492][T14422] vfs_write+0x5ae/0x1150 [ 696.307524][T14422] ? __pfx_redirected_tty_write+0x10/0x10 [ 696.307556][T14422] ? __pfx_vfs_write+0x10/0x10 [ 696.307588][T14422] ? __fget_files+0x40/0x3a0 [ 696.307637][T14422] ksys_write+0x12b/0x250 [ 696.307665][T14422] ? __pfx_ksys_write+0x10/0x10 [ 696.307714][T14422] do_syscall_64+0xcd/0x250 [ 696.307746][T14422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.307776][T14422] RIP: 0033:0x7f5877d8d169 [ 696.307796][T14422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.307818][T14422] RSP: 002b:00007f5878ca8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 696.307840][T14422] RAX: ffffffffffffffda RBX: 00007f5877fa5fa0 RCX: 00007f5877d8d169 [ 696.307855][T14422] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 696.307869][T14422] RBP: 00007f5878ca8090 R08: 0000000000000000 R09: 0000000000000000 [ 696.307883][T14422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 696.307897][T14422] R13: 0000000000000000 R14: 00007f5877fa5fa0 R15: 00007ffeef08bbd8 [ 696.307929][T14422] [ 700.174331][T14479] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1831'. [ 700.193967][T14480] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1832'. [ 701.480152][T14492] FAULT_INJECTION: forcing a failure. [ 701.480152][T14492] name failslab, interval 1, probability 0, space 0, times 0 [ 701.545709][T14492] CPU: 1 UID: 0 PID: 14492 Comm: syz.6.1835 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 701.545753][T14492] Tainted: [U]=USER [ 701.545762][T14492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 701.545776][T14492] Call Trace: [ 701.545784][T14492] [ 701.545794][T14492] dump_stack_lvl+0x16c/0x1f0 [ 701.545832][T14492] should_fail_ex+0x50a/0x650 [ 701.545869][T14492] ? fs_reclaim_acquire+0xae/0x150 [ 701.545902][T14492] ? handler_new_ref+0x1b0/0xc60 [ 701.545929][T14492] should_failslab+0xc2/0x120 [ 701.545951][T14492] __kmalloc_noprof+0xcb/0x510 [ 701.545983][T14492] ? __asan_memcpy+0x3c/0x60 [ 701.546019][T14492] handler_new_ref+0x1b0/0xc60 [ 701.546056][T14492] v4l2_ctrl_new+0x11d7/0x2090 [ 701.546095][T14492] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 701.546121][T14492] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 701.546150][T14492] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 701.546193][T14492] v4l2_ctrl_new_std+0x1b3/0x280 [ 701.546231][T14492] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 701.546259][T14492] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 701.546307][T14492] ? media_request_object_init+0x100/0x180 [ 701.546346][T14492] vicodec_open+0x228/0xf80 [ 701.546380][T14492] v4l2_open+0x222/0x490 [ 701.546406][T14492] ? __pfx_v4l2_open+0x10/0x10 [ 701.546431][T14492] chrdev_open+0x237/0x6a0 [ 701.546464][T14492] ? __pfx_apparmor_file_open+0x10/0x10 [ 701.546494][T14492] ? __pfx_chrdev_open+0x10/0x10 [ 701.546531][T14492] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 701.546576][T14492] do_dentry_open+0x735/0x1c40 [ 701.546612][T14492] ? __pfx_chrdev_open+0x10/0x10 [ 701.546647][T14492] ? inode_permission+0xdd/0x5f0 [ 701.546676][T14492] vfs_open+0x82/0x3f0 [ 701.546698][T14492] ? may_open+0x1f2/0x400 [ 701.546727][T14492] path_openat+0x1e88/0x2d80 [ 701.546775][T14492] ? __pfx_path_openat+0x10/0x10 [ 701.546808][T14492] ? __pfx___lock_acquire+0x10/0x10 [ 701.546840][T14492] ? lock_acquire.part.0+0x11b/0x380 [ 701.546872][T14492] ? find_held_lock+0x2d/0x110 [ 701.546903][T14492] do_filp_open+0x20c/0x470 [ 701.546937][T14492] ? __pfx_do_filp_open+0x10/0x10 [ 701.546968][T14492] ? find_held_lock+0x2d/0x110 [ 701.547020][T14492] ? alloc_fd+0x41f/0x760 [ 701.547062][T14492] do_sys_openat2+0x17a/0x1e0 [ 701.547086][T14492] ? __pfx_do_sys_openat2+0x10/0x10 [ 701.547113][T14492] ? __pfx___might_resched+0x10/0x10 [ 701.547156][T14492] __x64_sys_openat+0x175/0x210 [ 701.547183][T14492] ? __pfx___x64_sys_openat+0x10/0x10 [ 701.547223][T14492] do_syscall_64+0xcd/0x250 [ 701.547256][T14492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.547289][T14492] RIP: 0033:0x7f4af958d169 [ 701.547309][T14492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.547331][T14492] RSP: 002b:00007f4afa451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 701.547356][T14492] RAX: ffffffffffffffda RBX: 00007f4af97a5fa0 RCX: 00007f4af958d169 [ 701.547372][T14492] RDX: 00000000001ab442 RSI: 0000400000000340 RDI: ffffffffffffff9c [ 701.547387][T14492] RBP: 00007f4af960e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 701.547403][T14492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 701.547417][T14492] R13: 0000000000000000 R14: 00007f4af97a5fa0 R15: 00007ffe44648778 [ 701.547450][T14492] [ 704.834168][ T29] audit: type=1804 audit(4294982118.995:14): pid=14532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1844" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=35 res=1 errno=0 [ 706.224074][T14554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1849'. [ 706.692416][T14564] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1850'. [ 708.557761][T14569] Process accounting paused [ 708.866884][T14593] FAULT_INJECTION: forcing a failure. [ 708.866884][T14593] name fail_futex, interval 1, probability 0, space 0, times 0 [ 708.979056][T14593] CPU: 0 UID: 0 PID: 14593 Comm: syz.6.1855 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 