last executing test programs: 5.743605389s ago: executing program 2 (id=991): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x288200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe80000000000004"}, 0x55) 5.646443471s ago: executing program 0 (id=992): socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0x1, 0x0) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x6, 0xeb1, 0x7f, 0x8000) sysfs$auto(0x2, 0x100000000000030, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) socket(0x2, 0x1, 0x106) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x7fffffff, 0x7, 0x0, 0x9, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), 0xffffffffffffffff) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0x8) 5.383178177s ago: executing program 2 (id=993): sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f00000000c0), r0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x38, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0xe8}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771dacabf0a312fc0884700"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0xe, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="e2578836d31452045edba4fc98c016a3a66f4d3e67d1cd25309cb47b6aafb1aefeb131cf", @ANYRES16=r2, @ANYBLOB="00042bbd7000ffdbdf253800000006009800f5ff0000e602b9801400770000000000000000000000000000000001aa02d080fec16290b6296c70fc9426b6d032503aa0303c1b176cbf35b1488684cbbbf2edac321fb1f69291217e154dc04b7a674beacdfeca960ea4673e3e028fdb83c084c4107c84294d05b881b4410263ed36dcf60cc89db0bd00368b09b2864a49f16392c2247fa4c06f9aece72ff0e7cb7efd76d3d394c7c3e775af491dba7571ca2225100ec28def401fd1bb2ed7e8a64469476db9d9f9c6dc4ca2b904674ea7af6c73557e4f8720b014371b271c0bf1a80ec2ac6fe87f1786fbd3ae1ae2ce9940ea01f41e780f1f5521ed1b57df46e49ec619d9d27c08800641b7a7701d96b181ade2e31985e8ce475f8ba6fce2242eb3a4eaf32e742b7820c407899c955d9861d972db22a64fa0abb5ed4f6da1973ee6687db31baa13fd8d54034ae6e49aab3f25a5f40bba37a8829f7f98c57166e6800b46622370c2b226dbd0983f8d39976b6b97e5467fb18af83fbc42873825ccc138b75236e0c47307435addf9db42e46f26d9abd7a0ee1ca59960150ec498c04bfb92896d684652043abcff1a775148bab71b6128073c68a4d768c562d3ec47a3240a7148b4214b2e381968d5df8e2c0d8b343a1b62a050a2eff77d9f42bf3115aba8de502801392a07739e84756450977eea49e2d1853b4066115ace8e060b94f1ef0e1b4ae710abccbd128f24536e33b841f69a850c00c100060000000000000033f8bb0a8574411b4a12b42c190ea344cee434bcea67381a681de25b8e27db12ecb6ec14b8e105a76250477e2ba3356ead59f71ab4a691bbd828edb3c1d4eb0002e9109176803c8386916cc7403082bb22cee48e8f102418286476ab6edd9c6a67ba03e9c8dcf62ea8b4e75c9794a6587efa0e36f75a512f5b8af35d24bad898860d482e768f52dd1c433243e75c9fc586366765621e47844e2a0690467a6b34b3eb86e797fcc4274e57760135d58d319b069eb2d59b00000700e6002e5e0000ef3f1d81ec37232c45ae305781ce58fbdb8324f0b41719577edf00000400ec000800b700ff010000"], 0x310}, 0x1, 0x0, 0x0, 0x40000}, 0x10) lsm_list_modules$auto(0x0, 0x0, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40146f2c, 0x0) 4.173265702s ago: executing program 2 (id=994): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/orangefs/slot_timeout_secs\x00', 0x102, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x22340, 0x66) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x7) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r0, 0x0, 0x1003, 0x4005, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000990}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.165280393s ago: executing program 1 (id=995): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) (async) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) lsm_list_modules$auto(0x0, 0x0, 0x0) socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x40081, 0x0) (async) r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x40081, 0x0) r1 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/mac80211_hwsim/hwsim13\x00', 0x20001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.4/usb5/5-0:1.0/usb5-port1/power/pm_qos_no_power_off\x00', 0x20a42, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) (async) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r3, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) (async) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB], 0x14}}, 0x10040) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) r4 = socket(0x1d, 0x2, 0x7) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) (async) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x3, 0x2) (async) r5 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r5, 0x8955, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r2) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r5) shmctl$auto_IPC_INFO(0x6, 0x3, &(0x7f0000000440)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0xc1e, 0x0, 0x7}, 0x7fff, 0xe9, 0x5, 0x100, @inferred=0xffffffffffffffff, @inferred, 0x0, 0x0, &(0x7f0000000240)="140ecc14221384adf3da1575e6f23f863c15d5b50c853fb2fcafad52aa938224086741359696e56e3d333a58808b2669e210d0b030a1f266e6be5685cf52e8", &(0x7f0000000340)="f4a331fad52ae43ebc3440ce9d2d9e058714df2d86e3b81944195601692f2018cea2253265e4d1923f472041e568861fffbb64e4b58b875ae19017b6acbd5ad5a3210f2d2590b4c79f7aad6a382c5860e2c744cc1ee46cd16cb3e8870659f609b781e74ee1fac93bfdfec606bfcca6bc84d80f6641970b78ed344ed1233c6e84cd36b1e6efae9259a0b86029ad77d4f0d4074003e26a7bcc1a01faefeb56c74da48891cfb4b46750b2e1f8b279ebd27131ff9c7c7d1f835f2dd82c5cc202fff358a3529010619a53f732922ab38e59920f646e2fcd723fbec7e2d96e56ac4cd4ffb2b482394aa1c8"}) (async) shmctl$auto_IPC_INFO(0x6, 0x3, &(0x7f0000000440)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0xc1e, 0x0, 0x7}, 0x7fff, 0xe9, 0x5, 0x100, @inferred=0xffffffffffffffff, @inferred, 0x0, 0x0, &(0x7f0000000240)="140ecc14221384adf3da1575e6f23f863c15d5b50c853fb2fcafad52aa938224086741359696e56e3d333a58808b2669e210d0b030a1f266e6be5685cf52e8", &(0x7f0000000340)="f4a331fad52ae43ebc3440ce9d2d9e058714df2d86e3b81944195601692f2018cea2253265e4d1923f472041e568861fffbb64e4b58b875ae19017b6acbd5ad5a3210f2d2590b4c79f7aad6a382c5860e2c744cc1ee46cd16cb3e8870659f609b781e74ee1fac93bfdfec606bfcca6bc84d80f6641970b78ed344ed1233c6e84cd36b1e6efae9259a0b86029ad77d4f0d4074003e26a7bcc1a01faefeb56c74da48891cfb4b46750b2e1f8b279ebd27131ff9c7c7d1f835f2dd82c5cc202fff358a3529010619a53f732922ab38e59920f646e2fcd723fbec7e2d96e56ac4cd4ffb2b482394aa1c8"}) ioctl$auto_XFS_IOC_FREE_EOFBLOCKS(r1, 0x8080583a, &(0x7f00000004c0)={0x205, 0x9b59, 0x0, r6, 0x7f, 0x0, 0x4}) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x3, 0x0, 0x4) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="20008eee", @ANYRES16=0x0, @ANYBLOB="00082dbd7000ffdbdf258300000004001e010800220101000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8080) (async) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="20008eee", @ANYRES16=0x0, @ANYBLOB="00082dbd7000ffdbdf258300000004001e010800220101000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x8080) 3.782333017s ago: executing program 1 (id=996): ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f0000000000)=0xffffffffffffffff) ioctl$auto_UI_SET_PROPBIT(r0, 0x4004556e, &(0x7f0000000040)=0x3) ioctl$auto_FS_IOC_GETFSUUID(r0, 0x80111500, 0x5) r1 = getgid() getsockopt$auto_SO_RCVLOWAT(0xffffffffffffffff, 0x3, 0x12, &(0x7f0000000080)='/:@,%#*\x00', &(0x7f00000000c0)=0x8) ioctl$auto_VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000100)=r0) write$auto_fops_x64_ro_(r2, &(0x7f0000000140)="4e2b8b631d85d899ad3bddd21ee3cbadd8a56a7fdafc2d92d055c2a10f083cd1bcee3ea6fd9c2d3511c8c25dfacd3fe8f96312ceb30ef1023ce2550150620e6701897e38e377696180994afcdf3b57a8264fa36790c4a60d0e33028a7cb02a3349db76558285ee5f43976cb26af0898ad0e46bd36be225a7a4b479a5ba2bddacaabc8e40a8a4abb62a0b571fdee0fd4b0226f2393488504470e3f2f907bce7032b8ab5bff7999366cbedc819dc4eead365230e88395ccfbf", 0xb8) sysfs$auto(0x6, 0x7fffffff, 0xffffffffffffffff) ioctl$auto_XFS_IOC_SWAPEXT(r2, 0xc0c0586d, &(0x7f0000000200)={0x50, @inferred=r0, @inferred=r0, 0xd54, 0x9, '\x00', {0x200, 0x6, 0x5, 0xee00, r1, 0x81, 0x40, 0x0, {0x625, 0x6}, {0x200, 0x9}, {0x7ff, 0x8}, 0x3, 0x9, 0x80, 0x597, 0x200, 0x7fff, 0x8000, 0x6, 0x27, 0x5, '\x00', 0x0, 0x1, 0x3, 0x3}}) msgctl$auto_MSG_STAT_ANY(0xe, 0xd, &(0x7f0000000340)={{0x2, 0xee01, 0xee00, 0x2, 0x200, 0x80000000, 0x2}, &(0x7f00000002c0)=0x1, &(0x7f0000000300)=0x6, 0x1, 0x8, 0x0, 0x7, 0xfffffffffffffffc, 0x6f, 0x6, 0x9, @raw=0x1a37, @inferred=0x0}) shmctl$auto_SHM_LOCK(0xa, 0xb, &(0x7f00000004c0)={{0x0, 0xffffffffffffffff, r1, 0xe, 0x4d1a, 0x3979b9bd, 0x9}, 0x0, 0x1, 0x5, 0xe, @raw=0x7, @raw=0xfb26, 0x12d, 0x0, &(0x7f00000003c0)="f1e213cebd7d2b815f74e689e8176dda8810429fb57190ed75ed71d97f40841b4d92da864e399a21518060e70436e0a5a050f64ecf6f0d7e5996c6b5b687cdd31c9fa7ed1e045e062653d3d22a68af543b7ca0df2333ace7cb560751bd867b9c1f04ece491af274e56ea8f79a2293cbe50f74748b70f48439de9a9f0eafdf2b61824e9ad9b08b22f4c102b9d8b955c80d9148a9598c32b6696a883986927b6c29335988004bf8eb37cf2", &(0x7f0000000480)="5cafe14db7ba564c73000b2e931928af0220e6234f1f27c78f9539c5470ab5466684868ce4014be33f47b50fa4b80e7e352f0a6329e2bc0a334ee74b8a"}) setresuid$auto(r5, r6, r8) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000580), r4) sendmsg$auto_NL80211_CMD_JOIN_MESH(r4, &(0x7f00000008c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000880)={&(0x7f00000005c0)={0x294, r9, 0x20, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_HE_OBSS_PD={0x1ac, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0x4}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x7}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0x77, 0x5, "22ac93207e4b2f38f28957add30e6aac4c4696b53ebe618b4f1c2dec54228f2bcbbc92e8431ebd472db33d162286609a754c0748b0a5ae528bd0ffab69f875b7f508609e01e8a7a4b6d215dee82c254a408dbbf7af880f58993aa9f98adcd3c3f0d9a964a22f1f58923c03c53ce592fc7ec270"}, @NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "2520ed4e1b0d35ca"}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x3b}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x9}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x5}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5, 0x6, 0x6f}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xec, 0x4, "bb80ee6cbd0cce660032a66832cb165617c5f4f982f543645e7b9413e481707a4a8335670565faf383ac1b845eb3ba662909fb4ea3498dec4cdc9668a2291c1cfac9bf0135e68d2476b19fa405f5c1c651c532bff6354db62e461ff5dd1fce2c18437e5290337ddd265b76c64c2ecf7972c73906f4712904be836ad480e71c45df76ad74fc11db3a73af12b2fcab6f780850d5188a505b20e27846ed1c4277b53c1056f2798737e03ed724963fd0305c2ae52e0bedfd587e6517943fc040935a91c4f6490b904d23b7996356980f0ffaabd3feedc00edcb90af0f176f49fd893b0670e18750db58f"}, @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0x6}]}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x7}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x8, 0x13, "c7a425c6"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xb6, 0xbd, "78cea73a453b5902f752a4919166c94eebcb353e0cd959299103fa03f212f7864c22dd205c983aefbd51d9fbffb13f35ac0eb6da4c4c581a756ad823261224a11de890a0a386adc14c1925d4d9865658b2832bf1d0b4ef157c01689c9d79d037b07dd983aa5486260a702129464cf7f079a8827329fdc70286e1568d516961dfd7d8c89d92ac5c8870c101f1afe257076f53f7b89c845a5e0b8791826944a317071ab59962d030d53ea8c0296a9584f7a5a9"}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x1ff}]}, 0x294}}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x14, r9, 0x300, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48001}, 0x20004870) futex$auto(&(0x7f0000000a00)=0xf2, 0xd970, 0xf93, &(0x7f0000000a40)={0xe96c, 0x7fff}, &(0x7f0000000a80)=0x8, 0xe0000000) shmctl$auto_IPC_INFO(0x4, 0x3, &(0x7f0000001b00)={{0x1ff, r6, r1, 0x7, 0x6, 0x0, 0x5}, 0x1ff, 0x3, 0x8000, 0x4, @raw, @inferred=r7, 0x80, 0x0, &(0x7f0000000ac0)="d647cedde022c108bc86e784e15bd0257523ee44dbc78fdef354472b056684d07e954bd5c499a94b43044b2ae9a6ac314b71b2d51ccba5", &(0x7f0000000b00)="8f43e0d1f7b99de61f93def2037f9738fdef4286e9fa7fb345b05abe010ed47d202a62ee432f18ef6c3137411eeff92268d716031a6955a70475f9fba31c979837bb9ea82948b8438db0673c38d88e020158653ab30bf74d265c701c9e76cc9cedbe80f81483064e9270fe5171ae38543539bfe97bd62264fc17877a94eabd71ac128cd1cfda545808e61b10ef3f7504c458da0fb8dad7964154bd41d07add6400635515977d64590f5bf9d63fc1d52337f4b58d89efec9a9498481412f9ab95d2bffef9a839e02822eafc6de4c153fcf4da3998bfeaff115af22363062d3229e5cd347cd1d579a8e84cec0bde4e703480a5b08ce53d5c981c27f8324d0a6b4d34b32d82f1160028040d36307ad62c9070f88784e8ffd3537f81630fc8422858616885c77d8ea4fc2fe871f52bcb5e5d25bbbd65d7a67e844e8355e47a85b8d19d3ecbc689f762fe2c4b2814a9368bf800c1c53a0397b20f1129c16e4c39f5406d64ab21e936f57ec1b65291f3c31891e748c2f0d17095a6c1dd44e1bb46f358d1d6fe8f2f14e1ed8bf9cde30450686e1f64c4e0e939d3545835067e923cb28f8d38b621cad0fff8de3856a1a0ba48416facf89b40649eaad899298248a8934dd817bd13e246b2bde5b52a3b7fe0142bbbda3fec82cb03ba6adab0aadfee82b9c30b0cc64e780bf73661d2dfef923296cebb2f05d2750988556571387629623ed7ea8d828fef31525b8379a5c4bc0850c5d703b3dfee471a7181dc7b810e2e6a503881c10620d61b225c6186d0d0feaf3fe549e097a304c7eb74c4398409beb2a450c024eaa82413d02448ee8ec6c9bc1cc8287273bb43d3b10268f3b9a8241a3ce193bcf4a17ed1a3ef1cc5ede471f22fb0ea951c69e93b2e1c74549fc84038bc4936061fea5f02d7f81e62d1b4685b2fe8d918f984bce56284f470009be9a029bd0ded29a17c6105c0713f56213eb3e7f3726a2cc11e26554f55f4186d563600f0a50c1f46b3301ad6ea9a3180fdc987970039ea05abafd46d30be263d52c13d48ab0fc7d6240ba086eb9fea54f346119d1ac5a1250e4d4cf4a2a259ccf733f924d0c78337cf18e44e3cb0fa4b4d99338c7816727c89c5eba3988c9f7051da0fc3d1abedc01769056eefc03cd40a224589d141ab0532300d45c068b302fae47c74611bb5114cec14d780a287f53e3f5855dca6624640413bc85696f8f913fd70494b198874e447e1e832e3cae6399413c3667cbcc7f5fd5207fee508163dd25bb4776724c0651923a0119f20fe2565f479af0eac9e6eae862ddd98e88985059afbaf63105b83e9318b989ea78b94ea62eef81085dbb18e8bc62ebe784b61ac1893145ba0223fdfdca7e048b731fe3d7ec3e0767cb5ed740d5fb8a5e124d9cf9f85272f4dcbf236a9a251340f8fab7126022995489b2a7d40a7057ddb9ce4817ec8bfe496a01eec85a296435ca10e67dff1bf102b21e1a8b10dd184598d9925b0f0a05a5d24396f7a15df176cb49c0db44fb05377f07a8244b518ceafbe8ece2e51501fb9b7fd6891df24affae599c8a0ac793491bf99a1528510f6cbea34152ae5d86c9593999bc4b56e1b52014ad8d573fd2a07cf8e55c9be63b3f1f8508acd94846c9c92e2175ab38dcfb506c57db8a5950f0b2888508de8d996a9deb0cab5b59e99b6d1b23fd2cf1b6b5eb246a2cec26e221f532f34eb9a7f5247cba6d0ccf5abecb203ac547da88c1ca2ea3e915c022830c4895e6efb51fc8010f769ba87b5ca0060dcb8c46d2bc28a5a497f09b7799e20b309b155ba9d1351d0f92fd42f33ef5237c5fc2f3db2e75b9f1a50cb74f132eca6b4c7733cda96aeb0b3d80f5884fddf57df52fc7f9ca80205565720bdb02a8b6008d40edcaad40654be76da55605e77299bfc1b082f550223a3059f6c4817f245c804495c34817d7cf21892ec7073fc6b61d77df08e360a41198367a2a2fc4ae81f58843f5d410d8ca4db599ba61eeaea1f3993c3b87fa088fb1b95139ed63072cfc3f05c1b1c40d2afeb42f11ac04b2057159d280d8a618ce71e0820925b00e0f712ed082965146571afb6eb19dbf696039a111c1d7d49388060b994327168b4a801ff5b7c8d9432dfbc9945d36a4df12aa3810e0df11c7e365c5e3436c4779ecf8a3ef24ac4aa13e04f190467dcae7c36f3e3e0533cbadc64e391c32844752ee85388f66c705fa700c6685f884dd20ee694a41b1c234de0aff157d239fa7a944453605b37418926de26f6a6e4e07856533e7db12ddfe39500309cdc7ff5a71354193cc30dad319f072484682b2dad9264b58aebf378de1f8b59f884ac819f1e4d09898ac1138f98da3f345843fd596f228ed3991f74aec128b290a84cfa95db65a17d49dc862f5f16c94ae764bd8fe86f3754cf81ca16266b778bee6a4f520ab9f968233804564cc0fd48eef8fef1937993d7a27645b815af4a852ae843e3c6255964d080d16e42880b2d4e199f0efb97bf5bb2e94c429bf85c753edbe37576797a3069e8a49afb2f011213d3cf7b49500e5d0e0eb6235c5a821ddb7389fb02ac6bde7d5fa584858335af866f14f678da3dd13083881349e591226a88b9115c6c5490f5179d33444a6a780d9d395b564c09c18c1dc29cd2a6e7de6f4405948208a8f91bc47fafdcc4d460cfccd12c6c0f8456efaa694c4befd399759a17d3625ad8f16582a12992f89ab27c828bd87e7049882533c318e6effbfce582ce5e6143316a7d6e25c96d370207f106c42331d780aaad9fdfaad264b63592fe560357ecb9948951ff47093ffe64fc6266bab3e137e9f75943456fcf279febeb42e610ecfdd334e483d15df109e62c48d32e0200b91c1c50215a6a5e1e1ecb244a12ddbe871c76ce291ef2873a4e8fff2603cd8b16a33ef44a3082193821a46ed3af725c3e168773221c950c106d36b66a20ff9dbd88fcfaa9de05e53dcae2f8d7c99f7ad9994dbd17baf3067fd7f6d5d5aa3bffee639de7341c6aa1a89faed114d82ae18bfb0b50c8d57c21bfec454cf381ca75eb884c577e5c14c05698881341ff15c0977ac2600a114d12573221c26d25b9f6fef30e88cf82d8834f6deb77fc1f1dd2d0a4c067bceaf60ce5a2e1c5fb25b1a0c0e2985c51bac99dd4df86e6aed7784a1443b85ad07eb1f7e91f61c0ace9670c77a58801301fd3623782107d018408bd6ac2aa0ae9db20af047fe3e944b2099ebf97f2a99345fa0f82b13226deaf93a37e03f9a37f807134a8058389b432811513579e41e5508a6a1229b8de5230bcc6f43adb424a96f07f622619a35f67290633e18dcc2c38cbdf923a567a9a304658018e08cd69eb6710128be48206d2615ed58c829900b3b34f7bbeb3d94a4b24b630584b41822f4b6bb4bb727e4c5d29393f9909c274242ffe3f9b5fcf48f52e365468e8f2db04df4a70dd089d0abada5291c8fd4b7453f7df34c2badbd4ca920e86f40babbc14cc43fc5c0b24d2536b27935dc282038f90deeb55e6e6597d2d5999dba7180c2e7f9efda3ab58131ae7fca104ed21a71b6d84905fb978940e443ffedc27292ac2176e14b4059b5680f5514690f56e22d0cb1cabe902b147a6f53a093d061773007dfc1773b8f6491087134e2ba2d84d52e5276a3b04da8c0c1e3baa9ca89e89ee8f88ce0f8b1f990512f4afeb931e88ba66181f4e115c8a6f5327d968c6119d8929d4c6be832aa99c31ff751ede2928d349852edeb02e94e391e97b4c5bacb8f23aed9d0bbed9dd17d73b596e4c96720449838c5829462ebfb96750c60d2cdf0931406c7652c9f04792ecbe506391d0e0ea1c1452d5df66a934b4ecdf851506675a76b72b978f8610ca817124db3fc826b574e2ab2d1ffdfc35f7229fae8a5880b14fca30a1da6824f319e2e533257420eed53785b7ed5828db7f766465f732f52dc4b6b222279e4d0542330c64f6ab034667db002b02bb7352c6f607f7b15819dcb1be8caffdd7f847b61ca29a58d23c9e51dc9e5966cdc15b9c5706867256fe4acf46cbfbb1c4f41996e0329dd9bd5c51c70bde8c8da3a1c37db65af67dfaa8696a980237560e930e13bfcb1159569799ac86f8e462da3d40af026ec15daa9907f28bb267656016f8a4401a8e41fc425c4d1656ea100a9adecb7535b1972c6384acaaa6fc89ad57c5ed49dd923964aae9c37bc3f1ecfa36a0947ac61ecc7d38f0fda8f8d5dcb2c8080a416e7986c9b9b7d6356a05e1dbaac7fad9bd665e6e1391692f55297a7d263574902c6122af887ff0ea2affe9d0965a4781cad80f2a536a5eb33f23c1a8327b6d4774afd94b29d46286708ef6f1305c8b363fb7200a784642c3e625fd56279ae523b98afb40e9f7c706a573087b0551e092c3baa68651db9bf488f66d81b5bdfca044282e8ec383da2e00438fc008331772075cc89cd5ca667b107ae30d99f3090dabc9184dc6c515539bb47efd04cd1751c5e38559d394b01f3fef2e7261518edba4460fb090c1712d908df4717f51a340e9b817308cca2a5ca27583161c8e8eb709543951927ba3fabc0286f8017f9e560fee30c38e7faf81feee9a882b3515b258f0469fc7be1fdb592669bf44b184579c1b317804a754e1f344e2f9b3e621692553d862b8971ec2599b5839378e863b9d58402be1c9eb663cf4ef3062821897e45ca8ef14707fb1891f896bdce7674ccd8ab540a6a08c8e1e001407bcb2cdb0127e7f47c0ec29eef10622fa8b1ebd84d143e37bf138c2f8a77fdb2d6e1e34c6c5e92ec775271221ac754f965d343460053c5b23bc88398d5028e1ddc54b6723d7fd08cbe23ca666a61236565f5fea10055d2231297783a202988c7744baeab9eb1db5c2f825704f79a6bdefcdfda89461179c0dfa5f083c294151e88b1531d5dec275748253d609e92f1925d99a44e9ad864fe2bbfd14a63112111906153e6a686945c75d3b06a86661c8d7c9db378373b69be0a7b94ad243be867fb8e8f19ee5de1774d552bdabcc044e7cd87e5c571bbd803be66441c4bee249b0ff25d863cdd7bdeb15a444af5729ee25d1f7fcdfb5b0dae1e01119778665d15274e728d6c653546ff77cd6f69400dcbfcfb68b8b1670ed93d92a1b7e176b84493000afeae6f3f36bfae223ecf8914f7188b59fff9ed5148231d4da51456e1d8211ca7ba910de8785f71f0eaa1b471a12395182a6dbf808801225ff8d8ca4695df14582a39b009e0b29f17e28150b1491c9254cae7392a3079d9419f846e62872adca9eecbd90a65f91d58e0980b9025a1ca2883831a75e4a3fe8cfe684cc3cb219e3a7f0b2c5d315a8d150af5ab01015e61e66034dedc3195c0d5a469794d42a2857b6dcca83662ba218e6da5f373006d15b29da56fd0ea43f00af5f204f1b6b0a663565ab550e13b78a5efdc744da4b2f9e7be752fd9b4c6bc426439df2b11a5be6a955d0fc50a19f00ed729ef0241603f83fc4f1f8cc59164c5eca3a76fa8fa5f020b1deefd3a62bf7ec741970a5bcd7b63c4d43271fd435e64960e1e7c1b2f4a14c845b47c528f2b0856370cfd9fa6979164934c61f2d2683ae2dab304fd6c5070194255b3fc86c3b13f194ae9ef57bafca54e77e7c9044ebea25a8f13982affdeb1297a259192eb0b6c66e957c85a6e22ba42918b362e7cb62de316296c7a583c65f3639734187e54f75f9ba239c1203f4ad4dd5f7fd8d2b735347e72755cfd0d7522003afbb3ecd5dd4ec5583a127d1ec18f46691608baa550f1cb11fbc1b0231089dcc7190f81509988e3a75f5054f4fe2ebfb37ca10cb309010"}) setresuid$auto(r5, r10, r6) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000001b80)={0x9, 0x800000, 0x5, @raw=[0x1, 0xf, 0x2fb, 0x6, 0x4, 0x9, 0x10001, 0x4, 0x8, 0x80, 0x1ff, 0x0, 0xa01e, 0x8, 0x23, 0x3]}) msgsnd$auto(0x3, &(0x7f0000001c00)={0x739988d, 0x4}, 0x5, 0xffffff98) setsockopt$auto(r3, 0x1, 0x3, &(0x7f0000001c40)=':!