last executing test programs: 4m44.020174404s ago: executing program 2 (id=1777): r0 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x2, 0x0) read$auto(r0, &(0x7f0000000080)='\xb6\xba\xba@@ro\xac\xed\xaaO\x8fEty\xaeL\xef\xa9\xbb4\x19\xafr\x04\x00Y\xb9\x1d\x9f\x15\xfb\xbcx78\x988Y=I\xc6\xcc\x18\x9a\xc5\x17\r\xe1\x9b\x17\xec\xb5fvN\xa1J?$e\xbd[+u\xd8\xad\xb4C\xa2,\x88b\xb3\x11\x03\xec', 0xa) pread64$auto(r0, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x1000, 0x7) 4m43.920549677s ago: executing program 2 (id=1779): r0 = open(&(0x7f0000000080)='./file0\x00', 0x22a40, 0x154) fcntl$auto(r0, 0x400, 0x1) r1 = fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) open(&(0x7f0000000040)='./file0\x00', 0x369443, 0x40) r2 = socket(0x1f, 0x2, 0x6) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x5}, 0xa) sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000001700)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000016c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="04000000", @ANYRES16=0x0, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32, @ANYBLOB="00ce00f7800804701d", @ANYRES32=r3, @ANYBLOB="04004c8008002f06", @ANYRES32=0x0, @ANYBLOB="a68a719f198cfd0578693b7d7097d7983f80e42a1d6f6846b4557976d54927519ce518b76b8201357d03909d3df4a549c13bd545a35e8be156253a594d7d40c492716207dd2f998f990e67f6f1a08f6496bf607cd9d8eb066e433350360bf70bb97e0782683a73c9b6c9a9023696429e17edb7546beda207da2cd055c126bd4991ea61496b58e1bb6da16726ff6a0c2b811616edb773edee2023e2536d47fa520799fb234c70b5778434609decf7d52dabe596efb6bd00000500090003000000"], 0x11d8}, 0x1, 0x0, 0x0, 0x20008805}, 0x4851) getsockopt$auto_SO_TIMESTAMPING_NEW(r2, 0xc, 0x41, &(0x7f00000000c0)='@(^\x00', &(0x7f0000000100)=0x4) close_range$auto(0x2, 0x8, 0x0) write$auto_ftrace_enable_fops_trace_events(r1, &(0x7f0000000000)="e4c5a1c72209ce775f2963346992a8ed36049d4d6687d4c67d32a43f5cd91fafe0eab1b9d1", 0x25) 4m43.561409621s ago: executing program 2 (id=1780): r0 = socket(0x2, 0x801, 0x100) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r0, r1, 0x0, 0x7fffe000) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd6/queue/zoned\x00', 0x6a980, 0x0) read$auto(r2, 0x0, 0x6) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) pread64$auto(0xffffffffffffffff, 0x0, 0x100000009, 0x7) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = epoll_create$auto(0x3e) epoll_ctl$auto(r3, 0x1, 0x8000000000000000, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/dummy_udc.4/udc/dummy_udc.4/function\x00', 0x0, 0x0) r5 = socket(0x25, 0x2, 0x10008) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, 0x0, 0x101000, 0x0) lseek$auto(r5, 0x5, 0x2) ioctl$auto_MON_IOCX_GET(0xffffffffffffffff, 0x40189206, 0x0) read$auto_mon_fops_binary_mon_bin(0xffffffffffffffff, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x88202, 0x0) 4m41.888147362s ago: executing program 2 (id=1782): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x8, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x8, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) (async) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0xffffffff, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) unshare$auto(0x40000080) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/name\x00', 0x8e0a00, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r0, &(0x7f0000000180)=""/4125, 0x101d) (async) read$auto_drm_debugfs_entry_fops_drm_debugfs(r0, &(0x7f0000000180)=""/4125, 0x101d) prlimit64$auto(0x0, 0x0, 0x0, 0x0) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000001240)={0x100, 0x8, 0x85, 0x6, 0x6, 0x0}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000011c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:09/sun\x00', 0x129141, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000001280), 0x20e800, 0x0) pread64$auto(r2, 0x0, 0x14f7ebd9, 0x4) (async) pread64$auto(r2, 0x0, 0x14f7ebd9, 0x4) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000010c0)=""/95, 0x5f) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000010c0)=""/95, 0x5f) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x5) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x400, 0x0) (async) r4 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x400, 0x0) read$auto(r4, 0x0, 0x9) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) (async) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x11, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x11, 0x2, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_SET_CPT_STATE(r3, 0x7b2, 0x0) r5 = prctl$auto(0x1000000003b, 0x1, r1, 0x5, 0x10004) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r5, &(0x7f0000001200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000004f40)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES16], 0x38}, 0x1, 0x0, 0x0, 0x400c8c0}, 0xc000) mmap$auto(0x6, 0x8000020009, 0x1ff, 0xeba, r0, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) 4m41.190841318s ago: executing program 2 (id=1784): mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) write$auto_drm_edid_fops_drm_debugfs(0xffffffffffffffff, &(0x7f00000015c0)="3995586495c3ec927131b8b0d4cbfe44868003f083bfd46bf5e48ea564f3fa4a2b7f20eb701dc295526d0d072b25dd02c55a928e46f9be50117e30cd1a403e9e689b8edb526c7930783ae89bff230695c8834dc9d216f2fea6bbd0d1b17d03bfdee8421480585ed27b7e587f245379b69bfa42a3c78dbba1676806eb25a401eb1e972e8ca9315809147cb15dbb9e1fc70be47e562885c71180184726fc3201afeec1406155d5c97109eb86430220175b677d6f4f82629a09fe417feaf2a68c7529666f276cc3ad85a067e1c805f09f2094a680ee790ec8e93b8ff4716ec2ee2c4a103875d73bedbf319910a684e56f24598100a2b14944c56b62f0e94ec0245233d6dc5d914ebcf287a7e4a517c0f1522546d5cf59f07392cc7127311a475897b36834eae277c8d3339b47b1ca3a67a66e332cccce56a550b42a35d36fad8ee35640d639895fb1f120e596866ea5d005324b4a160fe151d2bc526b46db509be97fafc7af316343d4ad2c22eaeae27093897a51c0b77f2bc7dfa40c8abf5b7041d18121018662e0d5d174ebbb774210113ec04cdcc2db45aff900043146cb849498356232081d3057acfccaa1bc71a920d8475c82712f085bd85c37a0301cc69df54d8df3e2601443cd0a35ac8f58ad61200e202080a42f8894554e206e1aecd33031adbd446e7f2c2197374bd4e5ebdca3d7b232f408d39d8a5f29d5742ec9cb0fe5a94d7cb8b04f5970fd45cf50803a2793257baec8e5ad44ac89a447ae5424752f706c665cd89e0013794e0bc72954814ce08a9c9169b9e4c62ce2a2c9b1a35429864589fa1ad963018eea9b807e82acbec4516d8b1fe05a853451f200cb0a9a8aafdfd9fb73c30475034012da95216a829f4a6e05cf38b93cd286dee42d9c13aa65c2de79157d35ecac37af9d5d369b641068fa45b2f253014105fbb6e078adcc9c9f483c0cbeeae19c03554c614c18e5ff3449fb1cd6127ccd7c1ec03088091b5bdddacf0184da30dbdcf4a9d3629737f155809d027cacd3f65a509104fd40af15748c72ad430445b309bf8de2f7b7af88d6430c80ff4468bd347dd594da9ee4390807bd7adc8910a22cf68b8a30497e352cb017c1af91", 0x319) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0x7) r0 = socketpair$auto(0x21, 0x7, 0x1, 0x0) socket(0xa, 0x2, 0x3a) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), r0) sendmsg$auto_NFSD_CMD_VERSION_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x400, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card2\x00', 0x20000, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 4m41.024421095s ago: executing program 2 (id=1787): mmap$auto(0x0, 0x40001b, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x40001b, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) writev$auto(0x3, &(0x7f00000000c0)={0x0, 0x7111}, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800000008000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800000008000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x361cc1, 0x0) (async) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x361cc1, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) (async) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) r2 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) (async) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r2, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) (async) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) 4m26.038982348s ago: executing program 32 (id=1787): mmap$auto(0x0, 0x40001b, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x40001b, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) writev$auto(0x3, &(0x7f00000000c0)={0x0, 0x7111}, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800000008000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800000008000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x361cc1, 0x0) (async) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x361cc1, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) (async) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) r2 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) (async) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r2, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) (async) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) 7.888444141s ago: executing program 4 (id=2571): mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket(0xf, 0x5, 0x84) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r1 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) pwrite64$auto(r1, 0x0, 0x2, 0x0) 7.73876307s ago: executing program 0 (id=2572): mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket(0xf, 0x5, 0x84) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x8}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) creat$auto(&(0x7f0000000040)='./file0\x00', 0x4a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r3 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) pwrite64$auto(r3, 0x0, 0x2, 0x0) 6.935324143s ago: executing program 4 (id=2576): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22a40, 0x1d4) r1 = fcntl$auto(r0, 0x400, 0x1) mmap$auto(0x0, 0x40000c, 0xe0, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x800000}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r1, 0x8, r0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) keyctl$auto(0x1e, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) semctl$auto(0x8, 0x806, 0x13, 0x46) setsockopt$auto(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x10000) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x19, 0x3, 0x948b, 0x8000000000000002, 0x15f4da03, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8000000000000000]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf81, 0x6, 0x0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x2) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r2 = socket(0xa, 0x1, 0x0) close_range$auto(r2, r1, 0x1000001) r3 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000080), r3) socket(0x2, 0x3, 0xa) 6.586694768s ago: executing program 0 (id=2577): socket(0x2, 0x801, 0x100) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd6/queue/zoned\x00', 0x6a980, 0x0) read$auto(r0, 0x0, 0x6) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) pread64$auto(0xffffffffffffffff, 0x0, 0x100000009, 0x7) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x25, 0x2, 0x10008) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x640, 0x0) ioctl$auto_MON_IOCX_GET(r3, 0x40189206, 0x0) read$auto_mon_fops_binary_mon_bin(r3, 0x0, 0x0) 5.663172218s ago: executing program 4 (id=2579): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{&(0x7f0000000180), 0x10001, 0x0, 0x7f, 0x0, 0x1f, 0x2}}, 0x4, 0x20200000) io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0x45d83, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000140)='nfsd\x00', 0x10000, 0x0) r3 = socket(0x18, 0x805, 0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x40047452, 0x0) mount$auto(0x0, &(0x7f0000000740)='}[,&*}\x00', 0x0, 0xfffe, 0x0) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) open(0x0, 0x161342, 0x100) msync$auto(0x200000000000000, 0x1800000ff010000, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) msgctl$auto(0x8000, 0x6, 0x0) socket(0x21, 0x2, 0x2) 4.718011511s ago: executing program 0 (id=2583): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000005340), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_NEW(r0, &(0x7f00000054c0)={0x0, 0x30000, &(0x7f0000005480)={&(0x7f00000003c0)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_ACTIONS={0x4}]}, 0x20}, 0x1, 0x50, 0x0, 0x4000}, 0x20008844) 4.406699059s ago: executing program 1 (id=2584): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x6e17ac1e9049ce52) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x88e00, 0x0) read$auto_uprobe_events_ops_trace_uprobe(r0, 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r1 = open(&(0x7f0000000080)='./file0\x00', 0x22240, 0x154) r2 = fcntl$auto(r1, 0x7fffffff, 0x0) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000015c0)='/sys/devices/virtual/block/ram7/trace/act_mask\x00', 0x0, 0x0) ioctl$auto_XFS_IOC_BULKSTAT(r1, 0x8040587f, &(0x7f0000001600)=ANY=[@ANYBLOB="7f0000000000000007000000060000000500000000000000030000000000000009000000000000000500000000000000fffffeffffffffff030000000000006ac6efe122472c51bb000a0000000000000005000000000000000000000001000000ffffffff0000000003000000000000000000000000000000ffffff7f00000000080000000000000006000000d02788990fd630cbb7445988618cd8b7a2a10a75623dfb316d071d39d924d01f9ad544c3d9fe52e512f821cc078d2f42dec5f81fb8fba5795565dd1bc1114bac3256b2bdc3b66d561891a558757694db97f037321de5d4f3e681759274354b67431092db17b55c8af4f89a4c887f3df08dab74", @ANYBLOB="d80ef521f457d44c90e345bc9ca0dd1ea8c2103d5e78af478c0d8cc2bf53a772a9484959b7e3acc32c81c68d7bb9e1af1fcd72334fd64da972302ab3d216fcf7dbef996d0d0d2693968998eeca8defc509c79759f2c476a0a2a09202a37baeed75716978b561cc00cf4fea074c0243c4bb7300d2ecb18c6b1a47b96f1829f355122a3c3340583ed9f911d86144f9517822d50185ec06db1d1393d5d90d31046a3ab0c7852f326155ed5e6d41dd269ebb97efc0e2619fbb33a7227df705e57f1a581a7f74a01395dfec29d159bbbd891a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000fcffffff09000000f7ffffff0400000001000000090000000101000002000000fbffffff080000000004000500000001060000006e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037a8000000000000008002000000000005000000000000000002000000000000010000000000000009000000000000004de200000000000005000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0800000001000080040000000700000000100000a50000000e00000000080000050000009600000003000000080007000400050000020000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000014090000000000000006000000000000000600000000000000010000000000000004000000000000002598000000000000ffffffff", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="01800000040000000500000002000000060000000d000000010000000b0000000004000009000000000000000300000001000600140680002b0a00000d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e4c72670000000000000000000000000600000000000000f4ffffffffffffff217100000000000007000000000000000400000000000000030000000000000005000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0400000005000000050000009b30000010000000000100000700000097b15042080000000000000080000000ffffff073000030009040000f4ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000008100000000000000000000000100000004000000000000000300000000000000090000000000000001fcffffffffffff0800000000000000474f0000", @ANYRES32, @ANYRES32=0x0, @ANYRES64=r2]) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000140)=""/12, 0xc) 4.109650659s ago: executing program 0 (id=2585): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) write$auto_rfkill_fops_core(r1, &(0x7f0000000040)="a5cac73806f9a7", 0x7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, 0x0) fanotify_init$auto(0xff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0xc0603d06, 0x0) sethostname$auto(0x0, 0xdd7) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r5, 0x0, 0x3) clock_settime$auto(0x1, 0x0) write$auto_vga_arb_device_fops_vgaarb(0xffffffffffffffff, &(0x7f00000000c0)="ca69aa1de770364cf182ac972b3c5ed3b3aad825bcd1675d6e50c593d927baa42c75f69d3a1953feb857a8bdaa1395b1ba4a85552d57f5e3ff825497873ec9c74885d23498e99b933fc4c63bb165bfa4f4f22b26d3baadcdaae162df156c964952e38126ca6c", 0x66) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8002001f, 0x79d, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) 3.734175988s ago: executing program 4 (id=2594): r0 = socket(0xa, 0x2, 0x73) getsockname$auto(r0, 0x0, &(0x7f0000000280)=0xaea) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000400), 0xffffffffffffffff) r2 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0) ioctl$auto_LOOP_CTL_ADD(r2, 0x4c80, 0x0) r3 = syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0, 0x52}, 0x58) ioctl$auto_LOOP_CTL_GET_FREE(r2, 0x4c82, r3) r4 = openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f0000000440), 0xc9ca9cc88a06e028, 0x0) r5 = getpgid(0x0) r6 = prctl$auto(0x9, 0x7, 0x0, 0x8, 0x3) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xcf, 0xfffffffffffffffc, 0x4) sendmsg$auto_TIPC_NL_ADDR_LEGACY_GET(r0, &(0x7f0000000d40)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000480)={0x2c0, r1, 0x300, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0xa9, 0x5, 0x0, 0x1, [@typed={0x8, 0x56, 0x0, 0x0, @pid=r3}, @generic="d09102daa8c86b534d31edc31052d7b809ad4442ab", @nested={0x7d, 0x6f, 0x0, 0x1, [@typed={0xc, 0x2d, 0x0, 0x0, @u64=0x9}, @typed={0x17, 0x66, 0x0, 0x0, @binary="74e7cb0796bc75485d8cc08f3d53830398ae72"}, @generic="5a8a09ce014953332a5aec92e1046bbed5f629f23beed537c4bf7fc5f46e66e5681ff92e08102e0ea412259696bd50df2bf7198a549ca59ef93608b7adf50566d5", @typed={0x14, 0xba, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x2b}}]}, @typed={0x8, 0x40, 0x0, 0x0, @fd=r4}]}, @TIPC_NLA_UNSPEC={0x7e, 0x0, "855fb4ee72a5e756e03a9663fc71ecd7773d8d4a87a8aaba99c7ea740c5fcd01998a4522f1d18d5a4a6bf8a8ae522439097d41f7ab8b009588f3cdeb3b37d4699af2904b4f8bd57bc59a196100224905baf31a59fd2a36340bda88e4a9267f1f1f9daaca46fc5c4b3d44234d70391548acb271270f0120d256af"}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0xd9, 0x0, 0x0, @u32=0x2}]}, @TIPC_NLA_NET={0x174, 0x7, 0x0, 0x1, [@typed={0x8, 0x32, 0x0, 0x0, @u32=0x6}, @typed={0x8, 0xa4, 0x0, 0x0, @pid=r5}, @nested={0x15f, 0xe6, 0x0, 0x1, [@generic="01d74ef6ff38fe41c8932c855303a9e58ae58d4311cc3a65c8bb7af7e9f5be6e1322df431212c7c2d928e8fef3c99ae13bca3e1a22f175226942827ede5979364d15ac39176fa04dd1414981c0807648ea5cfec04e861969f3568cc1d91ff0b23335114aada21b50d12f7991a076c4d2d082441e3a56813d10c48b9c89df080d4589a47f78398af0195377eee672da8a1a859893178debe3c9e8ea037ff5ae7bd36a9b97361b04", @typed={0x8, 0x13a, 0x0, 0x0, @fd=r6}, @nested={0x4, 0x12f}, @typed={0x14, 0xa, 0x0, 0x0, @ipv6=@private2}, @generic="0582785b7cbd17d2a64131b4f0627ba645ac14f6e40fd6237004673ee9373f2bd1fa98e7706a3a87f58b233c15f9004ece9d9cd60866120eae2243e25050188d9e19093bb9fec8fe20c3b3485fd5aa30248341eaa32b7a709122f07f10cd0b668b640e892aa16de7e87bf7892df5e0616595a2ca75d6d1fcbf970399b0cee1b2ef3cd6b19eef0234dd593758", @nested={0x4, 0x78}, @nested={0x4, 0x12}]}]}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40c0000) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r7, 0x0, 0x4d) pwrite64$auto(r7, &(0x7f00000001c0)='SMC\x05\xf9\xa2\xa3\xa9\xa4\xac1\x14\x00\x00\x00\x00', 0xc, 0x20001000000007) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa3182, 0x0) r9 = openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/stats\x00', 0x0, 0x0) readv$auto(0x3, 0x0, 0x3) readv$auto(r9, &(0x7f0000000100)={&(0x7f00000000c0)="34df339816", 0xf}, 0x1) sendfile$auto(r8, r8, 0x0, 0x100000000) r10 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto_BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)=@link_create={@prog_fd=r7, @target_fd=r7, 0x80000000, 0xb3, @tracing={0x1}}, 0x3) r12 = socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_FEATURES_GET(r12, &(0x7f0000003080)={0x0, 0xfffffffffffffdb2, &(0x7f0000003040)={&(0x7f0000002fc0)={0x20, r13, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004800}, 0x0) r15 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), r11) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r15, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x48c0}, 0x810) ioctl$auto_TIOCSTI2(r11, 0x5412, &(0x7f0000000300)="1aa241a11e7401d71df66d0c855b908e5532d7cc9c52cf242060d3efa142d6cf638aadb57824b1fc02d1e16efe324f130df2687bc28a34fa451ff9bc777428eeabed38a3271330384074a168d55353ec61f06c7c27ca91bde3aa8d77d444170e5d84a73c6bcaba2ce72b0be75025d0cbad72184551d6d4c76784bd8078b88a416184b3ebd3e3289cc9fd74b550b558005ab5a3cb3168c3f6") 3.71025886s ago: executing program 1 (id=2587): sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c040}, 0x20000001) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r1, 0x40, 0x80}, 0x2, 0x0, 0x0, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c02, 0x0) 3.467561902s ago: executing program 3 (id=2588): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000005340), 0xffffffffffffffff) prctl$auto(0x41, 0x201, 0x0, 0x0, 0x0) sendmsg$auto_OVS_FLOW_CMD_NEW(r0, &(0x7f00000054c0)={0x0, 0x30000, &(0x7f0000005480)={&(0x7f00000003c0)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_ACTIONS={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20008844) 3.075211142s ago: executing program 4 (id=2589): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040840}, 0x40040) (async, rerun: 32) sched_rr_get_interval$auto(0xffffffffffffffff, &(0x7f0000000180)={0x1, 0x2}) (async, rerun: 32) r3 = openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/bluetooth/hci3/msft_opcode\x00', 0x220240, 0x0) splice$auto(r0, &(0x7f00000001c0)=0x4e71, r3, &(0x7f0000000240)=0x7, 0x8, 0x3) (async) r4 = syz_genetlink_get_family_id$auto_ila(&(0x7f00000002c0), r3) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'veth1_to_bond\x00', 0x0}) (rerun: 32) sendmsg$auto_ILA_CMD_FLUSH(r1, &(0x7f00000003c0)={&(0x7f0000000280), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r4, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ILA_ATTR_IFINDEX={0x8, 0x4, r5}, @ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x81}, @ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x9b}, @ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) mincore$auto(0xfffffffffffffffe, 0xfffffffffffffffd, &(0x7f0000000400)='nl80211\x00') r6 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000480), r1) sendmsg$auto_TCP_METRICS_CMD_DEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x28, r6, 0x8, 0x70bd2b, 0x25dfdbfe, {}, [@TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040081}, 0x4) r7 = pipe$auto(&(0x7f0000000580)=r3) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(r8, &(0x7f00000005c0)="07f0c5b711de1102d7a534c50fed9122f4b34cae481829", 0x17) io_cancel$auto(0x2, &(0x7f0000000600)={0x80000001, 0x5, 