708.979099][T14593] Tainted: [U]=USER [ 708.979107][T14593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 708.979122][T14593] Call Trace: [ 708.979129][T14593] [ 708.979139][T14593] dump_stack_lvl+0x16c/0x1f0 [ 708.979176][T14593] should_fail_ex+0x50a/0x650 [ 708.979219][T14593] get_futex_key+0x4a3/0x1000 [ 708.979246][T14593] ? kasan_quarantine_put+0x10a/0x240 [ 708.979281][T14593] ? lockdep_hardirqs_on+0x7c/0x110 [ 708.979314][T14593] ? __pfx_get_futex_key+0x10/0x10 [ 708.979341][T14593] ? kmem_cache_free+0x2e2/0x4d0 [ 708.979374][T14593] ? __mpol_put+0x44/0x50 [ 708.979405][T14593] futex_wake+0xe8/0x4e0 [ 708.979440][T14593] ? __pfx_futex_wake+0x10/0x10 [ 708.979473][T14593] ? __pfx_vfs_writev+0x10/0x10 [ 708.979515][T14593] do_futex+0x1e5/0x350 [ 708.979545][T14593] ? __pfx_do_futex+0x10/0x10 [ 708.979575][T14593] ? __pfx_get_nodes+0x10/0x10 [ 708.979613][T14593] __x64_sys_futex+0x1e1/0x4c0 [ 708.979647][T14593] ? __pfx___x64_sys_futex+0x10/0x10 [ 708.979677][T14593] ? rcu_is_watching+0x12/0xc0 [ 708.979712][T14593] do_syscall_64+0xcd/0x250 [ 708.979743][T14593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.979775][T14593] RIP: 0033:0x7f4af958d169 [ 708.979795][T14593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.979818][T14593] RSP: 002b:00007f4afa4300e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 708.979842][T14593] RAX: ffffffffffffffda RBX: 00007f4af97a6088 RCX: 00007f4af958d169 [ 708.979859][T14593] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4af97a608c [ 708.979876][T14593] RBP: 00007f4af97a6080 R08: 00007f4afa452000 R09: 0000000000000000 [ 708.979892][T14593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4af97a608c [ 708.979908][T14593] R13: 0000000000000000 R14: 00007ffe44648690 R15: 00007ffe44648778 [ 708.979939][T14593] [ 710.372530][T14604] Invalid ELF header magic: != ELF [ 710.924705][T14621] sctp: [Deprecated]: syz.2.1864 (pid 14621) Use of int in maxseg socket option. [ 710.924705][T14621] Use struct sctp_assoc_value instead [ 712.408056][T14642] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 712.436533][T14642] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 714.645441][T14678] lo: entered allmulticast mode [ 714.723671][T14678] lo: left allmulticast mode [ 716.500343][T14710] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1886'. [ 718.172079][T14729] could not allocate digest TFM handle binfmt_misc [ 718.173584][T14725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880780045c0 pfn:0x78000 [ 718.257509][T14725] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 718.348116][T14725] memcg:ffff888035317501 [ 718.651901][T14725] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 718.659995][T14725] page_type: f5(slab) [ 718.833829][T14725] raw: 00fff00000000040 ffff888144ad5dc0 0000000000000000 0000000000000001 [ 718.878307][T14725] raw: ffff8880780045c0 0000000000100002 00000000f5000000 ffff888035317501 [ 718.964919][T14725] head: 00fff00000000040 ffff888144ad5dc0 0000000000000000 0000000000000001 [ 718.982687][T14725] head: ffff8880780045c0 0000000000100002 00000000f5000000 ffff888035317501 [ 719.012025][T14725] head: 00fff00000000003 ffffea0001e00001 ffffffffffffffff 0000000000000000 [ 719.035275][T14725] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 719.081737][T14725] page dumped because: unmovable page [ 719.087206][T14725] page_owner tracks the page as allocated [ 719.121725][T14725] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7424, tgid 7423 (syz.3.334), ts 171494801302, free_ts 171366287606 [ 719.204260][T14725] post_alloc_hook+0x181/0x1b0 [ 719.209129][T14725] get_page_from_freelist+0xfce/0x2f80 [ 719.241737][T14725] __alloc_frozen_pages_noprof+0x221/0x2470 [ 719.247742][T14725] alloc_pages_mpol+0x1fc/0x540 [ 719.278194][T14725] new_slab+0x23d/0x330 [ 719.282741][T14725] ___slab_alloc+0xc5d/0x1720 [ 719.287479][T14725] __slab_alloc.constprop.0+0x56/0xb0 [ 719.319481][T14725] kmem_cache_alloc_noprof+0xfa/0x3d0 [ 719.341809][T14725] sk_prot_alloc+0x60/0x2a0 [ 719.346395][T14725] sk_alloc+0x36/0xb90 [ 719.350511][T14725] inet_create+0x3a1/0x10a0 [ 719.451709][T14725] __sock_create+0x335/0x8d0 [ 719.469012][T14725] inet_ctl_sock_create+0x96/0x230 [ 719.495115][T14725] igmp_net_init+0xd0/0x1a0 [ 719.527739][T14725] ops_init+0x1df/0x5f0 [ 719.544170][T14725] setup_net+0x21f/0x860 [ 719.577077][T14725] page last free pid 7439 tgid 7435 stack trace: [ 719.611882][T14725] free_frozen_pages+0x6db/0xfb0 [ 719.628713][T14725] __put_partials+0x14c/0x170 [ 719.659463][T14725] qlist_free_all+0x4e/0x120 [ 719.685358][T14725] kasan_quarantine_reduce+0x195/0x1e0 [ 719.716881][T14725] __kasan_slab_alloc+0x69/0x90 [ 719.735989][T14725] kmem_cache_alloc_node_noprof+0x223/0x3c0 [ 719.772293][T14725] zswap_store+0x84e/0x2690 [ 719.776893][T14725] swap_writepage+0x3b6/0x1120 [ 719.825388][T14725] pageout+0x3b2/0xaa0 [ 719.829543][T14725] shrink_folio_list+0x2f7f/0x40c0 [ 719.873732][T14725] reclaim_folio_list+0xd8/0x5e0 [ 719.878776][T14725] reclaim_pages+0x481/0x650 [ 719.935878][T14725] madvise_cold_or_pageout_pte_range+0x13ae/0x20d0 [ 719.943367][T14725] walk_pgd_range+0xc7b/0x1a70 [ 719.948624][T14725] __walk_page_range+0x161/0x820 [ 719.954196][T14725] walk_page_range_mm+0x55a/0x940 [ 720.604025][T14758] Invalid ELF header magic: != ELF [ 720.686179][T14758] Invalid ELF header