^%,/&\x00', 0xfffffff8) ioctl$auto_BLKGETSIZE(r2, 0x1260, 0x0) r11 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/loop0\x00', 0x100, 0x0) ioctl$auto_BLKGETSIZE(r11, 0x1260, 0x0) getsockopt$auto_SO_NOFCS(r2, 0x5, 0x2b, &(0x7f0000001cc0)='}\x00', &(0x7f0000001d00)=0x8001) openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000001d40), 0x200000, 0x0) r12 = openat$auto_autofs_root_operations_autofs_i(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/kernel/debug/netdevsim/netdevsim2/ports/0\x00', 0x141, 0x0) read$auto_autofs_root_operations_autofs_i(r12, &(0x7f0000001dc0)=""/32, 0x20) r13 = syz_genetlink_get_family_id$auto_net_dm(&(0x7f0000001e40), r0) sendmsg$auto_NET_DM_CMD_STOP(r0, &(0x7f0000001f40)={&(0x7f0000001e00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001f00)={&(0x7f0000001e80)={0x48, r13, 0x20, 0x70bd29, 0x25dfdbff, {}, [@NET_DM_ATTR_QUEUE_LEN={0x8, 0xb, 0x8}, @NET_DM_ATTR_TRUNC_LEN={0x8, 0x9, 0x3}, @NET_DM_ATTR_HW_DROPS={0x4}, @NET_DM_ATTR_HW_DROPS={0x4}, @NET_DM_ATTR_QUEUE_LEN={0x8, 0xb, 0x80}, @NET_DM_ATTR_UNSPEC={0x12, 0x0, "ad017107d8b91a10dffcd39b02d4"}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) 3.497121373s ago: executing program 1 (id=997): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, 0x0, 0x900, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x200000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/use_zero_page\x00', 0x28442, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 3.331921362s ago: executing program 0 (id=998): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) mmap$auto(0x7, 0x20009, 0x4000000000df, 0xfff, 0x401, 0x8000) write$auto_force_wakeup_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000080)="305b0a8f34915766fca3fb72133618de834c1d0cbb0bcd7ff19baad4ec1b020bc78d852189f51aafd33a851c1e6de42e41b662cd9d878702c737228ccbe5327e26", 0x41) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x60800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f00000002c0)={0x9, 0xf, 0x9, @raw=0x6, &(0x7f0000000180)={@inferred, 0x5, 0x1, 0x4722, "8bb837c1350582ad19b73cd96cdfff311e796b6c5469bb358431acab711e8655f26efd93e7e7237907b8aca0"}, "4d7a2b4d1207019a2e027c353ca753ee0fea7dbd84372e8a545483b954a3934920e86191d9cffcdd9025d335b39851dff735"}) write$auto(0xc8, 0x0, 0x4040f6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e07251de39066555baed365ef307143959554d"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'wg0\x00'}) mmap$auto(0x0, 0x80000001, 0xdf, 0x9b72, 0x2, 0x8000) rseq$auto(&(0x7f0000000000)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000001c0), 0x40c01, 0x0) r5 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f00000000c0)={0x3, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500", @raw=0x7}) newfstatat$auto(r5, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0x0, 0x0, 0x2000000006, 0x3, 0x0, 0xdc49, 0x8, 0xbc, 0x1, 0x4, 0x0, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x490d0c6f, 0x400008, 0x200000000df, 0x9b72, r4, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) brk$auto(0xffffffffffffff66) fanotify_init$auto(0x65, 0x2) kcmp$auto(0x1, 0x1, 0x0, 0x100000004, 0x100000001) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000200), 0x100000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) 3.032339203s ago: executing program 1 (id=999): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x22ae02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x2, 0x5, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0x2a, "00800000ffefffffff0200000001"}, 0x55) write$auto(0x3, 0x0, 0x100082) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(r0, 0x0, 0x0) 2.842345417s ago: executing program 2 (id=1000): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x1, 0x800000000eb1, 0x401, 0x8000) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) unlink$auto(&(0x7f0000000080)='./file0\x00') mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) mincore$auto(0x7, 0xc, &(0x7f0000000000)='/dev/ptyd1\x00') close_range$auto(0x2, 0x8, 0x0) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) mmap$auto(0x0, 0x400008, 0xffffffffffffffff, 0x1b, 0x2, 0x8000) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) 2.669430055s ago: executing program 3 (id=1001): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2c, 0x4, 0x29c) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) clock_adjtime$auto(0xa, &(0x7f00000002c0)={0x10000, 0x0, 0x2, 0x8000000000000001, 0x0, 0x7f, 0xf1, 0x0, 0x6, 0x8, 0x2, {0x381cdc1f, 0x3}, 0x2, 0x7fffffff, 0x3, 0x9, 0x0, 0x3, 0x4, 0x5, 0x7, 0xf, 0x4}) ioctl$auto_USBDEVFS_REAPURB32(r2, 0x4004550c, &(0x7f0000000180)=0x38b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) 2.521159222s ago: executing program 0 (id=1002): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0xffffffffffffffff) (async) adjtimex$auto(&(0x7f0000000300)={0xf332b6e, 0x0, 0x200000000, 0xfffffffffffffffe, 0x1, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x2, {0x100000000, 0x5}, 0x5, 0x8, 0x9, 0x1008000, 0x0, 0x8, 0x81, 0xdfffffffffff6291, 0x6, 0x4, 0x808}) (async) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r2, 0x5453, r2) (async) getrandom$auto(0x0, 0x7, 0x4b) (async) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$auto_ILA_CMD_DEL(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRESDEC=r1], 0x50}, 0x1, 0x0, 0x0, 0x4044044}, 0x10) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) (async) madvise$auto(0x110c230000, 0x1, 0x9) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) write$auto(r3, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff) (async) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)=""/153, 0x99) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) (async) setsockopt$auto(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x56b) (async) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) (async) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(0xffffffffffffffff, 0x7a4, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r4 = socket(0x10, 0x2, 0xc) openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}}, 0x10004010) 2.421091968s ago: executing program 1 (id=1003): sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f00000000c0), r0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x38, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0xe8}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771dacabf0a312fc0884700"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0xe, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="e2578836d31452045edba4fc98c016a3a66f4d3e67d1cd25309cb47b6aafb1aefeb131cf", @ANYRES16=r2, @ANYBLOB="00042bbd7000ffdbdf253800000006009800f5ff0000e602b9801400770000000000000000000000000000000001aa02d080fec16290b6296c70fc9426b6d032503aa0303c1b176cbf35b1488684cbbbf2edac321fb1f69291217e154dc04b7a674beacdfeca960ea4673e3e028fdb83c084c4107c84294d05b881b4410263ed36dcf60cc89db0bd00368b09b2864a49f16392c2247fa4c06f9aece72ff0e7cb7efd76d3d394c7c3e775af491dba7571ca2225100ec28def401fd1bb2ed7e8a64469476db9d9f9c6dc4ca2b904674ea7af6c73557e4f8720b014371b271c0bf1a80ec2ac6fe87f1786fbd3ae1ae2ce9940ea01f41e780f1f5521ed1b57df46e49ec619d9d27c08800641b7a7701d96b181ade2e31985e8ce475f8ba6fce2242eb3a4eaf32e742b7820c407899c955d9861d972db22a64fa0abb5ed4f6da1973ee6687db31baa13fd8d54034ae6e49aab3f25a5f40bba37a8829f7f98c57166e6800b46622370c2b226dbd0983f8d39976b6b97e5467fb18af83fbc42873825ccc138b75236e0c47307435addf9db42e46f26d9abd7a0ee1ca59960150ec498c04bfb92896d684652043abcff1a775148bab71b6128073c68a4d768c562d3ec47a3240a7148b4214b2e381968d5df8e2c0d8b343a1b62a050a2eff77d9f42bf3115aba8de502801392a07739e84756450977eea49e2d1853b4066115ace8e060b94f1ef0e1b4ae710abccbd128f24536e33b841f69a850c00c100060000000000000033f8bb0a8574411b4a12b42c190ea344cee434bcea67381a681de25b8e27db12ecb6ec14b8e105a76250477e2ba3356ead59f71ab4a691bbd828edb3c1d4eb0002e9109176803c8386916cc7403082bb22cee48e8f102418286476ab6edd9c6a67ba03e9c8dcf62ea8b4e75c9794a6587efa0e36f75a512f5b8af35d24bad898860d482e768f52dd1c433243e75c9fc586366765621e47844e2a0690467a6b34b3eb86e797fcc4274e57760135d58d319b069eb2d59b00000700e6002e5e0000ef3f1d81ec37232c45ae305781ce58fbdb8324f0b41719577edf00000400ec000800b700ff010000"], 0x310}, 0x1, 0x0, 0x0, 0x40000}, 0x10) lsm_list_modules$auto(0x0, 0x0, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40146f2c, 0x0) 1.894766098s ago: executing program 0 (id=1004): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x288200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 1.565964054s ago: executing program 0 (id=1005): openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0) (async) write$auto(0x3, 0x0, 0x0) (async) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x40103d02, 0x0) (async, rerun: 64) write$auto(0x3, 0x0, 0xfdef) (rerun: 64) 1.548941857s ago: executing program 1 (id=1006): set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) (async) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x5}, 0x3) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x85, 0xffffffffffff0005, 0x40000017) (async) madvise$auto(0x85, 0xffffffffffff0005, 0x40000017) ioctl$auto_userfaultfd_dev_fops_userfaultfd(r0, 0x101, &(0x7f0000000040)="84358355eeb0e18db05ff7ac05a76c86a3a1") madvise$auto(0x0, 0x1010001, 0x100000003) read$auto(r3, 0x0, 0x20) mmap$auto(0xff0f200080000000, 0x7fd, 0xfff, 0x9b72, r2, 0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000a40), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4], 0x1c}, 0x1, 0x0, 0x0, 0x24000040}, 0x64) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x800, 0x8, 0x6) (async) madvise$auto(0x800, 0x8, 0x6) shmctl$auto_IPC_STAT(0x1, 0x2, 0x0) (async) shmctl$auto_IPC_STAT(0x1, 0x2, 0x0) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x105c0, 0x0) add_key$auto(&(0x7f0000000000)='\x00', 0x0, &(0x7f0000000200)="2ff18cf258906c66fb26f0b17c640ae8790f15a534b605ff36a2b2a37b00357d2a35872acbffb6a57fd19894c943c05d29efeddce49a8a61efa2ff6bef95845d143251fb4f87b8a74c4d59f6cb63795040c8c86ffce477471b625e1deaaa59930c8fa2eb1e1bcb3ce602b7b5ed7149e495740ce6b3bc", 0x9, 0x31f) (async) add_key$auto(&(0x7f0000000000)='\x00', 0x0, &(0x7f0000000200)="2ff18cf258906c66fb26f0b17c640ae8790f15a534b605ff36a2b2a37b00357d2a35872acbffb6a57fd19894c943c05d29efeddce49a8a61efa2ff6bef95845d143251fb4f87b8a74c4d59f6cb63795040c8c86ffce477471b625e1deaaa59930c8fa2eb1e1bcb3ce602b7b5ed7149e495740ce6b3bc", 0x9, 0x31f) madvise$auto(0x0, 0xffffffffffff0005, 0x17) clone$auto(0x2, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xfaf2) 1.058660781s ago: executing program 2 (id=1007): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/req_event\x00', 0x900, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, 0x0, 0x200000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/use_zero_page\x00', 0x28442, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 942.47143ms ago: executing program 0 (id=1008): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r0, 0x4004556e, 0x1f) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffffe, 0x10400005, 0xfffffffffffffffe, 0x4f1, 0x2, 0x8000) unshare$auto(0x40000080) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, 0x0, 0x480, 0x0) ioperm$auto(0x90d5, 0xc, 0x2) close_range$auto(0x2, 0x8, 0x0) write$auto(0x3, 0x0, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_SET(r1, &(0x7f0000002040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x40044) r3 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0x8) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6) 852.730835ms ago: executing program 2 (id=1009): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/orangefs/slot_timeout_secs\x00', 0x102, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x22340, 0x66) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x7) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r0, 0x0, 0x1003, 0x4005, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000990}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 620.120744ms ago: executing program 3 (id=1010): write$auto_lowpan_enable_fops_(0xffffffffffffffff, &(0x7f0000000040)="3c97daf26e7f3cab86a59d67b21a429358a9b1ff4e5c9e695453fa5a77885823c426d9295212f493bd3713afdf0a9fe95f1ab0c90a271158cdf2e3d52bd790df67d8c2a5ed7b8174cdba62facbc38a2576c672", 0x53) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x400000000000401, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) r1 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) tkill$auto(r1, 0x9) 462.622531ms ago: executing program 3 (id=1011): socketcall$auto_SYS_BIND(0x2, &(0x7f0000000100)=0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) (async, rerun: 32) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) (async, rerun: 32) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async, rerun: 64) r2 = open(0x0, 0x261c2, 0x84) (rerun: 64) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/f81534/unbind\x00', 0x8100, 0x0) listen$auto(r3, 0x1ff) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) write$auto(0x3, 0x0, 0x100082) (async) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x101440, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) write$auto(0x3, 0x0, 0x100082) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001c00)=""/4111, 0x100f) 384.311541ms ago: executing program 3 (id=1012): r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x4, 0x84) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'sit0\x00', 0x0}) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@xdp={0x2c, 0x4788, r2, 0x2f}, 0x22) ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x40383d0c, 0x0) 78.01463ms ago: executing program 3 (id=1013): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x288200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) 0s ago: executing program 3 (id=1014): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/addr_prefs\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000000c0)="4c2a28c58ff9e9995b91a7d23b2a5a2f88", 0x11) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts. syzkaller login: [ 92.695988][ T5815] cgroup: Unknown subsys name 'net' [ 92.850884][ T5815] cgroup: Unknown subsys name 'cpuset' [ 92.861415][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.762264][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.919915][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.928687][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.937152][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.944707][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.952308][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.959695][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.968560][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.977194][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.985461][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.995885][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.061884][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.069606][ T9] cfg80211: failed to load regulatory.db [ 97.125489][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.134149][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.136396][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.149240][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.151526][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.165290][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.165435][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.180764][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.180815][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.710825][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 97.812303][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 97.920847][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 97.939183][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 98.005480][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.013767][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.021862][ T5828] bridge_slave_0: entered allmulticast mode [ 98.030110][ T5828] bridge_slave_0: entered promiscuous mode [ 98.049017][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.056301][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.063512][ T5828] bridge_slave_1: entered allmulticast mode [ 98.071678][ T5828] bridge_slave_1: entered promiscuous mode [ 98.183370][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.190956][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.198679][ T5834] bridge_slave_0: entered allmulticast mode [ 98.206325][ T5834] bridge_slave_0: entered promiscuous mode [ 98.248122][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.282735][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.290394][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.298474][ T5834] bridge_slave_1: entered allmulticast mode [ 98.306025][ T5834] bridge_slave_1: entered promiscuous mode [ 98.321271][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.381883][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.389545][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.396861][ T5833] bridge_slave_0: entered allmulticast mode [ 98.404432][ T5833] bridge_slave_0: entered promiscuous mode [ 98.454312][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.461760][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.470241][ T5833] bridge_slave_1: entered allmulticast mode [ 98.478242][ T5833] bridge_slave_1: entered promiscuous mode [ 98.489118][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.515831][ T5828] team0: Port device team_slave_0 added [ 98.538662][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.564307][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.572486][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.580235][ T5824] bridge_slave_0: entered allmulticast mode [ 98.588103][ T5824] bridge_slave_0: entered promiscuous mode [ 