0x1, 0x6, 0x1000, r1, 0x16, 0xd, 0x8a9, 0x0, 0xffff, r7}, &(0x7f0000000640)={0x5a4b, 0x7ff, 0xff, 0x32f}) read$auto_userio_fops_userio(r9, &(0x7f0000000680)=""/249, 0xf9) (async) sendmsg$auto_NL80211_CMD_STOP_AP(r9, &(0x7f0000001840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001800)={&(0x7f00000007c0)={0x103c, r2, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_RECEIVE_MULTICAST={0x4}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x1}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x9}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x3}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x12}, @NL80211_ATTR_MNTR_FLAGS={0x1004, 0x17, "f73f683ae47210c166478af211415a8ca7e450ebae15e9575c496824f6e93683c54094785f2e3043e305dec5c24bb9d38664e4f74a3a459b726ba3323da60749c1af833e271d3f955908d5ecdae17b81d1ca2ba60d691103840eced782be9d705f34ed1a6e5f0141d7a31caeac6afc7398a68e199de956662c1af0fe01316e9bf8e03f7073defabe09c0e285bf910c36f83802de20c92d09e5b1f0bf65b365111d78eead4f9d124237c73be71e07d2c64a50566d76478585da98e5503f23e3f4b0ccddb40ad9ae24b172f402bdb735ea9aacfa91aecf6ae7c7206398e4cfafd93a885263a1b5bb9e6478bd153f2ca446a852d603a56da2f4e93cf4bbf65ff794410924bd94d39fe47e35245486fabf2d096edecacaf768010d6a578d8883b3866c029cfbe6f298e117c38eaad980baabbffa182817c6942af70822dddc162f586bc784b0c22a12ba753fcba9e3e14c79b887f029e532dd1ff2af2a77ff30dce677dfab2c938e56f90ae4d243eb8a3ccef39a6145d3239e519ee305cfec566b147a886c452b7cfa583dd24eb50defc29090ab2ceeb98c07a6abe8a2e969e64554904dd6385be7b28f47ac607b045dac7dbaeacdcaeefb8ae8c40b9e5b979a0cf03de1d67e9d94fe7c3fbacea9688f416348afc74b7be6e504b537e8713e5c1b6032b6ea725b380e39c1628608f2c92bed5e9cae3a114a9c27fdc811837217bf0ea4794b1256eeb8f889071f8504ebe8e93990f5b7e0c6b0666ea18ae7622d60a5e2f0dd632a88bfd1c01e492cee5ae01d03c6d8a14f29cc7267437640d1dd2b7cb530bd5f22aad5fb5f4b963aa9f1008239233e58322529b19aa2d52152c71844b820c2d59cf5f344667da13bb959bc84cbc7cb59417ce6b2427308c82c220d010f8812c074036782567ca8c81aa52af1785e80b68071186dc4e0048c5c1539834014e9540cf82161af80d47ccbe568171ebbf3e4a16cea369d1684e239a1cd0cb2a8053b2aef3c628be1ba4bc6940da597ccfb7467f4fa2b962fb9cfdad72a3944881f3a2a76a4eec498bca7024a92139835940a3b8941f3eab222ecbc57da48654d4afdd7248cd4ef39af308a44dd095efbe7c25adc7492906f585fa8e8df98b61644ff918fea61d963a4479e9718fa51dd818c33947086f123b72efb9e331aa5552a79570bc830eb2458b66d7524d4ce8c3362ccc49ebf3853078d99a186428c5de1d22cd109a8e6bff75c1b11f521b397eb8ccd05f701aebd0a2abf6ce0298667c3b14bd95efd76d11de148e6cdccfc27b02a86082e5e8a795a84de4afe96b9fd0f42e0922b8eac8f8ae86da98ef10a303dcf86e9181411d9f8d3ada7ccdff7c9e78773f766f41a70596f6d7670c1a613edd85fc940db4590b0a7a231a8882e031126f1624d38fee5e5c7be9d68bae47176d9c7311c50d76681268e489e23616f6deff1ee1889a04b2e264968d59533321738f9620c51e08d9447cb97351beb357984575958b34d5f18c1efea4c28477d62c0e57793a098c2d4e2a3b9f84bb13c4fddc442ce31e9782ba9f7278b92b754903bc4f333c5f9fda8cace2c84c94e199e8a5184bc27c658d90c78818abfd28115c199dd38784970a659897cb7d81291fa15158cd6b71ff8e9f8849f89e3ef5f0913db184cc641ed11eebf746283fcba86d3d45b048eaa20b40475dfcc37baf85541680944c53082b0dcb085ed4711cc06dac4792d7e91b315b12d6a2b97a6c222290359aaa867233886917a787f49b8d362dcc74b9758ed59cb4ccc2321e6aeb9929709d01118037141dcf720a8cecec582d2e993ccd1ace34c0cf75fbcde55530e5cdb24b69f242e68c71775873e396e422735c497329ad95adcd93ccde7e6aae1795285eee3062ff398192390b066b88c368a665838556ad72d36cd908045468b660635b8e40b65e801d270f0e00152686051c822fea92d320fac36e3c435dcf966c6174d961eb782f4581a40d51780a751833f11dbeeb844f1a27709b5941d2da98513c8dad726e596b7ba2f3919d9601ea34838eb99a37e64e448310f301d5397721a3de2b1ae4ea5fb2158949bca821272b12b8428decceea6a7a0defd59d3dfbc7adc3c9bddd41e0e93b2ff6a746e03625720798505816d5f4774a7fae3596b0b25d611b27138154b63dd1ef6f19a25c2977ca1a3ecdfea6be82bd90c9d4b6ceafda5a6c98090f4d8d65685c6dcc606c3d03f26f8949bde37d81b9a2c11ce0b68100928e3417b8c85616ad1f90d9b44c78a83d3c8cdee9000d4080127407fbe53da3dbeba7bf91fcb5a2e00ed3538797f8fd6031231af51d768a323f8394bcb6ca2a8b092f1f9ca45c722193eba3452bf7964adafdfa76c418061be37d8661ee524d7d3b0d05cfee9ed28450471e26f77b7fc4006811d0c224a7183ca559d5452694235936472abe9ad974baebb6ed8549ae195bbbe26d02fbaf4daaa5d635f4beafb9b2b826748a67eb931d9126e60b5739ad525946274a8f18212087d4f865028980e8b73c5f6d0e2432e2dcdb8b57099d0f7c6b7e717e2821dd5733759a36988c8fe51809c64d8b3faf7dfe762c49a688f58bc7baefa20707d19a8f0e020b06b38635f7f261556b721d46e8eee95560069f782ae8e48afa648198b8ba5a414d8a3874509aae6b1a9a3d7c7a912685120abeaa20688f07f88388453fc92149e352ffb327bf9c6c65ea6dc923a60808f04d5438aedcdd20613ae09c3203386d7ad5d6bdca378c090d131c876c30ff1843d5d2d3e87fe93cb7a6d6d8c8fd8e8a5309b07a6ee82ef7c122a72d533b5ef1c7567ec63c5741ee2cc71cc27a72235efa230004c3db37fea70900c5b51afe79e5cc6e9546f7309bfaf334d4f06bcf3747e4e71fb0b2b1a2ed72b9ceb689bf2cf881332b109d8a93f01f2744b81642acfad7b82a5145ce3393b17b9a0f64acb55940df0dd1e6e420c7992f851b3c61e3e77a42b36909abc8ed36fe78d16f34277d1e5bd68e0ec855ccb5e1bb7c7faf9bb2d111c69bac4d9ac8dc43e0a25b0673c9179467324f415cfdc82b0751215fc66f6c6756b33fb60c7d50eff601a0255e4dd5b288fcd59319ee1f9d2ee6045c891992db8840579523371e4a7165f64fa115b812539ca33799598d35808f68163cbc2fc17a837a7caedfa7a5aa3c40857787c34ae3955405a57203622ac21fe2291c525fadd5c90bae504e6b0865bfae1af544fe0e0f3aaf4ff4b2ec7e5c16f940c763076bab06e5df7e7f537bf317634ab70bf55f218184d64a05bf5f289bcee5b12bea69724b4c156d64ca030ba59b9c5b1423740cce58b9d2e15c117045595b650303872456614c1c5ab6b0ac0147c92d84ccac0980542ae11e57765dc9c436a0fdf71312dd7bc68a0f98ce86f7d6a938b24d8d350d2a65bc962387664c91af00590cbc60f89cdc9cad46297d7d6b065f64f82f0192e1bd145efb6f0403ab3c11d40baa7b6e2afe8c0b56761dcf69cc8fa90af66134e28f97b8a6f33bb0479d3b4e2c72fe3b0e52239709a011a5fd38377ad9e1d30272652267ece5635d9a78da7776629321b06b8fefcc85c0ca18e266708afe8ab2f96cd940da9d0bae2d28f0cc02b8358b43ac53113a48bf4b3f4d169a36efeb84339d7645582c7981a1c6447776544750894608e133128a878d963c3fe226c0b42978ec8a2744852ef495bf5b18f75f34bcffc2d3a7012c6ebf4f27c3a84a8e64f25c4f413fb72c7b488fae14a47d6ebb2341ad9aed0e001cf6ccc7d42917a09d616be5a14450d4d9a4d170f0dcaed2f330be27283032ec12f1eaefef56de9355296465bc226165ef61527092185138bd5bcee402c7ccde382b184a7dba99b933c3f7a47db6d2f5bd6b1c9da16f9692aedfab6bdba9594e323400b4dfb55ec23f97fc2a4e9e5ad1717c5ca4aec18d21991effc6125dfe8598bbd84e9cf07338364bae7b2d0eb29a1d53327531f8db561fe6208b13c240935b5f32d1131f9f6b7d14ad399891c9b0d587fb6cd804ba6a683303452bff847d0f0939899f6b1bb84cf60b597b0bf5227ca0a9e88bedc7ffcc6279b747829d043349f9eaad691831fe74b1b2af51f32825af86a22f2f5351644460db92cd22ce8fb5ff9b9363d60ee3917d476cfa0599cef2b7e8a23d9b52fcb2dec0afb450066065ffe5a464e96d2bad139f7349a078457e56fdf3668b3504a135bf2c6cce62bda89ee73d4e11e19cd83cdd3b891596a27ecc164180dd67350a4df74d3c4ddacc5693deeb3ea4a3bd149c418f631f95dfd13459c19c16575f1c349970781bd84c87cbb19cddd3100346234eb18151f220c4cdbc5a477bd16334c7a9d1a31c7203d9e2eb80386a0048af7de93216fdf0dae89a810d860dda79cf48343348b37fae0dbf6646c9e7ccdcdd556b320162e20777d3a0fff20e3d78a885eb1600dcbf4b5f171a738a687ae9293bca91e48e4b315c4ab5ed659e9385aad7c2fcf8014e5762b610d91f1ae78501caa623cf36b47045fa6711f7ab269839aa5e7a7f748d27652ef7cad8fe5f8c659f68f7f4498f0af6155afe9bb41e2a2b6ff74684660f2784962aa64df4f02750e086fed38949ab3d56a39bbaacdd14de85d7ca4989329d6f36a03f69317ad890efff4bae01277fadd784bb8a0197e47b3bc471b25f2297cac113b0a02f7b80b371e0cbd1ddfb499ef86dd9fe16807bd23a36168e5f9a2d491f3b76e3f0bf955ae93560b4a8c9dd1077945b26cb08dff40b59928b553024ebad6a366c484d7265f996d29e1a34ebfaa26e37c3eb70ebdc9377c92086fb9defb660a1733a34791723b2f9d89afa128dc449034ee0786119b45f8cd277e99a643d5dc58cc11bb822d46054b6a8e6c642df9e259379731a9846e6a5b83c35bda9cf99c22dafe82ca383156a7fa1f13dc14dbae592c8bab1f62ce6eb85087cc8f4d0c2b406cdb292dbee1f4949ac9baebe26c549f99f5934883c834411a218ff9ac8fa0761c9907e8225e2c1cfe358254547e8edcacc2e2db7619fb39ba4618d7f837bf994f73d45081aaf0e123a94a0fec8c48a4bd5241cc672ae4d9a448b93d88635bbfbefa368b8bf75cf3c14f218f95f60cc445b35b9e3422671be8f752070ff52c2ffca882d6c459abca221351169456ef65cb3a759a70f6a0eee6656bcb7bc4f3c1ad3fec71f1b54f92b22b7b06b9c10a81d449d6940c10556064a9ec3f57954716d5f3927def2e6667ac352c224e53ae3d3673adaf06717b9183646e485b916581d6056407ff378e808aa33ad815acf8bc05b1890b28ea916472efd4044dbc1454e1da1e3edc0bedb79d039d913aace2852aa435d6aaedb075a8803fe64ceffe464d1246aff3e60427ac6125efa01dae1b29851ca18e0a062465d0abd444d12b1dc1a4893cd105983fd1aaf67a2ca8207adb32158a4ff51236421521937196f028f3bfc84fd4d6171d6d3efc8fa7c21f058d8f481fe8079cf586ea2515f999ec9fdbf33c699d28dc472d60f12f7f5aaecd487bef35930b75d0bd4b90fd28cf60f25c8446adb87cb4becd9aff5a525964d42ab4fc1014521d358c54ff0df9702f4a8cce9e8428631b9fed027bf4b99c47b4c763f2d23288571cbbaf83e7f9f2b972c10d9a0d48739a5c34d124196e3f0da438e4c22e3e7cca97ef4481363f20c32b604d43fc4657871b131417b149def1025c67ecba83d4d8153536a9e0661705ae96e627631daf391b0315e56de02f4935de7ebbcb1d5d4187ea083cc2e83d40891aab4f54d3e5b1014378acc0aff22a58a96dc4eb0b40bee9"}]}, 0x103c}, 0x1, 0x0, 0x0, 0x40040}, 0x40801) (async, rerun: 32) ioctl$auto_SNDRV_CTL_IOCTL_CARD_INFO(r10, 0x81785501, &(0x7f0000001880)={0x2, 0x0, "401ccb70e083ed987a075a7d8a71731d", "add79d55580787d888bead1922cf613f", "46df84ade49503053475fde86cd3a78f7e03963f0a8ae9e5cc445c493ab62bde", "0cc6173de95785ac37a80b03e96181c19f9d9fde6200bbe32555b4e48e0e7cc36b4a3af749a2987436e2500c9bb8ecc400536e4691f4c6f5eee4dbe8ea3c854a6259f83414553b2244962dd59941bc7f", "ff45b01f3b4285bb02acddcc2a25e052", "463ba4b6783f644924f0187cf97dc3460b32c8aba0f6f8f75bec642f75f168de13318bdb0ac11dba332e40e34df4ff0c849d6436fa321c30c59364ebd9c7cd6461c1bb3606758539896ad6dd834cbfa5", "faa0b81cd8334285c0649187b9cf3056a71b66f3ba2fad9c9bcb147a9967dd0eed2484efbbc39604167f4addb3a6b21780288fa366ccc9aac2dd2eefa510683a520afc84d7ac64886f8ae598b215c04c7ecdc2a0ae10c4c00aeee79edbb309f2e46188b7a72f1bc0faeff942372b70df356a0701c39ad1c27844ab27932e6613"}) (async, rerun: 32) ioctl$auto_XFS_IOC_ALLOCSP(r10, 0x4030580a, &(0x7f0000001a00)={0x9, 0xfff8, 0x7, 0x2, 0x7, 0x0}) ioctl$auto_BLKTRACESETUP2(r9, 0xc0481273, &(0x7f0000001a40)={"c017643f06f734ce4953eaed871749bc51dfa06ff5758ea38ccc800de9e803fe", 0x0, 0x1, 0x3471815d, 0xed, 0x9, r11}) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000001ac0), r10) (async) read$auto(r8, &(0x7f0000001b00)='\x00', 0x80) (async) read$auto_ctl_device_fops_user(r8, &(0x7f0000001b40)=""/32, 0x20) (async) sendmsg$auto_NL80211_CMD_GET_MPATH(r1, &(0x7f0000001c40)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001c00)={&(0x7f0000001bc0)={0x2c, r2, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x2}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x793d}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x40}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000000) (async) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f0000001dc0)={&(0x7f0000001c80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001d80)={&(0x7f0000001cc0)={0x90, r2, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_MLD_ADDR={0x7a, 0x13a, "cfac9889b3445c8c761056cc34bc9157fa6b1ab1545790ec8e78abe13139b99085c492fbb7b831a654ad092c5d702d881432003540ce40ae2296b40f4d9222c4894f6e354b76947d101451bd834a1851a0cefdd8d3f10401f1bbaf9a8e459bb09beb311923cefa10fc949b9dcfa21c23df8d215d62b4"}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) (async) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_POWER_SAVE(r12, &(0x7f0000001ec0)={&(0x7f0000001e00)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001e80)={&(0x7f0000001e40)={0x24, r2, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_FILS_ERP_RRK={0x10, 0xfc, "b9181e0cd8f7e14119aaf20a"}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4000800) process_madvise$auto_MADV_WIPEONFORK(r8, &(0x7f0000001f80)={&(0x7f0000001f00)="0d70310d780f1b3dad66ac39ad44c4ba5715e11bcab09e927afd4332944c8083d4d42fa2855099819e9c895ea5526e5fab20a98825d93f796632f97af50b6f26348870455cbd73d4bbf315616e9e4d", 0x8d5f}, 0x5, 0x12, 0x8) (async) set_tid_address$auto(&(0x7f0000001fc0)=0x3) 3.01853175s ago: executing program 1 (id=2590): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x363f, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x2eb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r1 = open(&(0x7f0000000800)='./file0\x00', 0xa2240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socket(0x23, 0x80800, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000140)=""/12, 0xc) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r4 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) writev$auto(r4, 0x0, 0x9) fcntl$auto(r3, 0xfffffffd, 0x0) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC2\x00', 0x507f03, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x100110d, 0xfffd, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x6, 0x0, 0x4, @raw=0x404, @enumerated={0x55d3, 0x7, "bf154d70dcfcea02faacb07c4222db1f207fdb681dc9b0bf2c6c9ce16d51ebc73df6a7aa16659cd5e4dc8374caf945548e604179f1f87c3bd8701d3d5c3d998c", 0xffffffffffffffff, 0x91e0}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000100)='./file0/file0\x00', 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)='-7', 0x2) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) write$auto(r6, &(0x7f0000000140)='7\x00\xb1\x9a\xc0\xf9\xc0e\xd2T\xbe\xb6I\x9d\xd9\x18\xf5\x91\xbfq\xfe\xf2\x9a\x02\x9fC0xb\xccW(\xc1n+\n|5\xa5\x9c=^\xf1\x11H\x1c\xf73\x16\xd2\a\xfaw\xcc\xf1\xff7\xab\xa1\xeaF\x04\x17\x99\xd3\xd1\x83\xccG^\xbbdC\x8a\n\x88\xbcW@+\xafD\xd1\x8a\xc13W\xf66\x86\xe5\xee\xa7\x1d\x0f\x90\x00\xcf\xdb\xf5\xbf\xd4\xc8\x84\xb3\xeeb\xb0\xc7kN\x80\x93\xfd\x89\xe1\xc9tp\xd4jm\x7f\xf0a\xc3\x02\x14\xcf\xcf\\e!\a\x82\t,\xa7\x00\xbd&\xcax\xf8P\xc1\x8f\x87\x83\x0f\x93z', 0x1) 3.017558535s ago: executing program 3 (id=2591): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto_SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000032c0)='\xc4!\x00', &(0x7f0000003300)=0x1ff) mkdir$auto(0x0, 0x3) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r1 = prctl$auto_PR_SET_MM_START_CODE(0x7, 0x1, 0xffffffffffffffff, 0x9, 0x400) close_range$auto(r1, 0xffffffffffffffff, 0xffffffff) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0xce, 0x7, 0xe08}]}) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) openat$auto_ptdump_curknl_fops_(0xffffffffffffff9c, 0x0, 0x143980, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010029bd7000ffdbdf0102000000000000000400000008001c"], 0x24}, 0x1, 0x0, 0x0, 0x4044c11}, 0xc0804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="1000833dc57eac1cd66c331b0d375dfba5b92cbd7000fddbdf25080000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1009, 0x0, 0x0, 0x2) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40000b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_full_fops_mem(0xffffffffffffff9c, 0x0, 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x0, 0x0) ioctl$auto(r5, 0x540a, 0x2) 2.930244054s ago: executing program 0 (id=2592): capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b67, 0x1) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000d00), 0x48900, 0x0) select$auto(0xd, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0xff, 0x2000000000000002, 0x9, 0x8, 0x103, 0xa, 0x4, 0xaab, 0x5, 0x4006]}, 0x0, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x48, r3, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_HASH={0xc, 0xb, 0xffffffffffffffff}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "89803500"}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x5, 0x17, 0x0, 0x1, [@generic="1f"]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) write$auto(0xca, 0x0, 0x100) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) pselect6$auto(0x9, &(0x7f0000000000)={[0x8, 0x4, 0x0, 0x6, 0x8001, 0x4000000000002bc8, 0xfff, 0x1, 0xfffffffffffffffe, 0xffffffff, 0x8000000000000001, 0xfffffffffffffffd, 0x211, 0x2, 0x8, 0x1]}, 0x0, 0x0, 0x0, 0x0) r4 = socket(0xa, 0x2, 0x73) sendto$auto(r4, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2c48340020000803636166b00"}, 0x1c) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r5, 0x541c, r6) 2.438582959s ago: executing program 4 (id=2593): unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_NCSI_CMD_PKG_INFO(r0, 0x0, 0x44088) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0xffffffffffffffff, r2, 0x22e) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r3, 0x5453, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_DELAY(r2, 0x80084121, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0x43403d05, 0x0) madvise$auto(0x0, 0x53, 0x9) r4 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), r0) ioctl$auto_XFS_IOC_ALLOCSP64(r2, 0x40305824, &(0x7f0000000080)={0x4, 0x7, 0xffffffffffff0001, 0x8000000000000000, 0x1, 0x0}) r6 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r7, 0xfd}, 0x6a) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="a4140000", @ANYRES16=r4, @ANYBLOB="00082dbd7000fcdbdf25010000001602028079000f80cacc78ad4330c56f045e6b68543563c6dc417697ce0437b3242e8b27ac06698b2a3a4943678d73e55f13eec86b88311dbd7f5d75a70b5983a9b258244f95df3eefc66fe7dcb83b62ec26b007281c30f45ccf675fb52f0310ff28271c508af3391bbe5afac87b2f3b6433ffa067f3c5223ade0d9cc40000002800eb80080022007f0000010c00350006000000000000000400f880040028800400e1800400f480d0ea2d5b384163bfd418ce72f5039163e8dac95d188fa31688245e38fad50284b8e295322904a9407cccc2361029fe20ff269706aaa02db53da72bcb069d809a905b34388f12938755c9ab6bc43627e07a0564f808ec8c4fbd6761703ebbba43cf638a332b2ded7888d560984199ac7496ad9afe1142f30e7161c0c78465aaebc584a82faa484273a9f5ed3c994b68e2ba0b85dae3f7b5faeb7f9c86c7e5a0161bf61e691d8c5684e33345848d9c2af3eb5018bd1e2e71ba1a373a5f003d6fa0332020ebb2ad71fa04ade2bc474a1da142c9fa684262dd085fe023b8e0f803a1ff5dea182eedd15a969699a2693bdb7d68782959c8a7f72a847a32c8bb0cf6a1f66ad227c05514f6a481e70b74398d172c6842a9909e35484ee21e1ecc291cd1399ffad6727e152b6c04c16c86eeb69ff82b17b07933e1a638f1138dd2a30564cf0be8273ee3b81df5987f4bc4cb55cb3996fa7be7bdb89088ad3bcef6e4b2b988269314395627f28bab87fe22d10000701203800800ff00", @ANYRES32=0xee00, @ANYBLOB="ac005c809435103f312bae8a16977df1166cc29eeb5659c8771abd602bbe850e0e133f1584046218ccc37fde99b5f47174c78e44ada982520ccf0c1cca29740800f800", @ANYRES32=r5, @ANYBLOB="03026c00", @ANYRES32=r6, @ANYBLOB="39d5b7a04e2f6457c6970e6fef9edf1bf11cd8efde66dad63b5d445cda181c403751516b4830cec55d2d3f87aa7f19248a8d0e18ffe04f86ec7d9e6696672cb45fb05c04be6cabd9070c00700004000000000000", @ANYRES32=r5, @ANYBLOB="9445f80a9d76425455aa4c779e7997ee5d7be1c41ed3f5e2d02403451bb0bfa403359f8f74cf83175b5e6f9c28535476eb06e2a7e2dd80967549d4d615ef8e5efb1039801bafe21ef6548315696d03a51089f169e594483d67f5e7c38c3c123ee1d0c7c967c9852bd10de6dfbb6ce9a111b519413e4c8028fd71942ee9b75a9ed160a73a17a43721f6a89b996b5d9ab39fd274b6fd8fa8bd54b9b805053bb4e7bb773a25640964f5acc6b364aa75928bac341d71562e74dd97f5136c66abae172a96b4c5a6ecffda68b69524190aabaa1944997e75a93e0a0bcdba67f1b6ae249f278e78449b4cb389c6045fbd089bd58ad2c3278e78b801b8fb4a8d420e773b69385c5b0119450fc3fbfabc48ad7c6ab5a311770e1afdc16c539a08759706cfaafbfa50277704133c7c866aa85f1a1bfc5b86074e8d52ff77101d65e08ac08bb88043221405334e2b5491f108060fa9dea2c53557e3ae3a279c438ee955cd40b6d82fac8f82da3a5ba69a5962d0c394cd05e4e52fefec7f1b69ea001b4fa2f9e042e0c8cb54e4fd1913dd56cdd50eb466497b649a4263bd2f04bbdbaff061fccb6b96f39597449d2ec980464ab3e53639c74647422f33d873b34f8a86d7dcbd9da5e1efe9a2aa0b1fb2808189cc2416a2f42cf9570c7cd455b04d1fe9b4d4a605298dd2532c498c396f2581ffff259ec37e427f941c8b2b1a639c3fbc026576eda613fb79e0e4003186c0a7ba819522ba825ce7e8103144f01281e63ae71412d2e15870276b1fbc2d182da1188507aea8b2c1e38cd0133a34ad70b0e18f9a8dc7d915e136517b7058718aaab7ca1b816eada54ef5549a784635f208345d5bb9f656413fcc45412a1cecba1783cb25f244fbf3df6c348510daea1a69dc7a2c21046a2d3739a6dbf262c24cc881b1c5ebceb757cf562986f148250473a4e792ae16c22796147c615911b3192448b2967185bdd57c88ded5ac92168c0d835cf2c6070091ae10c75a04e65a930af66f78ee72b7e6203b6acaa87db3e16938e36af576492e439e8e2d727cf04ab97c8467747979df8a61fbea9e45f2752bbcb4e7e015fda4a788f91137f1cec846b44f8d11ab0b176a2aedbd7bf545f227536898c0b96e4802d3e7ea99fa85379bf1e5912e566b5fcd1a66752a89e8801f58c7a9a6d6362a067ed8839d01380d2eb87d65255f8b00a459ee53346ca3ffcdb82e0685b9cb08a7673a645d7340f13bb6b0c7105d08cd5059ca07ad7db6f42fae8a9bcfee3e4b1b577148c28c6055c3c9f695287d8b717cc48ca552027f272d52423d7d6b11da6cd58977b145d9170d79b3917151dcf77f7ac3b789f65541037a16f24c49b56965ff631830522c6fefde46f1bfcbebe5c19efc47766ed05aae5ad8695930527fb2741f67e4bb5a0aae3f4697d03ef2aec886014c5c7737ccf9aadd8033e00f6c7422a6991867c639bfdfa2eb20a85c44e6d6bbd285ea40584e1e910c2bb78dfa010cd4f9dd2d75c67bf3777f3ab4e5689f0e4fbc3f4a48a42150c58c9657e43eb3fa63f2af9aae69801f7e656c2519b6bf220a039e019d77c9311df352cc728779853eee84ba2c4ab94e4e50c10815b2f1b7987e5470f5272b22cac39af2b579f5bb788635c6ab580db5b5394482af21d7eb6bac7c6ffc10365264835d02936ca7ce40fdfec48d29dff86ec3ac2a115fcfc06f01bde638e14c6ad56d88c7931bc3c5bbedd375b06dc5cf9f0836483d95d6998473f31b6d964c690b68f52af9221f6779efa938ba98dc601f8437118822d5dbfb11b00ac0cdae95d2f5ae936688c245e85b5d0f915c15ac414f06f0b58cf552f7522b2ff4d4bc1cd168f2213a0a55ae31bfb8df7e4a4ebe977f7ee29ead366bd77d77900edfff5f5e6df584e228072e3bc23830940220a5b73a0510366f9fafe40238a10fda2634065f7a6acac13eb83441f56cc9e42c18be2f9f5ee4dcb16742b9e4caad549e22e70e092f501886d8a13279d9a7901811b4f81a065283935b31a3101d46cab0d45e5c107aadb5a0b06f08adb47d2bc9b4b789e3e90238c695217569a1c45ae20dfef47d7833b9c60a24cd75fed87397fc32e5ca9095e3758dcc696b8a6ae01c506b6ff6759459ec48e146ff5370305f43ff34e5809b75e7ab0dccf12860e8eb1e9e9cf048ebf4f75e53ac578921cd47612744468a8be50385fd7151b35195d62b9f8d98bb5a1b8b586b28a5579fe3b2030d9134de07fba851f5a72d883a2da4e727f0b0d162502156d3bb38d19abd1f46f62face732abaf097a983970fc8eacfe26eb1a147dab914548fd69ffdacfb9c8202707d6afb198fa8aba2c35c51802bd24e9e62c59e5e986611fe65a91294815a121c3ee98f027d694e17dc27ec9e0de9d4a4ffe44057df64ee03dbf87c6e92e39cb8129316cd8aab40e0a4b2c465ce7a70a5556707bbd0484a53096ec7da8315dbffc922a24705f89783d6a25049661c0ccd880098b9eee14013016e27795d289aff1a6976b4557f45db6fc64a783c3c75d3679ed424328a80b917e523fe05ae14ac702a8bbb5666011938f6b6d381ccfaf0bdaa64faabf73d1e6022117647634d5d6d65130b410cb5e4312eeeb4dbd6b03bb2d01266322419ee0e821178dc46c5e0238f3372c1c6783c5f99f4952f13ca4c21270f4f09765d8a8cbcd113aed4d2ddbd0a172fe8997732c5dd397eb8b31134842e1045fc9ba4399aa8013d6993da3cc84d98f51c003d8b0f53a9188a68297a5a5179f1f6398cd1211c49f6e9818a25a866de3b462f887824d99aefaef8eb4354cea6f250ceca97bd42f585f1b1646693a3322e300bd6870ddea8aa08f4067ef4cabb1fd12920352e5fb3d164a5adad22a049ce6cf91241f76e1934bf42e992a9f5c371cb460a21233272e5b3b4daa4638b1b3d7649d11ad55d9354ddf4e5fc2fbbb6fc6d933d50f6c03036a6a02993fa1bd1bdc7729de5b50e23d67d0e62b4b6a2f3d789656cbb2b4434d2f4df2518457a3e9d270ef32c740d10d352c615ca7ed2dea967fc9be0de7c7e7ab7935832f4ef8737aee08b68cf960a43dda7be6e936eb2dcb69b13dcbcb41869af91d66f1503d8a565571e8ccd4d825fbfe8aed752ed5fae5247b3ca94bb259d77fd62e7fd851c6a999fbd13e0fa0709e958333b7d731ff28fd5f62865d1c52771b17958be4fd8269b0c618df40ec32168305fd72c21f1ca8441fa4c2010733a042b10355883cd28792f40fc5d1aedc1cb395a9d91630819335b0cfe3a63ccbc284bfb0c35b0b34e2d1c26bed3e7a84150345a301b7b46eb75c0acda79ad38166aa9f4af1ed202ccf4f52713f347099652b36da1a482c5c09f17959f53ec7770ff07fd8d2e2d674956df30dc7165cc611f6aa28cb7199e6127a7c80b11a80b1671776295e50a9e251f6905c4e7855ff037a28415dd59da333edbfefb9ad10c51b72af52bc3a67a03d96c8f54fb9b78e4406fcd994f377a0ad97f451d0edeb66e9675d8d26686601174da841364994044b13249941f0cc425d0e72a39d0b20db5eebc25f03594a3088c0718cc05af407dea82e60d86ce95d4c23f360c36054c3cc5427d1824b5171dcac1cd099fd9290da23da57a96c285b361f60062089701d743456f03046fae5e48cbc331c7c5537bb5039f5fdadca3141ce7a3e3f1d96d99f2c4aaedd34d9986e75c47bab92247411a7118f969d9e1e3f6153a5563b7286e4bf0509041ee5132c9b1598cfd6d1136b3e89a9772e1af229f50f0641ef45b8015ea1f1617c24714bb08c29d58a4fcd91b57639241abf6fbc84cc9fc9517bc069061468e21af0791b5ccb1b409beb7895019efbbcec78e03694627aaa9207e6db3658803037dc49119cc9bb92a1fb21924bc4057a5353fc80e00bb528fd313f7e819753e73a64473066c4ff9dfdaf5eb5dad2ac95ee8615993afe3c5701e08e00fb0f1fb015f73fb2bd0bc0359b854fc157419c005746379558e9c61b4b566a0fb0525a2ffa33d1f531f19e15c1fa0fb3f8680ec8614622e243ee439039cfcc52d2e6c4dafa3034e208e65a7e2c50ad5da42abc71fd5082dc8e19877cb2c5c5b6c2aa6718d37026b03370187605178e3a7969de1f34a07948dc6bf83f0ba193972bef4c048363fcc3ec60fc44bb735abc4702a2a816ebdccd567d34c3a90cb6783100682644478ebf0ef50cd439ebe0eba0e02eb10e77fa6b94b5c0590713fa6814d970dd92610d4d2aa12991075919dd865e23f1ca1eefc48d1c7bd613536238087423552436a4f3113d592e7dfc35baa7c3f42984de9734ef557eacaec2cad1652c8fe6fc8fc4ac622f4df60f902495fdd4a31327b6a4d6a60edcae21016fb71ee4680566585d843e991f10b050a27e3349934afc3c90df68d58ea9369c59fa75576b671291cee353cfaf9e8440ad748032be31c3587d58d669a9bad2ef1c018476ac08c26e2d2ff85eb3840f429fe8911a54d4402fa646113a91a2e7228bc3916a9925191984050510877594435ce4d020ecfacfb5a5cb3e2aa01adb94128706f6e0d682ae595292d129c6e81d1d5d8ac09705c56286ef12b44c4746c0cfa0f1a9e54c9622a395802d84972a1a7f39f2be519ff7858a035c30e319d6bf5a787e77c09f163b6a9f50b7f20526e0e518af41993d1494f229c0b006abaa3d663bce0fa60f19fef9f3000a9519972658cc6f60e87b5edcc5580edddae0fef66c5aed7d05daf071c740a062a17ea94293ba7b235fbc5963d93e90f4c11c41efcf23158730ceae436df7a467738c59955133cc21ed5aee282b09e19027b07e1341a984a0e2d328020a3a64969f454021b174432176044ffa048518bf7afedb7952503aeb4a4e071125d837af4f529df6d5842b9f32fa6c3cfcc7f449a0c14561952eca94fbe72b0497adb199a8cc6a88f1b6b1c367dd27058ae86b194ddc8cadd3e008f2d96b76eb13ba602b2a515ed4fb4909d0c91aed0f6a8000796d9038beb2aa293fc2d402f449766459749e8c317ba17a201fd68bf309c01d857a9b11dc5916191768dd85a353001fcc8540978b29061cfcc1b58614698ea8c1649d2c928f6ca6df3d7bdc6c2aeffa386ee13a17d3f2b9116fcff9df35545d1b38b4d20c7b9c2f9e7983f2fd57ea7cea223f1976a977e709b1b4ad45785c4c2214214f2466b75f5b08e9e9b2d48e392f863741a3a93f7e27b40a8accd9b1494144c046afd8d058ab27dd5dad7e421f37cf2a4f7df78699ce35468b98f18daec65986eff6f14bdc9607458c3a204f97a3e72502f3d6166188c5be3fa85d6d175b547abc868a762d5ecb2a4c553483471f9d5d1f2c9565fa5cc6199a1c3124f4f1ce1274ea988cb3a2f6e2347115709088ee02d395a283cb153a928aa7bf88a104744f329fb882985af7a284e4459b91464c63b82e3ae4d7b01d2d400b9366b56b13cb00672b1aaf024957d729a9e9bb2d598fb8accc812bf77e3501676f871fdd5145a1948f51697ab0860b637e860b4f215e94b7252addc8dc8d18e427179b8295cd7d7fb278878d18cbb2a7397967e23cab48a7f0d51748d767c6af0ae36b1310852dadfd96bd8402a47b510d7914eac0ee03d96a54f4b767804136eb0f37e154101a1ea10c0ec99ce48af88f95f52152b21b412abe6dc9f1f56db84402dfbe546538439c5ab7435ceec14ae3c104b6a1949c6dfacd98a3621b2450da4c42c11e78d6717dcf5044abce2bbff569d444446b094a6ec32be69d621f30380ab93049346369c36d18c6fd65962155702249d1ded824556a45ff381ea70fcdb1b5df23d9108c0f43d6b01b931954c6f392dfbd72a0fbb035ea781c366741aaaa6328bd914d6b56f5c0eecc81294bded3e0947bdd761d36097289503b7a14239b333beece3e4245a661316be546e320c32d58a685ce7448429fdf1b35e13bcb80683ed71496b455c4b4d3f09e051bdaf44a9c009fb7a72d53fb83b1a66a954c9e92fa7f7599f26d3b597d982167f95a206d87c3958816bf7e4a2a0355dcb80943a1d782f8891a76b3dba841477d3266f59608e2831b816b4ee6bb9afb2c034877e743753d5379bf81c0c8a393fa8412eb6df6cef8169e868b37661c4da32f2dca3362fb964a5a332b2a9d4080d0aea0554b27398024f5de853c0ef48f6dcc76c48e65639b82c811298473dc9214d0533c4205a6f1099f9dcab6b04b79bae560f2325c388864d7e05b51a77d0c0072000f00000000000000002f9fce64692bd420bfb0b5e258eaa46276d2a6ee6073e66dc4d29ab2f7ecc49484c035d0bea019c98905f10e945a38140a583f8e338bc61b4277bee26d1f95df2b51083158b35e5f0138b2bab6ab334a1fa95361cffb533ea5b0bcea8f279dec393c1c152f8a30f1637dbdbff4b48b49c7570fd2f1dd798ab324b29008000100", @ANYRES32=r7, @ANYRESHEX=r3], 0x14a4}, 0x1, 0x0, 0x0, 0x440c0}, 0x880) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1000000001fc000, 0xfee8, 0xc03, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) ioctl$auto_BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000200)={0x4, 0x10000, {0x1, @btrfs_balance_args_1_1={0x7, 0xfffffffb}, 0x1, 0x9, 0x9a, 0x7ff, 0x0, 0x8, 0x100000000, @btrfs_balance_args_9_1={0xba, 0x5}, 0x5, 0x7}, {0xffffffff00000000, @usage=0x5, 0x5, 0xb29c, 0x3, 0x9, 0xfbd, 0x1, 0xc5, @btrfs_balance_args_9_1={0xf, 0x8}, 0x80000000, 0x8}, {0x1, @btrfs_balance_args_1_1={0x0, 0x10001}, 0x100, 0x9, 0x5, 0x2, 0x6ad3, 0x4, 0x1, @btrfs_balance_args_9_1={0x8, 0x7fffffff}, 0x4, 0x7}, {0x5, 0x6, 0xe91}}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x92503, 0x0) 1.965907585s ago: executing program 1 (id=2595): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x11, 0x80003, 0x0) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x8) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) sysfs$auto(0x2, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20}, 0x20008810) mmap$auto(0x0, 0x4020009, 0xe3, 0xfffffffffffffffb, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x80000000, 0x0, 0x1, 0x2, 0x2, {0xfffffffc, 0x10000}, 0x5, 0x6, 0x0, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff6291, 0x3, 0xdeb1, 0x804}) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000380)='/dev/sequencer2\x00', 0x42, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xb03840, 0x0) openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x115800, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.stat\x00', 0x280, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000003c0)=""/20, 0xfffffcc4) sendfile$auto(r3, 0xffffffffffffffff, 0x0, 0xffffffffbffffffd) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_RXSA(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='Xe\x00\x00', @ANYRES16=r2, @ANYRES8=r1, @ANYRESDEC=r4, @ANYRES8=r0], 0x24}, 0x1, 0x0, 0x0, 0x4000445}, 0x20004010) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0xffffffffffffffff, 0x400009, 0xdf, 0x9b72, 0x2, 0x7ffc) r5 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0) ioctl$auto_CEC_S_MODE(r5, 0x40046109, &(0x7f0000000040)=0x31) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000100)={',!6_', 0x4, 0x2, 0x56, 0x5880, 0x8, "8ddbe1e0721f050046a6473064178c", "88ea9f04", "4306bc51", '\x00', ["468569889b099d116ac7ca82", "b5918b9506fe82e52058d157", "9924bcaa753c447e9c00847b", "0000ffed6b7b0600"]}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) 1.890480724s ago: executing program 3 (id=2596): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000005340), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_NEW(r0, &(0x7f00000054c0)={0x0, 0x30000, &(0x7f0000005480)={&(0x7f00000003c0)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_ACTIONS={0x4}]}, 0x20}, 0x1, 0x300, 0x0, 0x4000}, 0x20008844) 1.593137688s ago: executing program 3 (id=2597): mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) socket(0xf, 0x5, 0x84) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) r1 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) pwrite64$auto(r1, 0x0, 0x2, 0x0) 1.005619252s ago: executing program 3 (id=2598): mmap$auto(0x200000000000f400, 0x9, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x4001, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{0x0, 0x1d, &(0x7f0000000180)={&(0x7f0000000100), 0x80000000}, 0x10000, &(0x7f00000001c0)="d7cd776347984e13077263bfd5f9f5abd994085367e723ee8dd0f7dfe8708ad83c9fecd395", 0x962, 0x9}, 0x2e6}, 0x9a, 0x69ac, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0xb8b42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x0, 0x154) execveat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x11000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x8, 0xeb0, 0x401, 0x9) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x106000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r2, 0x0, 0x39b8) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) ioctl$auto(0x3, 0x402c542b, 0x38) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r3, 0x0, 0x9) 803.166931ms ago: executing program 1 (id=2599): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret$auto(0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) fanotify_init$auto(0x43f, 0x1400) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) getcwd$auto(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) mlockall$auto(0x7) 528.933965ms ago: executing program 1 (id=2600): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x2, 0x8, 0xdf, 0x19, r0, 0x2) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto(0x2, 0x0, 0x0, 0x3, 0x0) sendmsg$auto_OVS_FLOW_CMD_DEL(r1, 0x0, 0x800) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48800}, 0x0) socket(0x18, 0x5, 0x2) bind$auto(0x3, &(0x7f0000000000), 0x6b) r2 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) unshare$auto(0x40000080) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) read$auto(r2, 0x0, 0x5) read$auto(0xffffffffffffffff, 0x0, 0x1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r3, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x10b000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x400c091) 418.486072ms ago: executing program 0 (id=2601): sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c040}, 0x20000001) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r1, 0x40, 0x80}, 0x2, 0x0, 0x0, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c02, 0x0) 0s ago: executing program 3 (id=2602): sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c040}, 0x20000001) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000000)={r1, 0x40, 0x80}, 0x2, 0x0, 0x0, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c02, 0x0) kernel console output (not intermixed with test programs): 1][T14711] Invalid ELF header magic: != ELF [ 746.469087][T14669] bridge0: port 1(bridge_slave_0) entered blocking state [ 746.521234][T14669] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.549562][T14669] bridge_slave_0: entered allmulticast mode [ 746.563576][T14669] bridge_slave_0: entered promiscuous mode [ 746.615970][T14669] bridge0: port 2(bridge_slave_1) entered blocking state [ 746.630878][T14669] bridge0: port 2(bridge_slave_1) entered disabled state [ 746.651263][T14669] bridge_slave_1: entered allmulticast mode [ 746.669285][T14669] bridge_slave_1: entered promiscuous mode [ 746.892933][T14669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 746.925744][T14669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 747.546517][ T5838] Bluetooth: hci4: command tx timeout [ 747.674376][T14669] team0: Port device team_slave_0 added [ 747.786501][T14669] team0: Port device team_slave_1 added [ 747.986274][T14669] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 748.022366][T14669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 748.093208][T14669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 748.157071][T14669] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 748.199874][T14669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 748.385030][T14669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 748.556007][T14669] hsr_slave_0: entered promiscuous mode [ 748.581914][T14669] hsr_slave_1: entered promiscuous mode [ 748.589448][T14669] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 748.620459][T14669] Cannot create hsr debugfs directory [ 749.102971][T14754] sp0: Synchronizing with TNC [ 749.615943][ T5838] Bluetooth: hci4: command tx timeout [ 749.861486][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 749.868049][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.158317][ T9864] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.184553][T14669] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 750.210288][T14669] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 750.255877][T14669] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 750.299259][T14669] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 750.529852][ T9864] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.726242][ T9864] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 750.915472][ T9864] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.083271][T14772] zswap: compressor  not available [ 751.345044][T14669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 751.389478][T14784] netlink: zone id is out of range [ 751.694525][ T5838] Bluetooth: hci4: command tx timeout [ 751.795081][T14669] 8021q: adding VLAN 0 to HW filter on device team0 [ 752.019319][ T9866] bridge0: port 1(bridge_slave_0) entered blocking state [ 752.026664][ T9866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 752.090181][ T9866] bridge0: port 2(bridge_slave_1) entered blocking state [ 752.097463][ T9866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 752.212227][ T30] audit: type=1800 audit(4294967321.722:52): pid=14794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1858" name="members" dev="configfs" ino=52652 res=0 errno=0 [ 752.283723][ T9864] team0: left allmulticast mode [ 752.288826][ T9864] team_slave_0: left allmulticast mode [ 752.304074][ T9864] team_slave_1: left allmulticast mode [ 752.309670][ T9864] team0: left promiscuous mode [ 752.318703][ T9864] team_slave_0: left promiscuous mode [ 752.326830][ T9864] team_slave_1: left promiscuous mode [ 752.335837][ T9864] bridge0: port 3(team0) entered disabled state [ 752.348260][ T9864] bridge_slave_1: left allmulticast mode [ 752.370439][ T9864] bridge_slave_1: left promiscuous mode [ 752.385399][ T9864] bridge0: port 2(bridge_slave_1) entered disabled state [ 752.434721][ T9864] bridge_slave_0: left allmulticast mode [ 752.452276][ T9864] bridge_slave_0: left promiscuous mode [ 752.458146][ T9864] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.733409][T14803] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1859'. [ 754.253142][T14829] netlink: 'syz.1.1861': attribute type 11 has an invalid length. [ 754.261827][T14829] netlink: 'syz.1.1861': attribute type 11 has an invalid length. [ 754.733925][ T9864] veth1_macvtap: left promiscuous mode [ 754.748448][ T9864] veth1_vlan: left promiscuous mode [ 754.763972][ T9864] veth0_vlan: left promiscuous mode [ 755.454904][ T9864] team0 (unregistering): Port device team_slave_1 removed [ 755.505397][ T9864] team0 (unregistering): Port device team_slave_0 removed [ 756.557822][T14669] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 757.194798][ T30] audit: type=1800 audit(4294967326.728:53): pid=14869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1867" name="members" dev="configfs" ino=52929 res=0 errno=0 [ 758.572216][T14669] veth0_vlan: entered promiscuous mode [ 758.617410][T14669] veth1_vlan: entered promiscuous mode [ 758.741209][T14669] veth0_macvtap: entered promiscuous mode [ 758.781883][T14669] veth1_macvtap: entered promiscuous mode [ 758.851442][T14669] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 758.911343][T14669] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 758.949801][T14669] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 759.019452][T14669] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 759.049390][T14669] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 759.076199][T14669] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 759.359947][ T9850] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.381573][ T9850] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.633552][ T9850] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 759.641460][ T9850] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 759.682582][T14905] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 761.544461][T14940] openvswitch: netlink: IP tunnel dst address not specified [ 761.779336][T14947] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input58 [ 761.979214][T14953] lo: entered allmulticast mode [ 762.017337][T14953] lo: left allmulticast mode [ 763.379527][T14978] ERROR: Out of memory at tomoyo_memory_ok. [ 765.646134][T15031] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1886'. [ 768.133227][T15057] capability: warning: `syz.0.1888' uses deprecated v2 capabilities in a way that may be insecure [ 769.690904][ T30] audit: type=1800 audit(4294967339.293:54): pid=15087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1892" name="members" dev="configfs" ino=54526 res=0 errno=0 [ 770.030102][T15093] Invalid ELF header magic: != ELF [ 770.062318][T15092] snd_aloop snd_aloop.0: control 16781581:65535:6:'x?F/zF˷fC:8 is already present [ 770.113529][T15103] netlink: 'syz.0.1891': attribute type 11 has an invalid length. [ 770.307844][T15103] netlink: 'syz.0.1891': attribute type 11 has an invalid length. [ 777.329470][T15222] program syz.3.1908 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 777.430890][T15222] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 779.134739][ T5838] Bluetooth: hci4: unexpected subevent 0x03 length: 253 > 9 [ 781.177153][T15286] openvswitch: netlink: Message has 1 unknown bytes. [ 781.199637][T15272] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 781.336333][ T5838] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 781.655515][ T30] audit: type=1800 audit(4294967351.214:55): pid=15295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1922" name="members" dev="configfs" ino=54890 res=0 errno=0 [ 784.168877][T15324] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1927'. [ 784.819733][ T30] audit: type=1800 audit(4294967354.501:56): pid=15340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1929" name="members" dev="configfs" ino=55681 res=0 errno=0 [ 785.512133][T15358] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 788.078679][T15421] ERROR: Out of memory at tomoyo_memory_ok. [ 788.210407][ T30] audit: type=1800 audit(4294967357.909:57): pid=15424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1940" name="members" dev="configfs" ino=56354 res=0 errno=0 [ 789.102294][ T30] audit: type=1800 audit(4294967358.804:58): pid=15434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1943" name="members" dev="configfs" ino=55859 res=0 errno=0 [ 790.709533][ T5838] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 791.944512][T15487] i2c i2c-0: delete_device: Extra parameters [ 792.509960][ T5838] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 795.574588][T15574] openvswitch: netlink: Message has 1 unknown bytes. [ 795.780908][T13350] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 795.938771][T15563] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe0e700 pfn:0x7fe0c [ 796.143528][T15563] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 796.210468][T15563] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 796.381143][T15563] raw: ffff88807fe0e700 0000000000000000 00000001ffffffff 0000000000000000 [ 796.480393][T15563] page dumped because: unmovable page [ 796.522631][T15563] page_owner tracks the page as allocated [ 796.528450][T15563] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x92cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC), pid 10459, tgid 10457 (syz.1.966), ts 449349606433, free_ts 447850885076 [ 796.569012][T15563] register_dummy_stack+0x89/0xd0 [ 796.589233][T15563] init_page_owner+0x48/0x7e0 [ 796.599395][T15563] page_ext_init+0x703/0xb00 [ 796.614672][T15563] mm_core_init+0x13c/0x220 [ 796.619281][T15563] page last free pid 10070 tgid 10070 stack trace: [ 796.646381][T15563] __free_frozen_pages+0x7f8/0x1180 [ 796.693029][T15563] kasan_depopulate_vmalloc_pte+0x5f/0x80 [ 796.724941][T15563] __apply_to_page_range+0xa92/0x1350 [ 796.754728][T15563] kasan_release_vmalloc+0xd1/0xe0 [ 796.778460][T15588] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1967'. [ 796.801083][T15563] purge_vmap_node+0x1c4/0xa30 [ 796.824952][T15563] __purge_vmap_area_lazy+0x9d1/0xc90 [ 796.846180][T15563] drain_vmap_area_work+0x27/0x40 [ 796.865197][T15563] process_one_work+0x9cc/0x1b70 [ 796.894248][T15563] worker_thread+0x6c8/0xf10 [ 796.924753][T15563] kthread+0x3c5/0x780 [ 796.928947][T15563] ret_from_fork+0x5d7/0x6f0 [ 796.949070][T15563] ret_from_fork_asm+0x1a/0x30 [ 799.471575][T15639] ERROR: Out of memory at tomoyo_memory_ok. [ 800.468416][T15658] PID 15658 killed due to inadequate hugepage pool [ 805.904511][T15716] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1994'. [ 808.499005][T15743] can: request_module (can-proto-3) failed. [ 810.987222][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 810.996419][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.831281][ T30] audit: type=1800 audit(4294967381.652:59): pid=15791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2006" name="members" dev="configfs" ino=57089 res=0 errno=0 [ 812.542213][ T30] audit: type=1800 audit(4294967382.366:60): pid=15802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2009" name="members" dev="configfs" ino=57176 res=0 errno=0 [ 812.929435][T15806] ubi0: attaching mtd0 [ 812.935756][T15806] ubi0: scanning is finished [ 812.957534][T15806] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 813.166874][T15806] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 813.697225][T13350] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 813.707073][T13350] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 813.717571][T13350] CPU: 1 UID: 0 PID: 13350 Comm: kworker/u9:0 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 813.717627][T13350] Tainted: [U]=USER [ 