magic: != ELF [ 720.992324][T14758] Invalid ELF header magic: != ELF [ 723.313865][T14811] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1906'. [ 724.032513][T14820] netlink: 504 bytes leftover after parsing attributes in process `syz.6.1910'. [ 726.557647][T14856] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1917'. [ 736.249081][T14954] ima: policy update failed [ 736.331794][ T29] audit: type=1802 audit(4294982174.432:15): pid=14954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1934" res=0 errno=0 [ 737.552960][T14990] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1945'. [ 738.635666][T15003] warning: `syz.6.1950' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 738.768115][T15006] FAULT_INJECTION: forcing a failure. [ 738.768115][T15006] name failslab, interval 1, probability 0, space 0, times 0 [ 738.792913][T15006] CPU: 0 UID: 0 PID: 15006 Comm: syz.4.1952 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 738.792957][T15006] Tainted: [U]=USER [ 738.792965][T15006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 738.792979][T15006] Call Trace: [ 738.792987][T15006] [ 738.792997][T15006] dump_stack_lvl+0x16c/0x1f0 [ 738.793035][T15006] should_fail_ex+0x50a/0x650 [ 738.793072][T15006] ? fs_reclaim_acquire+0xae/0x150 [ 738.793106][T15006] ? tty_alloc_file+0x3f/0xa0 [ 738.793134][T15006] should_failslab+0xc2/0x120 [ 738.793158][T15006] __kmalloc_cache_noprof+0x68/0x410 [ 738.793189][T15006] ? __pfx_lock_release+0x10/0x10 [ 738.793222][T15006] ? kobject_get_unless_zero+0x157/0x1e0 [ 738.793256][T15006] ? __pfx_ptmx_open+0x10/0x10 [ 738.793281][T15006] tty_alloc_file+0x3f/0xa0 [ 738.793311][T15006] ptmx_open+0x61/0x360 [ 738.793336][T15006] ? __pfx_ptmx_open+0x10/0x10 [ 738.793360][T15006] chrdev_open+0x237/0x6a0 [ 738.793394][T15006] ? __pfx_apparmor_file_open+0x10/0x10 [ 738.793424][T15006] ? __pfx_chrdev_open+0x10/0x10 [ 738.793459][T15006] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 738.793496][T15006] do_dentry_open+0x735/0x1c40 [ 738.793529][T15006] ? __pfx_chrdev_open+0x10/0x10 [ 738.793564][T15006] ? inode_permission+0xdd/0x5f0 [ 738.793592][T15006] vfs_open+0x82/0x3f0 [ 738.793616][T15006] ? may_open+0x1f2/0x400 [ 738.793644][T15006] path_openat+0x1e88/0x2d80 [ 738.793689][T15006] ? __pfx_path_openat+0x10/0x10 [ 738.793733][T15006] ? __pfx___lock_acquire+0x10/0x10 [ 738.793765][T15006] ? lock_acquire.part.0+0x11b/0x380 [ 738.793800][T15006] ? find_held_lock+0x2d/0x110 [ 738.793830][T15006] do_filp_open+0x20c/0x470 [ 738.793865][T15006] ? __pfx_do_filp_open+0x10/0x10 [ 738.793896][T15006] ? find_held_lock+0x2d/0x110 [ 738.793943][T15006] ? alloc_fd+0x41f/0x760 [ 738.793984][T15006] do_sys_openat2+0x17a/0x1e0 [ 738.794010][T15006] ? __pfx_do_sys_openat2+0x10/0x10 [ 738.794048][T15006] __x64_sys_openat+0x175/0x210 [ 738.794074][T15006] ? __pfx___x64_sys_openat+0x10/0x10 [ 738.794114][T15006] do_syscall_64+0xcd/0x250 [ 738.794147][T15006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 738.794179][T15006] RIP: 0033:0x7f419cb8d169 [ 738.794199][T15006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 738.794223][T15006] RSP: 002b:00007f419d9ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 738.794246][T15006] RAX: ffffffffffffffda RBX: 00007f419cda5fa0 RCX: 00007f419cb8d169 [ 738.794263][T15006] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: ffffffffffffff9c [ 738.794279][T15006] RBP: 00007f419cc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 738.794293][T15006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 738.794308][T15006] R13: 0000000000000000 R14: 00007f419cda5fa0 R15: 00007ffe806ee508 [ 738.794338][T15006] [ 739.164635][T15004] Process accounting resumed [ 741.956578][T15045] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1959'. [ 745.181785][ T29] audit: type=1326 audit(4294982207.346:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15092 comm="syz.2.1970" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f099098d169 code=0x0 [ 747.664976][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.665078][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.549545][T15137] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1981'. [ 755.651961][ T5844] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 757.411796][T15236] capability: warning: `syz.6.2007' uses deprecated v2 capabilities in a way that may be insecure [ 757.509034][T15239] Malformed UNC in devname [ 757.509034][T15239] [ 757.540632][T15239] CIFS: VFS: Malformed UNC in devname [ 758.005950][T15246] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 760.189605][T15271] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2013'. [ 760.469524][T15282] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2015'. [ 760.765390][T15272] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 760.772425][T15272] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 760.778538][T15272] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 760.822092][T15272] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 760.852765][T15272] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 760.893782][T15272] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 762.550914][ T5845] Bluetooth: hci2: command 0x0406 tx timeout [ 762.705392][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2022'. [ 762.781759][ T5845] Bluetooth: hci4: command 0x0c1a tx timeout [ 762.781843][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 762.868302][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 763.128139][T15328] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2025'. [ 764.962337][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 767.025395][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 770.506046][T15413] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2044'. [ 771.171333][T15423] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2049'. [ 771.353486][T15388] Process accounting paused [ 773.197670][T15440] Malformed UNC in devname [ 773.197670][T15440] [ 773.285879][T15440] CIFS: VFS: Malformed UNC in devname [ 774.118574][T15434] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 774.284152][T15460] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 774.647321][T15465] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2057'. [ 774.813777][T15464] ima: policy update failed [ 774.831644][ T29] audit: type=1802 audit(4294982260.990:17): pid=15464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2057" res=0 errno=0 [ 777.734242][T15504] Malformed UNC in devname [ 777.734242][T15504] [ 777.798539][T15504] CIFS: VFS: Malformed UNC in devname [ 778.125036][T15508] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 778.442044][T15514] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2071'. [ 778.805565][T15513] ima: policy update failed [ 778.838511][ T29] audit: type=1802 audit(4294982281.006:18): pid=15513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2071" res=0 errno=0 [ 779.520799][T15537] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2078'. [ 779.585927][T15544] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2077'. [ 779.598056][T15537] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2078'. [ 784.994057][T15586] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2088'. [ 789.304267][T15622] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 790.042747][T15624] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2098'. [ 790.215623][T15628] netlink: 11 bytes leftover after parsing attributes in process `syz.6.2098'. [ 791.529717][T15650] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2104'. [ 791.542850][T15650] netlink: 23 bytes leftover after parsing attributes in process `syz.2.2104'. [ 797.888262][T15708] Malformed UNC in devname [ 797.888262][T15708] [ 797.951888][T15708] CIFS: VFS: Malformed UNC in devname [ 799.443679][T15717] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2119'. [ 799.459963][T15720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2120'. [ 799.469804][T15720] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2120'. [ 799.894644][T15717] mac80211_hwsim hwsim21 wlan1: entered allmulticast mode [ 800.084793][T15734] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2130'. [ 801.794009][T15658] Process accounting resumed [ 804.199483][T15773] Malformed UNC in devname [ 804.199483][T15773] [ 804.218171][T15773] CIFS: VFS: Malformed UNC in devname [ 805.220669][T15788] FAULT_INJECTION: forcing a failure. [ 805.220669][T15788] name failslab, interval 1, probability 0, space 0, times 0 [ 805.279546][T15788] CPU: 0 UID: 0 PID: 15788 Comm: syz.2.2136 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 805.279597][T15788] Tainted: [U]=USER [ 805.279604][T15788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 805.279617][T15788] Call Trace: [ 805.279624][T15788] [ 805.279633][T15788] dump_stack_lvl+0x16c/0x1f0 [ 805.279671][T15788] should_fail_ex+0x50a/0x650 [ 805.279707][T15788] ? fs_reclaim_acquire+0xae/0x150 [ 805.279739][T15788] ? security_inode_init_security+0x140/0x390 [ 805.279775][T15788] should_failslab+0xc2/0x120 [ 805.279798][T15788] __kmalloc_noprof+0xcb/0x510 [ 805.279839][T15788] security_inode_init_security+0x140/0x390 [ 805.279874][T15788] ? __pfx_shmem_initxattrs+0x10/0x10 [ 805.279908][T15788] ? __pfx_security_inode_init_security+0x10/0x10 [ 805.279946][T15788] ? shmem_get_inode+0x73a/0xf00 [ 805.279986][T15788] shmem_mknod+0x22e/0x450 [ 805.280024][T15788] shmem_mkdir+0x31/0x60 [ 805.280055][T15788] vfs_mkdir+0x57d/0x860 [ 805.280088][T15788] do_mkdirat+0x301/0x3a0 [ 805.280119][T15788] ? __pfx_do_mkdirat+0x10/0x10 [ 805.280155][T15788] ? getname_flags.part.0+0x1c5/0x550 [ 805.280187][T15788] __x64_sys_mkdir+0xef/0x140 [ 805.280221][T15788] do_syscall_64+0xcd/0x250 [ 805.280254][T15788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.280287][T15788] RIP: 0033:0x7f099098d169 [ 805.280307][T15788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 805.280329][T15788] RSP: 002b:00007f0991852038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 805.280353][T15788] RAX: ffffffffffffffda RBX: 00007f0990ba5fa0 RCX: 00007f099098d169 [ 805.280370][T15788] RDX: 0000000000000000 RSI: 0000000000008001 RDI: 0000000000000000 [ 805.280385][T15788] RBP: 00007f0990a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 805.280399][T15788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 805.280413][T15788] R13: 0000000000000000 R14: 00007f0990ba5fa0 R15: 00007fff45240958 [ 805.280447][T15788] [ 805.629150][T15793] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2135'. [ 