98.597954][ T5828] team0: Port device team_slave_1 added [ 98.605909][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.613178][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.620648][ T5824] bridge_slave_1: entered allmulticast mode [ 98.630203][ T5824] bridge_slave_1: entered promiscuous mode [ 98.731923][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.744503][ T5834] team0: Port device team_slave_0 added [ 98.751608][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.758922][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.784988][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.799227][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.806993][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.833023][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.848433][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.861508][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.873530][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.901680][ T5834] team0: Port device team_slave_1 added [ 98.973252][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.980651][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.007017][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.036970][ T5833] team0: Port device team_slave_0 added [ 99.047135][ T5831] Bluetooth: hci1: command tx timeout [ 99.051286][ T5833] team0: Port device team_slave_1 added [ 99.052671][ T5140] Bluetooth: hci0: command tx timeout [ 99.060352][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.071216][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.098303][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.119677][ T5824] team0: Port device team_slave_0 added [ 99.172591][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.179692][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.206928][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.221224][ T5824] team0: Port device team_slave_1 added [ 99.247968][ T5828] hsr_slave_0: entered promiscuous mode [ 99.255333][ T5828] hsr_slave_1: entered promiscuous mode [ 99.263865][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.270888][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.297344][ T5140] Bluetooth: hci2: command tx timeout [ 99.302856][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.306898][ T5140] Bluetooth: hci3: command tx timeout [ 99.374719][ T5834] hsr_slave_0: entered promiscuous mode [ 99.381258][ T5834] hsr_slave_1: entered promiscuous mode [ 99.387936][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.395727][ T5834] Cannot create hsr debugfs directory [ 99.420772][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.427888][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.454377][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.498424][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.505507][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.531842][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.608961][ T5833] hsr_slave_0: entered promiscuous mode [ 99.615373][ T5833] hsr_slave_1: entered promiscuous mode [ 99.621709][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.629704][ T5833] Cannot create hsr debugfs directory [ 99.769921][ T5824] hsr_slave_0: entered promiscuous mode [ 99.777082][ T5824] hsr_slave_1: entered promiscuous mode [ 99.783217][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.791140][ T5824] Cannot create hsr debugfs directory [ 100.171974][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.193204][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.206140][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.229056][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.295780][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.311915][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.323812][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.350023][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.443415][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.454685][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.468311][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.500097][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.601508][ T5824] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.624597][ T5824] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.635819][ T5824] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.651811][ T5824] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.721638][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.788837][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.822382][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.834727][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.842091][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.885714][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.892890][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.920821][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.948986][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.956224][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.999681][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.006873][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.089223][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.126351][ T5140] Bluetooth: hci0: command tx timeout [ 101.126518][ T5831] Bluetooth: hci1: command tx timeout [ 101.140570][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.195223][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.239955][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.258645][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.265807][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.329994][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.337231][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.361522][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.368848][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.377037][ T5831] Bluetooth: hci3: command tx timeout [ 101.377047][ T5140] Bluetooth: hci2: command tx timeout [ 101.460859][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.468102][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.575165][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.605171][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.811416][ T5834] veth0_vlan: entered promiscuous mode [ 101.833619][ T5828] veth0_vlan: entered promiscuous mode [ 101.869142][ T5834] veth1_vlan: entered promiscuous mode [ 101.900249][ T5828] veth1_vlan: entered promiscuous mode [ 102.012254][ T5834] veth0_macvtap: entered promiscuous mode [ 102.056657][ T5828] veth0_macvtap: entered promiscuous mode [ 102.074059][ T5834] veth1_macvtap: entered promiscuous mode [ 102.091326][ T5828] veth1_macvtap: entered promiscuous mode [ 102.111555][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.131405][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.162832][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.191417][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.205258][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.216324][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.228327][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.246684][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.255687][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.265082][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.273990][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.288477][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.301497][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.313758][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.327843][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.337342][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.346073][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.355773][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.414577][ T5833] veth0_vlan: entered promiscuous mode [ 102.512365][ T5833] veth1_vlan: entered promiscuous mode [ 102.534048][ T5824] veth0_vlan: entered promiscuous mode [ 102.583144][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.587113][ T5824] veth1_vlan: entered promiscuous mode [ 102.596937][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.669335][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.682039][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.714050][ T5833] veth0_macvtap: entered promiscuous mode [ 102.749580][ T5833] veth1_macvtap: entered promiscuous mode [ 102.764469][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.776649][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.819053][ T5824] veth0_macvtap: entered promiscuous mode [ 102.834488][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.842170][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.855353][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.861030][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.873614][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.884285][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.900027][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.909670][ T5824] veth1_macvtap: entered promiscuous mode [ 102.933807][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.945697][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.971426][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.974038][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.991616][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.011480][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.039843][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.059642][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.072812][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.106151][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.143367][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 103.157612][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.169991][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 103.182604][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.206876][ T5831] Bluetooth: hci1: command tx timeout [ 103.207849][ T5140] Bluetooth: hci0: command tx timeout [ 103.213165][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 103.232331][ T5887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 103.257392][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.279732][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.300353][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.317536][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.330493][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.344633][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.355261][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.380999][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.397081][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.414096][ T5824] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.423146][ T5824] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.448881][ T5140] Bluetooth: hci3: command tx timeout [ 103.448904][ T5831] Bluetooth: hci2: command tx timeout [ 103.454547][ T5824] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.486031][ T5824] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.676906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.251592][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.267142][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.539479][ T4237] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.559177][ T4237] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.732741][ T4237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.745304][ T4237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.756716][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.794015][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.814790][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.876742][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 105.286273][ T5831] Bluetooth: hci1: command tx timeout [ 105.286866][ T5140] Bluetooth: hci0: command tx timeout [ 105.526348][ T5140] Bluetooth: hci2: command tx timeout [ 105.528715][ T5831] Bluetooth: hci3: command tx timeout [ 106.173925][ T5908] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[5908] [ 106.428221][ T5930] svc: failed to register nfsdv3 RPC service (errno 111). [ 106.500047][ T5930] svc: failed to register nfsaclv3 RPC service (errno 111). [ 106.521726][ T5932] Zero length message leads to an empty skb [ 106.544258][ T5932] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9'. [ 106.904405][ T5929] ima: policy update failed [ 106.929795][ T30] audit: type=1802 audit(1746139948.605:2): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.9" res=0 errno=0 [ 107.689293][ T5936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11'. [ 108.969558][ T5950] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13'. [ 109.609800][ T5969] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.707113][ T5964] zswap: compressor not available [ 110.396627][ T5831] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 110.862648][ T5974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18'. [ 112.591075][ T6004] random: crng reseeded on system resumption [ 114.686817][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.767558][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.531422][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.486424][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.884844][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 117.679123][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.016688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.969586][ T6085] capability: warning: `syz.0.34' uses 32-bit capabilities (legacy support in use) [ 119.929617][ T6094] netlink: 28 bytes leftover after parsing attributes in process `syz.2.37'. [ 120.463939][ T6094] bond0: (slave bond_slave_0): Releasing backup interface [ 120.990055][ T6097] zswap: compressor not available [ 121.080611][ T6100] Setting dangerous option i915.mitigations - tainting kernel [ 121.519248][ T6104] zswap: compressor not available [ 122.018150][ T6115] nvme_fabrics: missing parameter 'transport=%s' [ 122.024854][ T6115] nvme_fabrics: missing parameter 'nqn=%s' [ 123.075534][ T6128] input: f as /devices/virtual/input/input5 [ 123.367646][ T6142] FAULT_INJECTION: forcing a failure. [ 123.367646][ T6142] name failslab, interval 1, probability 0, space 0, times 1 [ 123.397018][ T6142] CPU: 1 UID: 0 PID: 6142 Comm: syz.1.47 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 123.397069][ T6142] Tainted: [U]=USER [ 123.397079][ T6142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 123.397106][ T6142] Call Trace: [ 123.397117][ T6142] [ 123.397133][ T6142] dump_stack_lvl+0x16c/0x1f0 [ 123.397197][ T6142] should_fail_ex+0x512/0x640 [ 123.397239][ T6142] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 123.397279][ T6142] should_failslab+0xc2/0x120 [ 123.397329][ T6142] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 123.397366][ T6142] ? alloc_inode+0xc3/0x240 [ 123.397408][ T6142] alloc_inode+0xc3/0x240 [ 123.397443][ T6142] iget_locked+0x2e4/0x830 [ 123.397482][ T6142] ? __pfx_iget_locked+0x10/0x10 [ 123.397520][ T6142] ? find_held_lock+0x2b/0x80 [ 123.397549][ T6142] ? kernfs_root+0xee/0x2a0 [ 123.397583][ T6142] kernfs_get_inode+0x48/0x460 [ 123.397630][ T6142] kernfs_iop_lookup+0x1a7/0x2d0 [ 123.397663][ T6142] __lookup_slow+0x24e/0x460 [ 123.397703][ T6142] ? __pfx___lookup_slow+0x10/0x10 [ 123.397766][ T6142] ? lookup_fast+0x156/0x610 [ 123.397804][ T6142] ? __pfx_kernfs_iop_permission+0x10/0x10 [ 123.397856][ T6142] walk_component+0x353/0x5b0 [ 123.397905][ T6142] link_path_walk.part.0.constprop.0+0x685/0xd60 [ 123.397967][ T6142] path_openat+0x227/0x2d40 [ 123.397992][ T6142] ? __x64_sys_openat+0x174/0x210 [ 123.398048][ T6142] ? __pfx_path_openat+0x10/0x10 [ 123.398087][ T6142] do_filp_open+0x20b/0x470 [ 123.398116][ T6142] ? __pfx_do_filp_open+0x10/0x10 [ 123.398173][ T6142] ? alloc_fd+0x471/0x7d0 [ 123.398230][ T6142] do_sys_openat2+0x11b/0x1d0 [ 123.398268][ T6142] ? __pfx_do_sys_openat2+0x10/0x10 [ 123.398330][ T6142] __x64_sys_openat+0x174/0x210 [ 123.398368][ T6142] ? __pfx___x64_sys_openat+0x10/0x10 [ 123.398408][ T6142] ? rcu_is_watching+0x12/0xc0 [ 123.398445][ T6142] do_syscall_64+0xcd/0x230 [ 123.398489][ T6142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.398519][ T6142] RIP: 0033:0x7f95c118e969 [ 123.398549][ T6142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.398581][ T6142] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 123.398613][ T6142] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 123.398633][ T6142] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 123.398652][ T6142] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 123.398670][ T6142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.398688][ T6142] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 123.398727][ T6142] [ 123.974083][ T6145] ubi0: attaching mtd0 [ 124.019439][ T6145] ubi0: scanning is finished [ 124.024140][ T6145] ubi0: empty MTD device detected [ 124.035225][ T6145] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 124.195804][ T6150] Invalid ELF header magic: != ELF [ 124.447793][ T6145] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 125.047365][ T6157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.50'. [ 125.163088][ T6145] Invalid ELF header magic: != ELF [ 126.471833][ T6172] zswap: compressor not available [ 126.566526][ T6178] Setting dangerous option i915.mitigations - tainting kernel [ 127.651335][ T6189] input: f as /devices/virtual/input/input6 [ 128.479381][ T6213] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 129.830111][ T6232] netlink: 'syz.1.62': attribute type 2 has an invalid length. [ 129.893200][ T6208] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 129.933411][ T6208] CIFS mount error: No usable UNC path provided in device string! [ 129.933411][ T6208] [ 129.962990][ T6208] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 129.964564][ T6230] program syz.0.66 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.859132][ T30] audit: type=1800 audit(6041107280.542:3): pid=6251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.71" name="dbroot" dev="configfs" ino=8145 res=0 errno=0 [ 130.887164][ T6251] db_root: not a directory: /dev/audio1 [ 131.082082][ T6236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.67'. [ 131.510835][ T6261] netlink: 342 bytes leftover after parsing attributes in process `syz.3.73'. [ 131.569134][ T6266] netlink: 342 bytes leftover after parsing attributes in process `syz.3.73'. [ 132.016427][ T6265] netlink: 8 bytes leftover after parsing attributes in process `syz.0.74'. [ 132.341580][ T6282] netlink: 8 bytes leftover after parsing attributes in process `syz.3.77'. [ 132.501816][ T6283] netlink: 2 bytes leftover after parsing attributes in process `syz.1.78'. [ 132.950605][ T6291] nfs: Unknown parameter 