813.717639][T13350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 813.717660][T13350] Workqueue: hci3 hci_rx_work [ 813.717703][T13350] Call Trace: [ 813.717714][T13350] [ 813.717726][T13350] dump_stack_lvl+0x16c/0x1f0 [ 813.717759][T13350] sysfs_warn_dup+0x7f/0xa0 [ 813.717792][T13350] sysfs_create_dir_ns+0x24b/0x2b0 [ 813.717824][T13350] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 813.717852][T13350] ? find_held_lock+0x2b/0x80 [ 813.717905][T13350] ? do_raw_spin_unlock+0x172/0x230 [ 813.717948][T13350] kobject_add_internal+0x2c4/0x9b0 [ 813.717989][T13350] kobject_add+0x16e/0x240 [ 813.718027][T13350] ? __pfx_kobject_add+0x10/0x10 [ 813.718081][T13350] ? do_raw_spin_unlock+0x172/0x230 [ 813.718128][T13350] ? kobject_put+0xab/0x5a0 [ 813.718175][T13350] device_add+0x288/0x1a70 [ 813.718219][T13350] ? __pfx_dev_set_name+0x10/0x10 [ 813.718266][T13350] ? __pfx_device_add+0x10/0x10 [ 813.718311][T13350] ? mgmt_send_event_skb+0x2fb/0x460 [ 813.718360][T13350] hci_conn_add_sysfs+0x17e/0x230 [ 813.718404][T13350] le_conn_complete_evt+0x1075/0x1d70 [ 813.718451][T13350] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 813.718487][T13350] ? bt_warn+0xe4/0x120 [ 813.718519][T13350] ? __pfx_bt_warn+0x10/0x10 [ 813.718562][T13350] hci_le_conn_complete_evt+0x23c/0x370 [ 813.718608][T13350] hci_le_meta_evt+0x2f6/0x5e0 [ 813.718648][T13350] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 813.718692][T13350] hci_event_packet+0x669/0x1190 [ 813.718729][T13350] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 813.718769][T13350] ? __pfx_hci_event_packet+0x10/0x10 [ 813.718807][T13350] ? kcov_remote_start+0x3c9/0x6d0 [ 813.718843][T13350] ? lockdep_hardirqs_on+0x7c/0x110 [ 813.718885][T13350] hci_rx_work+0x2c5/0x16b0 [ 813.718929][T13350] ? rcu_is_watching+0x12/0xc0 [ 813.718985][T13350] process_one_work+0x9cc/0x1b70 [ 813.719057][T13350] ? __pfx_process_one_work+0x10/0x10 [ 813.719116][T13350] ? assign_work+0x1a0/0x250 [ 813.719159][T13350] worker_thread+0x6c8/0xf10 [ 813.719218][T13350] ? __kthread_parkme+0x19e/0x250 [ 813.719254][T13350] ? __pfx_worker_thread+0x10/0x10 [ 813.719299][T13350] kthread+0x3c5/0x780 [ 813.719338][T13350] ? __pfx_kthread+0x10/0x10 [ 813.719377][T13350] ? rcu_is_watching+0x12/0xc0 [ 813.719422][T13350] ? __pfx_kthread+0x10/0x10 [ 813.719465][T13350] ret_from_fork+0x5d7/0x6f0 [ 813.719503][T13350] ? __pfx_kthread+0x10/0x10 [ 813.719544][T13350] ret_from_fork_asm+0x1a/0x30 [ 813.719596][T13350] [ 813.719634][T13350] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 813.724774][T15824] openvswitch: netlink: Message has 1 unknown bytes. [ 813.734687][T13350] Bluetooth: hci3: failed to register connection device [ 814.035114][ T5838] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 814.955808][T15808] ptrace attach of "./syz-executor exec"[5832] was attempted by "./syz-executor exec"[15808] [ 816.973885][T15873] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2025'. [ 817.320310][T15889] openvswitch: netlink: Message has 1 unknown bytes. [ 817.382576][ T5838] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 818.440207][T15904] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(10) [ 820.919499][T15948] openvswitch: netlink: Message has 1 unknown bytes. [ 821.082510][ T5838] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 824.836525][ T5838] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 824.844542][ T5838] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 824.854221][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: kworker/u9:3 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 824.854274][ T5838] Tainted: [U]=USER [ 824.854285][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 824.854307][ T5838] Workqueue: hci3 hci_rx_work [ 824.854350][ T5838] Call Trace: [ 824.854362][ T5838] [ 824.854375][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 824.854411][ T5838] sysfs_warn_dup+0x7f/0xa0 [ 824.854445][ T5838] sysfs_create_dir_ns+0x24b/0x2b0 [ 824.854479][ T5838] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 824.854509][ T5838] ? find_held_lock+0x2b/0x80 [ 824.854567][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 824.854615][ T5838] kobject_add_internal+0x2c4/0x9b0 [ 824.854662][ T5838] kobject_add+0x16e/0x240 [ 824.854701][ T5838] ? __pfx_kobject_add+0x10/0x10 [ 824.854743][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 824.854788][ T5838] ? kobject_put+0xab/0x5a0 [ 824.854838][ T5838] device_add+0x288/0x1a70 [ 824.854884][ T5838] ? __pfx_dev_set_name+0x10/0x10 [ 824.854932][ T5838] ? __pfx_device_add+0x10/0x10 [ 824.854977][ T5838] ? mgmt_send_event_skb+0x2fb/0x460 [ 824.855026][ T5838] hci_conn_add_sysfs+0x17e/0x230 [ 824.855082][ T5838] le_conn_complete_evt+0x1075/0x1d70 [ 824.855132][ T5838] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 824.855169][ T5838] ? bt_warn+0xe4/0x120 [ 824.855200][ T5838] ? __pfx_bt_warn+0x10/0x10 [ 824.855241][ T5838] hci_le_conn_complete_evt+0x23c/0x370 [ 824.855288][ T5838] hci_le_meta_evt+0x2f6/0x5e0 [ 824.855327][ T5838] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 824.855370][ T5838] hci_event_packet+0x669/0x1190 [ 824.855407][ T5838] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 824.855451][ T5838] ? __pfx_hci_event_packet+0x10/0x10 [ 824.855493][ T5838] ? kcov_remote_start+0x3c9/0x6d0 [ 824.855534][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 824.855575][ T5838] hci_rx_work+0x2c5/0x16b0 [ 824.855618][ T5838] ? rcu_is_watching+0x12/0xc0 [ 824.855676][ T5838] process_one_work+0x9cc/0x1b70 [ 824.855739][ T5838] ? __pfx_process_one_work+0x10/0x10 [ 824.855799][ T5838] ? assign_work+0x1a0/0x250 [ 824.855846][ T5838] worker_thread+0x6c8/0xf10 [ 824.855911][ T5838] ? __pfx_worker_thread+0x10/0x10 [ 824.855957][ T5838] kthread+0x3c5/0x780 [ 824.855999][ T5838] ? __pfx_kthread+0x10/0x10 [ 824.856053][ T5838] ? rcu_is_watching+0x12/0xc0 [ 824.856107][ T5838] ? __pfx_kthread+0x10/0x10 [ 824.856150][ T5838] ret_from_fork+0x5d7/0x6f0 [ 824.856189][ T5838] ? __pfx_kthread+0x10/0x10 [ 824.856231][ T5838] ret_from_fork_asm+0x1a/0x30 [ 824.856284][ T5838] [ 824.856322][ T5838] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 825.134032][ T5838] Bluetooth: hci3: failed to register connection device [ 825.247862][T16012] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 826.726005][T16025] netlink: 'syz.4.2054': attribute type 35 has an invalid length. [ 826.854765][T16025] netlink: 'syz.4.2054': attribute type 35 has an invalid length. [ 827.047690][T16031] openvswitch: netlink: Message has 1 unknown bytes. [ 827.305638][T13350] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 828.353650][T16050] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 831.716317][T16083] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2066'. [ 831.748947][T16083] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 831.946949][T16086] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2067'. [ 831.998631][T16088] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2067'. [ 832.400097][T16103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807fe08d00 pfn:0x7fe08 [ 832.417534][T16103] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 832.444610][T16103] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 832.453325][T16103] page_type: f5(slab) [ 832.458074][T16103] raw: 00fff00000000240 ffff88801faaab40 ffffea0000c99b10 ffffea0000485910 [ 832.467327][T16103] raw: ffff88807fe08d00 000000000013000b 00000000f5000000 0000000000000000 [ 832.476581][T16103] head: 00fff00000000240 ffff88801faaab40 ffffea0000c99b10 ffffea0000485910 [ 832.485789][T16103] head: ffff88807fe08d00 000000000013000b 00000000f5000000 0000000000000000 [ 832.495027][T16103] head: 00fff00000000002 ffffea0001ff8201 00000000ffffffff 00000000ffffffff [ 832.503933][T16103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 832.528031][T16103] page dumped because: unmovable page [ 832.533517][T16103] page_owner tracks the page as allocated [ 832.560373][T16103] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14942, tgid 14941 (syz.1.1876), ts 762835804436, free_ts 756086818479 [ 832.816796][T16103] post_alloc_hook+0x1c0/0x230 [ 832.824646][T16103] get_page_from_freelist+0x135c/0x3950 [ 832.830374][T16103] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 832.837097][T16103] alloc_pages_mpol+0x1fb/0x550 [ 832.842098][T16103] new_slab+0x23b/0x330 [ 832.847145][T16103] ___slab_alloc+0xd9c/0x1940 [ 832.852067][T16103] __slab_alloc.constprop.0+0x56/0xb0 [ 832.858183][T16103] kmem_cache_alloc_node_noprof+0xf5/0x3b0 [ 832.906907][T16103] kmalloc_reserve+0x18b/0x2c0 [ 832.927376][T16103] __alloc_skb+0x166/0x380 [ 832.992185][T16092] could not allocate digest TFM handle binfmt_misc [ 833.026446][T16103] __ip_append_data+0x3123/0x4230 [ 833.046874][T16103] ip_append_data+0x10f/0x1a0 [ 833.061213][T16103] raw_sendmsg+0xeed/0x38b0 [ 833.066889][T16103] inet_sendmsg+0x11c/0x140 [ 833.072025][T16103] ____sys_sendmsg+0x973/0xc70 [ 833.076864][T16103] ___sys_sendmsg+0x134/0x1d0 [ 833.081728][T16103] page last free pid 14840 tgid 14840 stack trace: [ 833.088281][T16103] __free_frozen_pages+0x7f8/0x1180 [ 833.093662][T16103] __put_partials+0x16d/0x1c0 [ 833.098419][T16103] qlist_free_all+0x4d/0x120 [ 833.103666][T16103] kasan_quarantine_reduce+0x195/0x1e0 [ 833.109200][T16103] __kasan_slab_alloc+0x69/0x90 [ 833.114730][T16103] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 833.120272][T16103] vm_area_dup+0x23/0x700 [ 833.130942][T16103] __split_vma+0x17f/0x1030 [ 833.141176][T16103] vms_gather_munmap_vmas+0x1c2/0x1310 [ 833.151069][T16103] __mmap_region+0x314/0x27c0 [ 833.166277][T16103] mmap_region+0x1ab/0x3f0 [ 833.181512][T16103] do_mmap+0xd8e/0x11b0 [ 833.185796][T16103] vm_mmap_pgoff+0x281/0x450 [ 833.190465][T16103] ksys_mmap_pgoff+0x32c/0x5c0 [ 833.208043][T16103] __x64_sys_mmap+0x125/0x190 [ 833.213198][T16103] do_syscall_64+0xcd/0x490 [ 833.483238][T16124] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2075'. [ 833.627576][T16124] vcan0: entered promiscuous mode [ 834.605815][ T5838] Bluetooth: hci0: unexpected event 0x3e length: 728 > 260 [ 834.605847][ T5838] Bluetooth: hci0: unexpected subevent 0x03 length: 727 > 9 [ 835.331750][T13350] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 837.095051][T16209] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 838.327176][T16223] syz.0.2095 (16223): /proc/16222/oom_adj is deprecated, please use /proc/16222/oom_score_adj instead. [ 839.658520][T16255] FAULT_INJECTION: forcing a failure. [ 839.658520][T16255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 839.707041][T16255] CPU: 0 UID: 0 PID: 16255 Comm: syz.3.2102 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 839.707096][T16255] Tainted: [U]=USER [ 839.707106][T16255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 839.707124][T16255] Call Trace: [ 839.707134][T16255] [ 839.707147][T16255] dump_stack_lvl+0x16c/0x1f0 [ 839.707185][T16255] should_fail_ex+0x512/0x640 [ 839.707225][T16255] _copy_to_user+0x32/0xd0 [ 839.707265][T16255] simple_read_from_buffer+0xcb/0x170 [ 839.707319][T16255] proc_fail_nth_read+0x197/0x270 [ 839.707370][T16255] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 839.707422][T16255] ? rw_verify_area+0xcf/0x680 [ 839.707470][T16255] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 839.707518][T16255] vfs_read+0x1e1/0xc60 [ 839.707558][T16255] ? __pfx_vfs_read+0x10/0x10 [ 839.707597][T16255] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 839.707646][T16255] ? hook_file_ioctl_common+0x145/0x410 [ 839.707702][T16255] ksys_read+0x12a/0x250 [ 839.707734][T16255] ? __pfx_ksys_read+0x10/0x10 [ 839.707765][T16255] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 839.707810][T16255] do_syscall_64+0xcd/0x490 [ 839.707869][T16255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 839.707903][T16255] RIP: 0033:0x7fc749f8d37c [ 839.707929][T16255] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 839.707962][T16255] RSP: 002b:00007fc74ae66030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 839.707992][T16255] RAX: ffffffffffffffda RBX: 00007fc74a1b5fa0 RCX: 00007fc749f8d37c [ 839.708014][T16255] RDX: 000000000000000f RSI: 00007fc74ae660a0 RDI: 0000000000000005 [ 839.708033][T16255] RBP: 00007fc74ae66090 R08: 0000000000000000 R09: 0000000000000000 [ 839.708052][T16255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 839.708069][T16255] R13: 0000000000000000 R14: 00007fc74a1b5fa0 R15: 00007ffe5687e3e8 [ 839.708111][T16255] [ 840.735605][T16281] ERROR: Out of memory at tomoyo_memory_ok. [ 842.971955][ T30] audit: type=1800 audit(4294967412.944:61): pid=16322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2117" name="members" dev="configfs" ino=60763 res=0 errno=0 [ 843.265792][T16326] snd_aloop snd_aloop.0: control 852:65533:6:'x?F/zF˷fC:0 is already present [ 843.461548][T16339] ERROR: Out of memory at tomoyo_memory_ok. [ 843.484727][T16333] ERROR: Out of memory at tomoyo_memory_ok. [ 843.560331][T16326] ERROR: Out of memory at tomoyo_memory_ok. [ 844.949551][T16363] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input60 [ 846.485768][T16394] openvswitch: netlink: Message has 1 unknown bytes. [ 846.664879][T13350] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 846.699640][T16405] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 847.855374][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'. [ 849.543122][T16473] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 850.536418][ T30] audit: type=1800 audit(4294967301.578:62): pid=16486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2154" name="members" dev="configfs" ino=61467 res=0 errno=0 [ 850.623497][T16486] FAULT_INJECTION: forcing a failure. [ 850.623497][T16486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 850.638205][T16486] CPU: 0 UID: 0 PID: 16486 Comm: syz.1.2154 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 850.638261][T16486] Tainted: [U]=USER [ 850.638273][T16486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 850.638293][T16486] Call Trace: [ 850.638305][T16486] [ 850.638317][T16486] dump_stack_lvl+0x16c/0x1f0 [ 850.638355][T16486] should_fail_ex+0x512/0x640 [ 850.638386][T16486] _copy_from_user+0x2e/0xd0 [ 850.638416][T16486] copy_msghdr_from_user+0x98/0x160 [ 850.638454][T16486] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 850.638500][T16486] ? __pfx__kstrtoull+0x10/0x10 [ 850.638543][T16486] ___sys_sendmsg+0xfe/0x1d0 [ 850.638582][T16486] ? __pfx____sys_sendmsg+0x10/0x10 [ 850.638638][T16486] ? find_held_lock+0x2b/0x80 [ 850.638704][T16486] ? proc_fail_nth_write+0x9f/0x250 [ 850.638758][T16486] ? find_held_lock+0x2b/0x80 [ 850.638812][T16486] __sys_sendmmsg+0x200/0x420 [ 850.638867][T16486] ? __pfx___sys_sendmmsg+0x10/0x10 [ 850.638932][T16486] ? find_held_lock+0x2b/0x80 [ 850.639004][T16486] ? ksys_write+0x1ac/0x250 [ 850.639038][T16486] ? __pfx_ksys_write+0x10/0x10 [ 850.639093][T16486] __x64_sys_sendmmsg+0x9c/0x100 [ 850.639145][T16486] ? lockdep_hardirqs_on+0x7c/0x110 [ 850.639180][T16486] do_syscall_64+0xcd/0x490 [ 850.639220][T16486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.639256][T16486] RIP: 0033:0x7f597b38e969 [ 850.639285][T16486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.639321][T16486] RSP: 002b:00007f597c116038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 850.639362][T16486] RAX: ffffffffffffffda RBX: 00007f597b5b5fa0 RCX: 00007f597b38e969 [ 850.639385][T16486] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 850.639407][T16486] RBP: 00007f597c116090 R08: 0000000000000000 R09: 0000000000000000 [ 850.639428][T16486] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 850.639449][T16486] R13: 0000000000000000 R14: 00007f597b5b5fa0 R15: 00007fffdac6a958 [ 850.639493][T16486] [ 852.104517][T16504] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input61 [ 852.591706][T16514] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2160'. [ 853.025774][T16506] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input62 [ 853.125029][T16522] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.2165'. [ 853.444619][ T30] audit: type=1800 audit(4294967304.505:63): pid=16524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2166" name="members" dev="configfs" ino=61669 res=0 errno=0 [ 853.520996][T16524] FAULT_INJECTION: forcing a failure. [ 853.520996][T16524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 853.562703][T16524] CPU: 0 UID: 0 PID: 16524 Comm: syz.1.2166 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 853.562756][T16524] Tainted: [U]=USER [ 853.562767][T16524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 853.562794][T16524] Call Trace: [ 853.562804][T16524] [ 853.562816][T16524] dump_stack_lvl+0x16c/0x1f0 [ 853.562855][T16524] should_fail_ex+0x512/0x640 [ 853.562894][T16524] _copy_from_user+0x2e/0xd0 [ 853.562941][T16524] ____sys_sendmsg+0x607/0xc70 [ 853.562979][T16524] ? __pfx_____sys_sendmsg+0x10/0x10 [ 853.563022][T16524] ? __pfx__kstrtoull+0x10/0x10 [ 853.563078][T16524] ___sys_sendmsg+0x134/0x1d0 [ 853.563126][T16524] ? __pfx____sys_sendmsg+0x10/0x10 [ 853.563193][T16524] ? find_held_lock+0x2b/0x80 [ 853.563256][T16524] ? proc_fail_nth_write+0x9f/0x250 [ 853.563305][T16524] ? find_held_lock+0x2b/0x80 [ 853.563356][T16524] __sys_sendmmsg+0x200/0x420 [ 853.563410][T16524] ? __pfx___sys_sendmmsg+0x10/0x10 [ 853.563470][T16524] ? find_held_lock+0x2b/0x80 [ 853.563539][T16524] ? ksys_write+0x1ac/0x250 [ 853.563572][T16524] ? __pfx_ksys_write+0x10/0x10 [ 853.563613][T16524] __x64_sys_sendmmsg+0x9c/0x100 [ 853.563659][T16524] ? lockdep_hardirqs_on+0x7c/0x110 [ 853.563690][T16524] do_syscall_64+0xcd/0x490 [ 853.563726][T16524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.563756][T16524] RIP: 0033:0x7f597b38e969 [ 853.563780][T16524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 853.563820][T16524] RSP: 002b:00007f597c116038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 853.563851][T16524] RAX: ffffffffffffffda RBX: 00007f597b5b5fa0 RCX: 00007f597b38e969 [ 853.563873][T16524] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 853.563892][T16524] RBP: 00007f597c116090 R08: 0000000000000000 R09: 0000000000000000 [ 853.563910][T16524] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 853.563929][T16524] R13: 0000000000000000 R14: 00007f597b5b5fa0 R15: 00007fffdac6a958 [ 853.563971][T16524] [ 854.365914][T16538] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 854.486274][T16526] FAULT_INJECTION: forcing a failure. [ 854.486274][T16526] name failslab, interval 1, probability 0, space 0, times 0 [ 854.499222][T16526] CPU: 0 UID: 0 PID: 16526 Comm: syz.0.2162 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 854.499274][T16526] Tainted: [U]=USER [ 854.499285][T16526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 854.499304][T16526] Call Trace: [ 854.499314][T16526] [ 854.499327][T16526] dump_stack_lvl+0x16c/0x1f0 [ 854.499364][T16526] should_fail_ex+0x512/0x640 [ 854.499399][T16526] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 854.499442][T16526] should_failslab+0xc2/0x120 [ 854.499483][T16526] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 854.499532][T16526] ? ptlock_alloc+0x1f/0x70 [ 854.499571][T16526] ptlock_alloc+0x1f/0x70 [ 854.499602][T16526] pte_alloc_one+0x6d/0x380 [ 854.499649][T16526] __pte_alloc+0x6d/0x3c0 [ 854.499693][T16526] ? __pfx___pte_alloc+0x10/0x10 [ 854.499735][T16526] ? __pfx___might_resched+0x10/0x10 [ 854.499789][T16526] ? copy_page_range+0x14ca/0x5710 [ 854.499828][T16526] copy_page_range+0x1bb0/0x5710 [ 854.499914][T16526] ? __pfx_copy_page_range+0x10/0x10 [ 854.499963][T16526] ? __pfx___might_resched+0x10/0x10 [ 854.500013][T16526] ? __vma_enter_locked+0x163/0x3f0 [ 854.500057][T16526] ? copy_process+0x85b9/0x9170 [ 854.500090][T16526] ? down_write+0x14d/0x200 [ 854.500131][T16526] ? up_write+0x1b2/0x520 [ 854.500178][T16526] copy_process+0x8606/0x9170 [ 854.500244][T16526] ? __pfx_copy_process+0x10/0x10 [ 854.500276][T16526] ? __pfx___futex_wait+0x10/0x10 [ 854.500316][T16526] ? kasan_save_stack+0x42/0x60 [ 854.500393][T16526] kernel_clone+0xfc/0x960 [ 854.500432][T16526] ? __pfx_kernel_clone+0x10/0x10 [ 854.500501][T16526] __do_sys_clone+0xce/0x120 [ 854.500537][T16526] ? __pfx___do_sys_clone+0x10/0x10 [ 854.500573][T16526] ? ksys_unshare+0x687/0xa40 [ 854.500627][T16526] ? xfd_validate_state+0x61/0x180 [ 854.500680][T16526] do_syscall_64+0xcd/0x490 [ 854.500717][T16526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.500751][T16526] RIP: 0033:0x7f084e38e969 [ 854.500777][T16526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 854.500808][T16526] RSP: 002b:00007f084f205fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 854.500838][T16526] RAX: ffffffffffffffda RBX: 00007f084e5b5fa0 RCX: 00007f084e38e969 [ 854.500860][T16526] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 854.500879][T16526] RBP: 00007f084e410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 854.500898][T16526] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 854.500917][T16526] R13: 0000000000000000 R14: 00007f084e5b5fa0 R15: 00007ffe61a05ab8 [ 854.500960][T16526] [ 856.220280][T16558] openvswitch: netlink: Message has 1 unknown bytes. [ 856.344040][T13350] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 856.403596][T13350] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 856.485627][ T30] audit: type=1800 audit(4294967315.531:64): pid=16561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2174" name="dbroot" dev="configfs" ino=61794 res=0 errno=0 [ 859.487550][T16602] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 860.739823][T16596] zswap: compressor not available [ 860.745595][T16609] Setting dangerous option i915.mitigations - tainting kernel [ 861.107153][T16625] ERROR: Out of memory at tomoyo_memory_ok. [ 863.181372][T13350] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 865.399845][T16686] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 866.363922][T16701] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2196'. [ 866.406872][T16701] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2196'. [ 866.997102][ T30] audit: type=1800 audit(4294967326.126:65): pid=16710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2197" name="members" dev="configfs" ino=62091 res=0 errno=0 [ 867.170748][T16690] zswap: compressor not available [ 