809.106359][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.115547][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.323923][T15823] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 810.862138][ T5844] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 813.158078][T15873] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2154'. [ 813.184000][T15873] netlink: 11 bytes leftover after parsing attributes in process `syz.3.2154'. [ 814.039371][T15883] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2157'. [ 814.133365][T15885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2158'. [ 814.156384][T15878] ima: policy update failed [ 814.191704][ T29] audit: type=1802 audit(4294982356.365:19): pid=15878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2157" res=0 errno=0 [ 817.987476][T15929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2169'. [ 820.712949][T15952] Malformed UNC in devname [ 820.712949][T15952] [ 820.719614][T15952] CIFS: VFS: Malformed UNC in devname [ 820.932979][T15951] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 822.379941][T15965] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2179'. [ 822.757216][T15973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2181'. [ 825.229958][T15997] Malformed UNC in devname [ 825.229958][T15997] [ 825.295102][T15997] CIFS: VFS: Malformed UNC in devname [ 825.457622][T16003] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 827.220108][T16023] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2193'. [ 827.865777][T16034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2194'. [ 829.492657][T16051] netlink: 'syz.6.2199': attribute type 72 has an invalid length. [ 830.285542][T16065] FAULT_INJECTION: forcing a failure. [ 830.285542][T16065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 830.556123][T16065] CPU: 1 UID: 0 PID: 16065 Comm: syz.2.2202 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 830.556163][T16065] Tainted: [U]=USER [ 830.556170][T16065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 830.556183][T16065] Call Trace: [ 830.556191][T16065] [ 830.556200][T16065] dump_stack_lvl+0x16c/0x1f0 [ 830.556235][T16065] should_fail_ex+0x50a/0x650 [ 830.556274][T16065] _copy_from_user+0x2e/0xd0 [ 830.556299][T16065] __sys_bpf+0x21c/0x49c0 [ 830.556331][T16065] ? __pfx_lock_release+0x10/0x10 [ 830.556363][T16065] ? __pfx___sys_bpf+0x10/0x10 [ 830.556394][T16065] ? vfs_write+0x306/0x1150 [ 830.556441][T16065] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 830.556489][T16065] ? fput+0x67/0x440 [ 830.556511][T16065] ? ksys_write+0x1ba/0x250 [ 830.556540][T16065] ? __pfx_ksys_write+0x10/0x10 [ 830.556575][T16065] __x64_sys_bpf+0x78/0xc0 [ 830.556595][T16065] ? lockdep_hardirqs_on+0x7c/0x110 [ 830.556622][T16065] do_syscall_64+0xcd/0x250 [ 830.556652][T16065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 830.556682][T16065] RIP: 0033:0x7f099098d169 [ 830.556701][T16065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 830.556726][T16065] RSP: 002b:00007f0991852038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 830.556748][T16065] RAX: ffffffffffffffda RBX: 00007f0990ba5fa0 RCX: 00007f099098d169 [ 830.556764][T16065] RDX: 000000000000004a RSI: 0000400000000300 RDI: 0000000000000005 [ 830.556778][T16065] RBP: 00007f0991852090 R08: 0000000000000000 R09: 0000000000000000 [ 830.556792][T16065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 830.556805][T16065] R13: 0000000000000000 R14: 00007f0990ba5fa0 R15: 00007fff45240958 [ 830.556836][T16065] [ 831.765831][T16079] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2209'. [ 831.920314][T16078] ima: policy update failed [ 831.928029][T16074] Process accounting paused [ 831.980242][ T29] audit: type=1802 audit(4294982390.151:20): pid=16078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2209" res=0 errno=0 [ 833.582066][T16098] netlink: 'syz.4.2213': attribute type 72 has an invalid length. [ 835.034613][T16112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2216'. [ 835.059892][T16112] netlink: 11 bytes leftover after parsing attributes in process `syz.3.2216'. [ 835.490924][T16114] Malformed UNC in devname [ 835.490924][T16114] [ 835.536020][T16114] CIFS: VFS: Malformed UNC in devname [ 835.581654][ T5844] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 835.644544][T16114] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 836.083128][T16133] FAULT_INJECTION: forcing a failure. [ 836.083128][T16133] name failslab, interval 1, probability 0, space 0, times 0 [ 836.088640][T16134] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2221'. [ 836.191182][T16133] CPU: 0 UID: 0 PID: 16133 Comm: syz.3.2224 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 836.191218][T16133] Tainted: [U]=USER [ 836.191226][T16133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 836.191237][T16133] Call Trace: [ 836.191245][T16133] [ 836.191254][T16133] dump_stack_lvl+0x16c/0x1f0 [ 836.191287][T16133] should_fail_ex+0x50a/0x650 [ 836.191318][T16133] ? fs_reclaim_acquire+0xae/0x150 [ 836.191348][T16133] ? tomoyo_realpath_from_path+0xb9/0x720 [ 836.191378][T16133] should_failslab+0xc2/0x120 [ 836.191399][T16133] __kmalloc_noprof+0xcb/0x510 [ 836.191430][T16133] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 836.191466][T16133] tomoyo_realpath_from_path+0xb9/0x720 [ 836.191494][T16133] ? tomoyo_path_number_perm+0x235/0x590 [ 836.191522][T16133] ? tomoyo_path_number_perm+0x235/0x590 [ 836.191554][T16133] tomoyo_path_number_perm+0x248/0x590 [ 836.191575][T16133] ? tomoyo_path_number_perm+0x235/0x590 [ 836.191601][T16133] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 836.191655][T16133] ? __pfx_lock_release+0x10/0x10 [ 836.191680][T16133] ? trace_lock_acquire+0x14e/0x1f0 [ 836.191707][T16133] ? lock_acquire+0x2f/0xb0 [ 836.191733][T16133] ? __fget_files+0x40/0x3a0 [ 836.191767][T16133] ? __fget_files+0x206/0x3a0 [ 836.191803][T16133] security_file_ioctl+0x9b/0x240 [ 836.191832][T16133] __x64_sys_ioctl+0xb7/0x200 [ 836.191861][T16133] do_syscall_64+0xcd/0x250 [ 836.191893][T16133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 836.191923][T16133] RIP: 0033:0x7f5877d8d169 [ 836.191941][T16133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 836.191963][T16133] RSP: 002b:00007f5878ca8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 836.191985][T16133] RAX: ffffffffffffffda RBX: 00007f5877fa5fa0 RCX: 00007f5877d8d169 [ 836.192001][T16133] RDX: 0000400000000700 RSI: 00000000c4c85513 RDI: 0000000000000003 [ 836.192016][T16133] RBP: 00007f5878ca8090 R08: 0000000000000000 R09: 0000000000000000 [ 836.192037][T16133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 836.192051][T16133] R13: 0000000000000000 R14: 00007f5877fa5fa0 R15: 00007ffeef08bbd8 [ 836.192083][T16133] [ 836.244279][T16117] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(6) [ 836.361622][T16133] ERROR: Out of memory at tomoyo_realpath_from_path. [ 836.933050][T16143] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2234'. [ 838.942332][T16172] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2230'. [ 838.987731][T16171] ima: policy update failed [ 839.033191][ T29] audit: type=1802 audit(4294982405.203:21): pid=16171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2230" res=0 errno=0 [ 839.435954][T16179] Malformed UNC in devname [ 839.435954][T16179] [ 839.531927][T16179] CIFS: VFS: Malformed UNC in devname [ 839.618536][T16177] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 840.479232][T16192] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(6) [ 842.347277][T16207] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2240'. [ 842.375146][T16206] ima: policy update failed [ 842.379839][ T29] audit: type=1802 audit(4294982408.553:22): pid=16206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2240" res=0 errno=0 [ 843.683016][T16224] Malformed UNC in devname [ 843.683016][T16224] [ 843.689678][T16224] CIFS: VFS: Malformed UNC in devname [ 844.240737][T16215] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 845.992269][T16248] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2254'. [ 846.034770][T16247] ima: policy update failed [ 846.039457][ T29] audit: type=1802 audit(4294982412.213:23): pid=16247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2254" res=0 errno=0 [ 846.583641][T16258] openvswitch: netlink: Key type 140 is out of range max 32 [ 846.722791][T16264] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2258'. [ 848.796482][T16285] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2266'. [ 848.996661][T16284] ima: policy update failed [ 849.001368][ T29] audit: type=1802 audit(4294982423.172:24): pid=16284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2266" res=0 errno=0 [ 849.929960][T16295] Invalid ELF header magic: != ELF [ 850.045916][T16293] size and base must be multiples of 4 kiB [ 850.061771][T16293] CPU: 0 UID: 0 PID: 16293 Comm: syz.6.2267 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 850.061811][T16293] Tainted: [U]=USER [ 850.061819][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 850.061833][T16293] Call Trace: [ 850.061840][T16293] [ 850.061849][T16293] dump_stack_lvl+0x16c/0x1f0 [ 850.061911][T16293] mtrr_add+0xdf/0x110 [ 850.061944][T16293] mtrr_ioctl+0x7f1/0xcf0 [ 850.061973][T16293] ? __pfx_mtrr_ioctl+0x10/0x10 [ 850.062006][T16293] ? fd_install+0x242/0x750 [ 850.062047][T16293] ? __pfx_mtrr_ioctl+0x10/0x10 [ 850.062072][T16293] proc_reg_unlocked_ioctl+0x226/0x320 [ 850.062102][T16293] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 850.062136][T16293] __x64_sys_ioctl+0x190/0x200 [ 850.062162][T16293] do_syscall_64+0xcd/0x250 [ 850.062200][T16293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.062234][T16293] RIP: 0033:0x7f4af958d169 [ 850.062254][T16293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.062277][T16293] RSP: 002b:00007f4afa451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 850.062300][T16293] RAX: ffffffffffffffda RBX: 00007f4af97a5fa0 RCX: 00007f4af958d169 [ 850.062317][T16293] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 850.062332][T16293] RBP: 00007f4af960e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 850.062347][T16293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 850.062362][T16293] R13: 0000000000000000 R14: 00007f4af97a5fa0 R15: 00007ffe44648778 [ 850.062394][T16293] [ 851.764396][T16321] FAULT_INJECTION: forcing a failure. [ 851.764396][T16321] name failslab, interval 1, probability 0, space 0, times 0 [ 851.829435][T16321] CPU: 1 UID: 0 PID: 16321 Comm: syz.2.2273 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 851.829474][T16321] Tainted: [U]=USER [ 851.829481][T16321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 851.829494][T16321] Call Trace: [ 