'w`_I+; HY Lu>>uh*C<+ ' [ 133.279360][ T6310] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 133.300885][ T6302] zswap: compressor not available [ 134.631935][ T6329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.88'. [ 134.925269][ T6348] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 135.544733][ T6361] zswap: compressor not available [ 136.372321][ T6391] FAULT_INJECTION: forcing a failure. [ 136.372321][ T6391] name failslab, interval 1, probability 0, space 0, times 0 [ 136.432710][ T6391] CPU: 1 UID: 0 PID: 6391 Comm: syz.3.99 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 136.432765][ T6391] Tainted: [U]=USER [ 136.432775][ T6391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 136.432793][ T6391] Call Trace: [ 136.432803][ T6391] [ 136.432815][ T6391] dump_stack_lvl+0x16c/0x1f0 [ 136.432862][ T6391] should_fail_ex+0x512/0x640 [ 136.432906][ T6391] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 136.432964][ T6391] should_failslab+0xc2/0x120 [ 136.433002][ T6391] __kmalloc_cache_noprof+0x6a/0x3e0 [ 136.433056][ T6391] ? vsnprintf+0x318/0x1160 [ 136.433092][ T6391] ? __alloc_workqueue+0xda2/0x1810 [ 136.433139][ T6391] __alloc_workqueue+0xda2/0x1810 [ 136.433178][ T6391] ? __pfx_vsnprintf+0x10/0x10 [ 136.433214][ T6391] ? lockdep_hardirqs_on+0x7c/0x110 [ 136.433255][ T6391] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 136.433297][ T6391] alloc_workqueue+0xd2/0x200 [ 136.433338][ T6391] ? __pfx_alloc_workqueue+0x10/0x10 [ 136.433399][ T6391] ? __pfx___debug_object_init+0x10/0x10 [ 136.433438][ T6391] nci_register_device+0x21e/0xb80 [ 136.433479][ T6391] ? __pfx_nci_register_device+0x10/0x10 [ 136.433522][ T6391] ? lockdep_init_map_type+0x5c/0x280 [ 136.433577][ T6391] virtual_ncidev_open+0x141/0x220 [ 136.433623][ T6391] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 136.433668][ T6391] misc_open+0x35a/0x420 [ 136.433718][ T6391] ? __pfx_misc_open+0x10/0x10 [ 136.433765][ T6391] chrdev_open+0x231/0x6a0 [ 136.433798][ T6391] ? __pfx_apparmor_file_open+0x10/0x10 [ 136.433840][ T6391] ? __pfx_chrdev_open+0x10/0x10 [ 136.433877][ T6391] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 136.433935][ T6391] do_dentry_open+0x741/0x1c10 [ 136.433969][ T6391] ? __pfx_chrdev_open+0x10/0x10 [ 136.434009][ T6391] vfs_open+0x82/0x3f0 [ 136.434055][ T6391] path_openat+0x1e5e/0x2d40 [ 136.434102][ T6391] ? __pfx_path_openat+0x10/0x10 [ 136.434144][ T6391] do_filp_open+0x20b/0x470 [ 136.434176][ T6391] ? __pfx_do_filp_open+0x10/0x10 [ 136.434236][ T6391] ? alloc_fd+0x471/0x7d0 [ 136.434299][ T6391] do_sys_openat2+0x11b/0x1d0 [ 136.434361][ T6391] ? __pfx_do_sys_openat2+0x10/0x10 [ 136.434429][ T6391] __x64_sys_openat+0x174/0x210 [ 136.434473][ T6391] ? __pfx___x64_sys_openat+0x10/0x10 [ 136.434519][ T6391] ? rcu_is_watching+0x12/0xc0 [ 136.434560][ T6391] do_syscall_64+0xcd/0x230 [ 136.434606][ T6391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.434639][ T6391] RIP: 0033:0x7f599078e969 [ 136.434664][ T6391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.434696][ T6391] RSP: 002b:00007f59915aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 136.434726][ T6391] RAX: ffffffffffffffda RBX: 00007f59909b5fa0 RCX: 00007f599078e969 [ 136.434747][ T6391] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 136.434768][ T6391] RBP: 00007f5990810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 136.434787][ T6391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.434805][ T6391] R13: 0000000000000000 R14: 00007f59909b5fa0 R15: 00007ffd33c36978 [ 136.434841][ T6391] [ 137.077163][ T6391] process 'syz.3.99' launched ':,' with NULL argv: empty string added [ 137.531795][ T6425] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 137.709225][ T6436] mmap: syz.2.103 (6436) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 138.012083][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.024786][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.732017][ T6435] netlink: 8 bytes leftover after parsing attributes in process `syz.3.106'. [ 140.361117][ T6498] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 140.916711][ T30] audit: type=1806 audit(6041107290.592:4): xattr=2EC7871B res=-22 [ 141.227303][ T6515] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 143.289524][ T6551] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 143.486204][ T6532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.120'. [ 143.543045][ T6554] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 145.152674][ T6585] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 145.238408][ T6587] FAULT_INJECTION: forcing a failure. [ 145.238408][ T6587] name failslab, interval 1, probability 0, space 0, times 0 [ 145.253653][ T6587] CPU: 1 UID: 0 PID: 6587 Comm: syz.1.136 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 145.253723][ T6587] Tainted: [U]=USER [ 145.253734][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 145.253753][ T6587] Call Trace: [ 145.253763][ T6587] [ 145.253779][ T6587] dump_stack_lvl+0x16c/0x1f0 [ 145.253831][ T6587] should_fail_ex+0x512/0x640 [ 145.253876][ T6587] ? __kmalloc_noprof+0xbf/0x510 [ 145.253916][ T6587] ? __register_sysctl_table+0xb3/0x1900 [ 145.253951][ T6587] should_failslab+0xc2/0x120 [ 145.253996][ T6587] __kmalloc_noprof+0xd2/0x510 [ 145.254042][ T6587] __register_sysctl_table+0xb3/0x1900 [ 145.254080][ T6587] ? is_module_address+0x5f/0xf0 [ 145.254129][ T6587] ? __pfx___register_sysctl_table+0x10/0x10 [ 145.254162][ T6587] ? is_module_address+0x69/0xf0 [ 145.254204][ T6587] ? register_net_sysctl_sz+0x228/0x3e0 [ 145.254254][ T6587] ? __asan_memcpy+0x3c/0x60 [ 145.254287][ T6587] nf_log_net_init+0x109/0x450 [ 145.254321][ T6587] ? __pfx_nf_log_net_init+0x10/0x10 [ 145.254352][ T6587] ops_init+0x1df/0x5f0 [ 145.254393][ T6587] setup_net+0x21e/0x850 [ 145.254434][ T6587] ? __pfx_setup_net+0x10/0x10 [ 145.254469][ T6587] ? lockdep_init_map_type+0x5c/0x280 [ 145.254512][ T6587] ? __pfx_down_read_killable+0x10/0x10 [ 145.254566][ T6587] ? debug_mutex_init+0x37/0x70 [ 145.254623][ T6587] copy_net_ns+0x2a6/0x5f0 [ 145.254669][ T6587] create_new_namespaces+0x3ea/0xad0 [ 145.254715][ T6587] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 145.254757][ T6587] ksys_unshare+0x45b/0xa40 [ 145.254799][ T6587] ? __pfx_ksys_unshare+0x10/0x10 [ 145.254838][ T6587] ? xfd_validate_state+0x5d/0x180 [ 145.254892][ T6587] ? rcu_is_watching+0x12/0xc0 [ 145.254931][ T6587] __x64_sys_unshare+0x31/0x40 [ 145.254972][ T6587] do_syscall_64+0xcd/0x230 [ 145.255026][ T6587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.255058][ T6587] RIP: 0033:0x7f95c118e969 [ 145.255085][ T6587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.255115][ T6587] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 145.255145][ T6587] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 145.255166][ T6587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 145.255186][ T6587] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 145.255206][ T6587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.255225][ T6587] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 145.255267][ T6587] [ 146.051117][ T6598] Device name cannot be null; rc = [-22] [ 146.061578][ T6595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.139'. [ 146.722238][ T6600] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 146.728797][ T6600] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 146.788130][ T6600] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 146.844242][ T6600] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 146.852639][ T6600] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 146.881502][ T6613] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4. [ 146.922146][ T6600] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 146.982955][ T6600] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 146.990956][ T6600] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 147.020142][ T6600] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 147.031057][ T6600] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 147.037578][ T6600] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 147.055777][ T6600] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 147.246012][ T6622] random: crng reseeded on system resumption [ 147.741568][ T6626] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 148.086191][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.890658][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 149.046351][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 149.052462][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 149.664271][ T6649] Invalid ELF header magic: != ELF [ 150.169209][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 150.330560][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.153'. [ 150.969605][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 151.136594][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 151.143085][ T5140] Bluetooth: hci3: command 0x0c1a tx timeout [ 151.270358][ T6678] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 151.719607][ T6684] zswap: compressor not available [ 152.042740][ T6694] netlink: 342 bytes leftover after parsing attributes in process `syz.3.163'. [ 152.246206][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 152.776907][ T6717] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 153.046291][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 153.232588][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 153.241922][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 153.353719][ T6723] can: request_module (can-proto-3) failed. [ 154.094583][ T6731] zswap: compressor not available [ 154.550625][ T30] audit: type=1800 audit(6041107304.232:5): pid=6751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.174" name="file0" dev="tmpfs" ino=235 res=0 errno=0 [ 154.652325][ T6739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.172'. [ 155.957687][ T6777] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 156.289021][ T6786] netlink: 'syz.3.179': attribute type 11 has an invalid length. [ 156.329567][ T6788] FAULT_INJECTION: forcing a failure. [ 156.329567][ T6788] name failslab, interval 1, probability 0, space 0, times 0 [ 156.379454][ T6788] CPU: 1 UID: 0 PID: 6788 Comm: syz.1.180 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 156.379513][ T6788] Tainted: [U]=USER [ 156.379525][ T6788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 156.379542][ T6788] Call Trace: [ 156.379552][ T6788] [ 156.379565][ T6788] dump_stack_lvl+0x16c/0x1f0 [ 156.379612][ T6788] should_fail_ex+0x512/0x640 [ 156.379658][ T6788] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 156.379699][ T6788] should_failslab+0xc2/0x120 [ 156.379740][ T6788] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 156.379778][ T6788] ? proc_alloc_inode+0x25/0x200 [ 156.379813][ T6788] ? __pfx_proc_alloc_inode+0x10/0x10 [ 156.379841][ T6788] proc_alloc_inode+0x25/0x200 [ 156.379870][ T6788] alloc_inode+0x61/0x240 [ 156.379910][ T6788] new_inode+0x22/0x1c0 [ 156.379947][ T6788] ? proc_lookup_de+0x217/0x320 [ 156.379987][ T6788] proc_get_inode+0x1d/0x780 [ 156.380023][ T6788] proc_lookup_de+0x253/0x320 [ 156.380060][ T6788] ? __pfx_proc_tgid_net_lookup+0x10/0x10 [ 156.380099][ T6788] proc_tgid_net_lookup+0x75/0x120 [ 156.380139][ T6788] lookup_open.isra.0+0x4d7/0x1580 [ 156.380195][ T6788] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 156.380276][ T6788] ? lookup_fast+0x156/0x610 [ 156.380328][ T6788] path_openat+0x905/0x2d40 [ 156.380374][ T6788] ? __pfx_path_openat+0x10/0x10 [ 156.380417][ T6788] do_filp_open+0x20b/0x470 [ 156.380449][ T6788] ? __pfx_do_filp_open+0x10/0x10 [ 156.380489][ T6788] ? __pfx_kfree_link+0x10/0x10 [ 156.380534][ T6788] ? alloc_fd+0x471/0x7d0 [ 156.380584][ T6788] do_sys_openat2+0x11b/0x1d0 [ 156.380619][ T6788] ? __pfx_do_sys_openat2+0x10/0x10 [ 156.380667][ T6788] __x64_sys_openat+0x174/0x210 [ 156.380703][ T6788] ? __pfx___x64_sys_openat+0x10/0x10 [ 156.380740][ T6788] ? rcu_is_watching+0x12/0xc0 [ 156.380774][ T6788] do_syscall_64+0xcd/0x230 [ 156.380812][ T6788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.380839][ T6788] RIP: 0033:0x7f95c118e969 [ 156.380859][ T6788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.380884][ T6788] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 156.380910][ T6788] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 156.380927][ T6788] RDX: 0000000000101000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 156.380944][ T6788] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 156.380959][ T6788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.380975][ T6788] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 156.381009][ T6788] [ 157.124446][ T6797] zswap: compressor not available [ 157.682228][ T6825] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 157.729590][ T6828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.188'. [ 157.762043][ T6831] Invalid ELF header magic: != ELF [ 158.077757][ T6819] netlink: 8 bytes leftover after parsing attributes in process `syz.3.186'. [ 158.552708][ T6842] can: request_module (can-proto-0) failed. [ 159.123511][ T6855] zswap: compressor not available [ 161.067908][ T6894] misc userio: The device must be registered before sending interrupts [ 161.701900][ T6900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.204'. [ 163.197033][ T6930] can: request_module (can-proto-3) failed. [ 165.294657][ T6926] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 165.543605][ T6955] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 167.839486][ T6984] netlink: 24 bytes leftover after parsing attributes in process `syz.2.222'. [ 168.352240][ T6992] random: crng reseeded on system resumption [ 169.225951][ T7003] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 169.281071][ T6998] zswap: compressor not available [ 169.526514][ T7006] svc: failed to register nfsdv3 RPC service (errno 111). [ 169.547940][ T7006] svc: failed to register nfsaclv3 RPC service (errno 111). [ 169.561464][ T7011] netlink: 28 bytes leftover after parsing attributes in process `syz.1.226'. [ 171.652731][ T7035] netlink: 8 bytes leftover after parsing attributes in process `syz.3.230'. [ 171.672133][ T7045] zswap: compressor not available [ 172.332102][ T7060] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 172.577657][ T7063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.237'. [ 173.813205][ T7077] zswap: compressor not available [ 175.125187][ T7106] FAULT_INJECTION: forcing a failure. [ 175.125187][ T7106] name failslab, interval 1, probability 0, space 0, times 0 [ 175.176971][ T7106] CPU: 1 UID: 0 PID: 7106 Comm: syz.3.250 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 175.177028][ T7106] Tainted: [U]=USER [ 175.177038][ T7106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 175.177057][ T7106] Call Trace: [ 175.177067][ T7106] [ 175.177080][ T7106] dump_stack_lvl+0x16c/0x1f0 [ 175.177129][ T7106] should_fail_ex+0x512/0x640 [ 175.177174][ T7106] ? fs_reclaim_acquire+0xae/0x150 [ 175.177227][ T7106] should_failslab+0xc2/0x120 [ 175.177265][ T7106] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 175.177301][ T7106] ? security_inode_alloc+0x3b/0x2b0 [ 175.177341][ T7106] security_inode_alloc+0x3b/0x2b0 [ 175.177377][ T7106] inode_init_always_gfp+0xce4/0x1030 [ 175.177436][ T7106] alloc_inode+0x86/0x240 [ 175.177474][ T7106] new_inode+0x22/0x1c0 [ 175.177517][ T7106] proc_pid_make_inode+0x22/0x160 [ 175.177571][ T7106] proc_pident_instantiate+0x85/0x320 [ 175.177631][ T7106] proc_pident_lookup+0x21d/0x290 [ 175.177694][ T7106] __lookup_slow+0x24e/0x460 [ 175.177738][ T7106] ? __pfx___lookup_slow+0x10/0x10 [ 175.177807][ T7106] ? lookup_fast+0x156/0x610 [ 175.177860][ T7106] walk_component+0x353/0x5b0 [ 175.177920][ T7106] link_path_walk.part.0.constprop.0+0x685/0xd60 [ 175.177989][ T7106] path_openat+0x227/0x2d40 [ 175.178015][ T7106] ? __x64_sys_openat+0x174/0x210 [ 175.178076][ T7106] ? __pfx_path_openat+0x10/0x10 [ 175.178118][ T7106] do_filp_open+0x20b/0x470 [ 175.178149][ T7106] ? __pfx_do_filp_open+0x10/0x10 [ 175.178196][ T7106] ? __pfx_kfree_link+0x10/0x10 [ 175.178251][ T7106] ? alloc_fd+0x471/0x7d0 [ 175.178312][ T7106] do_sys_openat2+0x11b/0x1d0 [ 175.178355][ T7106] ? __pfx_do_sys_openat2+0x10/0x10 [ 175.178415][ T7106] __x64_sys_openat+0x174/0x210 [ 175.178460][ T7106] ? __pfx___x64_sys_openat+0x10/0x10 [ 175.178507][ T7106] ? rcu_is_watching+0x12/0xc0 [ 175.178549][ T7106] do_syscall_64+0xcd/0x230 [ 175.178597][ T7106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.178629][ T7106] RIP: 0033:0x7f599078e969 [ 175.178655][ T7106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.178686][ T7106] RSP: 002b:00007f59915aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 175.178716][ T7106] RAX: ffffffffffffffda RBX: 00007f59909b5fa0 RCX: 00007f599078e969 [ 175.178737][ T7106] RDX: 0000000000101000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 175.178758][ T7106] RBP: 00007f5990810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 175.178777][ T7106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.178796][ T7106] R13: 0000000000000000 R14: 00007f59909b5fa0 R15: 00007ffd33c36978 [ 175.178838][ T7106] [ 175.199931][ T30] audit: type=1326 audit(6041107324.872:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7107 comm="syz.1.251" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f95c118e969 code=0x0 [ 176.357829][ T7120] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 176.382129][ T7120] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 176.423688][ T7120] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 176.452409][ T7120] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 176.584810][ T7126] syz.3.254 uses obsolete (PF_INET,SOCK_PACKET) [ 176.844190][ T7130] zswap: compressor not available [ 177.846949][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 178.117712][ T7141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.257'. [ 178.410103][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.504930][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.511179][ T5140] Bluetooth: hci2: command 0x0c1a tx timeout [ 182.255108][ T7252] FAULT_INJECTION: forcing a failure. [ 182.255108][ T7252] name failslab, interval 1, probability 0, space 0, times 0 [ 182.286566][ T7252] CPU: 0 UID: 0 PID: 7252 Comm: syz.0.279 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 182.286619][ T7252] Tainted: [U]=USER [ 182.286629][ T7252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 182.286653][ T7252] Call Trace: [ 182.286663][ T7252] [ 182.286691][ T7252] dump_stack_lvl+0x16c/0x1f0 [ 182.286739][ T7252] should_fail_ex+0x512/0x640 [ 182.286784][ T7252] ? __kmalloc_noprof+0xbf/0x510 [ 182.286821][ T7252] ? __register_sysctl_table+0xea2/0x1900 [ 182.286854][ T7252] should_failslab+0xc2/0x120 [ 182.286893][ T7252] __kmalloc_noprof+0xd2/0x510 [ 182.286925][ T7252] ? __register_sysctl_table+0xe8e/0x1900 [ 182.286968][ T7252] __register_sysctl_table+0xea2/0x1900 [ 182.287013][ T7252] ? __pfx___register_sysctl_table+0x10/0x10 [ 182.287047][ T7252] ? is_module_address+0x69/0xf0 [ 182.287087][ T7252] ? register_net_sysctl_sz+0x228/0x3e0 [ 182.287137][ T7252] ? __asan_memcpy+0x3c/0x60 [ 182.287169][ T7252] mptcp_net_init+0x499/0x620 [ 182.287210][ T7252] ? __pfx_mptcp_net_init+0x10/0x10 [ 182.287240][ T7252] ops_init+0x1df/0x5f0 [ 182.287281][ T7252] setup_net+0x21e/0x850 [ 182.287318][ T7252] ? __pfx_setup_net+0x10/0x10 [ 182.287350][ T7252] ? lockdep_init_map_type+0x5c/0x280 [ 182.287401][ T7252] ? __pfx_down_read_killable+0x10/0x10 [ 182.287454][ T7252] ? debug_mutex_init+0x37/0x70 [ 182.287528][ T7252] copy_net_ns+0x2a6/0x5f0 [ 182.287574][ T7252] create_new_namespaces+0x3ea/0xad0 [ 182.287620][ T7252] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 182.287660][ T7252] ksys_unshare+0x45b/0xa40 [ 182.287704][ T7252] ? __pfx_ksys_unshare+0x10/0x10 [ 182.287745][ T7252] ? xfd_validate_state+0x5d/0x180 [ 182.287799][ T7252] ? rcu_is_watching+0x12/0xc0 [ 182.287838][ T7252] __x64_sys_unshare+0x31/0x40 [ 182.287881][ T7252] do_syscall_64+0xcd/0x230 [ 182.287926][ T7252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.287959][ T7252] RIP: 0033:0x7f5ab158e969 [ 182.287984][ T7252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.288015][ T7252] RSP: 002b:00007f5ab2371038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 182.288044][ T7252] RAX: ffffffffffffffda RBX: 00007f5ab17b5fa0 RCX: 00007f5ab158e969 [ 182.288065][ T7252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 182.288084][ T7252] RBP: 00007f5ab1610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 182.288103][ T7252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.288122][ T7252] R13: 0000000000000000 R14: 00007f5ab17b5fa0 R15: 00007ffd32a13aa8 [ 182.288164][ T7252] [ 182.288178][ T7252] sysctl could not get directory: /net/mptcp -12 [ 182.718770][ T7246] netlink: 8 bytes leftover after parsing attributes in process `syz.1.278'. [ 182.924605][ T7259] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 185.321259][ T7298] netlink: 28 bytes leftover after parsing attributes in process `syz.0.290'. [ 185.508841][ T7298] team0: Port device team_slave_0 removed [ 186.137151][ T7304] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 186.496425][ T7287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.288'. [ 188.464125][ T7333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.299'. [ 188.603604][ T7333] ipvlan1: entered allmulticast mode [ 188.622049][ T7333] veth0_vlan: entered allmulticast mode [ 189.750797][ T7363] Invalid ELF header magic: != ELF [ 189.855228][ T30] audit: type=1800 audit(6041107339.522:7): pid=7364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.307" name="file0" dev="tmpfs" ino=417 res=0 errno=0 [ 190.243886][ T7366] random: crng reseeded on system resumption [ 192.018638][ T7373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.309'. [ 192.726160][ T7409] sd 0:0:1:0: PR command failed: 1026 [ 192.743777][ T7409] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 192.897805][ T7409] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 193.454671][ T7420] netlink: 'syz.2.320': attribute type 19 has an invalid length. [ 193.481459][ T7420] netlink: 334 bytes leftover after parsing attributes in process `syz.2.320'. [ 195.514201][ T7471] usb usb24: check_ctrlrecip: process 7471 (syz.1.329) requesting ep 01 but needs 81 [ 195.566306][ T7471] usb usb24: usbfs: process 7471 (syz.1.329) did not claim interface 0 before use [ 195.672560][ T7468] Invalid ELF header magic: != ELF [ 197.100245][ T7501] netlink: 'syz.3.336': attribute type 19 has an invalid length. [ 197.117255][ T7501] netlink: 334 bytes leftover after parsing attributes in process `syz.3.336'. [ 197.150518][ T7489] random: crng reseeded on system resumption [ 197.406241][ T7511] netlink: 206 bytes leftover after parsing attributes in process `syz.2.338'. [ 197.895814][ T30] audit: type=1800 audit(6041107347.572:8): pid=7524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.342" name="discovery_nqn" dev="configfs" ino=14312 res=0 errno=0 [ 198.182051][ T7533] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 198.274615][ T7533] FAULT_INJECTION: forcing a failure. [ 198.274615][ T7533] name failslab, interval 1, probability 0, space 0, times 0 [ 198.274695][ T7533] CPU: 1 UID: 0 PID: 7533 Comm: syz.0.346 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 198.274747][ T7533] Tainted: [U]=USER [ 198.274757][ T7533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 198.274776][ T7533] Call Trace: [ 198.274786][ T7533] [ 198.274798][ T7533] dump_stack_lvl+0x16c/0x1f0 [ 198.274844][ T7533] should_fail_ex+0x512/0x640 [ 198.274889][ T7533] ? __kmalloc_noprof+0xbf/0x510 [ 198.274927][ T7533] ? __register_sysctl_table+0xea2/0x1900 [ 198.274963][ T7533] should_failslab+0xc2/0x120 [ 198.275001][ T7533] __kmalloc_noprof+0xd2/0x510 [ 198.275034][ T7533] ? __register_sysctl_table+0xe8e/0x1900 [ 198.275088][ T7533] __register_sysctl_table+0xea2/0x1900 [ 198.275133][ T7533] ? __pfx___register_sysctl_table+0x10/0x10 [ 198.275165][ T7533] ? is_module_address+0x69/0xf0 [ 198.275206][ T7533] ? register_net_sysctl_sz+0x228/0x3e0 [ 198.275256][ T7533] ? __asan_memcpy+0x3c/0x60 [ 198.275289][ T7533] smc_sysctl_net_init+0xbb/0x3d0 [ 198.275344][ T7533] ? __pfx_smc_net_init+0x10/0x10 [ 198.275393][ T7533] smc_net_init+0x16/0x50 [ 198.275442][ T7533] ops_init+0x1df/0x5f0 [ 198.275484][ T7533] setup_net+0x21e/0x850 [ 198.275526][ T7533] ? __pfx_setup_net+0x10/0x10 [ 198.275561][ T7533] ? lockdep_init_map_type+0x5c/0x280 [ 198.275606][ T7533] ? __pfx_down_read_killable+0x10/0x10 [ 198.275661][ T7533] ? debug_mutex_init+0x37/0x70 [ 198.275716][ T7533] copy_net_ns+0x2a6/0x5f0 [ 198.275761][ T7533] create_new_namespaces+0x3ea/0xad0 [ 198.275806][ T7533] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 198.275845][ T7533] ksys_unshare+0x45b/0xa40 [ 198.275890][ T7533] ? __pfx_ksys_unshare+0x10/0x10 [ 198.275931][ T7533] ? xfd_validate_state+0x5d/0x180 [ 198.275982][ T7533] ? rcu_is_watching+0x12/0xc0 [ 198.276021][ T7533] __x64_sys_unshare+0x31/0x40 [ 198.276069][ T7533] do_syscall_64+0xcd/0x230 [ 198.276116][ T7533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.276146][ T7533] RIP: 0033:0x7f5ab158e969 [ 198.276171][ T7533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.276200][ T7533] RSP: 002b:00007f5ab2371038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 198.276230][ T7533] RAX: ffffffffffffffda RBX: 00007f5ab17b5fa0 RCX: 00007f5ab158e969 [ 198.276251][ T7533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 198.276269][ T7533] RBP: 00007f5ab1610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 198.276288][ T7533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.276306][ T7533] R13: 0000000000000000 R14: 00007f5ab17b5fa0 R15: 00007ffd32a13aa8 [ 198.276347][ T7533] [ 198.284516][ T7533] sysctl could not get directory: /net/smc -12 [ 198.944097][ T7545] random: crng reseeded on system resumption [ 199.452138][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.459450][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.601496][ T7592] netlink: 28 bytes leftover after parsing attributes in process `syz.1.357'. [ 201.090233][ T7592] bond0: (slave bond_slave_1): Releasing backup interface [ 201.115419][ T7613] netlink: 306 bytes leftover after parsing attributes in process `syz.3.361'. [ 201.529745][ T7618] zswap: compressor not available [ 201.862385][ T7617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.362'. [ 202.195985][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.2.365'. [ 202.370501][ T7638] syz.0.368(7638): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 202.747475][ T7644] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 203.244011][ T7654] netlink: 28 bytes leftover after parsing attributes in process `syz.0.370'. [ 203.451711][ T7661] FAULT_INJECTION: forcing a failure. [ 203.451711][ T7661] name failslab, interval 1, probability 0, space 0, times 0 [ 203.495114][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: syz.1.372 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 203.495164][ T7661] Tainted: [U]=USER [ 203.495175][ T7661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 203.495193][ T7661] Call Trace: [ 203.495202][ T7661] [ 203.495213][ T7661] dump_stack_lvl+0x16c/0x1f0 [ 203.495265][ T7661] should_fail_ex+0x512/0x640 [ 203.495310][ T7661] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 203.495352][ T7661] should_failslab+0xc2/0x120 [ 203.495390][ T7661] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 203.495426][ T7661] ? __pfx___might_resched+0x10/0x10 [ 203.495460][ T7661] ? alloc_vmap_area+0x613/0x2970 [ 203.495511][ T7661] alloc_vmap_area+0x613/0x2970 [ 203.495574][ T7661] ? __pfx_alloc_vmap_area+0x10/0x10 [ 203.495632][ T7661] __get_vm_area_node+0x1a7/0x300 [ 203.495689][ T7661] __vmalloc_node_range_noprof+0x277/0x1540 [ 203.495743][ T7661] ? n_tty_open+0x1a/0x170 [ 203.495800][ T7661] ? n_tty_open+0x1a/0x170 [ 203.495859][ T7661] ? __ldsem_down_write_nested+0x10e/0x850 [ 203.495908][ T7661] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 203.495971][ T7661] ? n_tty_open+0x1a/0x170 [ 203.496015][ T7661] vzalloc_noprof+0x6b/0x90 [ 203.496063][ T7661] ? n_tty_open+0x1a/0x170 [ 203.496103][ T7661] ? __pfx_n_tty_open+0x10/0x10 [ 203.496142][ T7661] n_tty_open+0x1a/0x170 [ 203.496183][ T7661] ? __pfx_n_tty_open+0x10/0x10 [ 203.496224][ T7661] tty_ldisc_open+0x9c/0x120 [ 203.496255][ T7661] tty_ldisc_setup+0x40/0x100 [ 203.496290][ T7661] tty_init_dev.part.0+0x1ec/0x500 [ 203.496335][ T7661] tty_open+0xa50/0xf90 [ 203.496383][ T7661] ? __pfx_tty_open+0x10/0x10 [ 203.496423][ T7661] ? chrdev_open+0x10b/0x6a0 [ 203.496463][ T7661] ? __pfx_tty_open+0x10/0x10 [ 203.496500][ T7661] chrdev_open+0x231/0x6a0 [ 203.496531][ T7661] ? __pfx_apparmor_file_open+0x10/0x10 [ 203.496571][ T7661] ? __pfx_chrdev_open+0x10/0x10 [ 203.496610][ T7661] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 203.496664][ T7661] do_dentry_open+0x741/0x1c10 [ 203.496697][ T7661] ? __pfx_chrdev_open+0x10/0x10 [ 203.496738][ T7661] vfs_open+0x82/0x3f0 [ 203.496784][ T7661] path_openat+0x1e5e/0x2d40 [ 203.496831][ T7661] ? __pfx_path_openat+0x10/0x10 [ 203.496883][ T7661] do_filp_open+0x20b/0x470 [ 203.496913][ T7661] ? __pfx_do_filp_open+0x10/0x10 [ 203.496977][ T7661] ? alloc_fd+0x471/0x7d0 [ 203.497039][ T7661] do_sys_openat2+0x11b/0x1d0 [ 203.497081][ T7661] ? __pfx_do_sys_openat2+0x10/0x10 [ 203.497140][ T7661] __x64_sys_openat+0x174/0x210 [ 203.497184][ T7661] ? __pfx___x64_sys_openat+0x10/0x10 [ 203.497230][ T7661] ? rcu_is_watching+0x12/0xc0 [ 203.497272][ T7661] do_syscall_64+0xcd/0x230 [ 203.497320][ T7661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.497352][ T7661] RIP: 0033:0x7f95c118e969 [ 203.497378][ T7661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.497407][ T7661] RSP: 002b:00007f95c1f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 203.497436][ T7661] RAX: ffffffffffffffda RBX: 00007f95c13b6160 RCX: 00007f95c118e969 [ 203.497457][ T7661] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 203.497477][ T7661] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 203.497497][ T7661] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 203.497516][ T7661] R13: 0000000000000000 R14: 00007f95c13b6160 R15: 00007fffb2aa84f8 [ 203.497556][ T7661] [ 203.912342][ T7661] syz.1.372: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 203.929424][ T7661] CPU: 0 UID: 0 PID: 7661 Comm: syz.1.372 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 203.929474][ T7661] Tainted: [U]=USER [ 203.929484][ T7661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 203.929502][ T7661] Call Trace: [ 203.929513][ T7661] [ 203.929525][ T7661] dump_stack_lvl+0x16c/0x1f0 [ 203.929591][ T7661] warn_alloc+0x248/0x3a0 [ 203.929629][ T7661] ? __pfx_warn_alloc+0x10/0x10 [ 203.929667][ T7661] ? kfree+0x2b6/0x4d0 [ 203.929728][ T7661] ? __get_vm_area_node+0x1e5/0x300 [ 203.929787][ T7661] __vmalloc_node_range_noprof+0xd31/0x1540 [ 203.929857][ T7661] ? n_tty_open+0x1a/0x170 [ 203.929904][ T7661] ? __ldsem_down_write_nested+0x10e/0x850 [ 203.929953][ T7661] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 203.930019][ T7661] ? n_tty_open+0x1a/0x170 [ 203.930063][ T7661] vzalloc_noprof+0x6b/0x90 [ 203.930111][ T7661] ? n_tty_open+0x1a/0x170 [ 203.930151][ T7661] ? __pfx_n_tty_open+0x10/0x10 [ 203.930191][ T7661] n_tty_open+0x1a/0x170 [ 203.930231][ T7661] ? __pfx_n_tty_open+0x10/0x10 [ 203.930273][ T7661] tty_ldisc_open+0x9c/0x120 [ 203.930304][ T7661] tty_ldisc_setup+0x40/0x100 [ 203.930337][ T7661] tty_init_dev.part.0+0x1ec/0x500 [ 203.930379][ T7661] tty_open+0xa50/0xf90 [ 203.930426][ T7661] ? __pfx_tty_open+0x10/0x10 [ 203.930465][ T7661] ? chrdev_open+0x10b/0x6a0 [ 203.930505][ T7661] ? __pfx_tty_open+0x10/0x10 [ 203.930543][ T7661] chrdev_open+0x231/0x6a0 [ 203.930575][ T7661] ? __pfx_apparmor_file_open+0x10/0x10 [ 203.930616][ T7661] ? __pfx_chrdev_open+0x10/0x10 [ 203.930653][ T7661] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 203.930711][ T7661] do_dentry_open+0x741/0x1c10 [ 203.930744][ T7661] ? __pfx_chrdev_open+0x10/0x10 [ 203.930786][ T7661] vfs_open+0x82/0x3f0 [ 203.930841][ T7661] path_openat+0x1e5e/0x2d40 [ 203.930889][ T7661] ? __pfx_path_openat+0x10/0x10 [ 203.930932][ T7661] do_filp_open+0x20b/0x470 [ 203.930965][ T7661] ? __pfx_do_filp_open+0x10/0x10 [ 203.931023][ T7661] ? alloc_fd+0x471/0x7d0 [ 203.931079][ T7661] do_sys_openat2+0x11b/0x1d0 [ 203.931120][ T7661] ? __pfx_do_sys_openat2+0x10/0x10 [ 203.931178][ T7661] __x64_sys_openat+0x174/0x210 [ 203.931221][ T7661] ? __pfx___x64_sys_openat+0x10/0x10 [ 203.931267][ T7661] ? rcu_is_watching+0x12/0xc0 [ 203.931308][ T7661] do_syscall_64+0xcd/0x230 [ 203.931357][ T7661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.931389][ T7661] RIP: 0033:0x7f95c118e969 [ 203.931415][ T7661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.931445][ T7661] RSP: 002b:00007f95c1f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 203.931475][ T7661] RAX: ffffffffffffffda RBX: 00007f95c13b6160 RCX: 00007f95c118e969 [ 203.931496][ T7661] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 203.931518][ T7661] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 203.931538][ T7661] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 203.931558][ T7661] R13: 0000000000000000 R14: 00007f95c13b6160 R15: 00007fffb2aa84f8 [ 203.931600][ T7661] [ 203.931612][ T7661] Mem-Info: [ 204.308752][ T7661] active_anon:62307 inactive_anon:0 isolated_anon:0 [ 204.308752][ T7661] active_file:17522 inactive_file:40983 isolated_file:0 [ 204.308752][ T7661] unevictable:768 dirty:532 writeback:0 [ 204.308752][ T7661] slab_reclaimable:10552 slab_unreclaimable:93854 [ 204.308752][ T7661] mapped:24968 shmem:51015 pagetables:839 [ 204.308752][ T7661] sec_pagetables:0 bounce:0 [ 204.308752][ T7661] kernel_misc_reclaimable:0 [ 204.308752][ T7661] free:1286523 free_pcp:1731 free_cma:0 [ 204.374778][ T7661] Node 0 active_anon:249928kB inactive_anon:0kB active_file:70856kB inactive_file:163820kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101548kB dirty:2124kB writeback:0kB shmem:203124kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10636kB pagetables:3356kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 204.439143][ T7661] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 204.506269][ T7661] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 204.641629][ T7661] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 204.664063][ T7668] zswap: compressor not available [ 204.686549][ T7661] Node 0 DMA32 free:1221908kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:253180kB inactive_anon:0kB active_file:70856kB inactive_file:162400kB unevictable:1536kB writepending:3996kB present:3129332kB managed:2544188kB mlocked:0kB bounce:0kB free_pcp:2312kB local_pcp:1356kB free_cma:0kB [ 204.741335][ T7661] lowmem_reserve[]: 0 0 1 1 1 [ 204.799240][ T7661] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 204.931021][ T7661] lowmem_reserve[]: 0 0 0 0 0 [ 204.961449][ T7661] Node 1 Normal free:3903288kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:112kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:5204kB local_pcp:4432kB free_cma:0kB [ 205.060990][ T7661] lowmem_reserve[]: 0 0 0 0 0 [ 205.180067][ T7661] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 205.282586][ T7661] Node 0 DMA32: 2452*4kB (UM) 523*8kB (UME) 536*16kB (ME) 521*32kB (UME) 425*64kB (UME) 196*128kB (UME) 100*256kB (UME) 40*512kB (UM) 16*1024kB (UME) 3*2048kB (ME) 258*4096kB (UM) = 1216904kB [ 205.344236][ T7661] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 205.416961][ T7661] Node 1 Normal: 102*4kB (U) 56*8kB (UE) 42*16kB (UE) 194*32kB (UE) 92*64kB (UME) 26*128kB (UE) 15*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 1*2048kB (E) 944*4096kB (M) = 3903288kB [ 205.494940][ T7661] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 205.527457][ T7661] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 205.594331][ T7661] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 205.624584][ T7661] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 205.680168][ T7661] 111805 total pagecache pages [ 205.706997][ T7661] 0 pages in swap cache [ 205.725104][ T7661] Free swap = 124996kB [ 205.745796][ T7661] Total swap = 124996kB [ 205.764522][ T7661] 2097051 pages RAM [ 205.779275][ T7661] 0 pages HighMem/MovableOnly [ 205.792048][ T7661] 428898 pages reserved [ 205.805272][ T7661] 0 pages cma reserved [ 205.815588][ T7661] tty tty26: ldisc open failed (-12), clearing slot 25 [ 207.016143][ T30] audit: type=1800 audit(6041107356.682:9): pid=7706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.383" name="file0" dev="tmpfs" ino=568 res=0 errno=0 [ 207.367161][ T7713] zswap: compressor not available [ 208.118042][ T7727] CIFS mount error: No usable UNC path provided in device string! [ 208.118042][ T7727] [ 208.129282][ T7727] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 209.395767][ T7738] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 209.586725][ T7750] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 210.567196][ T7765] netlink: 'syz.3.396': attribute type 1 has an invalid length. [ 211.555173][ T7772] netlink: 306 bytes leftover after parsing attributes in process `syz.1.399'. [ 213.162061][ T7797] FAULT_INJECTION: forcing a failure. [ 213.162061][ T7797] name failslab, interval 1, probability 0, space 0, times 0 [ 213.191085][ T7797] CPU: 1 UID: 0 PID: 7797 Comm: syz.1.405 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 213.191139][ T7797] Tainted: [U]=USER [ 213.191150][ T7797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 213.191167][ T7797] Call Trace: [ 213.191178][ T7797] [ 213.191190][ T7797] dump_stack_lvl+0x16c/0x1f0 [ 213.191240][ T7797] should_fail_ex+0x512/0x640 [ 213.191285][ T7797] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 213.191339][ T7797] should_failslab+0xc2/0x120 [ 213.191378][ T7797] __kmalloc_cache_noprof+0x6a/0x3e0 [ 213.191427][ T7797] ? kobject_create_and_add+0x4a/0xf0 [ 213.191482][ T7797] kobject_create_and_add+0x4a/0xf0 [ 213.191534][ T7797] add_disk_fwnode+0x8d0/0x13a0 [ 213.191591][ T7797] zram_add+0x494/0x6c0 [ 213.191633][ T7797] ? __pfx_zram_add+0x10/0x10 [ 213.191703][ T7797] ? find_held_lock+0x2b/0x80 [ 213.191740][ T7797] ? __pfx_hot_add_show+0x10/0x10 [ 213.191782][ T7797] ? __pfx_class_attr_show+0x10/0x10 [ 213.191821][ T7797] hot_add_show+0x21/0x80 [ 213.191864][ T7797] class_attr_show+0x6f/0xa0 [ 213.191918][ T7797] sysfs_kf_seq_show+0x213/0x3e0 [ 213.191969][ T7797] seq_read_iter+0x506/0x12c0 [ 213.192030][ T7797] kernfs_fop_read_iter+0x40f/0x5a0 [ 213.192068][ T7797] ? rw_verify_area+0xcf/0x680 [ 213.192123][ T7797] vfs_read+0x8c8/0xc70 [ 213.192157][ T7797] ? __pfx___mutex_lock+0x10/0x10 [ 213.192198][ T7797] ? __pfx_vfs_read+0x10/0x10 [ 213.192255][ T7797] ksys_read+0x12a/0x240 [ 213.192282][ T7797] ? __pfx_ksys_read+0x10/0x10 [ 213.192307][ T7797] ? rcu_is_watching+0x12/0xc0 [ 213.192348][ T7797] do_syscall_64+0xcd/0x230 [ 213.192392][ T7797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.192422][ T7797] RIP: 0033:0x7f95c118e969 [ 213.192447][ T7797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.192478][ T7797] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 213.192506][ T7797] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 213.192525][ T7797] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000008 [ 213.192542][ T7797] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 213.192560][ T7797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.192578][ T7797] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 213.192618][ T7797] [ 215.096835][ T7826] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 217.574286][ T7874] FAULT_INJECTION: forcing a failure. [ 217.574286][ T7874] name failslab, interval 1, probability 0, space 0, times 0 [ 217.597440][ T7865] can: request_module (can-proto-3) failed. [ 217.614940][ T7874] CPU: 0 UID: 0 PID: 7874 Comm: syz.2.421 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 217.614998][ T7874] Tainted: [U]=USER [ 217.615009][ T7874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 217.615029][ T7874] Call Trace: [ 217.615040][ T7874] [ 217.615053][ T7874] dump_stack_lvl+0x16c/0x1f0 [ 217.615102][ T7874] should_fail_ex+0x512/0x640 [ 217.615147][ T7874] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 217.615189][ T7874] should_failslab+0xc2/0x120 [ 217.615230][ T7874] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 217.615268][ T7874] ? ptlock_alloc+0x1f/0x70 [ 217.615306][ T7874] ptlock_alloc+0x1f/0x70 [ 217.615336][ T7874] pte_alloc_one+0x6d/0x380 [ 217.615375][ T7874] __pte_alloc+0x6d/0x3c0 [ 217.615418][ T7874] ? __pfx___pte_alloc+0x10/0x10 [ 217.615463][ T7874] ? _raw_spin_unlock+0x28/0x50 [ 217.615499][ T7874] ? __pmd_alloc+0x3c2/0x870 [ 217.615552][ T7874] copy_page_range+0x3a29/0x5fe0 [ 217.615649][ T7874] ? __pfx_copy_page_range+0x10/0x10 [ 217.615704][ T7874] ? mas_store+0x93a/0x10c0 [ 217.615752][ T7874] ? __pfx___might_resched+0x10/0x10 [ 217.615795][ T7874] ? __pfx_mas_store+0x10/0x10 [ 217.615847][ T7874] ? __vma_enter_locked+0x163/0x3f0 [ 217.615884][ T7874] ? down_write+0x14d/0x200 [ 217.615956][ T7874] copy_process+0x862b/0x91a0 [ 217.616032][ T7874] ? __pfx_copy_process+0x10/0x10 [ 217.616088][ T7874] ? psi_task_switch+0x201/0x8e0 [ 217.616130][ T7874] ? lock_acquire+0x179/0x350 [ 217.616173][ T7874] ? find_held_lock+0x2b/0x80 [ 217.616209][ T7874] kernel_clone+0xfc/0x960 [ 217.616248][ T7874] ? rcu_is_watching+0x12/0xc0 [ 217.616281][ T7874] ? __pfx_kernel_clone+0x10/0x10 [ 217.616319][ T7874] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 217.616379][ T7874] __do_sys_clone+0xce/0x120 [ 217.616421][ T7874] ? __pfx___do_sys_clone+0x10/0x10 [ 217.616485][ T7874] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 217.616555][ T7874] do_syscall_64+0xcd/0x230 [ 217.616604][ T7874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.616637][ T7874] RIP: 0033:0x7f660398e969 [ 217.616663][ T7874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.616694][ T7874] RSP: 002b:00007f660476ffe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 217.616724][ T7874] RAX: ffffffffffffffda RBX: 00007f6603bb5fa0 RCX: 00007f660398e969 [ 217.616746][ T7874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 217.616765][ T7874] RBP: 00007f6603a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 217.616783][ T7874] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 217.616803][ T7874] R13: 0000000000000000 R14: 00007f6603bb5fa0 R15: 00007ffd8a243078 [ 217.616856][ T7874] [ 218.406646][ T7887] binder: 7885:7887 ioctl c018620b 0 returned -14 [ 218.447614][ T7889] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 218.488403][ T7886] can: request_module (can-proto-4) failed. [ 218.629917][ T7881] netlink: 28 bytes leftover after parsing attributes in process `syz.3.423'. [ 218.641682][ T7893] zswap: compressor not available [ 218.850381][ T7897] netlink: 12 bytes leftover after parsing attributes in process `syz.0.427'. [ 219.502429][ T7910] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 219.605767][ T7913] nbd: failed to add new device [ 219.894127][ T7930] sctp: [Deprecated]: syz.2.434 (pid 7930) Use of int in max_burst socket option. [ 219.894127][ T7930] Use struct sctp_assoc_value instead [ 219.951049][ T7929] ubi0: attaching mtd0 [ 219.957477][ T7929] ubi0: scanning is finished [ 219.962171][ T7929] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 220.234625][ T7929] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 220.370290][ T7937] binder: 7936:7937 ioctl c018620b 0 returned -14 [ 221.110594][ T7948] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 221.405501][ T7956] FAULT_INJECTION: forcing a failure. [ 221.405501][ T7956] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 221.429037][ T7956] CPU: 1 UID: 0 PID: 7956 Comm: syz.1.439 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 221.429091][ T7956] Tainted: [U]=USER [ 221.429102][ T7956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 221.429120][ T7956] Call Trace: [ 221.429131][ T7956] [ 221.429143][ T7956] dump_stack_lvl+0x16c/0x1f0 [ 221.429192][ T7956] should_fail_ex+0x512/0x640 [ 221.429243][ T7956] should_fail_alloc_page+0xe7/0x130 [ 221.429284][ T7956] prepare_alloc_pages+0x3c2/0x610 [ 221.429340][ T7956] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 221.429391][ T7956] ? __lock_acquire+0xaa4/0x1ba0 [ 221.429439][ T7956] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 221.429491][ T7956] ? __lock_acquire+0xaa4/0x1ba0 [ 221.429539][ T7956] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 221.429596][ T7956] ? policy_nodemask+0xea/0x4e0 [ 221.429637][ T7956] alloc_pages_mpol+0x1fb/0x550 [ 221.429687][ T7956] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 221.429747][ T7956] ? __anon_vma_prepare+0x2db/0x5e0 [ 221.429787][ T7956] folio_alloc_mpol_noprof+0x36/0x2f0 [ 221.429835][ T7956] vma_alloc_folio_noprof+0xed/0x1e0 [ 221.429880][ T7956] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 221.429920][ T7956] ? __anon_vma_prepare+0x2e2/0x5e0 [ 221.429965][ T7956] do_pte_missing+0x223d/0x3fb0 [ 221.430004][ T7956] ? __pmd_alloc+0x3c2/0x870 [ 221.430054][ T7956] __handle_mm_fault+0x103d/0x2a40 [ 221.430099][ T7956] ? __pfx___handle_mm_fault+0x10/0x10 [ 221.430169][ T7956] handle_mm_fault+0x3fe/0xad0 [ 221.430208][ T7956] __get_user_pages+0x771/0x36f0 [ 221.430275][ T7956] ? __pfx___get_user_pages+0x10/0x10 [ 221.430341][ T7956] get_user_pages_remote+0x258/0xb20 [ 221.430400][ T7956] ? __pfx_get_user_pages_remote+0x10/0x10 [ 221.430467][ T7956] get_arg_page+0xf4/0x310 [ 221.430514][ T7956] ? __pfx_get_arg_page+0x10/0x10 [ 221.430563][ T7956] ? up_write+0x1b2/0x520 [ 221.430613][ T7956] copy_string_kernel+0x155/0x4a0 [ 221.430677][ T7956] do_execveat_common.isra.0+0x2ed/0x610 [ 221.430739][ T7956] __x64_sys_execve+0x8e/0xb0 [ 221.430791][ T7956] do_syscall_64+0xcd/0x230 [ 221.430839][ T7956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.430871][ T7956] RIP: 0033:0x7f95c118e969 [ 221.430897][ T7956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.430927][ T7956] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 221.430957][ T7956] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 221.430978][ T7956] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 221.430997][ T7956] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 221.431016][ T7956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.431035][ T7956] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 221.431076][ T7956] [ 222.262558][ T7970] binder: 7969:7970 ioctl c018620b 0 returned -14 [ 222.889392][ T7981] zswap: compressor not available [ 223.392556][ T8029] cgroup: fork rejected by pids controller in /syz0 [ 223.570123][ T7990] FAULT_INJECTION: forcing a failure. [ 223.570123][ T7990] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 223.601135][ T7990] CPU: 0 UID: 0 PID: 7990 Comm: syz.2.451 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 223.601199][ T7990] Tainted: [U]=USER [ 223.601210][ T7990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 223.601230][ T7990] Call Trace: [ 223.601240][ T7990] [ 223.601252][ T7990] dump_stack_lvl+0x16c/0x1f0 [ 223.601302][ T7990] should_fail_ex+0x512/0x640 [ 223.601354][ T7990] _copy_to_iter+0x2a4/0x15a0 [ 223.601414][ T7990] ? __pfx__copy_to_iter+0x10/0x10 [ 223.601468][ T7990] ? __skb_recv_datagram+0x1b2/0x220 [ 223.601524][ T7990] ? __pfx___skb_recv_datagram+0x10/0x10 [ 223.601582][ T7990] simple_copy_to_iter+0x46/0x90 [ 223.601631][ T7990] __skb_datagram_iter+0x125/0x8c0 [ 223.601676][ T7990] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 223.601728][ T7990] ? skb_recv_datagram+0x88/0xc0 [ 223.601784][ T7990] skb_copy_datagram_iter+0x40/0x50 [ 223.601838][ T7990] netlink_recvmsg+0x298/0xf20 [ 223.601879][ T7990] ? __pfx_netlink_recvmsg+0x10/0x10 [ 223.601911][ T7990] ? aa_sk_perm+0x2f4/0xb10 [ 223.601950][ T7990] ? find_held_lock+0x2b/0x80 [ 223.601980][ T7990] ? __pfx_aa_sk_perm+0x10/0x10 [ 223.602013][ T7990] ? __fget_files+0x204/0x3c0 [ 223.602082][ T7990] sock_recvmsg+0x1f6/0x250 [ 223.602127][ T7990] __sys_recvfrom+0x203/0x310 [ 223.602172][ T7990] ? __pfx___sys_recvfrom+0x10/0x10 [ 223.602218][ T7990] ? fput+0x70/0xf0 [ 223.602268][ T7990] ? xfd_validate_state+0x5d/0x180 [ 223.602323][ T7990] ? rcu_is_watching+0x12/0xc0 [ 223.602357][ T7990] __x64_sys_recvfrom+0xe0/0x1c0 [ 223.602387][ T7990] ? do_syscall_64+0x91/0x230 [ 223.602431][ T7990] ? lockdep_hardirqs_on+0x7c/0x110 [ 223.602473][ T7990] do_syscall_64+0xcd/0x230 [ 223.602518][ T7990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.602550][ T7990] RIP: 0033:0x7f6603990734 [ 223.602577][ T7990] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 223.602609][ T7990] RSP: 002b:00007f660476eed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 223.602639][ T7990] RAX: ffffffffffffffda RBX: 00007f660476efc0 RCX: 00007f6603990734 [ 223.602660][ T7990] RDX: 0000000000001000 RSI: 00007f660476f010 RDI: 000000000000000e [ 223.602680][ T7990] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 223.602699][ T7990] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 223.602718][ T7990] R13: 00007f660476ef68 R14: 00007f660476f010 R15: 0000000000000000 [ 223.602760][ T7990] [ 224.613789][ T8053] netlink: 330 bytes leftover after parsing attributes in process `syz.0.455'. [ 225.547867][ T8066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.279316][ T8118] zswap: compressor not available [ 228.284881][ T8122] FAULT_INJECTION: forcing a failure. [ 228.284881][ T8122] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.329742][ T8122] CPU: 1 UID: 0 PID: 8122 Comm: syz.3.473 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 228.329792][ T8122] Tainted: [U]=USER [ 228.329801][ T8122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 228.329818][ T8122] Call Trace: [ 228.329827][ T8122] [ 228.329839][ T8122] dump_stack_lvl+0x16c/0x1f0 [ 228.329883][ T8122] should_fail_ex+0x512/0x640 [ 228.329942][ T8122] _copy_to_user+0x32/0xd0 [ 228.329992][ T8122] simple_read_from_buffer+0xcb/0x170 [ 228.330040][ T8122] proc_fail_nth_read+0x197/0x270 [ 228.330085][ T8122] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.330131][ T8122] ? rw_verify_area+0xcf/0x680 [ 228.330177][ T8122] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.330218][ T8122] vfs_read+0x1de/0xc70 [ 228.330251][ T8122] ? __pfx___mutex_lock+0x10/0x10 [ 228.330291][ T8122] ? __pfx_vfs_read+0x10/0x10 [ 228.330329][ T8122] ? __fget_files+0x20e/0x3c0 [ 228.330389][ T8122] ksys_read+0x12a/0x240 [ 228.330416][ T8122] ? __pfx_ksys_read+0x10/0x10 [ 228.330442][ T8122] ? rcu_is_watching+0x12/0xc0 [ 228.330483][ T8122] do_syscall_64+0xcd/0x230 [ 228.330527][ T8122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.330558][ T8122] RIP: 0033:0x7f599078d37c [ 228.330582][ T8122] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 228.330612][ T8122] RSP: 002b:00007f5991589030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 228.330639][ T8122] RAX: ffffffffffffffda RBX: 00007f59909b6080 RCX: 00007f599078d37c [ 228.330660][ T8122] RDX: 000000000000000f RSI: 00007f59915890a0 RDI: 0000000000000005 [ 228.330678][ T8122] RBP: 00007f5991589090 R08: 0000000000000000 R09: 0000000000000000 [ 228.330696][ T8122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.330713][ T8122] R13: 0000000000000000 R14: 00007f59909b6080 R15: 00007ffd33c36978 [ 228.330754][ T8122] [ 228.528094][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.671665][ T8130] FAULT_INJECTION: forcing a failure. [ 228.671665][ T8130] name failslab, interval 1, probability 0, space 0, times 0 [ 228.767406][ T8130] CPU: 0 UID: 0 PID: 8130 Comm: syz.3.474 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 228.767458][ T8130] Tainted: [U]=USER [ 228.767468][ T8130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 228.767486][ T8130] Call Trace: [ 228.767496][ T8130] [ 228.767507][ T8130] dump_stack_lvl+0x16c/0x1f0 [ 228.767554][ T8130] should_fail_ex+0x512/0x640 [ 228.767595][ T8130] ? fs_reclaim_acquire+0xae/0x150 [ 228.767645][ T8130] ? tomoyo_encode2+0x100/0x3e0 [ 228.767685][ T8130] should_failslab+0xc2/0x120 [ 228.767723][ T8130] __kmalloc_noprof+0xd2/0x510 [ 228.767758][ T8130] ? d_absolute_path+0x136/0x1a0 [ 228.767822][ T8130] tomoyo_encode2+0x100/0x3e0 [ 228.767871][ T8130] tomoyo_encode+0x29/0x50 [ 228.767912][ T8130] tomoyo_realpath_from_path+0x18f/0x6e0 [ 228.767967][ T8130] tomoyo_path_number_perm+0x245/0x580 [ 228.768002][ T8130] ? tomoyo_path_number_perm+0x237/0x580 [ 228.768043][ T8130] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 228.768098][ T8130] ? find_held_lock+0x2b/0x80 [ 228.768166][ T8130] ? find_held_lock+0x2b/0x80 [ 228.768194][ T8130] ? hook_file_ioctl_common+0x145/0x410 [ 228.768236][ T8130] ? __fget_files+0x20e/0x3c0 [ 228.768293][ T8130] security_file_ioctl+0x9b/0x240 [ 228.768334][ T8130] __x64_sys_ioctl+0xb7/0x200 [ 228.768381][ T8130] do_syscall_64+0xcd/0x230 [ 228.768431][ T8130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.768463][ T8130] RIP: 0033:0x7f599078e969 [ 228.768487][ T8130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.768516][ T8130] RSP: 002b:00007f59915aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.768544][ T8130] RAX: ffffffffffffffda RBX: 00007f59909b5fa0 RCX: 00007f599078e969 [ 228.768564][ T8130] RDX: 0000200000000100 RSI: 00000000c018620b RDI: 0000000000000003 [ 228.768583][ T8130] RBP: 00007f59915aa090 R08: 0000000000000000 R09: 0000000000000000 [ 228.768602][ T8130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.768620][ T8130] R13: 0000000000000000 R14: 00007f59909b5fa0 R15: 00007ffd33c36978 [ 228.768661][ T8130] [ 229.067779][ T8130] ERROR: Out of memory at tomoyo_realpath_from_path. [ 229.376721][ T8127] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 229.433859][ T8127] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 229.478291][ T8127] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 229.509907][ T8127] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.281423][ T30] audit: type=1804 audit(6041107561.969:10): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.481" name="/newroot/131/file0" dev="tmpfs" ino=709 res=1 errno=0 [ 230.366495][ T30] audit: type=1800 audit(6041107561.969:11): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.481" name="file0" dev="tmpfs" ino=709 res=0 errno=0 [ 231.386138][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 231.447352][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 231.526374][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 231.526383][ T5140] Bluetooth: hci2: command 0x0c1a tx timeout [ 232.577745][ T8192] aoe: invalid device specification [ 232.831742][ T8192] zswap: compressor not available [ 232.874743][ T8186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.488'. [ 233.203720][ T8202] netlink: 306 bytes leftover after parsing attributes in process `syz.0.493'. [ 233.566196][ T8204] svc: failed to register nfsdv3 RPC service (errno 111). [ 233.630016][ T8204] svc: failed to register nfsaclv3 RPC service (errno 111). [ 233.708224][ T8193] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 234.095301][ T8196] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 234.157977][ T8196] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 234.164180][ T8196] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 234.247381][ T8196] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 234.966384][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 236.166253][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 236.172365][ T5140] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.326222][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 236.982089][ T8269] binder: 8267:8269 ioctl c0389424 200000000040 returned -22 [ 237.417198][ T8274] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 239.172793][ T8298] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 240.137152][ T8315] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 240.548824][ T8332] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 240.989466][ T30] audit: type=1806 audit(6041107572.669:12): xattr="." res=0 [ 241.082319][ T8353] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 241.574740][ T8358] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 242.234847][ T8366] binder: 8365:8366 ioctl c0306201 200000000040 returned -14 [ 243.018542][ T8377] zswap: compressor not available [ 243.142604][ T8377] zswap: compressor not available [ 243.318364][ T8392] netlink: 24 bytes leftover after parsing attributes in process `syz.1.535'. [ 243.488188][ T8390] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 243.505762][ T8396] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 