867.199605][T16705] Setting dangerous option i915.mitigations - tainting kernel [ 868.781692][T16742] openvswitch: netlink: Message has 1 unknown bytes. [ 869.002709][ T5838] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 869.070064][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 872.098637][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 872.105164][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.097007][T16777] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2210'. [ 876.216933][T16832] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 877.683145][T16854] openvswitch: netlink: Message has 1 unknown bytes. [ 877.909639][T13350] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 880.143874][T13350] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 880.156481][T13350] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 880.165957][T13350] CPU: 1 UID: 0 PID: 13350 Comm: kworker/u9:0 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 880.166008][T13350] Tainted: [U]=USER [ 880.166019][T13350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 880.166041][T13350] Workqueue: hci2 hci_rx_work [ 880.166084][T13350] Call Trace: [ 880.166094][T13350] [ 880.166106][T13350] dump_stack_lvl+0x16c/0x1f0 [ 880.166142][T13350] sysfs_warn_dup+0x7f/0xa0 [ 880.166173][T13350] sysfs_create_dir_ns+0x24b/0x2b0 [ 880.166206][T13350] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 880.166235][T13350] ? find_held_lock+0x2b/0x80 [ 880.166304][T13350] ? do_raw_spin_unlock+0x172/0x230 [ 880.166354][T13350] kobject_add_internal+0x2c4/0x9b0 [ 880.166403][T13350] kobject_add+0x16e/0x240 [ 880.166442][T13350] ? __pfx_kobject_add+0x10/0x10 [ 880.166483][T13350] ? do_raw_spin_unlock+0x172/0x230 [ 880.166528][T13350] ? kobject_put+0xab/0x5a0 [ 880.166577][T13350] device_add+0x288/0x1a70 [ 880.166625][T13350] ? __pfx_dev_set_name+0x10/0x10 [ 880.166674][T13350] ? __pfx_device_add+0x10/0x10 [ 880.166720][T13350] ? mgmt_send_event_skb+0x2fb/0x460 [ 880.166770][T13350] hci_conn_add_sysfs+0x17e/0x230 [ 880.166815][T13350] le_conn_complete_evt+0x1075/0x1d70 [ 880.166866][T13350] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 880.166904][T13350] ? bt_warn+0xe4/0x120 [ 880.166934][T13350] ? __pfx_bt_warn+0x10/0x10 [ 880.166979][T13350] hci_le_conn_complete_evt+0x23c/0x370 [ 880.167027][T13350] hci_le_meta_evt+0x2f6/0x5e0 [ 880.167068][T13350] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 880.167113][T13350] hci_event_packet+0x669/0x1190 [ 880.167151][T13350] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 880.167195][T13350] ? __pfx_hci_event_packet+0x10/0x10 [ 880.167238][T13350] ? kcov_remote_start+0x3c9/0x6d0 [ 880.167292][T13350] ? lockdep_hardirqs_on+0x7c/0x110 [ 880.167335][T13350] hci_rx_work+0x2c5/0x16b0 [ 880.167377][T13350] ? rcu_is_watching+0x12/0xc0 [ 880.167435][T13350] process_one_work+0x9cc/0x1b70 [ 880.167496][T13350] ? __pfx_process_one_work+0x10/0x10 [ 880.167555][T13350] ? assign_work+0x1a0/0x250 [ 880.167601][T13350] worker_thread+0x6c8/0xf10 [ 880.167658][T13350] ? __kthread_parkme+0x19e/0x250 [ 880.167695][T13350] ? __pfx_worker_thread+0x10/0x10 [ 880.167740][T13350] kthread+0x3c5/0x780 [ 880.167783][T13350] ? __pfx_kthread+0x10/0x10 [ 880.167826][T13350] ? rcu_is_watching+0x12/0xc0 [ 880.167876][T13350] ? __pfx_kthread+0x10/0x10 [ 880.167919][T13350] ret_from_fork+0x5d7/0x6f0 [ 880.167956][T13350] ? __pfx_kthread+0x10/0x10 [ 880.167999][T13350] ret_from_fork_asm+0x1a/0x30 [ 880.168052][T13350] [ 880.421273][ C1] vkms_vblank_simulate: vblank timer overrun [ 880.434104][T13350] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 880.448882][T13350] Bluetooth: hci2: failed to register connection device [ 880.822687][ T5838] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 880.919547][T16898] ERROR: Out of memory at tomoyo_memory_ok. [ 882.980012][T16904] kexec: Could not allocate control_code_buffer [ 883.575205][T16925] ERROR: Out of memory at tomoyo_memory_ok. [ 883.606291][ T30] audit: type=1800 audit(4295032480.905:66): pid=16926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2243" name="members" dev="configfs" ino=64727 res=0 errno=0 [ 883.662608][T16927] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 883.750562][T16928] ERROR: Out of memory at tomoyo_memory_ok. [ 884.079955][T16935] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1048706]. [ 887.029122][T16971] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input63 [ 887.783087][T16972] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input64 [ 888.157921][T16989] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 889.102287][ T30] audit: type=1800 audit(4295032486.434:67): pid=16997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2260" name="members" dev="configfs" ino=64882 res=0 errno=0 [ 889.144991][T16997] FAULT_INJECTION: forcing a failure. [ 889.144991][T16997] name failslab, interval 1, probability 0, space 0, times 0 [ 889.179729][T16997] CPU: 1 UID: 0 PID: 16997 Comm: syz.4.2260 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 889.179774][T16997] Tainted: [U]=USER [ 889.179782][T16997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 889.179795][T16997] Call Trace: [ 889.179802][T16997] [ 889.179811][T16997] dump_stack_lvl+0x16c/0x1f0 [ 889.179839][T16997] should_fail_ex+0x512/0x640 [ 889.179863][T16997] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 889.179894][T16997] should_failslab+0xc2/0x120 [ 889.179923][T16997] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 889.179949][T16997] ? __alloc_skb+0x2b2/0x380 [ 889.179984][T16997] __alloc_skb+0x2b2/0x380 [ 889.180014][T16997] ? __pfx___alloc_skb+0x10/0x10 [ 889.180050][T16997] ? __lock_acquire+0xb8a/0x1c90 [ 889.180078][T16997] netlink_alloc_large_skb+0x69/0x130 [ 889.180122][T16997] netlink_sendmsg+0x6a1/0xdd0 [ 889.180163][T16997] ? __pfx_netlink_sendmsg+0x10/0x10 [ 889.180210][T16997] ____sys_sendmsg+0xa95/0xc70 [ 889.180235][T16997] ? copy_msghdr_from_user+0x10a/0x160 [ 889.180268][T16997] ? __pfx_____sys_sendmsg+0x10/0x10 [ 889.180297][T16997] ? kfree+0x24f/0x4d0 [ 889.180314][T16997] ? __pfx__kstrtoull+0x10/0x10 [ 889.180354][T16997] ___sys_sendmsg+0x134/0x1d0 [ 889.180389][T16997] ? __pfx____sys_sendmsg+0x10/0x10 [ 889.180456][T16997] ? __pfx___might_resched+0x10/0x10 [ 889.180501][T16997] __sys_sendmmsg+0x200/0x420 [ 889.180544][T16997] ? __pfx___sys_sendmmsg+0x10/0x10 [ 889.180586][T16997] ? find_held_lock+0x2b/0x80 [ 889.180634][T16997] ? ksys_write+0x1ac/0x250 [ 889.180656][T16997] ? __pfx_ksys_write+0x10/0x10 [ 889.180684][T16997] __x64_sys_sendmmsg+0x9c/0x100 [ 889.180724][T16997] ? lockdep_hardirqs_on+0x7c/0x110 [ 889.180746][T16997] do_syscall_64+0xcd/0x490 [ 889.180772][T16997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.180796][T16997] RIP: 0033:0x7f0a1ab8e969 [ 889.180814][T16997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 889.180841][T16997] RSP: 002b:00007f0a1ba09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 889.180863][T16997] RAX: ffffffffffffffda RBX: 00007f0a1adb5fa0 RCX: 00007f0a1ab8e969 [ 889.180879][T16997] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 889.180893][T16997] RBP: 00007f0a1ba09090 R08: 0000000000000000 R09: 0000000000000000 [ 889.180908][T16997] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 889.180922][T16997] R13: 0000000000000000 R14: 00007f0a1adb5fa0 R15: 00007ffc2aec7298 [ 889.180951][T16997] [ 893.326142][ T5838] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 893.974454][ T30] audit: type=1800 audit(4295032491.329:68): pid=17054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2274" name="members" dev="configfs" ino=65070 res=0 errno=0 [ 894.025430][T17054] FAULT_INJECTION: forcing a failure. [ 894.025430][T17054] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 894.045598][T17054] CPU: 0 UID: 0 PID: 17054 Comm: syz.4.2274 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 894.045653][T17054] Tainted: [U]=USER [ 894.045665][T17054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 894.045684][T17054] Call Trace: [ 894.045694][T17054] [ 894.045707][T17054] dump_stack_lvl+0x16c/0x1f0 [ 894.045745][T17054] should_fail_ex+0x512/0x640 [ 894.045786][T17054] _copy_from_iter+0x29f/0x16f0 [ 894.045828][T17054] ? __alloc_skb+0x200/0x380 [ 894.045870][T17054] ? __pfx__copy_from_iter+0x10/0x10 [ 894.045912][T17054] ? __lock_acquire+0xb8a/0x1c90 [ 894.045958][T17054] netlink_sendmsg+0x829/0xdd0 [ 894.046014][T17054] ? __pfx_netlink_sendmsg+0x10/0x10 [ 894.046088][T17054] ____sys_sendmsg+0xa95/0xc70 [ 894.046123][T17054] ? copy_msghdr_from_user+0x10a/0x160 [ 894.046169][T17054] ? __pfx_____sys_sendmsg+0x10/0x10 [ 894.046207][T17054] ? kfree+0x24f/0x4d0 [ 894.046233][T17054] ? __pfx__kstrtoull+0x10/0x10 [ 894.046286][T17054] ___sys_sendmsg+0x134/0x1d0 [ 894.046333][T17054] ? __pfx____sys_sendmsg+0x10/0x10 [ 894.046417][T17054] ? __pfx___might_resched+0x10/0x10 [ 894.046479][T17054] __sys_sendmmsg+0x200/0x420 [ 894.046530][T17054] ? __pfx___sys_sendmmsg+0x10/0x10 [ 894.046587][T17054] ? find_held_lock+0x2b/0x80 [ 894.046655][T17054] ? ksys_write+0x1ac/0x250 [ 894.046686][T17054] ? __pfx_ksys_write+0x10/0x10 [ 894.046754][T17054] __x64_sys_sendmmsg+0x9c/0x100 [ 894.046800][T17054] ? lockdep_hardirqs_on+0x7c/0x110 [ 894.046830][T17054] do_syscall_64+0xcd/0x490 [ 894.046867][T17054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 894.046900][T17054] RIP: 0033:0x7f0a1ab8e969 [ 894.046925][T17054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 894.046957][T17054] RSP: 002b:00007f0a1ba09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 894.046988][T17054] RAX: ffffffffffffffda RBX: 00007f0a1adb5fa0 RCX: 00007f0a1ab8e969 [ 894.047008][T17054] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 894.047036][T17054] RBP: 00007f0a1ba09090 R08: 0000000000000000 R09: 0000000000000000 [ 894.047056][T17054] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 894.047075][T17054] R13: 0000000000000000 R14: 00007f0a1adb5fa0 R15: 00007ffc2aec7298 [ 894.047117][T17054] [ 895.853291][ T5838] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 896.735913][ T30] audit: type=1800 audit(4295032494.104:69): pid=17106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2286" name="members" dev="configfs" ino=65210 res=0 errno=0 [ 896.844660][T17106] FAULT_INJECTION: forcing a failure. [ 896.844660][T17106] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 896.884455][T17106] CPU: 0 UID: 0 PID: 17106 Comm: syz.1.2286 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 896.884509][T17106] Tainted: [U]=USER [ 896.884519][T17106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 896.884538][T17106] Call Trace: [ 896.884548][T17106] [ 896.884560][T17106] dump_stack_lvl+0x16c/0x1f0 [ 896.884597][T17106] should_fail_ex+0x512/0x640 [ 896.884637][T17106] _copy_from_iter+0x29f/0x16f0 [ 896.884680][T17106] ? __alloc_skb+0x200/0x380 [ 896.884724][T17106] ? __pfx__copy_from_iter+0x10/0x10 [ 896.884768][T17106] ? __lock_acquire+0xb8a/0x1c90 [ 896.884815][T17106] netlink_sendmsg+0x829/0xdd0 [ 896.884872][T17106] ? __pfx_netlink_sendmsg+0x10/0x10 [ 896.884938][T17106] ____sys_sendmsg+0xa95/0xc70 [ 896.884974][T17106] ? copy_msghdr_from_user+0x10a/0x160 [ 896.885026][T17106] ? __pfx_____sys_sendmsg+0x10/0x10 [ 896.885068][T17106] ? kfree+0x24f/0x4d0 [ 896.885092][T17106] ? __pfx__kstrtoull+0x10/0x10 [ 896.885146][T17106] ___sys_sendmsg+0x134/0x1d0 [ 896.885194][T17106] ? __pfx____sys_sendmsg+0x10/0x10 [ 896.885281][T17106] ? __pfx___might_resched+0x10/0x10 [ 896.885341][T17106] __sys_sendmmsg+0x200/0x420 [ 896.885392][T17106] ? __pfx___sys_sendmmsg+0x10/0x10 [ 896.885451][T17106] ? find_held_lock+0x2b/0x80 [ 896.885520][T17106] ? ksys_write+0x1ac/0x250 [ 896.885552][T17106] ? __pfx_ksys_write+0x10/0x10 [ 896.885591][T17106] __x64_sys_sendmmsg+0x9c/0x100 [ 896.885638][T17106] ? lockdep_hardirqs_on+0x7c/0x110 [ 896.885670][T17106] do_syscall_64+0xcd/0x490 [ 896.885708][T17106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.885742][T17106] RIP: 0033:0x7f597b38e969 [ 896.885768][T17106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 896.885801][T17106] RSP: 002b:00007f597c116038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 896.885833][T17106] RAX: ffffffffffffffda RBX: 00007f597b5b5fa0 RCX: 00007f597b38e969 [ 896.885854][T17106] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 896.885874][T17106] RBP: 00007f597c116090 R08: 0000000000000000 R09: 0000000000000000 [ 896.885894][T17106] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 896.885914][T17106] R13: 0000000000000000 R14: 00007f597b5b5fa0 R15: 00007fffdac6a958 [ 896.885957][T17106] [ 900.236810][T17148] FAULT_INJECTION: forcing a failure. [ 900.236810][T17148] name failslab, interval 1, probability 0, space 0, times 0 [ 900.264696][T17148] CPU: 0 UID: 0 PID: 17148 Comm: syz.3.2295 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 900.264755][T17148] Tainted: [U]=USER [ 900.264768][T17148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 900.264789][T17148] Call Trace: [ 900.264801][T17148] [ 900.264814][T17148] dump_stack_lvl+0x16c/0x1f0 [ 900.264855][T17148] should_fail_ex+0x512/0x640 [ 900.264890][T17148] ? __kmalloc_noprof+0xbf/0x510 [ 900.264932][T17148] ? lsm_blob_alloc+0x68/0x90 [ 900.264965][T17148] should_failslab+0xc2/0x120 [ 900.265008][T17148] __kmalloc_noprof+0xd2/0x510 [ 900.265056][T17148] lsm_blob_alloc+0x68/0x90 [ 900.265093][T17148] security_sk_alloc+0x30/0x270 [ 900.265138][T17148] sk_prot_alloc+0xfb/0x2a0 [ 900.265175][T17148] sk_alloc+0x36/0xc20 [ 900.265221][T17148] inet_create+0x3a1/0x1090 [ 900.265259][T17148] ? inet_create+0x93/0x1090 [ 900.265299][T17148] __sock_create+0x335/0x8d0 [ 900.265346][T17148] __sys_socket+0x14d/0x260 [ 900.265380][T17148] ? fput+0x70/0xf0 [ 900.265420][T17148] ? __pfx___sys_socket+0x10/0x10 [ 900.265457][T17148] ? xfd_validate_state+0x61/0x180 [ 900.265508][T17148] ? __pfx_ksys_write+0x10/0x10 [ 900.265553][T17148] __x64_sys_socket+0x72/0xb0 [ 900.265589][T17148] ? lockdep_hardirqs_on+0x7c/0x110 [ 900.265622][T17148] do_syscall_64+0xcd/0x490 [ 900.265661][T17148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.265695][T17148] RIP: 0033:0x7fc749f8e969 [ 900.265724][T17148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.265760][T17148] RSP: 002b:00007fc74ae66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 900.265794][T17148] RAX: ffffffffffffffda RBX: 00007fc74a1b5fa0 RCX: 00007fc749f8e969 [ 900.265817][T17148] RDX: 0000000000000106 RSI: 0000000000000001 RDI: 0000000000000002 [ 900.265837][T17148] RBP: 00007fc74a010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 900.265858][T17148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 900.265878][T17148] R13: 0000000000000000 R14: 00007fc74a1b5fa0 R15: 00007ffe5687e3e8 [ 900.265921][T17148] [ 900.286981][T17148] FAULT_INJECTION: forcing a failure. [ 900.286981][T17148] name failslab, interval 1, probability 0, space 0, times 0 [ 900.287034][T17148] CPU: 0 UID: 0 PID: 17148 Comm: syz.3.2295 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 900.287086][T17148] Tainted: [U]=USER [ 900.287098][T17148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 900.287118][T17148] Call Trace: [ 900.287129][T17148] [ 900.287143][T17148] dump_stack_lvl+0x16c/0x1f0 [ 900.287184][T17148] should_fail_ex+0x512/0x640 [ 900.287219][T17148] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 900.287262][T17148] should_failslab+0xc2/0x120 [ 900.287305][T17148] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 900.287347][T17148] ? sk_prot_alloc+0x60/0x2a0 [ 900.287384][T17148] sk_prot_alloc+0x60/0x2a0 [ 900.287421][T17148] sk_alloc+0x36/0xc20 [ 900.287468][T17148] unix_create1+0xa6/0x6c0 [ 900.287528][T17148] unix_create+0x10e/0x1d0 [ 900.287563][T17148] __sock_create+0x335/0x8d0 [ 900.287608][T17148] __sys_socketpair+0x1d8/0x5a0 [ 900.287650][T17148] ? __pfx___sys_socketpair+0x10/0x10 [ 900.287693][T17148] ? xfd_validate_state+0x61/0x180 [ 900.287740][T17148] __x64_sys_socketpair+0x96/0x100 [ 900.287786][T17148] ? lockdep_hardirqs_on+0x7c/0x110 [ 900.287820][T17148] do_syscall_64+0xcd/0x490 [ 900.287858][T17148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.287891][T17148] RIP: 0033:0x7fc749f8e969 [ 900.287917][T17148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.287950][T17148] RSP: 002b:00007fc74ae66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 900.287981][T17148] RAX: ffffffffffffffda RBX: 00007fc74a1b5fa0 RCX: 00007fc749f8e969 [ 900.288004][T17148] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 900.288027][T17148] RBP: 00007fc74a010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 900.288048][T17148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 900.288068][T17148] R13: 0000000000000000 R14: 00007fc74a1b5fa0 R15: 00007ffe5687e3e8 [ 900.288111][T17148] [ 901.825392][T17168] netlink: 'syz.4.2301': attribute type 16 has an invalid length. [ 901.836300][T17168] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2301'. [ 901.847182][T17168] veth1_macvtap: left promiscuous mode [ 901.925210][T17168] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 901.936343][T17173] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2302'. [ 901.945580][T17168] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 902.240697][T17177] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2304'. [ 904.929739][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 904.929783][ T5838] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 904.945600][ T5838] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 905.516115][ T30] audit: type=1800 audit(4295032502.939:70): pid=17246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2321" name="members" dev="configfs" ino=65718 res=0 errno=0 [ 905.566144][T17246] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2321'. [ 905.629628][T17246] FAULT_INJECTION: forcing a failure. [ 905.629628][T17246] name failslab, interval 1, probability 0, space 0, times 0 [ 905.643408][T17246] CPU: 0 UID: 0 PID: 17246 Comm: syz.4.2321 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 905.643459][T17246] Tainted: [U]=USER [ 905.643470][T17246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 905.643490][T17246] Call Trace: [ 905.643501][T17246] [ 905.643514][T17246] dump_stack_lvl+0x16c/0x1f0 [ 905.643553][T17246] should_fail_ex+0x512/0x640 [ 905.643586][T17246] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 905.643630][T17246] should_failslab+0xc2/0x120 [ 905.643671][T17246] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 905.643710][T17246] ? __alloc_skb+0x2b2/0x380 [ 905.643761][T17246] __alloc_skb+0x2b2/0x380 [ 905.643804][T17246] ? __pfx___alloc_skb+0x10/0x10 [ 905.643846][T17246] ? __pfx_debug_object_assert_init+0x10/0x10 [ 905.643890][T17246] ? __local_bh_enable_ip+0x90/0x120 [ 905.643924][T17246] ? __igmp_group_dropped+0x26a/0xe80 [ 905.643979][T17246] inet_ifmcaddr_notify+0xc7/0x1c0 [ 905.644024][T17246] ? __pfx_inet_ifmcaddr_notify+0x10/0x10 [ 905.644088][T17246] __ip_mc_dec_group+0x442/0x5b0 [ 905.644150][T17246] inetdev_event+0x3b2/0x18a0 [ 905.644205][T17246] ? ib_netdevice_event+0xfc/0x330 [ 905.644241][T17246] ? __pfx_inetdev_event+0x10/0x10 [ 905.644292][T17246] ? wext_netdev_notifier_call+0xe/0x20 [ 905.644325][T17246] ? cfg802154_netdev_notifier_call+0x391/0xa00 [ 905.644362][T17246] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 905.644413][T17246] notifier_call_chain+0xb9/0x410 [ 905.644451][T17246] ? __pfx_inetdev_event+0x10/0x10 [ 905.644510][T17246] call_netdevice_notifiers_info+0xbe/0x140 [ 905.644548][T17246] dev_close_many+0x319/0x630 [ 905.644586][T17246] ? __pfx_dev_close_many+0x10/0x10 [ 905.644632][T17246] unregister_netdevice_many_notify+0x578/0x26f0 [ 905.644686][T17246] ? lockdep_hardirqs_on+0x7c/0x110 [ 905.644720][T17246] ? __mutex_lock+0x1ca/0xb90 [ 905.644757][T17246] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 905.644813][T17246] ? __pfx___mutex_lock+0x10/0x10 [ 905.644853][T17246] ? unregister_netdevice_queue+0x22e/0x3f0 [ 905.644905][T17246] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 905.644961][T17246] ? __nla_parse+0x40/0x60 [ 905.645009][T17246] rtnl_dellink+0x3cb/0xa80 [ 905.645052][T17246] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 905.645103][T17246] ? kasan_save_stack+0x33/0x60 [ 905.645143][T17246] ? kasan_save_track+0x14/0x30 [ 905.645176][T17246] ? kasan_save_free_info+0x3b/0x60 [ 905.645224][T17246] ? __kasan_slab_free+0x51/0x70 [ 905.645263][T17246] ? __pfx_rtnl_dellink+0x10/0x10 [ 905.645305][T17246] ? nlmon_xmit+0xa5/0xe0 [ 905.645355][T17246] ? netlink_deliver_tap+0xa87/0xd30 [ 905.645400][T17246] ? netlink_unicast+0x5df/0x7f0 [ 905.645523][T17246] ? __lock_acquire+0x622/0x1c90 [ 905.645564][T17246] ? rcu_is_watching+0x12/0xc0 [ 905.645613][T17246] ? trace_cap_capable+0x18d/0x200 [ 905.645664][T17246] ? find_held_lock+0x2b/0x80 [ 905.645709][T17246] ? __pfx_rtnl_dellink+0x10/0x10 [ 905.645753][T17246] ? __pfx_rtnl_dellink+0x10/0x10 [ 905.645795][T17246] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 905.645845][T17246] ? __pfx_rtnl_dellink+0x10/0x10 [ 905.645891][T17246] rtnetlink_rcv_msg+0x95e/0xe90 [ 905.645943][T17246] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 905.646015][T17246] netlink_rcv_skb+0x16d/0x440 [ 905.646065][T17246] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 905.646125][T17246] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 905.646201][T17246] ? netlink_deliver_tap+0x1ae/0xd30 [ 905.646256][T17246] netlink_unicast+0x53a/0x7f0 [ 905.646310][T17246] ? __pfx_netlink_unicast+0x10/0x10 [ 905.646374][T17246] netlink_sendmsg+0x8d1/0xdd0 [ 905.646432][T17246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 905.646498][T17246] ____sys_sendmsg+0xa95/0xc70 [ 905.646533][T17246] ? copy_msghdr_from_user+0x10a/0x160 [ 905.646581][T17246] ? __pfx_____sys_sendmsg+0x10/0x10 [ 905.646622][T17246] ? kfree+0x24f/0x4d0 [ 905.646647][T17246] ? __pfx__kstrtoull+0x10/0x10 [ 905.646707][T17246] ___sys_sendmsg+0x134/0x1d0 [ 905.646756][T17246] ? __pfx____sys_sendmsg+0x10/0x10 [ 905.646843][T17246] ? __pfx___might_resched+0x10/0x10 [ 905.646905][T17246] __sys_sendmmsg+0x200/0x420 [ 905.646955][T17246] ? __pfx___sys_sendmmsg+0x10/0x10 [ 905.647032][T17246] ? find_held_lock+0x2b/0x80 [ 905.647102][T17246] ? ksys_write+0x1ac/0x250 [ 905.647141][T17246] ? __pfx_ksys_write+0x10/0x10 [ 905.647183][T17246] __x64_sys_sendmmsg+0x9c/0x100 [ 905.647228][T17246] ? lockdep_hardirqs_on+0x7c/0x110 [ 905.647260][T17246] do_syscall_64+0xcd/0x490 [ 905.647298][T17246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.647333][T17246] RIP: 0033:0x7f0a1ab8e969 [ 905.647359][T17246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 905.647393][T17246] RSP: 002b:00007f0a1ba09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 905.647425][T17246] RAX: ffffffffffffffda RBX: 00007f0a1adb5fa0 RCX: 00007f0a1ab8e969 [ 905.647446][T17246] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 905.647467][T17246] RBP: 00007f0a1ba09090 R08: 0000000000000000 R09: 0000000000000000 [ 905.647486][T17246] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 905.647507][T17246] R13: 0000000000000000 R14: 00007f0a1adb5fa0 R15: 00007ffc2aec7298 [ 905.647549][T17246] [ 906.358941][T17246] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 906.372820][T17246] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 906.392377][T17246] bond0 (unregistering): Released all slaves [ 906.504311][ T5838] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 907.888289][T17282] vivid-007: ================= START STATUS ================= [ 907.896268][T17282] vivid-007: Generate PTS: true [ 907.901672][T17282] vivid-007: Generate SCR: true [ 907.906741][T17282] tpg source WxH: 640x360 (Y'CbCr) [ 907.912354][T17282] tpg field: 1 [ 907.915770][T17282] tpg crop: (0,0)/640x360 [ 907.920297][T17282] tpg compose: (0,0)/640x360 [ 907.925557][T17282] tpg colorspace: 8 [ 907.929412][T17282] tpg transfer function: 0/0 [ 907.934558][T17282] tpg Y'CbCr encoding: 0/0 [ 907.939026][T17282] tpg quantization: 0/0 [ 907.943612][T17282] tpg RGB range: 0/2 [ 907.948920][T17282] vivid-007: ================== END STATUS ================== [ 908.158019][T17290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 908.180204][T17290] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 908.680434][T17299] can: request_module (can-proto-3) failed. [ 909.355692][ T5838] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 910.225869][ T30] audit: type=1800 audit(4295032507.664:71): pid=17336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2341" name="members" dev="configfs" ino=67026 res=0 errno=0 [ 910.296202][T17336] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2341'. [ 910.506578][T13350] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 910.517085][T13350] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 910.526642][T13350] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 910.535744][T13350] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 910.544884][T13350] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 912.596670][T17339] chnl_net:caif_netlink_parms(): no params data found [ 912.604388][ T5838] Bluetooth: hci1: command tx timeout [ 912.859644][ T7784] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 913.085053][ T7784] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 913.221174][T17339] bridge0: port 1(bridge_slave_0) entered blocking state [ 913.230313][T17339] bridge0: port 1(bridge_slave_0) entered disabled state [ 913.285866][T17339] bridge_slave_0: entered allmulticast mode [ 913.293955][T17371] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 913.329878][T17339] bridge_slave_0: entered promiscuous mode [ 913.397892][ T7784] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 913.490691][T17339] bridge0: port 2(bridge_slave_1) entered blocking state [ 913.499954][T17339] bridge0: port 2(bridge_slave_1) entered disabled state [ 913.508300][T17339] bridge_slave_1: entered allmulticast mode [ 913.523988][T17339] bridge_slave_1: entered promiscuous mode [ 913.687003][ T7784] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 913.824670][T17339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 913.884544][T17339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 914.678054][ T5838] Bluetooth: hci1: command tx timeout [ 914.909004][T17339] team0: Port device team_slave_0 added [ 915.088716][T17339] team0: Port device team_slave_1 added [ 915.249214][T17339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 915.257505][T17339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 915.284180][T17339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 915.303173][T17339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 915.316878][T17339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 915.347992][T17339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 916.307461][T17339] hsr_slave_0: entered promiscuous mode [ 916.314090][T17339] hsr_slave_1: entered promiscuous mode [ 916.337845][T17339] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 916.356866][T17339] Cannot create hsr debugfs directory [ 916.373587][ T7784] ovs_: left promiscuous mode [ 916.554378][ T7784] HfR: left promiscuous mode [ 916.745347][ T5838] Bluetooth: hci1: command tx timeout [ 918.804389][ T5838] Bluetooth: hci1: command tx timeout [ 920.820672][T17446] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 920.844894][T17446] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 920.890703][T17446] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 920.946223][T17446] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 921.039725][T17446] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 921.042454][ T7784] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 921.058450][T17446] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 921.072131][ T7784] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 921.091166][T17446] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 921.107984][T17446] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 921.176849][ T7784] veth1_macvtap: left promiscuous mode [ 921.188517][ T7784] veth0_macvtap: left promiscuous mode [ 921.195796][ T7784] veth1_vlan: left promiscuous mode [ 921.201145][ T7784] veth0_vlan: left promiscuous mode [ 921.206535][T17446] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 922.578944][ T7784] team0 (unregistering): Port device team_slave_1 removed [ 922.696555][ T7784] team0 (unregistering): Port device team_slave_0 removed [ 922.863563][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 922.863593][T13350] Bluetooth: hci0: command 0x0c1a tx timeout [ 923.102769][T13350] Bluetooth: hci1: command 0x0c1a tx timeout [ 923.102776][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 923.483072][T17487] bridge0: port 3(macvlan0) entered blocking state [ 923.508919][T17487] bridge0: port 3(macvlan0) entered disabled state [ 923.516664][T17487] macvlan0: entered allmulticast mode [ 923.526576][T17487] veth1_vlan: entered allmulticast mode [ 923.536065][T17487] macvlan0: entered promiscuous mode [ 923.547321][T17487] bridge0: port 3(macvlan0) entered blocking state [ 923.554048][T17487] bridge0: port 3(macvlan0) entered forwarding state [ 923.814797][T17339] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 923.890008][T17339] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 923.919481][T17339] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 924.086304][T17339] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 924.655958][T17498] program syz.1.2362 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 924.666140][T17498] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 924.713184][T17339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 924.941940][T13350] Bluetooth: hci2: command 0x0c1a tx timeout [ 924.997817][T17339] 8021q: adding VLAN 0 to HW filter on device team0 [ 925.011471][ T9864] bridge0: port 1(bridge_slave_0) entered blocking state [ 925.018755][ T9864] bridge0: port 1(bridge_slave_0) entered forwarding state [ 925.173921][T13350] Bluetooth: hci1: command 0x0c1a tx timeout [ 925.173928][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 925.307799][ T9864] bridge0: port 2(bridge_slave_1) entered blocking state [ 925.315076][ T9864] bridge0: port 2(bridge_slave_1) entered forwarding state [ 926.323859][T17532] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2367'. [ 926.352120][T17532] : renamed from hsr0 (while UP) [ 927.011658][T13350] Bluetooth: hci2: command 0x0c1a tx timeout [ 927.027664][T17339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 927.240512][T13350] Bluetooth: hci1: command 0x0c1a tx timeout [ 927.361461][T17339] veth0_vlan: entered promiscuous mode [ 927.859544][T17560] random: crng reseeded on system resumption [ 927.953724][T17339] veth1_vlan: entered promiscuous mode [ 928.412193][T17339] veth0_macvtap: entered promiscuous mode [ 928.478822][T17339] veth1_macvtap: entered promiscuous mode [ 928.614310][T17339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 928.817251][T17339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 929.065142][T17339] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.108132][T17339] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.117027][T17339] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.125940][T17339] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.243822][ T30] audit: type=1800 audit(4295032526.783:72): pid=17574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2372" name="members" dev="configfs" ino=67901 res=0 errno=0 [ 930.075418][ T7784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.115454][ T7784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 930.606340][ T9864] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 930.648954][ T9864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 932.632747][T13350] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 933.215796][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.239354][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.326504][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 933.338551][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 933.348757][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 933.369629][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 933.383417][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 934.260342][ T9864] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 934.395533][T13350] Bluetooth: hci4: unexpected subevent 0x01 length: 4 < 18 [ 934.400574][ T5838] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 934.521844][ T30] audit: type=1800 audit(4295032540.085:73): pid=17636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2378" name="dbroot" dev="configfs" ino=68019 res=0 errno=0 [ 935.034650][ T9864] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.196139][ T9864] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.426280][ T9864] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.440147][ T5838] Bluetooth: hci3: command tx timeout [ 935.476674][T17615] chnl_net:caif_netlink_parms(): no params data found [ 935.627565][T17652] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.792211][T17652] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 935.930141][T17652] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.131109][T17652] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 936.228102][T17615] bridge0: port 1(bridge_slave_0) entered blocking state [ 936.247010][T17615] bridge0: port 1(bridge_slave_0) entered disabled state [ 936.262712][T17615] bridge_slave_0: entered allmulticast mode [ 936.277189][T17615] bridge_slave_0: entered promiscuous mode [ 936.396997][ T5838] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 936.436547][T17615] bridge0: port 2(bridge_slave_1) entered blocking state [ 936.444181][T17615] bridge0: port 2(bridge_slave_1) entered disabled state [ 936.451807][T17615] bridge_slave_1: entered allmulticast mode [ 936.461055][T17615] bridge_slave_1: entered promiscuous mode [ 936.746757][T17615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 936.826105][ T9864] macvlan0: left allmulticast mode [ 936.831574][ T9864] veth1_vlan: left allmulticast mode [ 936.837660][ T9864] macvlan0: left promiscuous mode [ 936.843570][ T9864] bridge0: port 3(macvlan0) entered disabled state [ 936.855356][ T9864] bridge_slave_1: left allmulticast mode [ 936.862109][ T9864] bridge_slave_1: left promiscuous mode [ 936.868318][ T9864] bridge0: port 2(bridge_slave_1) entered disabled state [ 936.879896][ T9864] bridge_slave_0: left allmulticast mode [ 936.885665][ T9864] bridge_slave_0: left promiscuous mode [ 936.893539][ T9864] bridge0: port 1(bridge_slave_0) entered disabled state [ 937.256196][T17615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 937.416023][T17615] team0: Port device team_slave_0 added [ 937.434478][T17615] team0: Port device team_slave_1 added [ 937.445758][ T9864] HfR: left promiscuous mode [ 937.508582][ T5838] Bluetooth: hci3: command tx timeout [ 937.571341][T17615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 937.583019][T17615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 937.612494][T17615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 937.628560][T17615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 937.635563][T17615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 937.663427][ T9864] tipc: Left network mode [ 937.666082][T17615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 937.767775][T17615] hsr_slave_0: entered promiscuous mode [ 937.774490][T17615] hsr_slave_1: entered promiscuous mode [ 939.577522][ T5838] Bluetooth: hci3: command tx timeout [ 939.966141][T17715] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2393'. [ 940.258050][ T9864] hsr_slave_0: left promiscuous mode [ 940.308857][ T9864] hsr_slave_1: left promiscuous mode [ 940.321273][ T9864] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 940.343591][ T9864] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 940.386508][ T9864] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 940.409742][ T9864] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 940.515539][ T9864] veth1_macvtap: left promiscuous mode [ 940.522005][ T9864] veth0_macvtap: left promiscuous mode [ 940.529522][ T9864] veth1_vlan: left promiscuous mode [ 940.535759][ T9864] veth0_vlan: left promiscuous mode [ 941.373028][T17735] vivid-003: ================= START STATUS ================= [ 941.380938][T17735] vivid-003: Radio HW Seek Mode: Bounded [ 941.405196][T17735] vivid-003: Radio Programmable HW Seek: false [ 941.413773][T17735] vivid-003: RDS Rx I/O Mode: Block I/O [ 941.423014][T17735] vivid-003: Generate RBDS Instead of RDS: false [ 941.443722][T17735] vivid-003: RDS Reception: true [ 941.450209][T17735] vivid-003: RDS Program Type: 0 inactive [ 941.471926][T17735] vivid-003: RDS PS Name: inactive [ 941.479459][T17735] vivid-003: RDS Radio Text: inactive [ 941.489307][T17735] vivid-003: RDS Traffic Announcement: false inactive [ 941.496855][T17735] vivid-003: RDS Traffic Program: false inactive [ 941.504466][T17735] vivid-003: RDS Music: false inactive [ 941.517348][T17735] vivid-003: ================== END STATUS ================== [ 941.645747][ T5838] Bluetooth: hci3: command tx timeout [ 941.900823][ T9864] team0 (unregistering): Port device team_slave_1 removed [ 942.037507][T17754] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 942.120940][ T5838] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 942.501848][T17751] ERROR: Out of memory at tomoyo_memory_ok. [ 943.254944][T17615] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 943.268416][T17615] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 943.300777][T17615] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 943.343144][T17615] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 943.544102][T17615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 943.595035][T17615] 8021q: adding VLAN 0 to HW filter on device team0 [ 943.644543][T16585] bridge0: port 1(bridge_slave_0) entered blocking state [ 943.644707][T16585] bridge0: port 1(bridge_slave_0) entered forwarding state [ 943.669166][T16585] bridge0: port 2(bridge_slave_1) entered blocking state [ 943.678571][T16585] bridge0: port 2(bridge_slave_1) entered forwarding state [ 945.628334][T17615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 945.865907][T17615] veth0_vlan: entered promiscuous mode [ 945.882253][T17615] veth1_vlan: entered promiscuous mode [ 945.941355][T17615] veth0_macvtap: entered promiscuous mode [ 945.952848][T17615] veth1_macvtap: entered promiscuous mode [ 945.979110][T17615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 945.997967][T17615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 946.019891][T17615] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.033748][T17615] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.043797][T17615] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.053322][T17615] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 946.237706][T16585] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.278308][T16585] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.419999][T16586] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.446362][T16586] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.763420][T17818] random: crng reseeded on system resumption [ 947.039372][T17825] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2412'. [ 949.467326][T13350] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 949.478158][T13350] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 949.487480][T13350] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 949.498817][T13350] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 949.536077][T13350] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 950.325269][ T9851] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.670797][ T9851] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.800342][T17847] chnl_net:caif_netlink_parms(): no params data found [ 951.029095][ T9851] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.171731][T17863] ACPI: Can not change Invalid GPE/Fixed Event status [ 951.330217][ T9851] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.604918][ T5838] Bluetooth: hci5: command tx timeout [ 951.699889][T17847] bridge0: port 1(bridge_slave_0) entered blocking state [ 951.700022][T17847] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.700233][T17847] bridge_slave_0: entered allmulticast mode [ 951.702860][T17847] bridge_slave_0: entered promiscuous mode [ 951.721727][T17847] bridge0: port 2(bridge_slave_1) entered blocking state [ 951.721815][T17847] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.721951][T17847] bridge_slave_1: entered allmulticast mode [ 951.730759][T17847] bridge_slave_1: entered promiscuous mode [ 952.106113][T17847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 952.292328][T17847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 952.484543][T17847] team0: Port device team_slave_0 added [ 952.551856][T17847] team0: Port device team_slave_1 added [ 952.591655][ T9851] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 952.606743][ T5838] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 952.780177][T17847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 952.797829][T17847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 952.829093][T17847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 952.891784][T17847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 952.918592][T17847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 952.986648][T17847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 953.655221][ T9851] team0: left allmulticast mode [ 953.663256][ T5838] Bluetooth: hci5: command tx timeout [ 953.693168][ T9851] team_slave_0: left allmulticast mode [ 953.761819][ T9851] team_slave_1: left allmulticast mode [ 953.818246][ T9851] team0: left promiscuous mode [ 953.862000][ T9851] team_slave_0: left promiscuous mode [ 953.873928][ T9851] team_slave_1: left promiscuous mode [ 953.879751][ T9851] bridge0: port 2(team0) entered disabled state [ 953.931097][ T9851] bridge_slave_0: left allmulticast mode [ 953.944778][ T9851] bridge_slave_0: left promiscuous mode [ 953.952669][ T9851] bridge0: port 1(bridge_slave_0) entered disabled state [ 954.669536][T17885] random: crng reseeded on system resumption [ 954.993039][ T9851] .SR: left promiscuous mode [ 955.036702][T17847] hsr_slave_0: entered promiscuous mode [ 955.058141][T17847] hsr_slave_1: entered promiscuous mode [ 955.076629][T17847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 955.098610][T17847] Cannot create hsr debugfs directory [ 955.461386][T17881] rtc_cmos 00:00: Alarms can be up to one day in the future [ 955.732406][ T5838] Bluetooth: hci5: command tx timeout [ 955.953901][T10070] rtc_cmos 00:00: Alarms can be up to one day in the future [ 955.962355][T10070] rtc_cmos 00:00: Alarms can be up to one day in the future [ 955.979377][T10070] rtc_cmos 00:00: Alarms can be up to one day in the future [ 956.039695][T10070] rtc_cmos 00:00: Alarms can be up to one day in the future [ 956.054119][T10070] rtc rtc0: __rtc_set_alarm: err=-22 [ 956.605285][T17924] openvswitch: netlink: Flow key attr not present in new flow. [ 956.783983][ T9851] hsr_slave_0: left promiscuous mode [ 956.808811][ T9851] hsr_slave_1: left promiscuous mode [ 956.828461][ T9851] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 956.844271][ T9851] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 956.875311][ T9851] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 956.887005][ T9851] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 956.939947][T17930] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2430'. [ 956.964224][ T9851] veth1_macvtap: left promiscuous mode [ 957.801819][ T5838] Bluetooth: hci5: command tx timeout [ 958.125744][ T9851] team0 (unregistering): Port device team_slave_1 removed [ 958.283774][ T9851] team0 (unregistering): Port device team_slave_0 removed [ 960.077109][T17958] ERROR: Out of memory at tomoyo_memory_ok. [ 960.216202][T17962] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 960.313814][T17962] ERROR: Out of memory at tomoyo_memory_ok. [ 961.251860][T17847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 961.319321][T17847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 961.795447][T17983] openvswitch: netlink: Flow key attr not present in new flow. [ 961.814177][T17847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 961.852182][T17847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 