851.829501][T16321] [ 851.829509][T16321] dump_stack_lvl+0x16c/0x1f0 [ 851.829543][T16321] should_fail_ex+0x50a/0x650 [ 851.829576][T16321] ? fs_reclaim_acquire+0xae/0x150 [ 851.829609][T16321] should_failslab+0xc2/0x120 [ 851.829631][T16321] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 851.829664][T16321] ? hlock_class+0x4e/0x130 [ 851.829687][T16321] ? __alloc_skb+0x2b1/0x380 [ 851.829722][T16321] __alloc_skb+0x2b1/0x380 [ 851.829751][T16321] ? __pfx___alloc_skb+0x10/0x10 [ 851.829792][T16321] alloc_skb_with_frags+0xe4/0x850 [ 851.829814][T16321] ? mark_lock+0xb5/0xc60 [ 851.829849][T16321] ? hlock_class+0x4e/0x130 [ 851.829872][T16321] ? mark_lock+0xb5/0xc60 [ 851.829903][T16321] sock_alloc_send_pskb+0x7f1/0x980 [ 851.829943][T16321] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 851.829970][T16321] ? __pfx_lock_release+0x10/0x10 [ 851.830003][T16321] ? mark_held_locks+0x9f/0xe0 [ 851.830034][T16321] ? __local_bh_enable_ip+0xa4/0x120 [ 851.830070][T16321] qrtr_sendmsg+0x31a/0x790 [ 851.830097][T16321] ? __pfx_qrtr_bcast_enqueue+0x10/0x10 [ 851.830125][T16321] ? __pfx_qrtr_sendmsg+0x10/0x10 [ 851.830150][T16321] ? aa_file_perm+0x4c6/0xfe0 [ 851.830192][T16321] sock_write_iter+0x4fe/0x5b0 [ 851.830218][T16321] ? __pfx_sock_write_iter+0x10/0x10 [ 851.830258][T16321] ? copy_iovec_from_user+0x138/0x170 [ 851.830288][T16321] do_iter_readv_writev+0x655/0x950 [ 851.830319][T16321] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 851.830354][T16321] ? bpf_lsm_file_permission+0x9/0x10 [ 851.830386][T16321] ? security_file_permission+0x71/0x210 [ 851.830417][T16321] ? rw_verify_area+0xcf/0x680 [ 851.830447][T16321] vfs_writev+0x363/0xdd0 [ 851.830473][T16321] ? find_held_lock+0x2d/0x110 [ 851.830504][T16321] ? __pfx_vfs_writev+0x10/0x10 [ 851.830530][T16321] ? find_held_lock+0x2d/0x110 [ 851.830561][T16321] ? __pfx_lock_release+0x10/0x10 [ 851.830588][T16321] ? trace_lock_acquire+0x14e/0x1f0 [ 851.830625][T16321] ? __fget_files+0x206/0x3a0 [ 851.830663][T16321] ? do_writev+0x297/0x340 [ 851.830687][T16321] do_writev+0x297/0x340 [ 851.830715][T16321] ? __pfx_do_writev+0x10/0x10 [ 851.830753][T16321] do_syscall_64+0xcd/0x250 [ 851.830784][T16321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 851.830814][T16321] RIP: 0033:0x7f099098d169 [ 851.830833][T16321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 851.830860][T16321] RSP: 002b:00007f0991852038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 851.830884][T16321] RAX: ffffffffffffffda RBX: 00007f0990ba5fa0 RCX: 00007f099098d169 [ 851.830900][T16321] RDX: 0000000000000008 RSI: 0000400000000100 RDI: 0000000000000004 [ 851.830914][T16321] RBP: 00007f0991852090 R08: 0000000000000000 R09: 0000000000000000 [ 851.830928][T16321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 851.830942][T16321] R13: 0000000000000000 R14: 00007f0990ba5fa0 R15: 00007fff45240958 [ 851.830974][T16321] [ 853.946055][T16341] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2276'. [ 856.072884][T16365] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2282'. [ 856.173496][T16364] ima: policy update failed [ 856.185145][ T29] audit: type=1802 audit(4294982430.352:25): pid=16364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2282" res=0 errno=0 [ 860.990501][T16432] netlink: 186 bytes leftover after parsing attributes in process `syz.4.2299'. [ 862.844312][T16446] Process accounting resumed [ 863.845436][T16457] Malformed UNC in devname [ 863.845436][T16457] [ 863.991311][T16457] CIFS: VFS: Malformed UNC in devname [ 864.408052][T16457] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 870.317867][T16544] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2324'. [ 870.543998][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.550438][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.735078][T16550] ima: policy update failed [ 871.752131][ T29] audit: type=1802 audit(4294982469.906:26): pid=16550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2326" res=0 errno=0 [ 876.164328][T16582] Invalid ELF header magic: != ELF [ 876.357883][T16569] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 876.403454][T16569] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 876.451951][T16569] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 876.490876][T16569] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 877.021800][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 877.052189][T16612] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2340'. [ 877.111967][T16617] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 877.688004][T16626] FAULT_INJECTION: forcing a failure. [ 877.688004][T16626] name failslab, interval 1, probability 0, space 0, times 0 [ 877.781636][T16626] CPU: 1 UID: 0 PID: 16626 Comm: syz.6.2342 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 877.781670][T16626] Tainted: [U]=USER [ 877.781677][T16626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 877.781688][T16626] Call Trace: [ 877.781695][T16626] [ 877.781704][T16626] dump_stack_lvl+0x16c/0x1f0 [ 877.781738][T16626] should_fail_ex+0x50a/0x650 [ 877.781771][T16626] ? fs_reclaim_acquire+0xae/0x150 [ 877.781810][T16626] ? s_start+0x7b/0x320 [ 877.781838][T16626] should_failslab+0xc2/0x120 [ 877.781860][T16626] __kmalloc_cache_noprof+0x68/0x410 [ 877.781888][T16626] ? rcu_is_watching+0x12/0xc0 [ 