243.624641][ T8398] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 243.647346][ T8397] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.797367][ T8409] netlink: 28 bytes leftover after parsing attributes in process `syz.2.540'. [ 246.821790][ T8446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.546'. [ 246.892447][ T8443] ovs_: entered promiscuous mode [ 247.069621][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.2.548'. [ 248.787898][ T8478] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 251.045988][ T8514] netlink: 306 bytes leftover after parsing attributes in process `syz.1.563'. [ 251.206429][ T8512] syz.3.564 (8512): attempted to duplicate a private mapping with mremap. This is not supported. [ 251.371462][ T8512] netlink: zone id is out of range [ 251.430577][ T8512] netlink: zone id is out of range [ 251.435771][ T8512] netlink: del zone limit has 4 unknown bytes [ 253.346389][ T8540] netlink: 28 bytes leftover after parsing attributes in process `syz.0.570'. [ 254.199587][ T30] audit: type=1800 audit(6041107594.885:13): pid=8547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.569" name=08 dev="tmpfs" ino=733 res=0 errno=0 [ 254.358792][ T8550] can: request_module (can-proto-4) failed. [ 256.295688][ T8570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.577'. [ 257.199745][ T8588] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 260.893250][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.899730][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.353451][ T8665] synth uevent: /bus/platform/drivers/hid_sensor_prox: unknown uevent action string [ 261.749250][ T8677] FAULT_INJECTION: forcing a failure. [ 261.749250][ T8677] name failslab, interval 1, probability 0, space 0, times 0 [ 261.807859][ T8677] CPU: 0 UID: 0 PID: 8677 Comm: syz.2.600 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 261.807936][ T8677] Tainted: [U]=USER [ 261.807951][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 261.807979][ T8677] Call Trace: [ 261.807994][ T8677] [ 261.808011][ T8677] dump_stack_lvl+0x16c/0x1f0 [ 261.808059][ T8677] should_fail_ex+0x512/0x640 [ 261.808103][ T8677] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 261.808141][ T8677] should_failslab+0xc2/0x120 [ 261.808177][ T8677] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 261.808211][ T8677] ? __kernfs_new_node+0xd2/0x8a0 [ 261.808268][ T8677] __kernfs_new_node+0xd2/0x8a0 [ 261.808322][ T8677] ? __pfx___kernfs_new_node+0x10/0x10 [ 261.808382][ T8677] ? find_held_lock+0x2b/0x80 [ 261.808413][ T8677] ? kernfs_root+0xee/0x2a0 [ 261.808449][ T8677] kernfs_new_node+0x13c/0x1e0 [ 261.808491][ T8677] __kernfs_create_file+0x53/0x350 [ 261.808537][ T8677] sysfs_add_file_mode_ns+0x207/0x3c0 [ 261.808592][ T8677] sysfs_merge_group+0x1aa/0x340 [ 261.808623][ T8677] ? __pfx_sysfs_merge_group+0x10/0x10 [ 261.808659][ T8677] ? __pfx_dev_add_physical_location+0x10/0x10 [ 261.808697][ T8677] ? bus_to_subsys+0x131/0x160 [ 261.808753][ T8677] dpm_sysfs_add+0x237/0x280 [ 261.808792][ T8677] device_add+0x9a6/0x1a70 [ 261.808836][ T8677] ? __pfx_device_add+0x10/0x10 [ 261.808884][ T8677] ? sprintf+0xcc/0x100 [ 261.808920][ T8677] ? __pfx_sprintf+0x10/0x10 [ 261.808964][ T8677] add_disk_fwnode+0x468/0x13a0 [ 261.809016][ T8677] loop_add+0x909/0xb70 [ 261.809054][ T8677] ? do_vfs_ioctl+0x512/0x1990 [ 261.809095][ T8677] ? __pfx_loop_add+0x10/0x10 [ 261.809132][ T8677] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 261.809202][ T8677] ? find_held_lock+0x2b/0x80 [ 261.809236][ T8677] loop_control_ioctl+0x13c/0x630 [ 261.809279][ T8677] ? __pfx_loop_control_ioctl+0x10/0x10 [ 261.809327][ T8677] ? __pfx_loop_control_ioctl+0x10/0x10 [ 261.809372][ T8677] __x64_sys_ioctl+0x190/0x200 [ 261.809416][ T8677] do_syscall_64+0xcd/0x230 [ 261.809461][ T8677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.809492][ T8677] RIP: 0033:0x7f660398e969 [ 261.809516][ T8677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.809543][ T8677] RSP: 002b:00007f6604770038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 261.809571][ T8677] RAX: ffffffffffffffda RBX: 00007f6603bb5fa0 RCX: 00007f660398e969 [ 261.809591][ T8677] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 261.809607][ T8677] RBP: 00007f6603a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 261.809622][ T8677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 261.809637][ T8677] R13: 0000000000000000 R14: 00007f6603bb5fa0 R15: 00007ffd8a243078 [ 261.809669][ T8677] [ 262.160890][ T8684] sg_write: process 617 (syz.3.601) changed security contexts after opening file descriptor, this is not allowed. [ 264.113866][ T8734] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 264.533776][ T8742] netlink: 330 bytes leftover after parsing attributes in process `syz.1.612'. [ 265.204315][ T8746] HfR: entered promiscuous mode [ 266.128807][ T8773] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 266.242379][ T8773] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 266.771542][ T8782] svc: failed to register nfsdv3 RPC service (errno 111). [ 266.812795][ T8782] svc: failed to register nfsaclv3 RPC service (errno 111). [ 266.863009][ T8786] netlink: 326 bytes leftover after parsing attributes in process `syz.1.623'. syzkaller syzkaller login: [ 269.910807][ T8847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.636'. [ 270.044214][ T8852] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 270.621891][ T8861] netlink: 28 bytes leftover after parsing attributes in process `syz.3.641'. [ 272.884578][ T8904] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 273.789490][ T8913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'. [ 274.382848][ T8927] zswap: compressor not available [ 275.240081][ T8953] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 276.344783][ T8991] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 276.375910][ T8975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.669'. [ 276.882747][ T9007] FAULT_INJECTION: forcing a failure. [ 276.882747][ T9007] name failslab, interval 1, probability 0, space 0, times 0 [ 276.921544][ T9007] CPU: 0 UID: 0 PID: 9007 Comm: syz.0.676 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 276.921598][ T9007] Tainted: [U]=USER [ 276.921608][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 276.921627][ T9007] Call Trace: [ 276.921638][ T9007] [ 276.921650][ T9007] dump_stack_lvl+0x16c/0x1f0 [ 276.921701][ T9007] should_fail_ex+0x512/0x640 [ 276.921746][ T9007] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 276.921805][ T9007] should_failslab+0xc2/0x120 [ 276.921845][ T9007] __kmalloc_cache_noprof+0x6a/0x3e0 [ 276.921900][ T9007] ? pty_common_install+0xdf/0xb30 [ 276.921937][ T9007] pty_common_install+0xdf/0xb30 [ 276.921965][ T9007] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 276.922017][ T9007] ? __pfx_pty_unix98_install+0x10/0x10 [ 276.922060][ T9007] tty_init_dev.part.0+0x99/0x500 [ 276.922103][ T9007] tty_init_dev+0x60/0x80 [ 276.922140][ T9007] ? __pfx_ptmx_open+0x10/0x10 [ 276.922165][ T9007] ptmx_open+0x10d/0x360 [ 276.922212][ T9007] ? __pfx_ptmx_open+0x10/0x10 [ 276.922239][ T9007] chrdev_open+0x231/0x6a0 [ 276.922272][ T9007] ? __pfx_apparmor_file_open+0x10/0x10 [ 276.922311][ T9007] ? __pfx_chrdev_open+0x10/0x10 [ 276.922348][ T9007] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 276.922413][ T9007] do_dentry_open+0x741/0x1c10 [ 276.922447][ T9007] ? __pfx_chrdev_open+0x10/0x10 [ 276.922490][ T9007] vfs_open+0x82/0x3f0 [ 276.922538][ T9007] path_openat+0x1e5e/0x2d40 [ 276.922586][ T9007] ? __pfx_path_openat+0x10/0x10 [ 276.922640][ T9007] do_filp_open+0x20b/0x470 [ 276.922671][ T9007] ? __pfx_do_filp_open+0x10/0x10 [ 276.922727][ T9007] ? alloc_fd+0x471/0x7d0 [ 276.922787][ T9007] do_sys_openat2+0x11b/0x1d0 [ 276.922828][ T9007] ? __pfx_do_sys_openat2+0x10/0x10 [ 276.922885][ T9007] __x64_sys_openat+0x174/0x210 [ 276.922927][ T9007] ? __pfx___x64_sys_openat+0x10/0x10 [ 276.922971][ T9007] ? rcu_is_watching+0x12/0xc0 [ 276.923012][ T9007] do_syscall_64+0xcd/0x230 [ 276.923057][ T9007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.923105][ T9007] RIP: 0033:0x7f5ab158e969 [ 276.923130][ T9007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.923161][ T9007] RSP: 002b:00007f5ab232f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 276.923192][ T9007] RAX: ffffffffffffffda RBX: 00007f5ab17b6160 RCX: 00007f5ab158e969 [ 276.923213][ T9007] RDX: 0000000000020540 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 276.923234][ T9007] RBP: 00007f5ab1610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 276.923253][ T9007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.923272][ T9007] R13: 0000000000000000 R14: 00007f5ab17b6160 R15: 00007ffd32a13aa8 [ 276.923319][ T9007] [ 278.021865][ T9017] sctp: [Deprecated]: syz.1.678 (pid 9017) Use of int in max_burst socket option deprecated. [ 278.021865][ T9017] Use struct sctp_assoc_value instead [ 278.265445][ T9031] netlink: 80 bytes leftover after parsing attributes in process `syz.1.682'. [ 278.334595][ T9025] zswap: compressor not available [ 278.533602][ T9041] device-mapper: ioctl: device name cannot contain '/' [ 278.770007][ T9043] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 279.567536][ T9072] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 280.093491][ T9063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.690'. [ 280.707449][ T9087] zswap: compressor not available [ 281.151745][ T9100] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 281.680845][ T9117] zswap: compressor not available [ 281.836201][ T30] audit: type=1800 audit(6041107622.515:14): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.702" name="file0" dev="tmpfs" ino=1045 res=0 errno=0 [ 282.604690][ T9144] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 284.758738][ T9184] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) syzkaller syzkaller login: [ 285.710438][ T9205] zswap: compressor not available [ 285.883152][ T9214] vivid-002: kernel_thread() failed [ 285.889835][ T9213] vivid-006: kernel_thread() failed [ 286.294149][ T9228] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 287.476997][ T9251] zswap: compressor not available [ 287.998100][ T9265] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 288.317314][ T9274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.746'. [ 288.342861][ T9274] netlink: 13 bytes leftover after parsing attributes in process `syz.3.746'. [ 288.358043][ T9274] netlink: 8 bytes leftover after parsing attributes in process `syz.3.746'. [ 289.219393][ T9287] zswap: compressor not available [ 289.658953][ T9310] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 289.764453][ T9307] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 291.173040][ T9339] zswap: compressor not available [ 291.713112][ T9356] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 291.733521][ T30] audit: type=1326 audit(6041107632.415:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9358 comm="syz.1.769" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f95c118e969 code=0x0 [ 291.919252][ T9367] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.3.771: iget: checksum invalid [ 291.978980][ T9367] platform regulatory.0: loading /lib/firmware/updates/6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac/regulatory.db failed with error -74 [ 292.057167][ T9367] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.3.771: iget: checksum invalid [ 292.059857][ T9367] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 292.060128][ T9367] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.3.771: iget: checksum invalid [ 292.060958][ T9367] platform regulatory.0: loading /lib/firmware/6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac/regulatory.db failed with error -74 [ 292.061205][ T9367] EXT4-fs error (device sda1): ext4_lookup:1789: inode #248: comm syz.3.771: iget: checksum invalid [ 292.062092][ T9367] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 292.062146][ T9367] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 292.062179][ T9367] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 293.004216][ T9391] netlink: 'syz.0.778': attribute type 2 has an invalid length. [ 293.035364][ T9391] delete_channel: no stack [ 293.359218][ T9400] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 293.518556][ T9398] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 294.529064][ T9425] ubi0: attaching mtd0 [ 294.543608][ T9425] ubi0: scanning is finished [ 294.564740][ T9425] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 294.837772][ T9428] zswap: compressor not available [ 294.902959][ T9425] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 295.021067][ T9434] netlink: set zone limit has 8 unknown bytes [ 295.691340][ T9443] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 295.878929][ T9453] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 297.114090][ T9495] netlink: 28 bytes leftover after parsing attributes in process `syz.3.804'. [ 297.157908][ T9495] macsec0: entered allmulticast mode [ 297.170386][ T9495] veth1_macvtap: entered allmulticast mode [ 297.285044][ T9492] zswap: compressor not available [ 297.749298][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.808'. [ 297.760539][ T9506] netlink: 25 bytes leftover after parsing attributes in process `syz.2.808'. [ 297.873291][ T9503] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 299.061887][ T9529] zswap: compressor not available [ 299.093071][ T9533] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 299.107344][ T9533] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 299.114546][ T9533] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 299.121606][ T9533] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 299.383558][ T9549] kexec: Could not allocate control_code_buffer [ 299.755236][ T9557] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 300.259467][ T9576] sp0: Synchronizing with TNC [ 300.705850][ T9583] sp0: Synchronizing with TNC [ 300.726587][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 301.126311][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 301.132436][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.133483][ T5140] Bluetooth: hci1: command 0x0c1a tx timeout [ 302.323164][ T9619] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 302.978104][ T9637] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 303.468591][ T9643] Unable to find swap-space signature [ 304.082346][ T9659] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 307.080967][ T9715] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 309.307428][ T9733] netlink: 12 bytes leftover after parsing attributes in process `syz.1.865'. [ 311.693836][ T9776] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 312.695657][ T9792] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 313.462075][ T9817] FAULT_INJECTION: forcing a failure. [ 313.462075][ T9817] name failslab, interval 1, probability 0, space 0, times 0 [ 313.479562][ T9817] CPU: 1 UID: 0 PID: 9817 Comm: syz.0.883 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 313.479614][ T9817] Tainted: [U]=USER [ 313.479624][ T9817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 313.479644][ T9817] Call Trace: [ 313.479654][ T9817] [ 313.479667][ T9817] dump_stack_lvl+0x16c/0x1f0 [ 313.479715][ T9817] should_fail_ex+0x512/0x640 [ 313.479759][ T9817] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 313.479801][ T9817] should_failslab+0xc2/0x120 [ 313.479842][ T9817] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 313.479876][ T9817] ? __asan_memcpy+0x3c/0x60 [ 313.479904][ T9817] ? __kernfs_new_node+0xd2/0x8a0 [ 313.479964][ T9817] __kernfs_new_node+0xd2/0x8a0 [ 313.480028][ T9817] ? __pfx___kernfs_new_node+0x10/0x10 [ 313.480102][ T9817] ? find_held_lock+0x2b/0x80 [ 313.480135][ T9817] ? kernfs_root+0xee/0x2a0 [ 313.480174][ T9817] kernfs_new_node+0x13c/0x1e0 [ 313.480211][ T9817] ? net_ns_get_ownership+0xf8/0x1b0 [ 313.480251][ T9817] kernfs_create_dir_ns+0x4c/0x1a0 [ 313.480292][ T9817] sysfs_create_dir_ns+0x13a/0x2b0 [ 313.480345][ T9817] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 313.480394][ T9817] ? find_held_lock+0x2b/0x80 [ 313.480429][ T9817] ? net_namespace+0x12/0x50 [ 313.480465][ T9817] ? device_namespace+0x76/0xa0 [ 313.480508][ T9817] kobject_add_internal+0x2c4/0x9b0 [ 313.480570][ T9817] kobject_add+0x16e/0x240 [ 313.480617][ T9817] ? __pfx_kobject_add+0x10/0x10 [ 313.480664][ T9817] ? get_device_parent+0x1c5/0x4e0 [ 313.480702][ T9817] ? kobject_put+0xab/0x5a0 [ 313.480759][ T9817] device_add+0x288/0x1a70 [ 313.480802][ T9817] ? __pfx_dev_set_name+0x10/0x10 [ 313.480858][ T9817] ? __pfx_device_add+0x10/0x10 [ 313.480900][ T9817] ? lockdep_init_map_type+0x5c/0x280 [ 313.480945][ T9817] ? __init_waitqueue_head+0xca/0x150 [ 313.481006][ T9817] netdev_register_kobject+0x182/0x3a0 [ 313.481051][ T9817] register_netdevice+0x13dc/0x2270 [ 313.481108][ T9817] ? __pfx_register_netdevice+0x10/0x10 [ 313.481161][ T9817] slip_open+0xb86/0x1150 [ 313.481213][ T9817] ? __pfx_slip_open+0x10/0x10 [ 313.481253][ T9817] ? down_write+0x14d/0x200 [ 313.481305][ T9817] ? __pfx_slip_open+0x10/0x10 [ 313.481345][ T9817] tty_ldisc_open+0x9c/0x120 [ 313.481379][ T9817] tty_set_ldisc+0x32b/0x780 [ 313.481417][ T9817] tty_ioctl+0xc42/0x1610 [ 313.481457][ T9817] ? __pfx_tty_ioctl+0x10/0x10 [ 313.481504][ T9817] ? fdget+0x187/0x210 [ 313.481555][ T9817] ? __sys_sendmsg+0x199/0x220 [ 313.481588][ T9817] ? hook_file_ioctl_common+0x145/0x410 [ 313.481633][ T9817] ? xfd_validate_state+0x5d/0x180 [ 313.481690][ T9817] ? __pfx_tty_ioctl+0x10/0x10 [ 313.481730][ T9817] __x64_sys_ioctl+0x190/0x200 [ 313.481795][ T9817] do_syscall_64+0xcd/0x230 [ 313.481845][ T9817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.481878][ T9817] RIP: 0033:0x7f5ab158e969 [ 313.481905][ T9817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.481965][ T9817] RSP: 002b:00007f5ab2371038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.481996][ T9817] RAX: ffffffffffffffda RBX: 00007f5ab17b5fa0 RCX: 00007f5ab158e969 [ 313.482016][ T9817] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000001 [ 313.482036][ T9817] RBP: 00007f5ab1610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 313.482055][ T9817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.482080][ T9817] R13: 0000000000000000 R14: 00007f5ab17b5fa0 R15: 00007ffd32a13aa8 [ 313.482124][ T9817] [ 313.484511][ T9817] kobject: kobject_add_internal failed for sl0 (error: -12 parent: net) [ 313.556559][ T9820] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 314.030927][ T9806] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[9806] [ 314.957617][ T9832] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 315.980995][ T9864] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 316.974332][ T9884] Invalid ELF header magic: != ELF [ 317.383085][ T9902] netlink: 326 bytes leftover after parsing attributes in process `syz.3.904'. [ 