962.391631][T17847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 962.452427][T17991] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(1) [ 962.573491][T17847] 8021q: adding VLAN 0 to HW filter on device team0 [ 962.663595][ T9861] bridge0: port 1(bridge_slave_0) entered blocking state [ 962.670846][ T9861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 962.747485][ T9851] bridge0: port 2(bridge_slave_1) entered blocking state [ 962.754726][ T9851] bridge0: port 2(bridge_slave_1) entered forwarding state [ 964.442291][T17847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 964.632156][T17847] veth0_vlan: entered promiscuous mode [ 964.663751][T17847] veth1_vlan: entered promiscuous mode [ 965.059972][T17847] veth0_macvtap: entered promiscuous mode [ 965.070179][T18048] openvswitch: netlink: Flow key attr not present in new flow. [ 965.106672][T17847] veth1_macvtap: entered promiscuous mode [ 965.236402][T17847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 965.297039][T17847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 965.341284][T17847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 965.358321][T17847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 965.367464][T17847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 965.376408][T17847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 965.396407][T18051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2447'. [ 965.599497][ T9864] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 965.635661][ T9864] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 965.726775][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 965.752888][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 966.716278][T18071] netlink: zone id is out of range [ 967.699858][T18094] can: request_module (can-proto-0) failed. [ 969.019344][T18080] random: crng reseeded on system resumption [ 969.684700][T18079] rtc_cmos 00:00: Alarms can be up to one day in the future [ 969.959004][ T5873] rtc_cmos 00:00: Alarms can be up to one day in the future [ 969.977967][ T5873] rtc_cmos 00:00: Alarms can be up to one day in the future [ 969.999676][ T5873] rtc_cmos 00:00: Alarms can be up to one day in the future [ 970.007218][ T5873] rtc_cmos 00:00: Alarms can be up to one day in the future [ 970.067788][ T5873] rtc rtc0: __rtc_set_alarm: err=-22 [ 971.549278][T18177] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2463'. [ 971.610278][T18177] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2463'. [ 971.695747][T18177] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 972.234760][ T5838] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 972.374842][T18199] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 976.783257][T18300] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 977.239521][T18318] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 977.511080][ T5838] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 979.349923][T18346] ERROR: Out of memory at tomoyo_memory_ok. [ 980.351651][T18366] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 981.768869][T18385] FAULT_INJECTION: forcing a failure. [ 981.768869][T18385] name failslab, interval 1, probability 0, space 0, times 0 [ 981.825731][T18385] CPU: 0 UID: 0 PID: 18385 Comm: syz.1.2501 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 981.825783][T18385] Tainted: [U]=USER [ 981.825795][T18385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 981.825813][T18385] Call Trace: [ 981.825825][T18385] [ 981.825838][T18385] dump_stack_lvl+0x16c/0x1f0 [ 981.825877][T18385] should_fail_ex+0x512/0x640 [ 981.825916][T18385] should_failslab+0xc2/0x120 [ 981.825956][T18385] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 981.825995][T18385] ? skb_clone+0x190/0x3f0 [ 981.826046][T18385] skb_clone+0x190/0x3f0 [ 981.826093][T18385] netlink_deliver_tap+0xabd/0xd30 [ 981.826150][T18385] netlink_unicast+0x5df/0x7f0 [ 981.826205][T18385] ? __pfx_netlink_unicast+0x10/0x10 [ 981.826267][T18385] netlink_sendmsg+0x8d1/0xdd0 [ 981.826321][T18385] ? __pfx_netlink_sendmsg+0x10/0x10 [ 981.826386][T18385] ____sys_sendmsg+0xa95/0xc70 [ 981.826419][T18385] ? copy_msghdr_from_user+0x10a/0x160 [ 981.826469][T18385] ? __pfx_____sys_sendmsg+0x10/0x10 [ 981.826530][T18385] ___sys_sendmsg+0x134/0x1d0 [ 981.826579][T18385] ? __pfx____sys_sendmsg+0x10/0x10 [ 981.826621][T18385] ? __lock_acquire+0x622/0x1c90 [ 981.826709][T18385] __sys_sendmsg+0x16d/0x220 [ 981.826756][T18385] ? __pfx___sys_sendmsg+0x10/0x10 [ 981.826828][T18385] do_syscall_64+0xcd/0x490 [ 981.826864][T18385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.826896][T18385] RIP: 0033:0x7fd58d78e969 [ 981.826922][T18385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 981.826953][T18385] RSP: 002b:00007fd58b5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 981.826983][T18385] RAX: ffffffffffffffda RBX: 00007fd58d9b5fa0 RCX: 00007fd58d78e969 [ 981.827003][T18385] RDX: 0000000020008844 RSI: 00002000000054c0 RDI: 0000000000000003 [ 981.827023][T18385] RBP: 00007fd58b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 981.827042][T18385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 981.827059][T18385] R13: 0000000000000000 R14: 00007fd58d9b5fa0 R15: 00007ffef88637a8 [ 981.827101][T18385] [ 982.054897][T18385] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 982.780460][T18399] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 982.809825][T18400] random: crng reseeded on system resumption [ 983.366353][T18409] ERROR: Out of memory at tomoyo_memory_ok. [ 984.945355][T18433] FAULT_INJECTION: forcing a failure. [ 984.945355][T18433] name failslab, interval 1, probability 0, space 0, times 0 [ 984.958357][T18433] CPU: 1 UID: 0 PID: 18433 Comm: syz.1.2511 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 984.958416][T18433] Tainted: [U]=USER [ 984.958428][T18433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 984.958448][T18433] Call Trace: [ 984.958459][T18433] [ 984.958472][T18433] dump_stack_lvl+0x16c/0x1f0 [ 984.958511][T18433] should_fail_ex+0x512/0x640 [ 984.958544][T18433] ? __kmalloc_noprof+0xbf/0x510 [ 984.958585][T18433] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 984.958623][T18433] should_failslab+0xc2/0x120 [ 984.958665][T18433] __kmalloc_noprof+0xd2/0x510 [ 984.958702][T18433] ? kasan_quarantine_put+0x10a/0x240 [ 984.958744][T18433] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 984.958792][T18433] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 984.958831][T18433] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 984.958866][T18433] ? trace_cap_capable+0x18d/0x200 [ 984.958918][T18433] ? bpf_lsm_capable+0x9/0x10 [ 984.958950][T18433] ? security_capable+0x7e/0x260 [ 984.958990][T18433] ? ns_capable+0xd7/0x110 [ 984.959046][T18433] genl_rcv_msg+0x55c/0x800 [ 984.959086][T18433] ? __pfx_genl_rcv_msg+0x10/0x10 [ 984.959118][T18433] ? __pfx___dev_queue_xmit+0x10/0x10 [ 984.959160][T18433] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 984.959195][T18433] ? __lock_acquire+0xb8a/0x1c90 [ 984.959240][T18433] netlink_rcv_skb+0x16d/0x440 [ 984.959292][T18433] ? __pfx_genl_rcv_msg+0x10/0x10 [ 984.959329][T18433] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 984.959412][T18433] ? __pfx_down_read+0x10/0x10 [ 984.959453][T18433] ? netlink_deliver_tap+0x1ae/0xd30 [ 984.959509][T18433] genl_rcv+0x28/0x40 [ 984.959538][T18433] netlink_unicast+0x53a/0x7f0 [ 984.959594][T18433] ? __pfx_netlink_unicast+0x10/0x10 [ 984.959658][T18433] netlink_sendmsg+0x8d1/0xdd0 [ 984.959716][T18433] ? __pfx_netlink_sendmsg+0x10/0x10 [ 984.959786][T18433] ____sys_sendmsg+0xa95/0xc70 [ 984.959822][T18433] ? copy_msghdr_from_user+0x10a/0x160 [ 984.959869][T18433] ? __pfx_____sys_sendmsg+0x10/0x10 [ 984.959925][T18433] ___sys_sendmsg+0x134/0x1d0 [ 984.959977][T18433] ? __pfx____sys_sendmsg+0x10/0x10 [ 984.960021][T18433] ? __lock_acquire+0x622/0x1c90 [ 984.960112][T18433] __sys_sendmsg+0x16d/0x220 [ 984.960180][T18433] ? __pfx___sys_sendmsg+0x10/0x10 [ 984.960254][T18433] do_syscall_64+0xcd/0x490 [ 984.960292][T18433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.960326][T18433] RIP: 0033:0x7fd58d78e969 [ 984.960353][T18433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 984.960391][T18433] RSP: 002b:00007fd58b5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 984.960422][T18433] RAX: ffffffffffffffda RBX: 00007fd58d9b5fa0 RCX: 00007fd58d78e969 [ 984.960442][T18433] RDX: 0000000020008844 RSI: 00002000000054c0 RDI: 0000000000000003 [ 984.960462][T18433] RBP: 00007fd58b5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 984.960482][T18433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 984.960500][T18433] R13: 0000000000000000 R14: 00007fd58d9b5fa0 R15: 00007ffef88637a8 [ 984.960544][T18433] [ 986.056488][T18449] FAULT_INJECTION: forcing a failure. [ 986.056488][T18449] name failslab, interval 1, probability 0, space 0, times 0 [ 986.070019][T18449] CPU: 1 UID: 0 PID: 18449 Comm: syz.3.2515 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 986.070071][T18449] Tainted: [U]=USER [ 986.070081][T18449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 986.070133][T18449] Call Trace: [ 986.070143][T18449] [ 986.070157][T18449] dump_stack_lvl+0x16c/0x1f0 [ 986.070193][T18449] should_fail_ex+0x512/0x640 [ 986.070229][T18449] ? fs_reclaim_acquire+0xae/0x150 [ 986.070281][T18449] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 986.070313][T18449] should_failslab+0xc2/0x120 [ 986.070354][T18449] __kmalloc_noprof+0xd2/0x510 [ 986.070404][T18449] tomoyo_realpath_from_path+0xc2/0x6e0 [ 986.070441][T18449] ? tomoyo_profile+0x47/0x60 [ 986.070480][T18449] tomoyo_path_number_perm+0x245/0x580 [ 986.070524][T18449] ? tomoyo_path_number_perm+0x237/0x580 [ 986.070573][T18449] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 986.070621][T18449] ? find_held_lock+0x2b/0x80 [ 986.070705][T18449] ? find_held_lock+0x2b/0x80 [ 986.070752][T18449] ? hook_file_ioctl_common+0x145/0x410 [ 986.070803][T18449] ? __fget_files+0x20e/0x3c0 [ 986.070842][T18449] security_file_ioctl+0x9b/0x240 [ 986.070892][T18449] __x64_sys_ioctl+0xb7/0x210 [ 986.070941][T18449] do_syscall_64+0xcd/0x490 [ 986.070979][T18449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.071012][T18449] RIP: 0033:0x7f54b3f8e969 [ 986.071038][T18449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 986.071070][T18449] RSP: 002b:00007f54b4e01038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 986.071108][T18449] RAX: ffffffffffffffda RBX: 00007f54b41b6160 RCX: 00007f54b3f8e969 [ 986.071131][T18449] RDX: 0000200000000580 RSI: 00000000c1105517 RDI: 0000000000000003 [ 986.071151][T18449] RBP: 00007f54b4e01090 R08: 0000000000000000 R09: 0000000000000000 [ 986.071171][T18449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 986.071190][T18449] R13: 0000000000000000 R14: 00007f54b41b6160 R15: 00007ffcf1ceb408 [ 986.071232][T18449] [ 986.071841][T18449] ERROR: Out of memory at tomoyo_realpath_from_path. [ 986.394326][T18453] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 986.645354][T18456] ERROR: Out of memory at tomoyo_memory_ok. [ 986.698740][T18456] FAULT_INJECTION: forcing a failure. [ 986.698740][T18456] name failslab, interval 1, probability 0, space 0, times 0 [ 986.711607][T18456] CPU: 0 UID: 0 PID: 18456 Comm: syz.1.2518 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 986.711667][T18456] Tainted: [U]=USER [ 986.711679][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 986.711699][T18456] Call Trace: [ 986.711711][T18456] [ 986.711724][T18456] dump_stack_lvl+0x16c/0x1f0 [ 986.711764][T18456] should_fail_ex+0x512/0x640 [ 986.711800][T18456] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 986.711847][T18456] should_failslab+0xc2/0x120 [ 986.711895][T18456] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 986.711933][T18456] ? idr_get_next_ul+0x196/0x2e0 [ 986.711962][T18456] ? __alloc_skb+0x2b2/0x380 [ 986.712013][T18456] __alloc_skb+0x2b2/0x380 [ 986.712058][T18456] ? __pfx___alloc_skb+0x10/0x10 [ 986.712107][T18456] ? idr_get_next+0xec/0x150 [ 986.712137][T18456] ? __pfx_idr_get_next+0x10/0x10 [ 986.712173][T18456] ctrl_build_family_msg+0x36/0xa0 [ 986.712214][T18456] ctrl_getfamily+0x354/0x540 [ 986.712258][T18456] ? __pfx_ctrl_getfamily+0x10/0x10 [ 986.712297][T18456] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 986.712336][T18456] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 986.712390][T18456] genl_family_rcv_msg_doit+0x206/0x2f0 [ 986.712430][T18456] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 986.712466][T18456] ? __pfx___mutex_lock+0x10/0x10 [ 986.712499][T18456] ? genl_get_cmd+0x194/0x580 [ 986.712543][T18456] ? __local_bh_enable_ip+0xa4/0x120 [ 986.712573][T18456] ? __dev_queue_xmit+0x896/0x43e0 [ 986.712610][T18456] ? __radix_tree_lookup+0x21f/0x2c0 [ 986.712670][T18456] genl_rcv_msg+0x55c/0x800 [ 986.712717][T18456] ? __pfx_genl_rcv_msg+0x10/0x10 [ 986.712751][T18456] ? __pfx___dev_queue_xmit+0x10/0x10 [ 986.712793][T18456] ? __pfx_ctrl_getfamily+0x10/0x10 [ 986.712836][T18456] ? __lock_acquire+0xb8a/0x1c90 [ 986.712883][T18456] netlink_rcv_skb+0x16d/0x440 [ 986.712937][T18456] ? __pfx_genl_rcv_msg+0x10/0x10 [ 986.712976][T18456] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 986.713048][T18456] ? __pfx_down_read+0x10/0x10 [ 986.713091][T18456] ? netlink_deliver_tap+0x1ae/0xd30 [ 986.713144][T18456] genl_rcv+0x28/0x40 [ 986.713165][T18456] netlink_unicast+0x53a/0x7f0 [ 986.713207][T18456] ? __pfx_netlink_unicast+0x10/0x10 [ 986.713262][T18456] netlink_sendmsg+0x8d1/0xdd0 [ 986.713311][T18456] ? __pfx_netlink_sendmsg+0x10/0x10 [ 986.713361][T18456] __sys_sendto+0x4a3/0x520 [ 986.713393][T18456] ? __pfx___sys_sendto+0x10/0x10 [ 986.713449][T18456] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 986.713505][T18456] __x64_sys_sendto+0xe0/0x1c0 [ 986.713536][T18456] ? do_syscall_64+0x91/0x490 [ 986.713561][T18456] ? lockdep_hardirqs_on+0x7c/0x110 [ 986.713584][T18456] do_syscall_64+0xcd/0x490 [ 986.713615][T18456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.713641][T18456] RIP: 0033:0x7fd58d7907fc [ 986.713661][T18456] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 986.713685][T18456] RSP: 002b:00007fd58b5f4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 986.713708][T18456] RAX: ffffffffffffffda RBX: 00007fd58b5f4fc0 RCX: 00007fd58d7907fc [ 986.713724][T18456] RDX: 0000000000000020 RSI: 00007fd58b5f5010 RDI: 000000000000000c [ 986.713739][T18456] RBP: 0000000000000000 R08: 00007fd58b5f4f14 R09: 000000000000000c [ 986.713754][T18456] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c [ 986.713769][T18456] R13: 00007fd58b5f4f68 R14: 00007fd58b5f5010 R15: 0000000000000000 [ 986.713803][T18456] [ 987.327068][T18467] FAULT_INJECTION: forcing a failure. [ 987.327068][T18467] name failslab, interval 1, probability 0, space 0, times 0 [ 987.345072][T18467] CPU: 0 UID: 0 PID: 18467 Comm: syz.0.2521 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 987.345124][T18467] Tainted: [U]=USER [ 987.345135][T18467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 987.345155][T18467] Call Trace: [ 987.345166][T18467] [ 987.345179][T18467] dump_stack_lvl+0x16c/0x1f0 [ 987.345218][T18467] should_fail_ex+0x512/0x640 [ 987.345252][T18467] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 987.345294][T18467] should_failslab+0xc2/0x120 [ 987.345336][T18467] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 987.345375][T18467] ? ovs_flow_alloc+0x1e/0x210 [ 987.345427][T18467] ovs_flow_alloc+0x1e/0x210 [ 987.345474][T18467] ovs_flow_cmd_new+0x231/0xe30 [ 987.345512][T18467] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 987.345550][T18467] ? kasan_save_stack+0x42/0x60 [ 987.345587][T18467] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 987.345616][T18467] ? __kmalloc_noprof+0x223/0x510 [ 987.345651][T18467] ? genl_family_rcv_msg_doit+0xbf/0x2f0 [ 987.345681][T18467] ? genl_rcv_msg+0x55c/0x800 [ 987.345712][T18467] ? netlink_rcv_skb+0x16d/0x440 [ 987.345763][T18467] ? ____sys_sendmsg+0xa95/0xc70 [ 987.345795][T18467] ? ___sys_sendmsg+0x134/0x1d0 [ 987.345838][T18467] ? __sys_sendmsg+0x16d/0x220 [ 987.345882][T18467] ? do_syscall_64+0xcd/0x490 [ 987.345914][T18467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 987.346028][T18467] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 987.346068][T18467] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 987.346116][T18467] genl_family_rcv_msg_doit+0x206/0x2f0 [ 987.346156][T18467] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 987.346193][T18467] ? trace_cap_capable+0x18d/0x200 [ 987.346242][T18467] ? bpf_lsm_capable+0x9/0x10 [ 987.346273][T18467] ? security_capable+0x7e/0x260 [ 987.346313][T18467] ? ns_capable+0xd7/0x110 [ 987.346366][T18467] genl_rcv_msg+0x55c/0x800 [ 987.346404][T18467] ? __pfx_genl_rcv_msg+0x10/0x10 [ 987.346436][T18467] ? __pfx___dev_queue_xmit+0x10/0x10 [ 987.346476][T18467] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 987.346513][T18467] ? __lock_acquire+0xb8a/0x1c90 [ 987.346562][T18467] netlink_rcv_skb+0x16d/0x440 [ 987.346612][T18467] ? __pfx_genl_rcv_msg+0x10/0x10 [ 987.346650][T18467] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 987.346721][T18467] ? __pfx_down_read+0x10/0x10 [ 987.346761][T18467] ? netlink_deliver_tap+0x1ae/0xd30 [ 987.346814][T18467] genl_rcv+0x28/0x40 [ 987.346842][T18467] netlink_unicast+0x53a/0x7f0 [ 987.346896][T18467] ? __pfx_netlink_unicast+0x10/0x10 [ 987.346967][T18467] netlink_sendmsg+0x8d1/0xdd0 [ 987.347026][T18467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 987.347092][T18467] ____sys_sendmsg+0xa95/0xc70 [ 987.347128][T18467] ? copy_msghdr_from_user+0x10a/0x160 [ 987.347176][T18467] ? __pfx_____sys_sendmsg+0x10/0x10 [ 987.347233][T18467] ___sys_sendmsg+0x134/0x1d0 [ 987.347284][T18467] ? __pfx____sys_sendmsg+0x10/0x10 [ 987.347328][T18467] ? __lock_acquire+0x622/0x1c90 [ 987.347419][T18467] __sys_sendmsg+0x16d/0x220 [ 987.347469][T18467] ? __pfx___sys_sendmsg+0x10/0x10 [ 987.347545][T18467] do_syscall_64+0xcd/0x490 [ 987.347584][T18467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 987.347618][T18467] RIP: 0033:0x7fa121f8e969 [ 987.347645][T18467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 987.347679][T18467] RSP: 002b:00007fa122e91038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 987.347711][T18467] RAX: ffffffffffffffda RBX: 00007fa1221b5fa0 RCX: 00007fa121f8e969 [ 987.347734][T18467] RDX: 0000000020008844 RSI: 00002000000054c0 RDI: 0000000000000003 [ 987.347753][T18467] RBP: 00007fa122e91090 R08: 0000000000000000 R09: 0000000000000000 [ 987.347772][T18467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 987.347791][T18467] R13: 0000000000000000 R14: 00007fa1221b5fa0 R15: 00007ffed3de6218 [ 987.347833][T18467] [ 987.798918][T18469] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 988.155414][T18469] ksmbd: Unknown IPC event: 6, ignore. [ 988.172407][T18469] nbd: couldn't find device at index 33904 [ 988.550673][T18483] FAULT_INJECTION: forcing a failure. [ 988.550673][T18483] name failslab, interval 1, probability 0, space 0, times 0 [ 988.563517][T18483] CPU: 1 UID: 5 PID: 18483 Comm: syz.3.2525 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 988.563555][T18483] Tainted: [U]=USER [ 988.563563][T18483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 988.563577][T18483] Call Trace: [ 988.563584][T18483] [ 988.563594][T18483] dump_stack_lvl+0x16c/0x1f0 [ 988.563622][T18483] should_fail_ex+0x512/0x640 [ 988.563647][T18483] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 988.563677][T18483] should_failslab+0xc2/0x120 [ 988.563707][T18483] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 988.563733][T18483] ? d_instantiate+0x77/0x90 [ 988.563760][T18483] ? alloc_empty_file+0x55/0x1e0 [ 988.563795][T18483] alloc_empty_file+0x55/0x1e0 [ 988.563826][T18483] alloc_file_pseudo+0x13a/0x230 [ 988.563860][T18483] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 988.563892][T18483] ? alloc_fd+0x471/0x7d0 [ 988.563923][T18483] __anon_inode_getfile+0xf7/0x3a0 [ 988.563952][T18483] anon_inode_getfile_fmode+0x37/0xa0 [ 988.563977][T18483] __do_sys_fanotify_init+0x8e3/0xb80 [ 988.564013][T18483] do_syscall_64+0xcd/0x490 [ 988.564040][T18483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.564064][T18483] RIP: 0033:0x7f54b3f8e969 [ 988.564083][T18483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 988.564107][T18483] RSP: 002b:00007f54b4e43038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 988.564129][T18483] RAX: ffffffffffffffda RBX: 00007f54b41b5fa0 RCX: 00007f54b3f8e969 [ 988.564145][T18483] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000200 [ 988.564159][T18483] RBP: 00007f54b4010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 988.564173][T18483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 988.564188][T18483] R13: 0000000000000000 R14: 00007f54b41b5fa0 R15: 00007ffcf1ceb408 [ 988.564217][T18483] [ 989.408535][T18507] FAULT_INJECTION: forcing a failure. [ 989.408535][T18507] name failslab, interval 1, probability 0, space 0, times 0 [ 989.477645][T18507] CPU: 1 UID: 0 PID: 18507 Comm: syz.3.2527 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 989.477700][T18507] Tainted: [U]=USER [ 989.477712][T18507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 989.477731][T18507] Call Trace: [ 989.477743][T18507] [ 989.477764][T18507] dump_stack_lvl+0x16c/0x1f0 [ 989.477803][T18507] should_fail_ex+0x512/0x640 [ 989.477837][T18507] ? fs_reclaim_acquire+0xae/0x150 [ 989.477890][T18507] ? tomoyo_encode2+0x100/0x3e0 [ 989.477938][T18507] should_failslab+0xc2/0x120 [ 989.477980][T18507] __kmalloc_noprof+0xd2/0x510 [ 989.478017][T18507] ? d_absolute_path+0x136/0x1a0 [ 989.478066][T18507] tomoyo_encode2+0x100/0x3e0 [ 989.478121][T18507] tomoyo_encode+0x29/0x50 [ 989.478169][T18507] tomoyo_realpath_from_path+0x18f/0x6e0 [ 989.478212][T18507] tomoyo_path_number_perm+0x245/0x580 [ 989.478256][T18507] ? tomoyo_path_number_perm+0x237/0x580 [ 989.478305][T18507] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 989.478353][T18507] ? find_held_lock+0x2b/0x80 [ 989.478437][T18507] ? find_held_lock+0x2b/0x80 [ 989.478483][T18507] ? hook_file_ioctl_common+0x145/0x410 [ 989.478534][T18507] ? __fget_files+0x20e/0x3c0 [ 989.478573][T18507] security_file_ioctl+0x9b/0x240 [ 989.478625][T18507] __x64_sys_ioctl+0xb7/0x210 [ 