877.781913][T16626] ? trace_kmalloc+0x2d/0xd0 [ 877.781942][T16626] s_start+0x7b/0x320 [ 877.781976][T16626] traverse.part.0.constprop.0+0xac/0x640 [ 877.782016][T16626] seq_read_iter+0x934/0x12b0 [ 877.782057][T16626] seq_read+0x39f/0x4e0 [ 877.782085][T16626] ? __pfx_seq_read+0x10/0x10 [ 877.782130][T16626] ? rw_verify_area+0xcf/0x680 [ 877.782158][T16626] ? __pfx_seq_read+0x10/0x10 [ 877.782186][T16626] vfs_read+0x1df/0xbf0 [ 877.782216][T16626] ? __fget_files+0x1fc/0x3a0 [ 877.782246][T16626] ? __pfx_lock_release+0x10/0x10 [ 877.782276][T16626] ? __pfx_vfs_read+0x10/0x10 [ 877.782306][T16626] ? lock_acquire+0x2f/0xb0 [ 877.782333][T16626] ? __fget_files+0x40/0x3a0 [ 877.782367][T16626] ? __fget_files+0x206/0x3a0 [ 877.782406][T16626] __x64_sys_pread64+0x1f6/0x250 [ 877.782437][T16626] ? __pfx___x64_sys_pread64+0x10/0x10 [ 877.782478][T16626] do_syscall_64+0xcd/0x250 [ 877.782509][T16626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.782539][T16626] RIP: 0033:0x7f4af958d169 [ 877.782559][T16626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 877.782580][T16626] RSP: 002b:00007f4afa451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 877.782602][T16626] RAX: ffffffffffffffda RBX: 00007f4af97a5fa0 RCX: 00007f4af958d169 [ 877.782618][T16626] RDX: 000000000000000f RSI: 0000400000000000 RDI: 0000000000000003 [ 877.782632][T16626] RBP: 00007f4afa451090 R08: 0000000000000000 R09: 0000000000000000 [ 877.782646][T16626] R10: 00000000000005af R11: 0000000000000246 R12: 0000000000000001 [ 877.782659][T16626] R13: 0000000000000000 R14: 00007f4af97a5fa0 R15: 00007ffe44648778 [ 877.782690][T16626] [ 877.782701][T16626] [ 878.015724][T16626] ===================================== [ 878.021260][T16626] WARNING: bad unlock balance detected! [ 878.026791][T16626] 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 Tainted: G U [ 878.035364][T16626] ------------------------------------- [ 878.040909][T16626] syz.6.2342/16626 is trying to release lock (event_mutex) at: [ 878.048453][T16626] [] traverse.part.0.constprop.0+0x2bd/0x640 [ 878.056003][T16626] but there are no more locks to release! [ 878.061701][T16626] [ 878.061701][T16626] other info that might help us debug this: [ 878.069752][T16626] 1 lock held by syz.6.2342/16626: [ 878.074850][T16626] #0: ffff88807febf668 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xd8/0x12b0 [ 878.083739][T16626] [ 878.083739][T16626] stack backtrace: [ 878.089635][T16626] CPU: 1 UID: 0 PID: 16626 Comm: syz.6.2342 Tainted: G U 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 878.089661][T16626] Tainted: [U]=USER [ 878.089666][T16626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 878.089676][T16626] Call Trace: [ 878.089683][T16626] [ 878.089691][T16626] dump_stack_lvl+0x116/0x1f0 [ 878.089714][T16626] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 878.089740][T16626] print_unlock_imbalance_bug+0x1aa/0x1f0 [ 878.089764][T16626] lock_release+0x525/0x6f0 [ 878.089787][T16626] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 878.089809][T16626] ? __pfx_lock_release+0x10/0x10 [ 878.089831][T16626] ? mark_held_locks+0x9f/0xe0 [ 878.089854][T16626] ? dump_stack_lvl+0x185/0x1f0 [ 878.089874][T16626] ? lockdep_hardirqs_on+0x7c/0x110 [ 878.089897][T16626] __mutex_unlock_slowpath+0xa3/0x6a0 [ 878.089920][T16626] ? rcu_is_watching+0x12/0xc0 [ 878.089938][T16626] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 878.089959][T16626] ? rcu_is_watching+0x12/0xc0 [ 878.089977][T16626] ? rcu_is_watching+0x12/0xc0 [ 878.089995][T16626] ? kfree+0x260/0x4d0 [ 878.090016][T16626] ? __kasan_kmalloc+0x8a/0xb0 [ 878.090043][T16626] traverse.part.0.constprop.0+0x2bd/0x640 [ 878.090068][T16626] seq_read_iter+0x934/0x12b0 [ 878.090093][T16626] seq_read+0x39f/0x4e0 [ 878.090113][T16626] ? __pfx_seq_read+0x10/0x10 [ 878.090139][T16626] ? rw_verify_area+0xcf/0x680 [ 878.090159][T16626] ? __pfx_seq_read+0x10/0x10 [ 878.090180][T16626] vfs_read+0x1df/0xbf0 [ 878.090202][T16626] ? __fget_files+0x1fc/0x3a0 [ 878.090225][T16626] ? __pfx_lock_release+0x10/0x10 [ 878.090248][T16626] ? __pfx_vfs_read+0x10/0x10 [ 878.090270][T16626] ? lock_acquire+0x2f/0xb0 [ 878.090292][T16626] ? __fget_files+0x40/0x3a0 [ 878.090316][T16626] ? __fget_files+0x206/0x3a0 [ 878.090342][T16626] __x64_sys_pread64+0x1f6/0x250 [ 878.090365][T16626] ? __pfx___x64_sys_pread64+0x10/0x10 [ 878.090392][T16626] do_syscall_64+0xcd/0x250 [ 878.090414][T16626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 878.090439][T16626] RIP: 0033:0x7f4af958d169 [ 878.090454][T16626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 878.090472][T16626] RSP: 002b:00007f4afa451038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 878.090488][T16626] RAX: ffffffffffffffda RBX: 00007f4af97a5fa0 RCX: 00007f4af958d169 [ 878.090501][T16626] RDX: 000000000000000f RSI: 0000400000000000 RDI: 0000000000000003 [ 878.090512][T16626] RBP: 00007f4afa451090 R08: 0000000000000000 R09: 0000000000000000 [ 878.090523][T16626] R10: 00000000000005af R11: 0000000000000246 R12: 0000000000000001 [ 878.090534][T16626] R13: 0000000000000000 R14: 00007f4af97a5fa0 R15: 00007ffe44648778 [ 878.090551][T16626] [ 878.483749][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 878.490030][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 878.497183][ T5844] Bluetooth: hci3: command 0x0406 tx timeout