317.409805][ T9884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.900'. [ 317.455250][ T9902] netlink: 330 bytes leftover after parsing attributes in process `syz.3.904'. [ 317.943391][ T9914] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 318.033802][ T9917] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 319.045261][ T9924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 319.078945][ T9924] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 319.097588][ T9924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 319.118507][ T9924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 319.789326][ T9954] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 319.792461][ T9958] ubi0: attaching mtd0 [ 319.813333][ T9958] ubi0: scanning is finished [ 319.819551][ T9958] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 319.907576][ T9958] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 320.246346][ T5140] Bluetooth: hci0: command 0x0c1a tx timeout [ 320.396795][ T9971] Process accounting resumed [ 321.136575][ T5140] Bluetooth: hci3: command 0x0c1a tx timeout [ 321.136594][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout [ 321.136644][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 321.876806][T10008] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 322.331002][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.337564][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.146775][T10041] FAULT_INJECTION: forcing a failure. [ 323.146775][T10041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.186236][T10041] CPU: 1 UID: 0 PID: 10041 Comm: syz.1.940 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 323.186285][T10041] Tainted: [U]=USER [ 323.186294][T10041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 323.186311][T10041] Call Trace: [ 323.186321][T10041] [ 323.186332][T10041] dump_stack_lvl+0x16c/0x1f0 [ 323.186387][T10041] should_fail_ex+0x512/0x640 [ 323.186437][T10041] _copy_to_iter+0x477/0x15a0 [ 323.186495][T10041] ? __pfx__copy_to_iter+0x10/0x10 [ 323.186540][T10041] ? __lock_acquire+0xaa4/0x1ba0 [ 323.186588][T10041] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 323.186629][T10041] simple_copy_to_iter+0x46/0x90 [ 323.186677][T10041] __skb_datagram_iter+0x125/0x8c0 [ 323.186722][T10041] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 323.186784][T10041] skb_copy_datagram_iter+0x40/0x50 [ 323.186835][T10041] sctp_recvmsg+0x258/0xe30 [ 323.186868][T10041] ? is_bpf_text_address+0x8a/0x1a0 [ 323.186907][T10041] ? __pfx_sctp_recvmsg+0x10/0x10 [ 323.186941][T10041] ? aa_sk_perm+0x2f4/0xb10 [ 323.186980][T10041] ? __pfx_sctp_recvmsg+0x10/0x10 [ 323.187009][T10041] inet_recvmsg+0x467/0x6a0 [ 323.187049][T10041] ? arch_stack_walk+0xa6/0x100 [ 323.187085][T10041] ? __pfx_inet_recvmsg+0x10/0x10 [ 323.187138][T10041] sock_recvmsg+0x1b2/0x250 [ 323.187182][T10041] sock_read_iter+0x2b9/0x3b0 [ 323.187224][T10041] ? __pfx_sock_read_iter+0x10/0x10 [ 323.187284][T10041] ? __lock_acquire+0x5ca/0x1ba0 [ 323.187324][T10041] ? copy_iovec_from_user+0x138/0x170 [ 323.187384][T10041] do_iter_readv_writev+0x735/0x950 [ 323.187436][T10041] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 323.187491][T10041] ? bpf_lsm_file_permission+0x9/0x10 [ 323.187539][T10041] ? security_file_permission+0x71/0x210 [ 323.187582][T10041] ? rw_verify_area+0xcf/0x680 [ 323.187631][T10041] vfs_readv+0x4c5/0x8a0 [ 323.187690][T10041] ? __pfx_vfs_readv+0x10/0x10 [ 323.187768][T10041] ? __fget_files+0x20e/0x3c0 [ 323.187815][T10041] ? __fget_files+0x160/0x3c0 [ 323.187874][T10041] ? do_readv+0x295/0x330 [ 323.187918][T10041] do_readv+0x295/0x330 [ 323.187966][T10041] ? __pfx_do_readv+0x10/0x10 [ 323.188010][T10041] ? rcu_is_watching+0x12/0xc0 [ 323.188051][T10041] do_syscall_64+0xcd/0x230 [ 323.188097][T10041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.188129][T10041] RIP: 0033:0x7f95c118e969 [ 323.188154][T10041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.188183][T10041] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 323.188211][T10041] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 323.188231][T10041] RDX: 0000000000000006 RSI: 0000200000000040 RDI: 0000000000000003 [ 323.188250][T10041] RBP: 00007f95c1f83090 R08: 0000000000000000 R09: 0000000000000000 [ 323.188268][T10041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.188287][T10041] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 323.188327][T10041] [ 323.694508][T10051] usb usb15: usbfs: process 10051 (syz.2.942) did not claim interface 0 before use [ 323.781393][T10053] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 325.431655][T10094] ======================================================= [ 325.431655][T10094] WARNING: The mand mount option has been deprecated and [ 325.431655][T10094] and is ignored by this kernel. Remove the mand [ 325.431655][T10094] option from the mount to silence this warning. [ 325.431655][T10094] ======================================================= [ 325.557351][T10092] FAULT_INJECTION: forcing a failure. [ 325.557351][T10092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.590564][T10092] CPU: 1 UID: 0 PID: 10092 Comm: syz.1.953 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 325.590617][T10092] Tainted: [U]=USER [ 325.590628][T10092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 325.590645][T10092] Call Trace: [ 325.590655][T10092] [ 325.590666][T10092] dump_stack_lvl+0x16c/0x1f0 [ 325.590711][T10092] should_fail_ex+0x512/0x640 [ 325.590759][T10092] _copy_to_user+0x32/0xd0 [ 325.590808][T10092] simple_read_from_buffer+0xcb/0x170 [ 325.590857][T10092] proc_fail_nth_read+0x197/0x270 [ 325.590902][T10092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 325.590949][T10092] ? rw_verify_area+0xcf/0x680 [ 325.590994][T10092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 325.591039][T10092] vfs_read+0x1de/0xc70 [ 325.591073][T10092] ? __pfx___mutex_lock+0x10/0x10 [ 325.591115][T10092] ? __pfx_vfs_read+0x10/0x10 [ 325.591154][T10092] ? __fget_files+0x20e/0x3c0 [ 325.591221][T10092] ksys_read+0x12a/0x240 [ 325.591249][T10092] ? __pfx_ksys_read+0x10/0x10 [ 325.591290][T10092] do_syscall_64+0xcd/0x230 [ 325.591335][T10092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.591366][T10092] RIP: 0033:0x7f95c118d37c [ 325.591390][T10092] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 325.591419][T10092] RSP: 002b:00007f95c1f83030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 325.591448][T10092] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118d37c [ 325.591468][T10092] RDX: 000000000000000f RSI: 00007f95c1f830a0 RDI: 0000000000000004 [ 325.591486][T10092] RBP: 00007f95c1f83090 R08: 0000000000000000 R09: 0000000000000000 [ 325.591505][T10092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 325.591523][T10092] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 325.591564][T10092] [ 326.422211][T10099] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 328.508318][T10132] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 329.548682][T10149] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 330.674408][T10179] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 331.737455][T10203] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 331.883794][T10208] openvswitch: netlink: IP tunnel dst address not specified [ 332.772672][T10227] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 335.601075][T10237] FAULT_INJECTION: forcing a failure. [ 335.601075][T10237] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.651349][T10237] CPU: 0 UID: 0 PID: 10237 Comm: syz.1.989 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 335.651403][T10237] Tainted: [U]=USER [ 335.651414][T10237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 335.651433][T10237] Call Trace: [ 335.651444][T10237] [ 335.651458][T10237] dump_stack_lvl+0x16c/0x1f0 [ 335.651508][T10237] should_fail_ex+0x512/0x640 [ 335.651561][T10237] _copy_from_user+0x2e/0xd0 [ 335.651611][T10237] dev_ifconf+0xe3/0x310 [ 335.651668][T10237] ? __pfx_dev_ifconf+0x10/0x10 [ 335.651735][T10237] sock_ioctl+0x388/0x6b0 [ 335.651783][T10237] ? __pfx_sock_ioctl+0x10/0x10 [ 335.651825][T10237] ? hook_file_ioctl_common+0x145/0x410 [ 335.651869][T10237] ? __fget_files+0x20e/0x3c0 [ 335.651926][T10237] ? __pfx_sock_ioctl+0x10/0x10 [ 335.651974][T10237] __x64_sys_ioctl+0x190/0x200 [ 335.652020][T10237] do_syscall_64+0xcd/0x230 [ 335.652066][T10237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.652097][T10237] RIP: 0033:0x7f95c118e969 [ 335.652122][T10237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.652153][T10237] RSP: 002b:00007f95c1f83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.652185][T10237] RAX: ffffffffffffffda RBX: 00007f95c13b5fa0 RCX: 00007f95c118e969 [ 335.652206][T10237] RDX: 0000000000000046 RSI: 0000000000008912 RDI: 0000000000000003 [ 335.652224][T10237] RBP: 00007f95c1210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 335.652243][T10237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.652261][T10237] R13: 0000000000000000 R14: 00007f95c13b5fa0 R15: 00007fffb2aa84f8 [ 335.652311][T10237] [ 336.311957][T10255] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 336.772290][T10262] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[10262] [ 336.782991][T10263] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[10263] [ 338.964358][T10297] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 339.296618][T10303] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[10303] [ 339.482766][T10312] nvme_fabrics: missing parameter 'transport=%s' [ 339.506161][T10312] nvme_fabrics: missing parameter 'nqn=%s' syzkaller syzkaller login: [ 340.796773][T10350] ================================================================== [ 340.804906][T10350] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 340.813738][T10350] Read of size 1 at addr ffff888051fcb7d2 by task syz.3.1014/10350 [ 340.821675][T10350] [ 340.824045][T10350] CPU: 0 UID: 0 PID: 10350 Comm: syz.3.1014 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 340.824096][T10350] Tainted: [U]=USER [ 340.824108][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 340.824129][T10350] Call Trace: [ 340.824139][T10350] [ 340.824159][T10350] dump_stack_lvl+0x116/0x1f0 [ 340.824206][T10350] print_report+0xc3/0x670 [ 340.824243][T10350] ? __virt_addr_valid+0x5e/0x590 [ 340.824284][T10350] ? __phys_addr+0xc6/0x150 [ 340.824322][T10350] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 340.824363][T10350] kasan_report+0xe0/0x110 [ 340.824401][T10350] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 340.824446][T10350] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 340.824485][T10350] ? __lock_acquire+0xaa4/0x1ba0 [ 340.824533][T10350] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 340.824577][T10350] ? find_held_lock+0x2b/0x80 [ 340.824606][T10350] ? __might_fault+0xe3/0x190 [ 340.824641][T10350] ? __might_fault+0xe3/0x190 [ 340.824676][T10350] ? __might_fault+0x13b/0x190 [ 340.824719][T10350] ? proc_simple_write+0x114/0x1b0 [ 340.824759][T10350] proc_simple_write+0x114/0x1b0 [ 340.824799][T10350] ? __pfx_proc_simple_write+0x10/0x10 [ 340.824841][T10350] proc_reg_write+0x23d/0x330 [ 340.824874][T10350] vfs_write+0x25c/0x1180 [ 340.824902][T10350] ? __pfx_proc_reg_write+0x10/0x10 [ 340.824937][T10350] ? __pfx___mutex_lock+0x10/0x10 [ 340.824981][T10350] ? __pfx_vfs_write+0x10/0x10 [ 340.825017][T10350] ? __fget_files+0x20e/0x3c0 [ 340.825073][T10350] ksys_write+0x12a/0x240 [ 340.825103][T10350] ? __pfx_ksys_write+0x10/0x10 [ 340.825132][T10350] ? rcu_is_watching+0x12/0xc0 [ 340.825193][T10350] do_syscall_64+0xcd/0x230 [ 340.825239][T10350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.825273][T10350] RIP: 0033:0x7f599078e969 [ 340.825298][T10350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.825330][T10350] RSP: 002b:00007f59915aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 340.825362][T10350] RAX: ffffffffffffffda RBX: 00007f59909b5fa0 RCX: 00007f599078e969 [ 340.825383][T10350] RDX: 0000000000000011 RSI: 00002000000000c0 RDI: 0000000000000003 [ 340.825403][T10350] RBP: 00007f5990810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 340.825422][T10350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.825440][T10350] R13: 0000000000000000 R14: 00007f59909b5fa0 R15: 00007ffd33c36978 [ 340.825471][T10350] [ 340.825481][T10350] [ 341.076052][T10350] Allocated by task 10350: [ 341.080489][T10350] kasan_save_stack+0x33/0x60 [ 341.085195][T10350] kasan_save_track+0x14/0x30 [ 341.089901][T10350] __kasan_kmalloc+0xaa/0xb0 [ 341.094509][T10350] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 341.100948][T10350] memdup_user_nul+0x2b/0x120 [ 341.105660][T10350] proc_simple_write+0xc7/0x1b0 [ 341.110537][T10350] proc_reg_write+0x23d/0x330 [ 341.115231][T10350] vfs_write+0x25c/0x1180 [ 341.119577][T10350] ksys_write+0x12a/0x240 [ 341.123930][T10350] do_syscall_64+0xcd/0x230 [ 341.128462][T10350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.134376][T10350] [ 341.136713][T10350] The buggy address belongs to the object at ffff888051fcb7c0 [ 341.136713][T10350] which belongs to the cache kmalloc-32 of size 32 [ 341.150614][T10350] The buggy address is located 0 bytes to the right of [ 341.150614][T10350] allocated 18-byte region [ffff888051fcb7c0, ffff888051fcb7d2) [ 341.165039][T10350] [ 341.167377][T10350] The buggy address belongs to the physical page: [ 341.173802][T10350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x51fcb [ 341.182589][T10350] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 341.190072][T10350] page_type: f5(slab) [ 341.194095][T10350] raw: 00fff00000000000 ffff88801b441780 ffffea00016d8e40 dead000000000003 [ 341.202718][T10350] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 341.211312][T10350] page dumped because: kasan: bad access detected [ 341.217739][T10350] page_owner tracks the page as allocated [ 341.223459][T10350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 6425, tgid 6422 (syz.0.102), ts 137989442097, free_ts 137983525266 [ 341.241548][T10350] post_alloc_hook+0x181/0x1b0 [ 341.246337][T10350] get_page_from_freelist+0x135c/0x3920 [ 341.251994][T10350] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 341.257913][T10350] alloc_pages_mpol+0x1fb/0x550 [ 341.262785][T10350] new_slab+0x244/0x340 [ 341.266976][T10350] ___slab_alloc+0xd9c/0x1940 [ 341.271695][T10350] __slab_alloc.constprop.0+0x56/0xb0 [ 341.277101][T10350] __kmalloc_cache_noprof+0xfb/0x3e0 [ 341.282426][T10350] kmem_cache_free+0x148/0x4d0 [ 341.287211][T10350] exit_mmap+0x511/0xb90 [ 341.291489][T10350] __mmput+0x12a/0x410 [ 341.295575][T10350] mmput+0x62/0x70 [ 341.299315][T10350] do_exit+0x9d1/0x2c30 [ 341.303500][T10350] do_group_exit+0xd3/0x2a0 [ 341.308032][T10350] get_signal+0x2673/0x26d0 [ 341.312567][T10350] arch_do_signal_or_restart+0x8f/0x7a0 [ 341.318147][T10350] page last free pid 5649 tgid 5649 stack trace: [ 341.324485][T10350] __free_frozen_pages+0x69d/0xff0 [ 341.329629][T10350] tlb_finish_mmu+0x237/0x7b0 [ 341.334318][T10350] exit_mmap+0x403/0xb90 [ 341.338587][T10350] __mmput+0x12a/0x410 [ 341.342682][T10350] mmput+0x62/0x70 [ 341.346431][T10350] do_exit+0x9d1/0x2c30 [ 341.350619][T10350] do_group_exit+0xd3/0x2a0 [ 341.355153][T10350] __x64_sys_exit_group+0x3e/0x50 [ 341.360207][T10350] x64_sys_call+0x1530/0x1730 [ 341.364915][T10350] do_syscall_64+0xcd/0x230 [ 341.369445][T10350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.375359][T10350] [ 341.377714][T10350] Memory state around the buggy address: [ 341.383354][T10350] ffff888051fcb680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 341.391433][T10350] ffff888051fcb700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 341.399508][T10350] >ffff888051fcb780: fa fb fb fb fc fc fc fc 00 00 02 fc fc fc fc fc [ 341.407577][T10350] ^ [ 341.414262][T10350] ffff888051fcb800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 341.423465][T10350] ffff888051fcb880: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 341.431545][T10350] ================================================================== [ 341.616129][T10350] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 341.623402][T10350] CPU: 0 UID: 0 PID: 10350 Comm: syz.3.1014 Tainted: G U 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) [ 341.637108][T10350] Tainted: [U]=USER [ 341.640948][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 341.651043][T10350] Call Trace: [ 341.654364][T10350] [ 341.657335][T10350] dump_stack_lvl+0x3d/0x1f0 [ 341.661991][T10350] panic+0x71c/0x800 [ 341.665961][T10350] ? __pfx_panic+0x10/0x10 [ 341.670448][T10350] ? mark_held_locks+0x49/0x80 [ 341.675342][T10350] ? preempt_schedule_thunk+0x16/0x30 [ 341.680800][T10350] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 341.686840][T10350] ? preempt_schedule_common+0x44/0xc0 [ 341.692362][T10350] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 341.698399][T10350] check_panic_on_warn+0xab/0xb0 [ 341.703409][T10350] end_report+0x107/0x170 [ 341.707824][T10350] kasan_report+0xee/0x110 [ 341.712306][T10350] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 341.718342][T10350] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 341.724305][T10350] ? __lock_acquire+0xaa4/0x1ba0 [ 341.729302][T10350] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 341.735513][T10350] ? find_held_lock+0x2b/0x80 [ 341.740235][T10350] ? __might_fault+0xe3/0x190 [ 341.744969][T10350] ? __might_fault+0xe3/0x190 [ 341.749692][T10350] ? __might_fault+0x13b/0x190 [ 341.754516][T10350] ? proc_simple_write+0x114/0x1b0 [ 341.759782][T10350] proc_simple_write+0x114/0x1b0 [ 341.764798][T10350] ? __pfx_proc_simple_write+0x10/0x10 [ 341.770315][T10350] proc_reg_write+0x23d/0x330 [ 341.775022][T10350] vfs_write+0x25c/0x1180 [ 341.779377][T10350] ? __pfx_proc_reg_write+0x10/0x10 [ 341.784615][T10350] ? __pfx___mutex_lock+0x10/0x10 [ 341.789671][T10350] ? __pfx_vfs_write+0x10/0x10 [ 341.794462][T10350] ? __fget_files+0x20e/0x3c0 [ 341.799183][T10350] ksys_write+0x12a/0x240 [ 341.803539][T10350] ? __pfx_ksys_write+0x10/0x10 [ 341.808416][T10350] ? rcu_is_watching+0x12/0xc0 [ 341.813207][T10350] do_syscall_64+0xcd/0x230 [ 341.817746][T10350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.823662][T10350] RIP: 0033:0x7f599078e969 [ 341.828102][T10350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.847831][T10350] RSP: 002b:00007f59915aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 341.856275][T10350] RAX: ffffffffffffffda RBX: 00007f59909b5fa0 RCX: 00007f599078e969 [ 341.864270][T10350] RDX: 0000000000000011 RSI: 00002000000000c0 RDI: 0000000000000003 [ 341.872261][T10350] RBP: 00007f5990810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 341.880272][T10350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.888268][T10350] R13: 0000000000000000 R14: 00007f59909b5fa0 R15: 00007ffd33c36978 [ 341.896270][T10350] [ 341.899633][T10350] Kernel Offset: disabled [ 341.903969][T10350] Rebooting in 86400 seconds..