989.478680][T18507] do_syscall_64+0xcd/0x490 [ 989.478719][T18507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 989.478756][T18507] RIP: 0033:0x7f54b3f8e969 [ 989.478782][T18507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 989.478815][T18507] RSP: 002b:00007f54b4e01038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 989.478846][T18507] RAX: ffffffffffffffda RBX: 00007f54b41b6160 RCX: 00007f54b3f8e969 [ 989.478867][T18507] RDX: 0000200000000580 RSI: 00000000c1105517 RDI: 0000000000000003 [ 989.478887][T18507] RBP: 00007f54b4e01090 R08: 0000000000000000 R09: 0000000000000000 [ 989.478907][T18507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 989.478926][T18507] R13: 0000000000000000 R14: 00007f54b41b6160 R15: 00007ffcf1ceb408 [ 989.478970][T18507] [ 989.479081][T18507] ERROR: Out of memory at tomoyo_realpath_from_path. [ 989.861887][T18514] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2529'. [ 990.185509][T18523] FAULT_INJECTION: forcing a failure. [ 990.185509][T18523] name failslab, interval 1, probability 0, space 0, times 0 [ 990.223274][T18523] CPU: 1 UID: 0 PID: 18523 Comm: syz.4.2531 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 990.223329][T18523] Tainted: [U]=USER [ 990.223340][T18523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 990.223361][T18523] Call Trace: [ 990.223372][T18523] [ 990.223386][T18523] dump_stack_lvl+0x16c/0x1f0 [ 990.223425][T18523] should_fail_ex+0x512/0x640 [ 990.223459][T18523] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 990.223504][T18523] should_failslab+0xc2/0x120 [ 990.223546][T18523] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 990.223585][T18523] ? ovs_flow_alloc+0x10e/0x210 [ 990.223640][T18523] ovs_flow_alloc+0x10e/0x210 [ 990.223701][T18523] ovs_flow_cmd_new+0x231/0xe30 [ 990.223741][T18523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 990.223780][T18523] ? kasan_save_stack+0x42/0x60 [ 990.223816][T18523] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 990.223847][T18523] ? __kmalloc_noprof+0x223/0x510 [ 990.223881][T18523] ? genl_family_rcv_msg_doit+0xbf/0x2f0 [ 990.223915][T18523] ? genl_rcv_msg+0x55c/0x800 [ 990.223946][T18523] ? netlink_rcv_skb+0x16d/0x440 [ 990.223999][T18523] ? ____sys_sendmsg+0xa95/0xc70 [ 990.224031][T18523] ? ___sys_sendmsg+0x134/0x1d0 [ 990.224074][T18523] ? __sys_sendmsg+0x16d/0x220 [ 990.224118][T18523] ? do_syscall_64+0xcd/0x490 [ 990.224150][T18523] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.224258][T18523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 990.224298][T18523] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 990.224345][T18523] genl_family_rcv_msg_doit+0x206/0x2f0 [ 990.224384][T18523] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 990.224420][T18523] ? trace_cap_capable+0x18d/0x200 [ 990.224470][T18523] ? bpf_lsm_capable+0x9/0x10 [ 990.224502][T18523] ? security_capable+0x7e/0x260 [ 990.224544][T18523] ? ns_capable+0xd7/0x110 [ 990.224599][T18523] genl_rcv_msg+0x55c/0x800 [ 990.224638][T18523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 990.224671][T18523] ? __pfx___dev_queue_xmit+0x10/0x10 [ 990.224718][T18523] ? __pfx_ovs_flow_cmd_new+0x10/0x10 [ 990.224754][T18523] ? __lock_acquire+0xb8a/0x1c90 [ 990.224799][T18523] netlink_rcv_skb+0x16d/0x440 [ 990.224851][T18523] ? __pfx_genl_rcv_msg+0x10/0x10 [ 990.224887][T18523] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 990.224960][T18523] ? __pfx_down_read+0x10/0x10 [ 990.224999][T18523] ? netlink_deliver_tap+0x1ae/0xd30 [ 990.225055][T18523] genl_rcv+0x28/0x40 [ 990.225084][T18523] netlink_unicast+0x53a/0x7f0 [ 990.225141][T18523] ? __pfx_netlink_unicast+0x10/0x10 [ 990.225204][T18523] netlink_sendmsg+0x8d1/0xdd0 [ 990.225264][T18523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 990.225330][T18523] ____sys_sendmsg+0xa95/0xc70 [ 990.225367][T18523] ? copy_msghdr_from_user+0x10a/0x160 [ 990.225413][T18523] ? __pfx_____sys_sendmsg+0x10/0x10 [ 990.225468][T18523] ___sys_sendmsg+0x134/0x1d0 [ 990.225520][T18523] ? __pfx____sys_sendmsg+0x10/0x10 [ 990.225563][T18523] ? __lock_acquire+0x622/0x1c90 [ 990.225654][T18523] __sys_sendmsg+0x16d/0x220 [ 990.225708][T18523] ? __pfx___sys_sendmsg+0x10/0x10 [ 990.225784][T18523] do_syscall_64+0xcd/0x490 [ 990.225822][T18523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 990.225854][T18523] RIP: 0033:0x7f0a1ab8e969 [ 990.225881][T18523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 990.225912][T18523] RSP: 002b:00007f0a1ba09038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 990.225945][T18523] RAX: ffffffffffffffda RBX: 00007f0a1adb5fa0 RCX: 00007f0a1ab8e969 [ 990.225967][T18523] RDX: 0000000020008844 RSI: 00002000000054c0 RDI: 0000000000000003 [ 990.225987][T18523] RBP: 00007f0a1ba09090 R08: 0000000000000000 R09: 0000000000000000 [ 990.226007][T18523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 990.226026][T18523] R13: 0000000000000000 R14: 00007f0a1adb5fa0 R15: 00007ffc2aec7298 [ 990.226069][T18523] [ 991.270922][T18538] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 991.607811][T18548] ERROR: Out of memory at tomoyo_memory_ok. [ 992.563401][T18568] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2540'. [ 992.739180][T18572] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2540'. [ 993.305677][T18578] FAULT_INJECTION: forcing a failure. [ 993.305677][T18578] name failslab, interval 1, probability 0, space 0, times 0 [ 993.331586][T18578] CPU: 0 UID: 0 PID: 18578 Comm: syz.4.2542 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 993.331641][T18578] Tainted: [U]=USER [ 993.331653][T18578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 993.331673][T18578] Call Trace: [ 993.331685][T18578] [ 993.331699][T18578] dump_stack_lvl+0x16c/0x1f0 [ 993.331741][T18578] should_fail_ex+0x512/0x640 [ 993.331777][T18578] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 993.331821][T18578] should_failslab+0xc2/0x120 [ 993.331863][T18578] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 993.331903][T18578] ? alloc_empty_file+0x55/0x1e0 [ 993.331953][T18578] alloc_empty_file+0x55/0x1e0 [ 993.331998][T18578] path_openat+0xda/0x2cb0 [ 993.332029][T18578] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.332075][T18578] ? __pfx_path_openat+0x10/0x10 [ 993.332112][T18578] ? __lock_acquire+0xb8a/0x1c90 [ 993.332153][T18578] do_filp_open+0x20b/0x470 [ 993.332185][T18578] ? __pfx_do_filp_open+0x10/0x10 [ 993.332244][T18578] ? alloc_fd+0x471/0x7d0 [ 993.332284][T18578] do_sys_openat2+0x11b/0x1d0 [ 993.332326][T18578] ? __pfx_do_sys_openat2+0x10/0x10 [ 993.332383][T18578] __x64_sys_openat+0x174/0x210 [ 993.332426][T18578] ? __pfx___x64_sys_openat+0x10/0x10 [ 993.332498][T18578] do_syscall_64+0xcd/0x490 [ 993.332535][T18578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.332567][T18578] RIP: 0033:0x7f0a1ab8e969 [ 993.332592][T18578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 993.332624][T18578] RSP: 002b:00007f0a1ba09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 993.332654][T18578] RAX: ffffffffffffffda RBX: 00007f0a1adb5fa0 RCX: 00007f0a1ab8e969 [ 993.332676][T18578] RDX: 0000000000101040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 993.332695][T18578] RBP: 00007f0a1ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 993.332715][T18578] R10: 0000000000000149 R11: 0000000000000246 R12: 0000000000000000 [ 993.332734][T18578] R13: 0000000000000000 R14: 00007f0a1adb5fa0 R15: 00007ffc2aec7298 [ 993.332773][T18578] [ 993.580964][T18584] FAULT_INJECTION: forcing a failure. [ 993.580964][T18584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.623700][T18584] CPU: 1 UID: 0 PID: 18584 Comm: syz.0.2543 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 993.623755][T18584] Tainted: [U]=USER [ 993.623767][T18584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 993.623786][T18584] Call Trace: [ 993.623797][T18584] [ 993.623810][T18584] dump_stack_lvl+0x16c/0x1f0 [ 993.623851][T18584] should_fail_ex+0x512/0x640 [ 993.623892][T18584] _copy_from_user+0x2e/0xd0 [ 993.623933][T18584] snd_ctl_elem_add_user+0x9b/0x170 [ 993.623984][T18584] ? __pfx_snd_ctl_elem_add_user+0x10/0x10 [ 993.624032][T18584] ? find_held_lock+0x2b/0x80 [ 993.624139][T18584] snd_ctl_ioctl+0x981/0x1320 [ 993.624190][T18584] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 993.624243][T18584] ? find_held_lock+0x2b/0x80 [ 993.624290][T18584] ? hook_file_ioctl_common+0x145/0x410 [ 993.624342][T18584] ? __fget_files+0x20e/0x3c0 [ 993.624379][T18584] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 993.624502][T18584] __x64_sys_ioctl+0x18b/0x210 [ 993.624558][T18584] do_syscall_64+0xcd/0x490 [ 993.624597][T18584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.624643][T18584] RIP: 0033:0x7fa121f8e969 [ 993.624670][T18584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 993.624702][T18584] RSP: 002b:00007fa122e4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 993.624752][T18584] RAX: ffffffffffffffda RBX: 00007fa1221b6160 RCX: 00007fa121f8e969 [ 993.624774][T18584] RDX: 0000200000000580 RSI: 00000000c1105517 RDI: 0000000000000003 [ 993.624795][T18584] RBP: 00007fa122e4f090 R08: 0000000000000000 R09: 0000000000000000 [ 993.624816][T18584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 993.624835][T18584] R13: 0000000000000000 R14: 00007fa1221b6160 R15: 00007ffed3de6218 [ 993.624877][T18584] [ 994.338540][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 994.345185][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.569536][T18598] netlink: 'syz.4.2547': attribute type 1 has an invalid length. [ 994.609040][T18598] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 996.172183][T18627] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2554'. [ 996.411381][ T5838] Bluetooth: hci5: Unable to find connection for big 0xd2 [ 996.745435][T18640] netlink: 206 bytes leftover after parsing attributes in process `syz.1.2557'. [ 996.872096][T18643] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input66 [ 996.913815][T18643] openvswitch: netlink: Key type 63 is out of range max 32 [ 997.188636][T18648] ERROR: Out of memory at tomoyo_memory_ok. [ 997.376040][T18648] misc userio: The device must be registered before sending interrupts [ 999.601201][T18674] program syz.1.2565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 999.643514][T18686] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2568'. [ 999.800393][ T5838] Bluetooth: hci4: Unable to find connection for big 0xd2 [ 1000.659630][T18704] ERROR: Out of memory at tomoyo_memory_ok. [ 1000.804258][T18707] ERROR: Out of memory at tomoyo_memory_ok. [ 1000.814156][T18704] misc userio: The device must be registered before sending interrupts [ 1000.945673][T18710] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1001.348143][T18716] misc userio: The device must be registered before sending interrupts [ 1003.019865][T18734] FAULT_INJECTION: forcing a failure. [ 1003.019865][T18734] name failslab, interval 1, probability 0, space 0, times 0 [ 1003.032966][T18734] CPU: 1 UID: 0 PID: 18734 Comm: syz.3.2580 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1003.033020][T18734] Tainted: [U]=USER [ 1003.033033][T18734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1003.033054][T18734] Call Trace: [ 1003.033067][T18734] [ 1003.033081][T18734] dump_stack_lvl+0x16c/0x1f0 [ 1003.033122][T18734] should_fail_ex+0x512/0x640 [ 1003.033159][T18734] ? __kmalloc_noprof+0xbf/0x510 [ 1003.033200][T18734] ? xfrm_hash_alloc+0xd1/0x100 [ 1003.033239][T18734] should_failslab+0xc2/0x120 [ 1003.033280][T18734] __kmalloc_noprof+0xd2/0x510 [ 1003.033315][T18734] ? proc_create_reg+0xe3/0x180 [ 1003.033364][T18734] ? __pfx_xfrm_net_init+0x10/0x10 [ 1003.033401][T18734] xfrm_hash_alloc+0xd1/0x100 [ 1003.033437][T18734] xfrm_state_init+0xdd/0x630 [ 1003.033479][T18734] ? __pfx_xfrm_net_init+0x10/0x10 [ 1003.033516][T18734] xfrm_net_init+0x210/0xcc0 [ 1003.033557][T18734] ? __pfx_xfrm_net_init+0x10/0x10 [ 1003.033588][T18734] ops_init+0x1df/0x5f0 [ 1003.033645][T18734] setup_net+0x21e/0x850 [ 1003.033693][T18734] ? __pfx_setup_net+0x10/0x10 [ 1003.033734][T18734] ? lockdep_init_map_type+0x5c/0x280 [ 1003.033770][T18734] ? __pfx_down_read_killable+0x10/0x10 [ 1003.033809][T18734] ? debug_mutex_init+0x37/0x70 [ 1003.033853][T18734] copy_net_ns+0x2a6/0x5f0 [ 1003.033884][T18734] create_new_namespaces+0x3ea/0xa90 [ 1003.033939][T18734] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1003.033988][T18734] ksys_unshare+0x45b/0xa40 [ 1003.034021][T18734] ? __pfx_ksys_unshare+0x10/0x10 [ 1003.034055][T18734] ? xfd_validate_state+0x61/0x180 [ 1003.034097][T18734] __x64_sys_unshare+0x31/0x40 [ 1003.034130][T18734] do_syscall_64+0xcd/0x490 [ 1003.034161][T18734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.034190][T18734] RIP: 0033:0x7f54b3f8e969 [ 1003.034212][T18734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1003.034241][T18734] RSP: 002b:00007f54b4e43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1003.034267][T18734] RAX: ffffffffffffffda RBX: 00007f54b41b5fa0 RCX: 00007f54b3f8e969 [ 1003.034286][T18734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1003.034303][T18734] RBP: 00007f54b4010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1003.034320][T18734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1003.034336][T18734] R13: 0000000000000000 R14: 00007f54b41b5fa0 R15: 00007ffcf1ceb408 [ 1003.034372][T18734] [ 1004.105491][T18749] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1004.250745][T18753] ERROR: Out of memory at tomoyo_memory_ok. [ 1005.185431][T18768] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1005.810784][T18773] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.832119][T18775] ERROR: Out of memory at tomoyo_memory_ok. [ 1005.839252][T18784] ERROR: Out of memory at tomoyo_memory_ok. [ 1006.083733][T18787] openvswitch: netlink: Message has 1 unknown bytes. [ 1006.687533][T18797] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1006.955020][T18801] ERROR: Out of memory at tomoyo_memory_ok. [ 1007.093439][T18801] misc userio: The device must be registered before sending interrupts [ 1008.687726][T18825] loop6: detected capacity change from 8 to 0 [ 1008.728565][T18825] [ 1008.731008][T18825] ====================================================== [ 1008.738097][T18825] WARNING: possible circular locking dependency detected [ 1008.745175][T18825] 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 Tainted: G U [ 1008.753552][T18825] ------------------------------------------------------ [ 1008.760615][T18825] syz.3.2602/18825 is trying to acquire lock: [ 1008.766718][T18825] ffffffff9069a6e8 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_env+0xb36/0x1870 [ 1008.776564][T18825] [ 1008.776564][T18825] but task is already holding lock: [ 1008.783959][T18825] ffff888025f5ec40 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1008.795270][T18825] [ 1008.795270][T18825] which lock already depends on the new lock. [ 1008.795270][T18825] [ 1008.805711][T18825] [ 1008.805711][T18825] the existing dependency chain (in reverse order) is: [ 1008.814753][T18825] [ 1008.814753][T18825] -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 1008.823410][T18825] blk_alloc_queue+0x619/0x760 [ 1008.828749][T18825] blk_mq_alloc_queue+0x175/0x290 [ 1008.834318][T18825] __blk_mq_alloc_disk+0x29/0x120 [ 1008.839891][T18825] loop_add+0x49c/0xb70 [ 1008.844609][T18825] loop_init+0x164/0x270 [ 1008.849416][T18825] do_one_initcall+0x120/0x6e0 [ 1008.854725][T18825] kernel_init_freeable+0x5c2/0x900 [ 1008.860485][T18825] kernel_init+0x1c/0x2b0 [ 1008.865367][T18825] ret_from_fork+0x5d7/0x6f0 [ 1008.870512][T18825] ret_from_fork_asm+0x1a/0x30 [ 1008.875826][T18825] [ 1008.875826][T18825] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 1008.883093][T18825] fs_reclaim_acquire+0x102/0x150 [ 1008.888684][T18825] kmem_cache_alloc_node_noprof+0x57/0x3b0 [ 1008.895041][T18825] __alloc_skb+0x2b2/0x380 [ 1008.900020][T18825] alloc_uevent_skb+0x7d/0x210 [ 1008.905409][T18825] kobject_uevent_env+0xca4/0x1870 [ 1008.911075][T18825] kobject_synth_uevent+0x7d4/0x8a0 [ 1008.916829][T18825] bus_uevent_store+0x3d/0x90 [ 1008.922071][T18825] bus_attr_store+0x71/0xb0 [ 1008.927131][T18825] sysfs_kf_write+0xf2/0x150 [ 1008.932306][T18825] kernfs_fop_write_iter+0x351/0x510 [ 1008.938152][T18825] vfs_write+0x6c7/0x1150 [ 1008.943027][T18825] ksys_write+0x12a/0x250 [ 1008.947907][T18825] do_syscall_64+0xcd/0x490 [ 1008.952963][T18825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.959755][T18825] [ 1008.959755][T18825] -> #0 (uevent_sock_mutex){+.+.}-{4:4}: [ 1008.967617][T18825] __lock_acquire+0x126f/0x1c90 [ 1008.973023][T18825] lock_acquire+0x179/0x350 [ 1008.978083][T18825] __mutex_lock+0x199/0xb90 [ 1008.983141][T18825] kobject_uevent_env+0xb36/0x1870 [ 1008.988814][T18825] loop_set_status+0x9c7/0xb90 [ 1008.994144][T18825] loop_set_status_old+0x162/0x1d0 [ 1008.999840][T18825] lo_ioctl+0x81e/0x28e0 [ 1009.004640][T18825] blkdev_ioctl+0x274/0x6d0 [ 1009.009707][T18825] __x64_sys_ioctl+0x18b/0x210 [ 1009.015027][T18825] do_syscall_64+0xcd/0x490 [ 1009.020089][T18825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.026529][T18825] [ 1009.026529][T18825] other info that might help us debug this: [ 1009.026529][T18825] [ 1009.036772][T18825] Chain exists of: [ 1009.036772][T18825] uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#23 [ 1009.036772][T18825] [ 1009.050560][T18825] Possible unsafe locking scenario: [ 1009.050560][T18825] [ 1009.058073][T18825] CPU0 CPU1 [ 1009.063455][T18825] ---- ---- [ 1009.068857][T18825] lock(&q->q_usage_counter(io)#23); [ 1009.074281][T18825] lock(fs_reclaim); [ 1009.080807][T18825] lock(&q->q_usage_counter(io)#23); [ 1009.088736][T18825] lock(uevent_sock_mutex); [ 1009.093348][T18825] [ 1009.093348][T18825] *** DEADLOCK *** [ 1009.093348][T18825] [ 1009.101505][T18825] 3 locks held by syz.3.2602/18825: [ 1009.106719][T18825] #0: ffff888026026400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2a/0xb90 [ 1009.116185][T18825] #1: ffff888025f5ec40 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1009.127928][T18825] #2: ffff888025f5ec78 (&q->q_usage_counter(queue)#25){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1009.139933][T18825] [ 1009.139933][T18825] stack backtrace: [ 1009.145850][T18825] CPU: 1 UID: 0 PID: 18825 Comm: syz.3.2602 Tainted: G U 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1009.145895][T18825] Tainted: [U]=USER [ 1009.145905][T18825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1009.145924][T18825] Call Trace: [ 1009.145933][T18825] [ 1009.145945][T18825] dump_stack_lvl+0x116/0x1f0 [ 1009.145975][T18825] print_circular_bug+0x275/0x350 [ 1009.146007][T18825] check_noncircular+0x14c/0x170 [ 1009.146047][T18825] __lock_acquire+0x126f/0x1c90 [ 1009.146085][T18825] lock_acquire+0x179/0x350 [ 1009.146115][T18825] ? kobject_uevent_env+0xb36/0x1870 [ 1009.146153][T18825] ? __pfx___might_resched+0x10/0x10 [ 1009.146202][T18825] __mutex_lock+0x199/0xb90 [ 1009.146230][T18825] ? kobject_uevent_env+0xb36/0x1870 [ 1009.146267][T18825] ? kobject_uevent_env+0xb36/0x1870 [ 1009.146305][T18825] ? __pfx___mutex_lock+0x10/0x10 [ 1009.146338][T18825] ? __asan_memcpy+0x3c/0x60 [ 1009.146364][T18825] ? kobject_get_path+0x8e/0x2a0 [ 1009.146396][T18825] ? kobject_uevent_env+0xb36/0x1870 [ 1009.146431][T18825] kobject_uevent_env+0xb36/0x1870 [ 1009.146471][T18825] ? __asan_memcpy+0x3c/0x60 [ 1009.146498][T18825] loop_set_status+0x9c7/0xb90 [ 1009.146545][T18825] loop_set_status_old+0x162/0x1d0 [ 1009.146587][T18825] ? __pfx_loop_set_status_old+0x10/0x10 [ 1009.146629][T18825] ? __lock_acquire+0x622/0x1c90 [ 1009.146667][T18825] ? find_held_lock+0x2b/0x80 [ 1009.146708][T18825] ? is_bpf_text_address+0x8a/0x1a0 [ 1009.146756][T18825] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1009.146794][T18825] lo_ioctl+0x81e/0x28e0 [ 1009.146835][T18825] ? __lock_acquire+0xb8a/0x1c90 [ 1009.146866][T18825] ? kasan_save_stack+0x42/0x60 [ 1009.146895][T18825] ? kasan_save_stack+0x33/0x60 [ 1009.146923][T18825] ? kasan_save_track+0x14/0x30 [ 1009.146952][T18825] ? kasan_save_free_info+0x3b/0x60 [ 1009.146993][T18825] ? __kasan_slab_free+0x51/0x70 [ 1009.147024][T18825] ? kfree+0x2b4/0x4d0 [ 1009.147052][T18825] ? tomoyo_path_number_perm+0x470/0x580 [ 1009.147091][T18825] ? security_file_ioctl+0x9b/0x240 [ 1009.147131][T18825] ? __x64_sys_ioctl+0xb7/0x210 [ 1009.147171][T18825] ? do_syscall_64+0xcd/0x490 [ 1009.147198][T18825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.147232][T18825] ? __pfx_lo_ioctl+0x10/0x10 [ 1009.147287][T18825] ? kasan_quarantine_put+0x10a/0x240 [ 1009.147318][T18825] ? lockdep_hardirqs_on+0x7c/0x110 [ 1009.147346][T18825] ? find_held_lock+0x2b/0x80 [ 1009.147387][T18825] ? tomoyo_path_number_perm+0x295/0x580 [ 1009.147428][T18825] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1009.147465][T18825] ? blkdev_common_ioctl+0x1dd/0x2480 [ 1009.147506][T18825] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1009.147545][T18825] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1009.147582][T18825] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1009.147623][T18825] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1009.147674][T18825] ? find_held_lock+0x2b/0x80 [ 1009.147715][T18825] ? __pfx_lo_ioctl+0x10/0x10 [ 1009.147756][T18825] blkdev_ioctl+0x274/0x6d0 [ 1009.147795][T18825] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1009.147837][T18825] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1009.147877][T18825] __x64_sys_ioctl+0x18b/0x210 [ 1009.147918][T18825] do_syscall_64+0xcd/0x490 [ 1009.147948][T18825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.147976][T18825] RIP: 0033:0x7f54b3f8e969 [ 1009.148000][T18825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1009.148038][T18825] RSP: 002b:00007f54b4e22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1009.148066][T18825] RAX: ffffffffffffffda RBX: 00007f54b41b6080 RCX: 00007f54b3f8e969 [ 1009.148086][T18825] RDX: 0000000000000000 RSI: 0000000000004c02 RDI: 0000000000000007 [ 1009.148104][T18825] RBP: 00007f54b4010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1009.148122][T18825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1009.148139][T18825] R13: 0000000000000000 R14: 00007f54b41b6080 R15: 00007ffcf1ceb408 [ 1009.148164][T18825]